test.payment.indexx.ai Open in urlscan Pro
2600:1f18:2489:8201::c8 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://test.payment.indexx.ai/
Submission: On March 31 via automatic, source certstream-suspicious (March 31st 2023, 3:12:14 pm UTC) — Scanned from DE

Summary HTTP 22 Redirects Behaviour Indicators

Summary

This website contacted 6 IPs in 1 countries across 3 domains to perform 22 HTTP transactions. The main IP is 2600:1f18:2489:8201::c8, located in Ashburn, United States and belongs to AMAZON-AES, US. The main domain is test.payment.indexx.ai.
TLS certificate: Issued by R3 on March 31st 2023. Valid for: 3 months.

This is the only time test.payment.indexx.ai was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
2	2600:1f18:248... 2600:1f18:2489:8201::c8	14618 (AMAZON-AES) (AMAZON-AES)
2	151.101.193.21 151.101.193.21	54113 (FASTLY) (FASTLY)
6	151.101.129.21 151.101.129.21	54113 (FASTLY) (FASTLY)
5	151.101.130.133 151.101.130.133	54113 (FASTLY) (FASTLY)
2	151.101.129.35 151.101.129.35	54113 (FASTLY) (FASTLY)
22	6

2 2600:1f18:2489:8201::c8 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)

test.payment.indexx.ai	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 151.101.193.21 (United States)

ASN54113 (FASTLY, US)

www.paypal.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 151.101.129.21 (United States)

ASN54113 (FASTLY, US)

www.sandbox.paypal.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
c.sandbox.paypal.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 151.101.130.133 (United States)

ASN54113 (FASTLY, US)

www.paypalobjects.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 151.101.129.35 (United States)

ASN54113 (FASTLY, US)

c.paypal.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
10	paypal.com www.paypal.com — Cisco Umbrella Rank: 2477 www.sandbox.paypal.com — Cisco Umbrella Rank: 35965 c.paypal.com — Cisco Umbrella Rank: 5512 c.sandbox.paypal.com b.sbox.stats.paypal.com Failed	322 KB
5	paypalobjects.com www.paypalobjects.com — Cisco Umbrella Rank: 2321	9 KB
2	indexx.ai test.payment.indexx.ai	47 KB
22	3

	Domain	Requested by
5	www.paypalobjects.com
5	www.sandbox.paypal.com	www.paypal.com www.sandbox.paypal.com
2	c.paypal.com	www.sandbox.paypal.com c.sandbox.paypal.com
2	www.paypal.com	test.payment.indexx.ai www.sandbox.paypal.com
2	test.payment.indexx.ai	test.payment.indexx.ai
1	c.sandbox.paypal.com	c.paypal.com
0	b.sbox.stats.paypal.com Failed	www.sandbox.paypal.com
22	7

This site contains no links.

Subject Issuer	Validity	Valid
test.payment.indexx.ai R3	`2023-03-31` - `2023-06-29`	3 months	crt.sh
www.paypal.com DigiCert SHA2 Extended Validation Server CA	`2022-11-10` - `2023-11-10`	a year	crt.sh
www.sandbox.paypal.com DigiCert SHA2 Extended Validation Server CA	`2023-01-19` - `2024-02-19`	a year	crt.sh
www.paypalobjects.com DigiCert SHA2 Extended Validation Server CA	`2022-10-13` - `2023-11-13`	a year	crt.sh

This page contains 5 frames:

Primary Page: https://test.payment.indexx.ai/
Frame ID: E6D3DE74395AC91D328E6A3B948E24D8
Requests: 4 HTTP requests in this frame

Frame: https://www.sandbox.paypal.com/smart/buttons?style.layout=vertical&style.color=gold&style.shape=rect&style.tagline=false&style.menuPlacement=below&sdkVersion=5.0.360&components.0=buttons&locale.country=US&locale.lang=en&sdkMeta=eyJ1cmwiOiJodHRwczovL3d3dy5wYXlwYWwuY29tL3Nkay9qcz9jbGllbnQtaWQ9QVhoX1NqaVlobzY1Zmhab0tHU1hSbGxibnZuc3hPZkowaUxWNUJMTmNJZW5oWU9PWl81QUJKSlN0a2IwVDB0Z3B4ZDIyRFRTa2xycXVPYUImY3VycmVuY3k9VVNEIiwiYXR0cnMiOnsiZGF0YS11aWQiOiJ1aWRfa29yZnFrcmRqcnJibnJ5aXNlamxqZnJkY2NscHpmIn19&clientID=AXh_SjiYho65fhZoKGSXRllbnvnsxOfJ0iLV5BLNcIenhYOOZ_5ABJJStkb0T0tgpxd22DTSklrquOaB&sdkCorrelationID=f372267f26d67&storageID=uid_ba46fc1eb8_mtu6mti6mti&sessionID=uid_81e1d041a9_mtu6mti6mti&buttonSessionID=uid_338fb840f1_mtu6mti6mti&env=sandbox&buttonSize=huge&fundingEligibility=eyJwYXlwYWwiOnsiZWxpZ2libGUiOnRydWUsInZhdWx0YWJsZSI6dHJ1ZX0sInBheWxhdGVyIjp7ImVsaWdpYmxlIjpmYWxzZSwicHJvZHVjdHMiOnsicGF5SW4zIjp7ImVsaWdpYmxlIjpmYWxzZSwidmFyaWFudCI6bnVsbH0sInBheUluNCI6eyJlbGlnaWJsZSI6ZmFsc2UsInZhcmlhbnQiOm51bGx9LCJwYXlsYXRlciI6eyJlbGlnaWJsZSI6ZmFsc2UsInZhcmlhbnQiOm51bGx9fX0sImNhcmQiOnsiZWxpZ2libGUiOnRydWUsImJyYW5kZWQiOmZhbHNlLCJpbnN0YWxsbWVudHMiOmZhbHNlLCJ2ZW5kb3JzIjp7InZpc2EiOnsiZWxpZ2libGUiOnRydWUsInZhdWx0YWJsZSI6dHJ1ZX0sIm1hc3RlcmNhcmQiOnsiZWxpZ2libGUiOnRydWUsInZhdWx0YWJsZSI6dHJ1ZX0sImFtZXgiOnsiZWxpZ2libGUiOnRydWUsInZhdWx0YWJsZSI6dHJ1ZX0sImRpc2NvdmVyIjp7ImVsaWdpYmxlIjpmYWxzZSwidmF1bHRhYmxlIjp0cnVlfSwiaGlwZXIiOnsiZWxpZ2libGUiOmZhbHNlLCJ2YXVsdGFibGUiOmZhbHNlfSwiZWxvIjp7ImVsaWdpYmxlIjpmYWxzZSwidmF1bHRhYmxlIjp0cnVlfSwiamNiIjp7ImVsaWdpYmxlIjpmYWxzZSwidmF1bHRhYmxlIjp0cnVlfX0sImd1ZXN0RW5hYmxlZCI6ZmFsc2V9LCJ2ZW5tbyI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJpdGF1Ijp7ImVsaWdpYmxlIjpmYWxzZX0sImNyZWRpdCI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJhcHBsZXBheSI6eyJlbGlnaWJsZSI6dHJ1ZX0sInNlcGEiOnsiZWxpZ2libGUiOnRydWV9LCJpZGVhbCI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJiYW5jb250YWN0Ijp7ImVsaWdpYmxlIjpmYWxzZX0sImdpcm9wYXkiOnsiZWxpZ2libGUiOnRydWV9LCJlcHMiOnsiZWxpZ2libGUiOmZhbHNlfSwic29mb3J0Ijp7ImVsaWdpYmxlIjp0cnVlfSwibXliYW5rIjp7ImVsaWdpYmxlIjpmYWxzZX0sInAyNCI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJ3ZWNoYXRwYXkiOnsiZWxpZ2libGUiOmZhbHNlfSwicGF5dSI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJibGlrIjp7ImVsaWdpYmxlIjpmYWxzZX0sInRydXN0bHkiOnsiZWxpZ2libGUiOmZhbHNlfSwib3h4byI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJib2xldG8iOnsiZWxpZ2libGUiOmZhbHNlfSwiYm9sZXRvYmFuY2FyaW8iOnsiZWxpZ2libGUiOmZhbHNlfSwibWVyY2Fkb3BhZ28iOnsiZWxpZ2libGUiOmZhbHNlfSwibXVsdGliYW5jbyI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJzYXRpc3BheSI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJwYWlkeSI6eyJlbGlnaWJsZSI6ZmFsc2V9fQ&platform=desktop&experiment.enableVenmo=false&experiment.enableVenmoAppLabel=false&flow=purchase&currency=USD&intent=capture&commit=true&vault=false&renderedButtons.0=paypal&renderedButtons.1=sepa&renderedButtons.2=giropay&renderedButtons.3=sofort&renderedButtons.4=card&debug=false&applePaySupport=false&supportsPopups=true&supportedNativeBrowser=false&experience=&allowBillingPayments=true
Frame ID: B4470114B5DB219C75F2954796EEFE93
Requests: 11 HTTP requests in this frame

