urlscan.io logo urlscan.io
SecurityTrails logo

survey.paypalcredit.com Open in urlscan Pro
52.60.233.41  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://survey.paypalcredit.com/R.aspx?a=214&as=V4C0j86gJ5
Effective URL: https://survey.paypalcredit.com/S.aspx?s=215&r=bI4fq62Op0V5Sl3D0Tr9fB&so=true&a=214&as=V4C0j86gJ5
Submission Tags: phishing malicious Search All
Submission: On June 21 via api from US
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 3 IPs in 2 countries across 3 domains to perform 21 HTTP transactions. The main IP is 52.60.233.41, located in Montreal, Canada and belongs to AMAZON-02 - Amazon.com, Inc., US. The main domain is survey.paypalcredit.com.
TLS certificate: Issued by DigiCert SHA2 Extended Validation Ser... on May 21st 2018. Valid for: 2 years.
This is the only time survey.paypalcredit.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
12 52.60.233.41 16509 (AMAZON-02)
8 143.204.101.38 16509 (AMAZON-02)
1 143.204.101.76 16509 (AMAZON-02)
21 3
Domain Requested by
12 survey.paypalcredit.com survey.paypalcredit.com
static.global.visioncritical.com
8 static.global.visioncritical.com survey.paypalcredit.com
1 logo.visioncriticalpanels.com static.global.visioncritical.com
21 3

This site contains links to these domains. Also see Links.

Domain
www.visioncritical.com
marumatchbox.com
www.paypal.com
Subject Issuer Validity Valid
survey.paypalcredit.com
DigiCert SHA2 Extended Validation Server CA		 2018-05-21 -
2020-06-02		 2 years crt.sh
static.global.visioncritical.com
Amazon		 2018-09-20 -
2019-10-20		 a year crt.sh
logo.visioncriticalpanels.com
Amazon		 2018-11-08 -
2019-12-08		 a year crt.sh

This page contains 1 frames:

Primary Page: https://survey.paypalcredit.com/S.aspx?s=215&r=bI4fq62Op0V5Sl3D0Tr9fB&so=true&a=214&as=V4C0j86gJ5
Frame ID: 6E5784018A01CA8FF2BE059B9034451E
Requests: 21 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page URL History Show full URLs

  1. https://survey.paypalcredit.com/R.aspx?a=214&as=V4C0j86gJ5 Page URL
  2. https://survey.paypalcredit.com/S.aspx?s=215&r=bI4fq62Op0V5Sl3D0Tr9fB&so=true&a=214&as=V4C0j86gJ5 Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • url /\.aspx?(?:$|\?)/i
  • html /<input[^>]+name="__VIEWSTATE/i
Overall confidence: 100%
Detected patterns
  • url /\.aspx?(?:$|\?)/i
  • html /<input[^>]+name="__VIEWSTATE/i
Overall confidence: 100%
Detected patterns
  • script /require.*\.js/i
Overall confidence: 100%
Detected patterns
  • url /\.aspx?(?:$|\?)/i
  • html /<input[^>]+name="__VIEWSTATE/i
Overall confidence: 100%
Detected patterns
  • script /jquery[.-]([\d.]*\d)[^\/]*\.js/i
  • script /jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?/i
  • script /jquery[.-]migrate(?:-([\d.]+))?(?:\.min)?\.js(?:\?ver=([\d.]+))?/i
  • script /jquery-ui.*\.js/i
Overall confidence: 100%
Detected patterns
  • script /jquery[.-]migrate(?:-([\d.]+))?(?:\.min)?\.js(?:\?ver=([\d.]+))?/i
Overall confidence: 100%
Detected patterns
  • script /jquery-ui.*\.js/i

Page Statistics

21
Requests

100 %
HTTPS

0 %
IPv6

3
Domains

3
Subdomains

3
IPs

2
Countries

374 kB
Transfer

1148 kB
Size

1
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://survey.paypalcredit.com/R.aspx?a=214&as=V4C0j86gJ5 Page URL
  2. https://survey.paypalcredit.com/S.aspx?s=215&r=bI4fq62Op0V5Sl3D0Tr9fB&so=true&a=214&as=V4C0j86gJ5 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

21 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Cookie set R.aspx
survey.paypalcredit.com/ 		3 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://survey.paypalcredit.com/R.aspx?a=214&as=V4C0j86gJ5
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.60.233.41 Montreal, Canada, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
ec2-52-60-233-41.ca-central-1.compute.amazonaws.com
Software
/
Resource Hash
928434136078905ca673d6808bbb0ab20d6285237e0241ba9d86d38c4193c23e
Security Headers
Name Value
Strict-Transport-Security max-age=63072000
X-Content-Type-Options nosniff