Frame: https://www.paypalobjects.com/js-sdk-logos/2.2.6/paypal-blue.svg
Frame ID: 27E3059DD9891D56D457F037B533623F
Requests: 5 HTTP requests in this frame

Frame: https://c.sandbox.paypal.com/v1/r/d/i?js_src=https://c.paypal.com/da/r/fb.js
Frame ID: 6829F2B777395A9C4EDEC04FC316F04E
Requests: 5 HTTP requests in this frame

Frame: https://b.sbox.stats.paypal.com/v2/counter.cgi?p=uid_81e1d041a9_mtu6mti6mti&s=SMART_PAYMENT_BUTTONS
Frame ID: 0DE24A642FB209E1F0754E019202C5CC
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Paypal Payment | indexx.ai

Detected technologies

PayPal (Payment Processors) Expand

Overall confidence: 100%
Detected patterns

paypalobjects\.com

Page Statistics

22
Requests

77 %
HTTPS

20 %
IPv6

3
Domains

7
Subdomains

6
IPs

1
Countries

378 kB
Transfer

1256 kB
Size

3
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

22 HTTP transactions
5 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request / Show response
test.payment.indexx.ai/ 647 B
843 B 823ms
126ms Document
text/html 2600:1f18:2489:8201::c8
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://test.payment.indexx.ai/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:1f18:2489:8201::c8 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

Software

Netlify /

Resource Hash

27bbdd6d997593e3ab55410decefe9da2200a00cb3e8118f0e3c924997b9fa83

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 0
cache-control: public, max-age=0, must-revalidate
content-length: 647
content-type: text/html; charset=UTF-8
date: Fri, 31 Mar 2023 15:12:10 GMT
etag: "53fde7ec5ba88d8a4956c383b2f76f32-ssl"
server: Netlify
strict-transport-security: max-age=31536000
x-nf-request-id: 01GWW3KRDTHQKHQCMB3VPWQZK7

GET
H2 200 main.6f215075.js Show response
test.payment.indexx.ai/static/js/ 147 KB
46 KB 302ms
301ms Script
application/javascript 2600:1f18:2489:8201::c8
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://test.payment.indexx.ai/static/js/main.6f215075.js

Requested by

Host: test.payment.indexx.ai
URL: https://test.payment.indexx.ai/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:1f18:2489:8201::c8 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

Software

Netlify /

Resource Hash

3b07965dd1da5bf66589f9ec240333bc1ddd7b77edd1d647b8315b540c0b511d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://test.payment.indexx.ai/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

x-nf-request-id: 01GWW3KRHXN0Y255ZVSER7GKQ3
date: Fri, 31 Mar 2023 15:12:10 GMT
content-encoding: br
strict-transport-security: max-age=31536000
server: Netlify
age: 0
etag: "2ea6a66439ce7eaeaa8db6998b791ada-ssl-df"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=0, must-revalidate
accept-ranges: bytes

GET
H2 200 js Show response
www.paypal.com/sdk/ 271 KB
75 KB 1905ms
1869ms Script
application/javascript 151.101.193.21
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.paypal.com/sdk/js?client-id=AXh_SjiYho65fhZoKGSXRllbnvnsxOfJ0iLV5BLNcIenhYOOZ_5ABJJStkb0T0tgpxd22DTSklrquOaB&currency=USD

Requested by

Host: test.payment.indexx.ai
URL: https://test.payment.indexx.ai/static/js/main.6f215075.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.193.21 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

99890507ce7646fd3f8fa4ce24731b9c4b6be892f43cc3c1a828143d8b33c91f

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https://.paypal.com https://.paypalobjects.com; connect-src 'self' https://.paypal.com https://.paypalobjects.com https://.qualtrics.com; frame-src 'self' https://.paypal.com https://.paypalobjects.com https://.qualtrics.com; script-src 'nonce-u53Iy+LXDvmP+uI3pngAfBthY81qCocxVEUwZlABPhQaO/8X' 'self' https://.paypal.com https://.paypalobjects.com 'unsafe-inline'; style-src 'nonce-u53Iy+LXDvmP+uI3pngAfBthY81qCocxVEUwZlABPhQaO/8X' 'self' https://.paypal.com https://.paypalobjects.com 'unsafe-inline'; object-src 'none'; img-src https: data:; form-action 'self' https://.paypal.com; base-uri 'self' https://.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://test.payment.indexx.ai/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

content-security-policy: default-src 'self' https://*.paypal.com https://*.paypalobjects.com; connect-src 'self' https://*.paypal.com https://*.paypalobjects.com https://*.qualtrics.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://*.qualtrics.com; script-src 'nonce-u53Iy+LXDvmP+uI3pngAfBthY81qCocxVEUwZlABPhQaO/8X' 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; style-src 'nonce-u53Iy+LXDvmP+uI3pngAfBthY81qCocxVEUwZlABPhQaO/8X' 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; object-src 'none'; img-src https: data:; form-action 'self' https://*.paypal.com; base-uri 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp
content-encoding: gzip
x-content-type-options: nosniff
date: Fri, 31 Mar 2023 15:12:12 GMT
via: 1.1 varnish, 1.1 varnish
strict-transport-security: max-age=63072000; includeSubDomains; preload
age: 1
x-cache: MISS, MISS
p3p: true
paypal-debug-id: f119414a9c451
server-timing: "traceparent;desc="00-0000000000000000000f119414a9c451-3545af02990b4300-01"";content-encoding;desc="gzip",x-cdn;desc="fastly"
dc: ccg11-origin-www-1.paypal.com
content-length: 75330
x-xss-protection: 1; mode=block
x-served-by: cache-hhn-etou8220030-HHN, cache-fra-eddf8230037-FRA
traceparent: 00-0000000000000000000f119414a9c451-2b480bad9f9de638-01
x-timer: S1680275531.845753,VS0,VE1860
etag: W/"12642-EOoQ8Oh+synoBHnj1ZSaaTN25fM"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: Server-Timing
cache-control: public, max-age=3600, s-maxage=10800
accept-ranges: bytes
x-cache-hits: 0, 0

GET
H2 200 buttons Show response
www.sandbox.paypal.com/smart/ Frame B447 407 KB
126 KB 541ms
500ms Document
text/html 151.101.129.21
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.sandbox.paypal.com/smart/buttons?style.layout=vertical&style.color=gold&style.shape=rect&style.tagline=false&style.menuPlacement=below&sdkVersion=5.0.360&components.0=buttons&locale.country=US&locale.lang=en&sdkMeta=eyJ1cmwiOiJodHRwczovL3d3dy5wYXlwYWwuY29tL3Nkay9qcz9jbGllbnQtaWQ9QVhoX1NqaVlobzY1Zmhab0tHU1hSbGxibnZuc3hPZkowaUxWNUJMTmNJZW5oWU9PWl81QUJKSlN0a2IwVDB0Z3B4ZDIyRFRTa2xycXVPYUImY3VycmVuY3k9VVNEIiwiYXR0cnMiOnsiZGF0YS11aWQiOiJ1aWRfa29yZnFrcmRqcnJibnJ5aXNlamxqZnJkY2NscHpmIn19&clientID=AXh_SjiYho65fhZoKGSXRllbnvnsxOfJ0iLV5BLNcIenhYOOZ_5ABJJStkb0T0tgpxd22DTSklrquOaB&sdkCorrelationID=f372267f26d67&storageID=uid_ba46fc1eb8_mtu6mti6mti&sessionID=uid_81e1d041a9_mtu6mti6mti&buttonSessionID=uid_338fb840f1_mtu6mti6mti&env=sandbox&buttonSize=huge&fundingEligibility=eyJwYXlwYWwiOnsiZWxpZ2libGUiOnRydWUsInZhdWx0YWJsZSI6dHJ1ZX0sInBheWxhdGVyIjp7ImVsaWdpYmxlIjpmYWxzZSwicHJvZHVjdHMiOnsicGF5SW4zIjp7ImVsaWdpYmxlIjpmYWxzZSwidmFyaWFudCI6bnVsbH0sInBheUluNCI6eyJlbGlnaWJsZSI6ZmFsc2UsInZhcmlhbnQiOm51bGx9LCJwYXlsYXRlciI6eyJlbGlnaWJsZSI6ZmFsc2UsInZhcmlhbnQiOm51bGx9fX0sImNhcmQiOnsiZWxpZ2libGUiOnRydWUsImJyYW5kZWQiOmZhbHNlLCJpbnN0YWxsbWVudHMiOmZhbHNlLCJ2ZW5kb3JzIjp7InZpc2EiOnsiZWxpZ2libGUiOnRydWUsInZhdWx0YWJsZSI6dHJ1ZX0sIm1hc3RlcmNhcmQiOnsiZWxpZ2libGUiOnRydWUsInZhdWx0YWJsZSI6dHJ1ZX0sImFtZXgiOnsiZWxpZ2libGUiOnRydWUsInZhdWx0YWJsZSI6dHJ1ZX0sImRpc2NvdmVyIjp7ImVsaWdpYmxlIjpmYWxzZSwidmF1bHRhYmxlIjp0cnVlfSwiaGlwZXIiOnsiZWxpZ2libGUiOmZhbHNlLCJ2YXVsdGFibGUiOmZhbHNlfSwiZWxvIjp7ImVsaWdpYmxlIjpmYWxzZSwidmF1bHRhYmxlIjp0cnVlfSwiamNiIjp7ImVsaWdpYmxlIjpmYWxzZSwidmF1bHRhYmxlIjp0cnVlfX0sImd1ZXN0RW5hYmxlZCI6ZmFsc2V9LCJ2ZW5tbyI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJpdGF1Ijp7ImVsaWdpYmxlIjpmYWxzZX0sImNyZWRpdCI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJhcHBsZXBheSI6eyJlbGlnaWJsZSI6dHJ1ZX0sInNlcGEiOnsiZWxpZ2libGUiOnRydWV9LCJpZGVhbCI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJiYW5jb250YWN0Ijp7ImVsaWdpYmxlIjpmYWxzZX0sImdpcm9wYXkiOnsiZWxpZ2libGUiOnRydWV9LCJlcHMiOnsiZWxpZ2libGUiOmZhbHNlfSwic29mb3J0Ijp7ImVsaWdpYmxlIjp0cnVlfSwibXliYW5rIjp7ImVsaWdpYmxlIjpmYWxzZX0sInAyNCI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJ3ZWNoYXRwYXkiOnsiZWxpZ2libGUiOmZhbHNlfSwicGF5dSI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJibGlrIjp7ImVsaWdpYmxlIjpmYWxzZX0sInRydXN0bHkiOnsiZWxpZ2libGUiOmZhbHNlfSwib3h4byI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJib2xldG8iOnsiZWxpZ2libGUiOmZhbHNlfSwiYm9sZXRvYmFuY2FyaW8iOnsiZWxpZ2libGUiOmZhbHNlfSwibWVyY2Fkb3BhZ28iOnsiZWxpZ2libGUiOmZhbHNlfSwibXVsdGliYW5jbyI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJzYXRpc3BheSI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJwYWlkeSI6eyJlbGlnaWJsZSI6ZmFsc2V9fQ&platform=desktop&experiment.enableVenmo=false&experiment.enableVenmoAppLabel=false&flow=purchase&currency=USD&intent=capture&commit=true&vault=false&renderedButtons.0=paypal&renderedButtons.1=sepa&renderedButtons.2=giropay&renderedButtons.3=sofort&renderedButtons.4=card&debug=false&applePaySupport=false&supportsPopups=true&supportedNativeBrowser=false&experience=&allowBillingPayments=true

Requested by

Host: www.paypal.com
URL: https://www.paypal.com/sdk/js?client-id=AXh_SjiYho65fhZoKGSXRllbnvnsxOfJ0iLV5BLNcIenhYOOZ_5ABJJStkb0T0tgpxd22DTSklrquOaB&currency=USD

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.129.21 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

6ffc485e1f74de7f930ab820ba35d2ed647e9282dfd39847e619d2ae7bba33d0

Security Headers

Name	Value
Content-Security-Policy	form-action 'self' https://.paypal.com https://.cardinalcommerce.com; default-src 'self' https://.paypal.com https://.paypalobjects.com; connect-src 'self' https://.paypal.com: https://.paypalobjects.com https://.googleapis.com https://.firebaseio.com wss://.firebaseio.com https://api2.amplitude.com http://127.0.0.1:* https://.qualtrics.com; frame-src 'self' https://.paypal.com:* https://.paypalobjects.com https://.cardinalcommerce.com https://.firebaseapp.com https://.qualtrics.com; script-src 'self' https://.paypal.com: https://.paypalobjects.com 'unsafe-inline' 'unsafe-eval' https://apis.google.com; style-src 'self' https://.paypal.com:* https://.paypalobjects.com 'unsafe-inline'; font-src 'self' https://.paypal.com https://.paypalobjects.com data:; object-src 'none'; img-src https: data:; base-uri 'self' https://.paypal.com; upgrade-insecure-requests;
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://test.payment.indexx.ai/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ch: Sec-CH-UA-Full
accept-ranges: none
access-control-expose-headers: Server-Timing
cache-control: max-age=0, no-cache, no-store, must-revalidate
content-disposition: inline
content-encoding: gzip
content-security-policy: form-action 'self' https://*.paypal.com https://*.cardinalcommerce.com; default-src 'self' https://*.paypal.com https://*.paypalobjects.com; connect-src 'self' https://*.paypal.com:* https://*.paypalobjects.com https://*.googleapis.com https://*.firebaseio.com wss://*.firebaseio.com https://api2.amplitude.com http://127.0.0.1:* https://*.qualtrics.com; frame-src 'self' https://*.paypal.com:* https://*.paypalobjects.com https://*.cardinalcommerce.com https://*.firebaseapp.com https://*.qualtrics.com; script-src 'self' https://*.paypal.com:* https://*.paypalobjects.com 'unsafe-inline' 'unsafe-eval' https://apis.google.com; style-src 'self' https://*.paypal.com:* https://*.paypalobjects.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com data:; object-src 'none'; img-src https: data:; base-uri 'self' https://*.paypal.com; upgrade-insecure-requests;
content-type: text/html; charset=utf-8
date: Fri, 31 Mar 2023 15:12:13 GMT
etag: W/W/"65acb-TO3iioujpeAr6DXYHerbojEKFX0"
origin-trial: AlIogV3KFtnbfVCyl9Z2NprE7FD8PYCt+TQiYdE3ppeJjJ0xJKcthYwOxXpRCNopxVWdOIENMcNSvQCGAmj0fw0AAAB2eyJvcmlnaW4iOiJodHRwczovL3BheXBhbC5jb206NDQzIiwiZmVhdHVyZSI6IlNlbmRGdWxsVXNlckFnZW50QWZ0ZXJSZWR1Y3Rpb24iLCJleHBpcnkiOjE2ODQ4ODYzOTksImlzU3ViZG9tYWluIjp0cnVlfQ==
p3p: true
paypal-debug-id: f598107d16df4
server-timing: traceparent;desc="00-0000000000000000000f598107d16df4-ff559ef0c4efaebb-01"
strict-transport-security: max-age=63072000; includeSubDomains; preload
vary: Accept-Encoding
via: 1.1 varnish
x-cache: MISS
x-cache-hits: 0
x-content-type-options: nosniff
x-csrf-jwt: __blank__
x-served-by: cache-fra-eddf8230026-FRA
x-timer: S1680275533.898120,VS0,VE480
x-xss-protection: 1; mode=block

GET
H2 200 paypal-blue.svg
www.paypalobjects.com/js-sdk-logos/2.2.6/ Frame 27E3 3 KB
1 KB 52ms
10ms Image
image/svg+xml 151.101.130.133
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.paypalobjects.com/js-sdk-logos/2.2.6/paypal-blue.svg

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.130.133 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

25b02175cc0a4e36fda24db4b7de40009feb7b31f18fe3c77423a2169929b94b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31557600
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Fri, 31 Mar 2023 15:12:12 GMT
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
x-content-type-options: nosniff
strict-transport-security: max-age=31557600
x-cache: HIT, HIT
paypal-debug-id: 267ce3849f9d9
dc: ccg11-origin-www-1.paypal.com
content-length: 1217
x-served-by: cache-sjc10040-SJC, cache-fra-eddf8230036-FRA
last-modified: Tue, 07 Mar 2023 16:08:03 GMT
traceparent: 00-0000000000000000000267ce3849f9d9-602548d07483def4-01
x-timer: S1680275533.899092,VS0,VE0
etag: W/"64076163-cc2"
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: s-maxage=31536000, public,max-age=3600
accept-ranges: bytes
timing-allow-origin: https://www.paypal.com,https://www.sandbox.paypal.com
x-cache-hits: 5, 32463

GET
H2 200 sepa-default.svg
www.paypalobjects.com/js-sdk-logos/2.2.6/ Frame 27E3 9 KB
4 KB 52ms
11ms Image
image/svg+xml 151.101.130.133
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.paypalobjects.com/js-sdk-logos/2.2.6/sepa-default.svg