Request headers

Host
survey.paypalcredit.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
Accept-Encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Fri, 21 Jun 2019 22:42:12 GMT
Content-Type
text/html; charset=utf-8
Transfer-Encoding
chunked
Connection
keep-alive
Cache-Control
private
Expires
Fri, 21 Jun 2019 22:42:12 GMT
Set-Cookie
ASP.NET_SessionId=nmic0fc10h0fsiqlxywafnln; path=/; secure; HttpOnly
Strict-Transport-Security
max-age=63072000
X-Content-Type-Options
nosniff
Content-Encoding
gzip
default.css
survey.paypalcredit.com/skin/css/ 		2 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://survey.paypalcredit.com/skin/css/default.css
Requested by
Host: survey.paypalcredit.com
URL: https://survey.paypalcredit.com/R.aspx?a=214&as=V4C0j86gJ5
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.60.233.41 Montreal, Canada, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
ec2-52-60-233-41.ca-central-1.compute.amazonaws.com
Software
/
Resource Hash
d2f59eb0ff7bd064505878963d4fa2a2e4972190129d9655a6383efcdaefc32f
Security Headers
Name Value
Strict-Transport-Security max-age=63072000
X-Content-Type-Options nosniff

Request headers

Referer
https://survey.paypalcredit.com/R.aspx?a=214&as=V4C0j86gJ5
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Fri, 21 Jun 2019 22:42:12 GMT
X-Content-Type-Options
nosniff
Last-Modified
Wed, 14 Dec 2016 17:36:15 GMT
ETag
"eeb11c923056d21:0"
Strict-Transport-Security
max-age=63072000
Content-Type
text/css
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
2020
surveyLayout.css
survey.paypalcredit.com/skin/css/ 		2 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://survey.paypalcredit.com/skin/css/surveyLayout.css
Requested by
Host: survey.paypalcredit.com
URL: https://survey.paypalcredit.com/R.aspx?a=214&as=V4C0j86gJ5
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.60.233.41 Montreal, Canada, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
ec2-52-60-233-41.ca-central-1.compute.amazonaws.com
Software
/
Resource Hash
d5ecd5c7748161f7ae70231f96e3e8758fc7b1329dfcace943bbd157ac29c339
Security Headers
Name Value
Strict-Transport-Security max-age=63072000
X-Content-Type-Options nosniff

Request headers

Referer
https://survey.paypalcredit.com/R.aspx?a=214&as=V4C0j86gJ5
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Fri, 21 Jun 2019 22:42:12 GMT
X-Content-Type-Options
nosniff
Last-Modified
Wed, 14 Dec 2016 17:27:17 GMT
ETag
"efd068512f56d21:0"
Strict-Transport-Security
max-age=63072000
Content-Type
text/css
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
2034
header-repeat.jpg
survey.paypalcredit.com/skin/images/ 		1 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://survey.paypalcredit.com/skin/images/header-repeat.jpg
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.60.233.41 Montreal, Canada, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
ec2-52-60-233-41.ca-central-1.compute.amazonaws.com
Software
/
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=63072000
X-Content-Type-Options nosniff

Request headers

Referer
https://survey.paypalcredit.com/skin/css/surveyLayout.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Fri, 21 Jun 2019 22:42:12 GMT
X-Content-Type-Options
nosniff
Last-Modified
Tue, 19 Aug 2014 17:34:26 GMT
ETag
"3c4f8d2d3bbcf1:0"
Strict-Transport-Security
max-age=63072000
Content-Type
image/jpeg
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
1185
header.jpg
survey.paypalcredit.com/skin/images/ 		13 KB
13 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://survey.paypalcredit.com/skin/images/header.jpg
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.60.233.41 Montreal, Canada, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
ec2-52-60-233-41.ca-central-1.compute.amazonaws.com
Software
/
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=63072000
X-Content-Type-Options nosniff