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.130.133 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

e0d38886fe77a4f965380f314f56745ee497d565a4918afb98fc0f8823de25b6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31557600
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Fri, 31 Mar 2023 15:12:12 GMT
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
x-content-type-options: nosniff
strict-transport-security: max-age=31557600
x-cache: HIT, HIT
paypal-debug-id: d99ffd34ac4e2
dc: ccg11-origin-www-1.paypal.com
content-length: 3268
x-served-by: cache-sjc10083-SJC, cache-fra-eddf8230036-FRA
last-modified: Tue, 07 Mar 2023 16:08:03 GMT
traceparent: 00-0000000000000000000d99ffd34ac4e2-843a651b8203c3b0-01
x-timer: S1680275533.898258,VS0,VE0
etag: W/"64076163-2204"
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: s-maxage=31536000, public,max-age=3600
accept-ranges: bytes
timing-allow-origin: https://www.paypal.com,https://www.sandbox.paypal.com
x-cache-hits: 115, 13

GET
H2 200 giropay-default.svg
www.paypalobjects.com/js-sdk-logos/2.2.6/ Frame 27E3 4 KB
2 KB 50ms
9ms Image
image/svg+xml 151.101.130.133
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.paypalobjects.com/js-sdk-logos/2.2.6/giropay-default.svg

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.130.133 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

07f6b880cfa8dfe89bf94553045a063a4d0204282b27f793a6b9af1d084881c6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31557600
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Fri, 31 Mar 2023 15:12:12 GMT
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
x-content-type-options: nosniff
strict-transport-security: max-age=31557600
x-cache: HIT, HIT
paypal-debug-id: ecf915c79aab7
dc: ccg11-origin-www-1.paypal.com
content-length: 1577
x-served-by: cache-sjc10039-SJC, cache-fra-eddf8230036-FRA
last-modified: Tue, 07 Mar 2023 16:08:03 GMT
traceparent: 00-0000000000000000000ecf915c79aab7-37fb4c82779a8dc6-01
x-timer: S1680275533.898273,VS0,VE1
etag: W/"64076163-ed4"
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: s-maxage=31536000, public,max-age=3600
accept-ranges: bytes
timing-allow-origin: https://www.paypal.com,https://www.sandbox.paypal.com
x-cache-hits: 118, 3

GET
H2 200 sofort-default.svg
www.paypalobjects.com/js-sdk-logos/2.2.6/ Frame 27E3 2 KB
2 KB 48ms
8ms Image
image/svg+xml 151.101.130.133
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.paypalobjects.com/js-sdk-logos/2.2.6/sofort-default.svg

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.130.133 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

aa36dc4164bef3a7b5007ecad5fed164b0c85feb478890782c6cb59bc56d6afa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31557600
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Fri, 31 Mar 2023 15:12:12 GMT
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
x-content-type-options: nosniff
strict-transport-security: max-age=31557600
x-cache: HIT, HIT
paypal-debug-id: 679a2586fc208
dc: ccg11-origin-www-1.paypal.com
content-length: 1109
x-served-by: cache-sjc10058-SJC, cache-fra-eddf8230036-FRA
last-modified: Tue, 07 Mar 2023 16:08:03 GMT
traceparent: 00-0000000000000000000679a2586fc208-349b0ed1fd2cb440-01
x-timer: S1680275533.898274,VS0,VE0
etag: W/"64076163-9d6"
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: s-maxage=31536000, public,max-age=3600
accept-ranges: bytes
timing-allow-origin: https://www.paypal.com,https://www.sandbox.paypal.com
x-cache-hits: 2, 3

GET
H2 200 card-white.svg
www.paypalobjects.com/js-sdk-logos/2.2.6/ Frame 27E3 1 KB
812 B 49ms
8ms Image
image/svg+xml 151.101.130.133
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.paypalobjects.com/js-sdk-logos/2.2.6/card-white.svg

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.130.133 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

1c4c2e6fd8a12889bc2ab350338566579ae079850e59701c8bf55ba52abd4d6b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31557600
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Fri, 31 Mar 2023 15:12:12 GMT
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
x-content-type-options: nosniff
strict-transport-security: max-age=31557600
x-cache: HIT, HIT
paypal-debug-id: 5d6f6aaf69b61
dc: ccg11-origin-www-1.paypal.com
content-length: 637
x-served-by: cache-sjc10079-SJC, cache-fra-eddf8230036-FRA
last-modified: Tue, 07 Mar 2023 16:08:03 GMT
traceparent: 00-00000000000000000005d6f6aaf69b61-6acb63c976c444e6-01
x-timer: S1680275533.898638,VS0,VE0
etag: W/"64076163-54e"
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: s-maxage=31536000, public,max-age=3600
accept-ranges: bytes
timing-allow-origin: https://www.paypal.com,https://www.sandbox.paypal.com
x-cache-hits: 20, 11

POST
H2 200 logger Show response
www.sandbox.paypal.com/xoplatform/logger/api/ 1000 B
1 KB 246ms
245ms XHR
application/json 151.101.129.21
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.sandbox.paypal.com/xoplatform/logger/api/logger

Requested by

Host: www.paypal.com
URL: https://www.paypal.com/sdk/js?client-id=AXh_SjiYho65fhZoKGSXRllbnvnsxOfJ0iLV5BLNcIenhYOOZ_5ABJJStkb0T0tgpxd22DTSklrquOaB&currency=USD

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.129.21 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

ea80efbad9ed271d66236ed13036d971e4d6afafd86ed9b04e3de9e452521536

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept: application/json
Referer: https://test.payment.indexx.ai/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36
content-type: application/json

Response headers

date: Fri, 31 Mar 2023 15:12:13 GMT
via: 1.1 varnish
x-content-type-options: nosniff
strict-transport-security: max-age=63072000; includeSubDomains; preload
content-encoding: br
x-cache: MISS
paypal-debug-id: f5981076ad2f8
x-served-by: cache-fra-eddf8230109-FRA
accept-ch: Sec-CH-UA-Full
x-timer: S1680275533.129822,VS0,VE227
etag: W/"3e8-Ab8R7qNfSGncqlo8xWCV1b7a/VI"
vary: Accept-Encoding
content-type: application/json; charset=utf-8
access-control-allow-origin: https://test.payment.indexx.ai
cache-control: max-age=0, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
origin-trial: AlIogV3KFtnbfVCyl9Z2NprE7FD8PYCt+TQiYdE3ppeJjJ0xJKcthYwOxXpRCNopxVWdOIENMcNSvQCGAmj0fw0AAAB2eyJvcmlnaW4iOiJodHRwczovL3BheXBhbC5jb206NDQzIiwiZmVhdHVyZSI6IlNlbmRGdWxsVXNlckFnZW50QWZ0ZXJSZWR1Y3Rpb24iLCJleHBpcnkiOjE2ODQ4ODYzOTksImlzU3ViZG9tYWluIjp0cnVlfQ==
accept-ranges: none
x-cache-hits: 0

OPTIONS
H2 200 logger
www.sandbox.paypal.com/xoplatform/logger/api/ Frame 0
0 252ms
227ms Preflight 151.101.129.21
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.sandbox.paypal.com/xoplatform/logger/api/logger

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.129.21 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://test.payment.indexx.ai
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

accept-ch: Sec-CH-UA-Full
accept-ranges: none
access-control-allow-credentials: true
access-control-allow-headers: content-type
access-control-allow-methods: POST
access-control-allow-origin: https://test.payment.indexx.ai
cache-control: max-age=0, no-cache, no-store, must-revalidate
content-encoding: br
date: Fri, 31 Mar 2023 15:12:13 GMT
origin-trial: AlIogV3KFtnbfVCyl9Z2NprE7FD8PYCt+TQiYdE3ppeJjJ0xJKcthYwOxXpRCNopxVWdOIENMcNSvQCGAmj0fw0AAAB2eyJvcmlnaW4iOiJodHRwczovL3BheXBhbC5jb206NDQzIiwiZmVhdHVyZSI6IlNlbmRGdWxsVXNlckFnZW50QWZ0ZXJSZWR1Y3Rpb24iLCJleHBpcnkiOjE2ODQ4ODYzOTksImlzU3ViZG9tYWluIjp0cnVlfQ==
paypal-debug-id: f598107e98199
strict-transport-security: max-age=63072000; includeSubDomains; preload
vary: accept-encoding
via: 1.1 varnish
x-cache: MISS
x-cache-hits: 0
x-content-type-options: nosniff
x-served-by: cache-fra-eddf8230109-FRA
x-timer: S1680275533.897786,VS0,VE220

GET
DATA 200
OK truncated
/ Frame B447 3 KB
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 25b02175cc0a4e36fda24db4b7de40009feb7b31f18fe3c77423a2169929b94b

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ Frame B447 9 KB
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e0d38886fe77a4f965380f314f56745ee497d565a4918afb98fc0f8823de25b6

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ Frame B447 4 KB
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 07f6b880cfa8dfe89bf94553045a063a4d0204282b27f793a6b9af1d084881c6

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ Frame B447 2 KB
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: aa36dc4164bef3a7b5007ecad5fed164b0c85feb478890782c6cb59bc56d6afa

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ Frame B447 1 KB
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 1c4c2e6fd8a12889bc2ab350338566579ae079850e59701c8bf55ba52abd4d6b

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H2 200 js Show response
www.paypal.com/sdk/ Frame B447 271 KB
74 KB 10ms
9ms Script
application/javascript 151.101.193.21
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.paypal.com/sdk/js?client-id=AXh_SjiYho65fhZoKGSXRllbnvnsxOfJ0iLV5BLNcIenhYOOZ_5ABJJStkb0T0tgpxd22DTSklrquOaB&currency=USD

Requested by

Host: www.sandbox.paypal.com
URL: https://www.sandbox.paypal.com/smart/buttons?style.layout=vertical&style.color=gold&style.shape=rect&style.tagline=false&style.menuPlacement=below&sdkVersion=5.0.360&components.0=buttons&locale.country=US&locale.lang=en&sdkMeta=eyJ1cmwiOiJodHRwczovL3d3dy5wYXlwYWwuY29tL3Nkay9qcz9jbGllbnQtaWQ9QVhoX1NqaVlobzY1Zmhab0tHU1hSbGxibnZuc3hPZkowaUxWNUJMTmNJZW5oWU9PWl81QUJKSlN0a2IwVDB0Z3B4ZDIyRFRTa2xycXVPYUImY3VycmVuY3k9VVNEIiwiYXR0cnMiOnsiZGF0YS11aWQiOiJ1aWRfa29yZnFrcmRqcnJibnJ5aXNlamxqZnJkY2NscHpmIn19&clientID=AXh_SjiYho65fhZoKGSXRllbnvnsxOfJ0iLV5BLNcIenhYOOZ_5ABJJStkb0T0tgpxd22DTSklrquOaB&sdkCorrelationID=f372267f26d67&storageID=uid_ba46fc1eb8_mtu6mti6mti&sessionID=uid_81e1d041a9_mtu6mti6mti&buttonSessionID=uid_338fb840f1_mtu6mti6mti&env=sandbox&buttonSize=huge&fundingEligibility=eyJwYXlwYWwiOnsiZWxpZ2libGUiOnRydWUsInZhdWx0YWJsZSI6dHJ1ZX0sInBheWxhdGVyIjp7ImVsaWdpYmxlIjpmYWxzZSwicHJvZHVjdHMiOnsicGF5SW4zIjp7ImVsaWdpYmxlIjpmYWxzZSwidmFyaWFudCI6bnVsbH0sInBheUluNCI6eyJlbGlnaWJsZSI6ZmFsc2UsInZhcmlhbnQiOm51bGx9LCJwYXlsYXRlciI6eyJlbGlnaWJsZSI6ZmFsc2UsInZhcmlhbnQiOm51bGx9fX0sImNhcmQiOnsiZWxpZ2libGUiOnRydWUsImJyYW5kZWQiOmZhbHNlLCJpbnN0YWxsbWVudHMiOmZhbHNlLCJ2ZW5kb3JzIjp7InZpc2EiOnsiZWxpZ2libGUiOnRydWUsInZhdWx0YWJsZSI6dHJ1ZX0sIm1hc3RlcmNhcmQiOnsiZWxpZ2libGUiOnRydWUsInZhdWx0YWJsZSI6dHJ1ZX0sImFtZXgiOnsiZWxpZ2libGUiOnRydWUsInZhdWx0YWJsZSI6dHJ1ZX0sImRpc2NvdmVyIjp7ImVsaWdpYmxlIjpmYWxzZSwidmF1bHRhYmxlIjp0cnVlfSwiaGlwZXIiOnsiZWxpZ2libGUiOmZhbHNlLCJ2YXVsdGFibGUiOmZhbHNlfSwiZWxvIjp7ImVsaWdpYmxlIjpmYWxzZSwidmF1bHRhYmxlIjp0cnVlfSwiamNiIjp7ImVsaWdpYmxlIjpmYWxzZSwidmF1bHRhYmxlIjp0cnVlfX0sImd1ZXN0RW5hYmxlZCI6ZmFsc2V9LCJ2ZW5tbyI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJpdGF1Ijp7ImVsaWdpYmxlIjpmYWxzZX0sImNyZWRpdCI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJhcHBsZXBheSI6eyJlbGlnaWJsZSI6dHJ1ZX0sInNlcGEiOnsiZWxpZ2libGUiOnRydWV9LCJpZGVhbCI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJiYW5jb250YWN0Ijp7ImVsaWdpYmxlIjpmYWxzZX0sImdpcm9wYXkiOnsiZWxpZ2libGUiOnRydWV9LCJlcHMiOnsiZWxpZ2libGUiOmZhbHNlfSwic29mb3J0Ijp7ImVsaWdpYmxlIjp0cnVlfSwibXliYW5rIjp7ImVsaWdpYmxlIjpmYWxzZX0sInAyNCI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJ3ZWNoYXRwYXkiOnsiZWxpZ2libGUiOmZhbHNlfSwicGF5dSI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJibGlrIjp7ImVsaWdpYmxlIjpmYWxzZX0sInRydXN0bHkiOnsiZWxpZ2libGUiOmZhbHNlfSwib3h4byI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJib2xldG8iOnsiZWxpZ2libGUiOmZhbHNlfSwiYm9sZXRvYmFuY2FyaW8iOnsiZWxpZ2libGUiOmZhbHNlfSwibWVyY2Fkb3BhZ28iOnsiZWxpZ2libGUiOmZhbHNlfSwibXVsdGliYW5jbyI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJzYXRpc3BheSI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJwYWlkeSI6eyJlbGlnaWJsZSI6ZmFsc2V9fQ&platform=desktop&experiment.enableVenmo=false&experiment.enableVenmoAppLabel=false&flow=purchase&currency=USD&intent=capture&commit=true&vault=false&renderedButtons.0=paypal&renderedButtons.1=sepa&renderedButtons.2=giropay&renderedButtons.3=sofort&renderedButtons.4=card&debug=false&applePaySupport=false&supportsPopups=true&supportedNativeBrowser=false&experience=&allowBillingPayments=true

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.193.21 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

99890507ce7646fd3f8fa4ce24731b9c4b6be892f43cc3c1a828143d8b33c91f

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https://.paypal.com https://.paypalobjects.com; connect-src 'self' https://.paypal.com https://.paypalobjects.com https://.qualtrics.com; frame-src 'self' https://.paypal.com https://.paypalobjects.com https://.qualtrics.com; script-src 'nonce-u53Iy+LXDvmP+uI3pngAfBthY81qCocxVEUwZlABPhQaO/8X' 'self' https://.paypal.com https://.paypalobjects.com 'unsafe-inline'; style-src 'nonce-u53Iy+LXDvmP+uI3pngAfBthY81qCocxVEUwZlABPhQaO/8X' 'self' https://.paypal.com https://.paypalobjects.com 'unsafe-inline'; object-src 'none'; img-src https: data:; form-action 'self' https://.paypal.com; base-uri 'self' https://.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.sandbox.paypal.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

content-security-policy: default-src 'self' https://*.paypal.com https://*.paypalobjects.com; connect-src 'self' https://*.paypal.com https://*.paypalobjects.com https://*.qualtrics.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://*.qualtrics.com; script-src 'nonce-u53Iy+LXDvmP+uI3pngAfBthY81qCocxVEUwZlABPhQaO/8X' 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; style-src 'nonce-u53Iy+LXDvmP+uI3pngAfBthY81qCocxVEUwZlABPhQaO/8X' 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; object-src 'none'; img-src https: data:; form-action 'self' https://*.paypal.com; base-uri 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp
content-encoding: gzip
x-content-type-options: nosniff
date: Fri, 31 Mar 2023 15:12:13 GMT
via: 1.1 varnish, 1.1 varnish
strict-transport-security: max-age=63072000; includeSubDomains; preload
age: 2
x-cache: MISS, HIT
p3p: true
paypal-debug-id: f119414a9c451
server-timing: "traceparent;desc="00-0000000000000000000f119414a9c451-3545af02990b4300-01"";content-encoding;desc="gzip",x-cdn;desc="fastly"
dc: ccg11-origin-www-1.paypal.com
content-length: 75330
x-xss-protection: 1; mode=block
x-served-by: cache-hhn-etou8220030-HHN, cache-fra-eddf8230037-FRA
traceparent: 00-0000000000000000000f119414a9c451-2b480bad9f9de638-01
x-timer: S1680275534.546897,VS0,VE1
etag: W/"12642-EOoQ8Oh+synoBHnj1ZSaaTN25fM"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: Server-Timing
cache-control: public, max-age=3600, s-maxage=10800
accept-ranges: bytes
x-cache-hits: 0, 1