Request headers

Referer
https://survey.paypalcredit.com/skin/css/surveyLayout.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Fri, 21 Jun 2019 22:42:12 GMT
X-Content-Type-Options
nosniff
Last-Modified
Tue, 19 Aug 2014 23:18:25 GMT
ETag
"704a49e03bccf1:0"
Strict-Transport-Security
max-age=63072000
Content-Type
image/jpeg
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
12801
Primary Request S.aspx
survey.paypalcredit.com/ 		12 KB
4 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://survey.paypalcredit.com/S.aspx?s=215&r=bI4fq62Op0V5Sl3D0Tr9fB&so=true&a=214&as=V4C0j86gJ5
Requested by
Host: survey.paypalcredit.com
URL: https://survey.paypalcredit.com/R.aspx?a=214&as=V4C0j86gJ5
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.60.233.41 Montreal, Canada, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
ec2-52-60-233-41.ca-central-1.compute.amazonaws.com
Software
/
Resource Hash
dc2fe9908c707510261d641c1ce77196a701740084d820a23e635b2e433386a7
Security Headers
Name Value
Strict-Transport-Security max-age=63072000
X-Content-Type-Options nosniff

Request headers

Host
survey.paypalcredit.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
Referer
https://survey.paypalcredit.com/R.aspx?a=214&as=V4C0j86gJ5
Accept-Encoding
gzip, deflate, br
Cookie
ASP.NET_SessionId=nmic0fc10h0fsiqlxywafnln
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
https://survey.paypalcredit.com/R.aspx?a=214&as=V4C0j86gJ5

Response headers

Date
Fri, 21 Jun 2019 22:42:13 GMT
Content-Type
text/html; charset=utf-8
Transfer-Encoding
chunked
Connection
keep-alive
Cache-Control
private
Expires
Fri, 21 Jun 2019 22:42:13 GMT
Strict-Transport-Security
max-age=63072000
X-Content-Type-Options
nosniff
Content-Encoding
gzip
default.css
survey.paypalcredit.com/skin/css/ 		2 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://survey.paypalcredit.com/skin/css/default.css
Requested by
Host: survey.paypalcredit.com
URL: https://survey.paypalcredit.com/S.aspx?s=215&r=bI4fq62Op0V5Sl3D0Tr9fB&so=true&a=214&as=V4C0j86gJ5
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.60.233.41 Montreal, Canada, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
ec2-52-60-233-41.ca-central-1.compute.amazonaws.com
Software
/
Resource Hash
d2f59eb0ff7bd064505878963d4fa2a2e4972190129d9655a6383efcdaefc32f
Security Headers
Name Value
Strict-Transport-Security max-age=63072000
X-Content-Type-Options nosniff

Request headers

Referer
https://survey.paypalcredit.com/S.aspx?s=215&r=bI4fq62Op0V5Sl3D0Tr9fB&so=true&a=214&as=V4C0j86gJ5
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Fri, 21 Jun 2019 22:42:13 GMT
X-Content-Type-Options
nosniff
Last-Modified
Wed, 14 Dec 2016 17:36:15 GMT
ETag
"eeb11c923056d21:0"
Strict-Transport-Security
max-age=63072000
Content-Type
text/css
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
2020
surveyLayout.css
survey.paypalcredit.com/skin/css/ 		2 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://survey.paypalcredit.com/skin/css/surveyLayout.css
Requested by
Host: survey.paypalcredit.com
URL: https://survey.paypalcredit.com/S.aspx?s=215&r=bI4fq62Op0V5Sl3D0Tr9fB&so=true&a=214&as=V4C0j86gJ5
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.60.233.41 Montreal, Canada, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
ec2-52-60-233-41.ca-central-1.compute.amazonaws.com
Software
/
Resource Hash
d5ecd5c7748161f7ae70231f96e3e8758fc7b1329dfcace943bbd157ac29c339
Security Headers
Name Value
Strict-Transport-Security max-age=63072000
X-Content-Type-Options nosniff