GET
H2 200 fb.js Show response
c.paypal.com/da/r/ Frame B447 59 KB
21 KB 50ms
8ms Script
application/javascript 151.101.129.35
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://c.paypal.com/da/r/fb.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.129.35 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

dcc49c76e2faccba32a3f6c2c419e8f6724a46f2ccd16c822be0bae10268294b

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.sandbox.paypal.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

x-cache-hits: 4, 1, 1929740
date: Fri, 31 Mar 2023 15:12:14 GMT
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish, 1.1 varnish
x-content-type-options: nosniff
strict-transport-security: max-age=63072000; includeSubDomains; preload
age: 5075060
x-cache: HIT, HIT, HIT
paypal-debug-id: 8d02b3197927f
server-timing: content-encoding;desc="gzip",x-cdn;desc="fastly"
dc: ccg11-origin-www-1.paypal.com
content-length: 20545
x-served-by: cache-sjc10074-SJC, cache-fra-eddf8230048-FRA, cache-fra-eddf8230068-FRA
last-modified: Tue, 31 Jan 2023 20:30:46 GMT
traceparent: 00-00000000000000000008d02b3197927f-a6cbabdc8c2b29e1-01
x-timer: S1680275534.251946,VS0,VE1
etag: W/"63d97a76-ecbf"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: *
cache-control: s-maxage=31536000, public,max-age=86400
access-control-allow-credentials: false
access-control-max-age: 86400
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 01 Apr 2023 15:12:14 GMT

POST
H2 200 graphql Show response
www.sandbox.paypal.com/ Frame B447 828 B
2 KB 536ms
535ms XHR
application/json 151.101.129.21
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.sandbox.paypal.com/graphql?GetApplepayConfig

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.129.21 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

d352d90478f72aab73d7d778ae5b2aa6e6850fa837dd02370137955b91d4e246

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https://.paypal.com https://.paypalobjects.com 'unsafe-inline'; script-src 'nonce-HnpxIPVWM8+PtsCedzh1BNIuYbgAq6ilwaM097/yi0Vyv/Ve' 'self' 'unsafe-inline' 'unsafe-eval' https://.paypal.com https://.paypalobjects.com; img-src 'self' * data: https://c.paypal.com; object-src 'none'; font-src 'self' https://.paypal.com https://.paypalobjects.com; frame-src 'self' https://.paypalobjects.com https://.paypal.com https://.qualtrics.com; connect-src 'self' 'unsafe-inline' https://.paypal.com https://.paypalobjects.com https://.qualtrics.com; base-uri 'self' https://.paypal.com; form-action 'self' https://.paypal.com; upgrade-insecure-requests;
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

x-app-name: smart-payment-buttons
accept: application/json
Referer: https://www.sandbox.paypal.com/smart/buttons?style.layout=vertical&style.color=gold&style.shape=rect&style.tagline=false&style.menuPlacement=below&sdkVersion=5.0.360&components.0=buttons&locale.country=US&locale.lang=en&sdkMeta=eyJ1cmwiOiJodHRwczovL3d3dy5wYXlwYWwuY29tL3Nkay9qcz9jbGllbnQtaWQ9QVhoX1NqaVlobzY1Zmhab0tHU1hSbGxibnZuc3hPZkowaUxWNUJMTmNJZW5oWU9PWl81QUJKSlN0a2IwVDB0Z3B4ZDIyRFRTa2xycXVPYUImY3VycmVuY3k9VVNEIiwiYXR0cnMiOnsiZGF0YS11aWQiOiJ1aWRfa29yZnFrcmRqcnJibnJ5aXNlamxqZnJkY2NscHpmIn19&clientID=AXh_SjiYho65fhZoKGSXRllbnvnsxOfJ0iLV5BLNcIenhYOOZ_5ABJJStkb0T0tgpxd22DTSklrquOaB&sdkCorrelationID=f372267f26d67&storageID=uid_ba46fc1eb8_mtu6mti6mti&sessionID=uid_81e1d041a9_mtu6mti6mti&buttonSessionID=uid_338fb840f1_mtu6mti6mti&env=sandbox&buttonSize=huge&fundingEligibility=eyJwYXlwYWwiOnsiZWxpZ2libGUiOnRydWUsInZhdWx0YWJsZSI6dHJ1ZX0sInBheWxhdGVyIjp7ImVsaWdpYmxlIjpmYWxzZSwicHJvZHVjdHMiOnsicGF5SW4zIjp7ImVsaWdpYmxlIjpmYWxzZSwidmFyaWFudCI6bnVsbH0sInBheUluNCI6eyJlbGlnaWJsZSI6ZmFsc2UsInZhcmlhbnQiOm51bGx9LCJwYXlsYXRlciI6eyJlbGlnaWJsZSI6ZmFsc2UsInZhcmlhbnQiOm51bGx9fX0sImNhcmQiOnsiZWxpZ2libGUiOnRydWUsImJyYW5kZWQiOmZhbHNlLCJpbnN0YWxsbWVudHMiOmZhbHNlLCJ2ZW5kb3JzIjp7InZpc2EiOnsiZWxpZ2libGUiOnRydWUsInZhdWx0YWJsZSI6dHJ1ZX0sIm1hc3RlcmNhcmQiOnsiZWxpZ2libGUiOnRydWUsInZhdWx0YWJsZSI6dHJ1ZX0sImFtZXgiOnsiZWxpZ2libGUiOnRydWUsInZhdWx0YWJsZSI6dHJ1ZX0sImRpc2NvdmVyIjp7ImVsaWdpYmxlIjpmYWxzZSwidmF1bHRhYmxlIjp0cnVlfSwiaGlwZXIiOnsiZWxpZ2libGUiOmZhbHNlLCJ2YXVsdGFibGUiOmZhbHNlfSwiZWxvIjp7ImVsaWdpYmxlIjpmYWxzZSwidmF1bHRhYmxlIjp0cnVlfSwiamNiIjp7ImVsaWdpYmxlIjpmYWxzZSwidmF1bHRhYmxlIjp0cnVlfX0sImd1ZXN0RW5hYmxlZCI6ZmFsc2V9LCJ2ZW5tbyI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJpdGF1Ijp7ImVsaWdpYmxlIjpmYWxzZX0sImNyZWRpdCI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJhcHBsZXBheSI6eyJlbGlnaWJsZSI6dHJ1ZX0sInNlcGEiOnsiZWxpZ2libGUiOnRydWV9LCJpZGVhbCI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJiYW5jb250YWN0Ijp7ImVsaWdpYmxlIjpmYWxzZX0sImdpcm9wYXkiOnsiZWxpZ2libGUiOnRydWV9LCJlcHMiOnsiZWxpZ2libGUiOmZhbHNlfSwic29mb3J0Ijp7ImVsaWdpYmxlIjp0cnVlfSwibXliYW5rIjp7ImVsaWdpYmxlIjpmYWxzZX0sInAyNCI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJ3ZWNoYXRwYXkiOnsiZWxpZ2libGUiOmZhbHNlfSwicGF5dSI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJibGlrIjp7ImVsaWdpYmxlIjpmYWxzZX0sInRydXN0bHkiOnsiZWxpZ2libGUiOmZhbHNlfSwib3h4byI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJib2xldG8iOnsiZWxpZ2libGUiOmZhbHNlfSwiYm9sZXRvYmFuY2FyaW8iOnsiZWxpZ2libGUiOmZhbHNlfSwibWVyY2Fkb3BhZ28iOnsiZWxpZ2libGUiOmZhbHNlfSwibXVsdGliYW5jbyI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJzYXRpc3BheSI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJwYWlkeSI6eyJlbGlnaWJsZSI6ZmFsc2V9fQ&platform=desktop&experiment.enableVenmo=false&experiment.enableVenmoAppLabel=false&flow=purchase&currency=USD&intent=capture&commit=true&vault=false&renderedButtons.0=paypal&renderedButtons.1=sepa&renderedButtons.2=giropay&renderedButtons.3=sofort&renderedButtons.4=card&debug=false&applePaySupport=false&supportsPopups=true&supportedNativeBrowser=false&experience=&allowBillingPayments=true
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36
content-type: application/json

Response headers

content-security-policy: default-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; script-src 'nonce-HnpxIPVWM8+PtsCedzh1BNIuYbgAq6ilwaM097/yi0Vyv/Ve' 'self' 'unsafe-inline' 'unsafe-eval' https://*.paypal.com https://*.paypalobjects.com; img-src 'self' * data: https://c.paypal.com; object-src 'none'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypalobjects.com https://*.paypal.com https://*.qualtrics.com; connect-src 'self' 'unsafe-inline' https://*.paypal.com https://*.paypalobjects.com https://*.qualtrics.com; base-uri 'self' https://*.paypal.com; form-action 'self' https://*.paypal.com; upgrade-insecure-requests;
date: Fri, 31 Mar 2023 15:12:14 GMT
x-content-type-options: nosniff
strict-transport-security: max-age=63072000; includeSubDomains; preload
via: 1.1 varnish
content-encoding: br
x-cache: MISS
paypal-debug-id: f4573595c5ecd
x-xss-protection: 1; mode=block
x-served-by: cache-fra-eddf8230026-FRA
accept-ch: Sec-CH-UA-Full
x-timer: S1680275534.212275,VS0,VE529
etag: W/W/"33c-LdfogcucimHd9WEjEnGCdvqLfSk"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.sandbox.paypal.com
cache-control: max-age=0, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
origin-trial: AlIogV3KFtnbfVCyl9Z2NprE7FD8PYCt+TQiYdE3ppeJjJ0xJKcthYwOxXpRCNopxVWdOIENMcNSvQCGAmj0fw0AAAB2eyJvcmlnaW4iOiJodHRwczovL3BheXBhbC5jb206NDQzIiwiZmVhdHVyZSI6IlNlbmRGdWxsVXNlckFnZW50QWZ0ZXJSZWR1Y3Rpb24iLCJleHBpcnkiOjE2ODQ4ODYzOTksImlzU3ViZG9tYWluIjp0cnVlfQ==
accept-ranges: none
x-cache-hits: 0

GET
H2 200 i Show response
c.sandbox.paypal.com/v1/r/d/ Frame 6829 160 B
1 KB 255ms
214ms Document
text/html 151.101.129.21
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://c.sandbox.paypal.com/v1/r/d/i?js_src=https://c.paypal.com/da/r/fb.js

Requested by

Host: c.paypal.com
URL: https://c.paypal.com/da/r/fb.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.129.21 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

9321bc63a75b3ac6d384b411665b6e77a8b326a4b176ca2049872d3b5d4974f5

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.sandbox.paypal.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Platform, Sec-CH-UA, Sec-CH-UA-Full
accept-ranges: none
access-control-expose-headers: Server-Timing
cache-control: max-age=0, no-cache, no-store, must-revalidate
content-encoding: br
content-security-policy-report-only: default-src 'self' https://*.paypal.com https://*.paypalobjects.com; script-src 'self' https://*.paypal.com https://*.paypalobjects.com https://*.paypalinc.com https://www.facebook.com 'unsafe-eval' 'unsafe-inline' blob:; connect-src 'self' https://*.paypal.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com data:; img-src 'self' https: data:; form-action 'self' https://*.paypal.com; base-uri 'self' https://*.paypal.com; object-src 'self' https://*.paypal.com https://*.paypalobjects.com; report-uri https://www.paypal.com/csplog/api/log/csp
content-type: text/html;charset=UTF-8
correlation-id: f457359314a21
date: Fri, 31 Mar 2023 15:12:14 GMT
origin-trial: A+THamRrv1ypMR6JeaJx7Wmo8rytLELMAeCL0XGhTihfUtp+dVqcCNYiWxOzySlH2Xk7lzRrFY3mxv6viKT1qggAAACKeyJvcmlnaW4iOiJodHRwczovL3BheXBhbC5jb206NDQzIiwiZmVhdHVyZSI6IlNlbmRGdWxsVXNlckFnZW50QWZ0ZXJSZWR1Y3Rpb24iLCJleHBpcnkiOjE2ODQ4ODYzOTksImlzU3ViZG9tYWluIjp0cnVlLCJpc1RoaXJkUGFydHkiOnRydWV9
paypal-debug-id: f457359314a21
server-timing: traceparent;desc="00-0000000000000000000f457359314a21-7feb8e3110440f8c-01"
strict-transport-security: max-age=63072000; includeSubDomains; preload
vary: Accept-Encoding
via: 1.1 varnish
x-cache: MISS
x-cache-hits: 0
x-content-type-options: nosniff
x-served-by: cache-fra-eddf8230026-FRA
x-timer: S1680275534.322919,VS0,VE207
x-xss-protection: 1; mode=block

GET counter.cgi
b.sbox.stats.paypal.com/v2/ Frame 0DE2 0
0

POST
H2 200 logger
www.sandbox.paypal.com/xoplatform/logger/api/ Frame B447 1018 B
2 KB 258ms
257ms Ping
application/json 151.101.129.21
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.sandbox.paypal.com/xoplatform/logger/api/logger

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.129.21 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

5c5955cb50f08adffad8f88d59bc75d063a4b22440d53336fd29688403d679cc

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.sandbox.paypal.com/smart/buttons?style.layout=vertical&style.color=gold&style.shape=rect&style.tagline=false&style.menuPlacement=below&sdkVersion=5.0.360&components.0=buttons&locale.country=US&locale.lang=en&sdkMeta=eyJ1cmwiOiJodHRwczovL3d3dy5wYXlwYWwuY29tL3Nkay9qcz9jbGllbnQtaWQ9QVhoX1NqaVlobzY1Zmhab0tHU1hSbGxibnZuc3hPZkowaUxWNUJMTmNJZW5oWU9PWl81QUJKSlN0a2IwVDB0Z3B4ZDIyRFRTa2xycXVPYUImY3VycmVuY3k9VVNEIiwiYXR0cnMiOnsiZGF0YS11aWQiOiJ1aWRfa29yZnFrcmRqcnJibnJ5aXNlamxqZnJkY2NscHpmIn19&clientID=AXh_SjiYho65fhZoKGSXRllbnvnsxOfJ0iLV5BLNcIenhYOOZ_5ABJJStkb0T0tgpxd22DTSklrquOaB&sdkCorrelationID=f372267f26d67&storageID=uid_ba46fc1eb8_mtu6mti6mti&sessionID=uid_81e1d041a9_mtu6mti6mti&buttonSessionID=uid_338fb840f1_mtu6mti6mti&env=sandbox&buttonSize=huge&fundingEligibility=eyJwYXlwYWwiOnsiZWxpZ2libGUiOnRydWUsInZhdWx0YWJsZSI6dHJ1ZX0sInBheWxhdGVyIjp7ImVsaWdpYmxlIjpmYWxzZSwicHJvZHVjdHMiOnsicGF5SW4zIjp7ImVsaWdpYmxlIjpmYWxzZSwidmFyaWFudCI6bnVsbH0sInBheUluNCI6eyJlbGlnaWJsZSI6ZmFsc2UsInZhcmlhbnQiOm51bGx9LCJwYXlsYXRlciI6eyJlbGlnaWJsZSI6ZmFsc2UsInZhcmlhbnQiOm51bGx9fX0sImNhcmQiOnsiZWxpZ2libGUiOnRydWUsImJyYW5kZWQiOmZhbHNlLCJpbnN0YWxsbWVudHMiOmZhbHNlLCJ2ZW5kb3JzIjp7InZpc2EiOnsiZWxpZ2libGUiOnRydWUsInZhdWx0YWJsZSI6dHJ1ZX0sIm1hc3RlcmNhcmQiOnsiZWxpZ2libGUiOnRydWUsInZhdWx0YWJsZSI6dHJ1ZX0sImFtZXgiOnsiZWxpZ2libGUiOnRydWUsInZhdWx0YWJsZSI6dHJ1ZX0sImRpc2NvdmVyIjp7ImVsaWdpYmxlIjpmYWxzZSwidmF1bHRhYmxlIjp0cnVlfSwiaGlwZXIiOnsiZWxpZ2libGUiOmZhbHNlLCJ2YXVsdGFibGUiOmZhbHNlfSwiZWxvIjp7ImVsaWdpYmxlIjpmYWxzZSwidmF1bHRhYmxlIjp0cnVlfSwiamNiIjp7ImVsaWdpYmxlIjpmYWxzZSwidmF1bHRhYmxlIjp0cnVlfX0sImd1ZXN0RW5hYmxlZCI6ZmFsc2V9LCJ2ZW5tbyI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJpdGF1Ijp7ImVsaWdpYmxlIjpmYWxzZX0sImNyZWRpdCI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJhcHBsZXBheSI6eyJlbGlnaWJsZSI6dHJ1ZX0sInNlcGEiOnsiZWxpZ2libGUiOnRydWV9LCJpZGVhbCI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJiYW5jb250YWN0Ijp7ImVsaWdpYmxlIjpmYWxzZX0sImdpcm9wYXkiOnsiZWxpZ2libGUiOnRydWV9LCJlcHMiOnsiZWxpZ2libGUiOmZhbHNlfSwic29mb3J0Ijp7ImVsaWdpYmxlIjp0cnVlfSwibXliYW5rIjp7ImVsaWdpYmxlIjpmYWxzZX0sInAyNCI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJ3ZWNoYXRwYXkiOnsiZWxpZ2libGUiOmZhbHNlfSwicGF5dSI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJibGlrIjp7ImVsaWdpYmxlIjpmYWxzZX0sInRydXN0bHkiOnsiZWxpZ2libGUiOmZhbHNlfSwib3h4byI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJib2xldG8iOnsiZWxpZ2libGUiOmZhbHNlfSwiYm9sZXRvYmFuY2FyaW8iOnsiZWxpZ2libGUiOmZhbHNlfSwibWVyY2Fkb3BhZ28iOnsiZWxpZ2libGUiOmZhbHNlfSwibXVsdGliYW5jbyI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJzYXRpc3BheSI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJwYWlkeSI6eyJlbGlnaWJsZSI6ZmFsc2V9fQ&platform=desktop&experiment.enableVenmo=false&experiment.enableVenmoAppLabel=false&flow=purchase&currency=USD&intent=capture&commit=true&vault=false&renderedButtons.0=paypal&renderedButtons.1=sepa&renderedButtons.2=giropay&renderedButtons.3=sofort&renderedButtons.4=card&debug=false&applePaySupport=false&supportsPopups=true&supportedNativeBrowser=false&experience=&allowBillingPayments=true
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36
Content-Type: application/json

Response headers

date: Fri, 31 Mar 2023 15:12:14 GMT
via: 1.1 varnish
x-content-type-options: nosniff
strict-transport-security: max-age=63072000; includeSubDomains; preload
content-encoding: br
x-cache: MISS
paypal-debug-id: f457359c1673d
x-served-by: cache-fra-eddf8230026-FRA
accept-ch: Sec-CH-UA-Full
x-timer: S1680275534.290194,VS0,VE245
etag: W/W/"3fa-dR8t5K8ouhjmBwOnhVr0Bx9PSRQ"
vary: Accept-Encoding
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.sandbox.paypal.com
cache-control: max-age=0, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
origin-trial: AlIogV3KFtnbfVCyl9Z2NprE7FD8PYCt+TQiYdE3ppeJjJ0xJKcthYwOxXpRCNopxVWdOIENMcNSvQCGAmj0fw0AAAB2eyJvcmlnaW4iOiJodHRwczovL3BheXBhbC5jb206NDQzIiwiZmVhdHVyZSI6IlNlbmRGdWxsVXNlckFnZW50QWZ0ZXJSZWR1Y3Rpb24iLCJleHBpcnkiOjE2ODQ4ODYzOTksImlzU3ViZG9tYWluIjp0cnVlfQ==
accept-ranges: none
x-cache-hits: 0

GET
H2 200 fb.js Show response
c.paypal.com/da/r/ Frame 6829 59 KB
20 KB 9ms
8ms Script
application/javascript 151.101.129.35
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://c.paypal.com/da/r/fb.js

Requested by

Host: c.sandbox.paypal.com
URL: https://c.sandbox.paypal.com/v1/r/d/i?js_src=https://c.paypal.com/da/r/fb.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.129.35 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

dcc49c76e2faccba32a3f6c2c419e8f6724a46f2ccd16c822be0bae10268294b

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://c.sandbox.paypal.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

x-cache-hits: 4, 1, 1929741
date: Fri, 31 Mar 2023 15:12:14 GMT
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish, 1.1 varnish
x-content-type-options: nosniff
strict-transport-security: max-age=63072000; includeSubDomains; preload
age: 5075061
x-cache: HIT, HIT, HIT
paypal-debug-id: 8d02b3197927f
server-timing: content-encoding;desc="gzip",x-cdn;desc="fastly"
dc: ccg11-origin-www-1.paypal.com
content-length: 20545
x-served-by: cache-sjc10074-SJC, cache-fra-eddf8230048-FRA, cache-fra-eddf8230068-FRA
last-modified: Tue, 31 Jan 2023 20:30:46 GMT
traceparent: 00-00000000000000000008d02b3197927f-a6cbabdc8c2b29e1-01
x-timer: S1680275535.568031,VS0,VE1
etag: W/"63d97a76-ecbf"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: *
cache-control: s-maxage=31536000, public,max-age=86400
access-control-allow-credentials: false
access-control-max-age: 86400
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 01 Apr 2023 15:12:14 GMT

POST p1
c.sandbox.paypal.com/v1/r/d/b/ Frame 6829 0
0

POST e
c.sandbox.paypal.com/v1/r/d/b/ Frame 6829 0
0

GET p3
c.sandbox.paypal.com/v1/r/d/b/ Frame 6829 0
0

POST logger
www.sandbox.paypal.com/xoplatform/logger/api/ Frame B447 0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: b.sbox.stats.paypal.com
URL: https://b.sbox.stats.paypal.com/v2/counter.cgi?p=uid_81e1d041a9_mtu6mti6mti&s=SMART_PAYMENT_BUTTONS

Domain: c.sandbox.paypal.com
URL: https://c.sandbox.paypal.com/v1/r/d/b/p1

Domain: c.sandbox.paypal.com
URL: https://c.sandbox.paypal.com/v1/r/d/b/e

Domain: c.sandbox.paypal.com
URL: https://c.sandbox.paypal.com/v1/r/d/b/p3?f=uid_81e1d041a9_mtu6mti6mti&s=SMART_PAYMENT_BUTTONS

Domain: www.sandbox.paypal.com
URL: https://www.sandbox.paypal.com/xoplatform/logger/api/logger

Verdicts & Comments Add Verdict or Comment

7 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

3 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.paypal.com/	1970-01-20 10:48:54	Name: tsrce Value: smartcomponentnodeweb
.paypal.com/	1970-01-20 20:20:35	Name: ts Value: vreXpYrS%3D1774969932%26vteXpYrS%3D1680277332%26vr%3D3839eca91870a60222b27571ef289e77%26vt%3D3839eca91870a60222b27571ef289e76%26vtyp%3Dnew
.paypal.com/	1970-01-20 20:20:35	Name: ts_c Value: vr%3D3839eca91870a60222b27571ef289e77%26vt%3D3839eca91870a60222b27571ef289e76

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://b.sbox.stats.paypal.com/v2/counter.cgi?p=uid_81e1d041a9_mtu6mti6mti&s=SMART_PAYMENT_BUTTONS Message: Failed to load resource: net::ERR_NAME_NOT_RESOLVED

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=31536000

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

b.sbox.stats.paypal.com
c.paypal.com
c.sandbox.paypal.com
test.payment.indexx.ai
www.paypal.com
www.paypalobjects.com
www.sandbox.paypal.com
b.sbox.stats.paypal.com
c.sandbox.paypal.com
www.sandbox.paypal.com
151.101.129.21
151.101.129.35
151.101.130.133
151.101.193.21
2600:1f18:2489:8201::c8
07f6b880cfa8dfe89bf94553045a063a4d0204282b27f793a6b9af1d084881c6
1c4c2e6fd8a12889bc2ab350338566579ae079850e59701c8bf55ba52abd4d6b
25b02175cc0a4e36fda24db4b7de40009feb7b31f18fe3c77423a2169929b94b
27bbdd6d997593e3ab55410decefe9da2200a00cb3e8118f0e3c924997b9fa83
3b07965dd1da5bf66589f9ec240333bc1ddd7b77edd1d647b8315b540c0b511d
5c5955cb50f08adffad8f88d59bc75d063a4b22440d53336fd29688403d679cc
6ffc485e1f74de7f930ab820ba35d2ed647e9282dfd39847e619d2ae7bba33d0
9321bc63a75b3ac6d384b411665b6e77a8b326a4b176ca2049872d3b5d4974f5
99890507ce7646fd3f8fa4ce24731b9c4b6be892f43cc3c1a828143d8b33c91f
aa36dc4164bef3a7b5007ecad5fed164b0c85feb478890782c6cb59bc56d6afa
d352d90478f72aab73d7d778ae5b2aa6e6850fa837dd02370137955b91d4e246
dcc49c76e2faccba32a3f6c2c419e8f6724a46f2ccd16c822be0bae10268294b
e0d38886fe77a4f965380f314f56745ee497d565a4918afb98fc0f8823de25b6
ea80efbad9ed271d66236ed13036d971e4d6afafd86ed9b04e3de9e452521536

test.payment.indexx.ai Open in urlscan Pro 2600:1f18:2489:8201::c8 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

22 Requests

77 %HTTPS

20 %IPv6

3 Domains

7 Subdomains

6 IPs

1 Countries

378 kBTransfer

1256 kBSize

3 Cookies

0 Outgoing links

Redirected requests

22 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 5 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

7 JavaScript Global Variables

3 Cookies

1 Console Messages

Security Headers

Indicators

test.payment.indexx.ai Open in urlscan Pro
2600:1f18:2489:8201::c8 Public Scan

Screenshot
Live screenshot

Full Image

22
Requests

77 %
HTTPS

20 %
IPv6

3
Domains

7
Subdomains

6
IPs

1
Countries

378 kB
Transfer

1256 kB
Size

3
Cookies

22 HTTP transactions
5 data transactions