Request headers

Referer
https://survey.paypalcredit.com/S.aspx?s=215&r=bI4fq62Op0V5Sl3D0Tr9fB&so=true&a=214&as=V4C0j86gJ5
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Fri, 21 Jun 2019 22:42:13 GMT
X-Content-Type-Options
nosniff
Last-Modified
Wed, 14 Dec 2016 17:27:17 GMT
ETag
"efd068512f56d21:0"
Strict-Transport-Security
max-age=63072000
Content-Type
text/css
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
2034
SurveyCommon.js
static.global.visioncritical.com/s1/4.5.155.303321/r/js/ 		22 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.global.visioncritical.com/s1/4.5.155.303321/r/js/SurveyCommon.js
Requested by
Host: survey.paypalcredit.com
URL: https://survey.paypalcredit.com/S.aspx?s=215&r=bI4fq62Op0V5Sl3D0Tr9fB&so=true&a=214&as=V4C0j86gJ5
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
143.204.101.38 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
server-143-204-101-38.fra50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
de7ea101c9673fcb51ac8c1c97388c08a2f62a73c5133e20bb0b2487d0504a70
Security Headers
Name Value
Content-Security-Policy default-src 'self' global.visioncritical.com; script-src 'self' global.visioncritical.com *.visioncritical.net *.visioncritical.com ajax.googleapis.com www.google-analytics.com cdn.pendo.io app.pendo.io pendo-io-static.storage.googleapis.com pendo-static-5851380381646848.storage.googleapis.com; connect-src 'self' global.visioncritical.com cdn.pendo.io app.pendo.io pendo-io-static.storage.googleapis.com pendo-static-5851380381646848.storage.googleapis.com api-int.global.visioncritical.com; frame-src 'self' *.global.visioncritical.com global.visioncritical.com; img-src 'self' *.global.visioncritical.com global.visioncritical.com cdn.pendo.io app.pendo.io pendo-io-static.storage.googleapis.com pendo-static-5851380381646848.storage.googleapis.com; style-src 'unsafe-inline' 'self' global.visioncritical.com *.visioncritical.net *.visioncritical.com cdn.pendo.io app.pendo.io pendo-io-static.storage.googleapis.com pendo-static-5851380381646848.storage.googleapis.com fast.fonts.net fonts.googleapis.com; object-src 'none'; font-src 'self' global.visioncritical.com *.visioncritical.net *.visioncritical.com fonts.gstatic.com data:
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Security-Policy default-src 'self' global.visioncritical.com; script-src 'self' global.visioncritical.com *.visioncritical.net *.visioncritical.com ajax.googleapis.com www.google-analytics.com cdn.pendo.io app.pendo.io pendo-io-static.storage.googleapis.com pendo-static-5851380381646848.storage.googleapis.com; connect-src 'self' global.visioncritical.com cdn.pendo.io app.pendo.io pendo-io-static.storage.googleapis.com pendo-static-5851380381646848.storage.googleapis.com api-int.global.visioncritical.com; frame-src 'self' *.global.visioncritical.com global.visioncritical.com; img-src 'self' *.global.visioncritical.com global.visioncritical.com cdn.pendo.io app.pendo.io pendo-io-static.storage.googleapis.com pendo-static-5851380381646848.storage.googleapis.com; style-src 'unsafe-inline' 'self' global.visioncritical.com *.visioncritical.net *.visioncritical.com cdn.pendo.io app.pendo.io pendo-io-static.storage.googleapis.com pendo-static-5851380381646848.storage.googleapis.com fast.fonts.net fonts.googleapis.com; object-src 'none'; font-src 'self' global.visioncritical.com *.visioncritical.net *.visioncritical.com fonts.gstatic.com data:
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://survey.paypalcredit.com/S.aspx?s=215&r=bI4fq62Op0V5Sl3D0Tr9fB&so=true&a=214&as=V4C0j86gJ5
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Tue, 11 Jun 2019 22:23:21 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
865133
x-cache
Hit from cloudfront
status
200
vary
Accept-Encoding
x-xss-protection
1; mode=block
last-modified
Mon, 10 Jun 2019 22:55:37 GMT
server
AmazonS3
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript
via
1.1 9eb0e845437929074828e0cf53f179af.cloudfront.net (CloudFront)
cache-control
max-age=2592000,public
content-security-policy
default-src 'self' global.visioncritical.com; script-src 'self' global.visioncritical.com *.visioncritical.net *.visioncritical.com ajax.googleapis.com www.google-analytics.com cdn.pendo.io app.pendo.io pendo-io-static.storage.googleapis.com pendo-static-5851380381646848.storage.googleapis.com; connect-src 'self' global.visioncritical.com cdn.pendo.io app.pendo.io pendo-io-static.storage.googleapis.com pendo-static-5851380381646848.storage.googleapis.com api-int.global.visioncritical.com; frame-src 'self' *.global.visioncritical.com global.visioncritical.com; img-src 'self' *.global.visioncritical.com global.visioncritical.com cdn.pendo.io app.pendo.io pendo-io-static.storage.googleapis.com pendo-static-5851380381646848.storage.googleapis.com; style-src 'unsafe-inline' 'self' global.visioncritical.com *.visioncritical.net *.visioncritical.com cdn.pendo.io app.pendo.io pendo-io-static.storage.googleapis.com pendo-static-5851380381646848.storage.googleapis.com fast.fonts.net fonts.googleapis.com; object-src 'none'; font-src 'self' global.visioncritical.com *.visioncritical.net *.visioncritical.com fonts.gstatic.com data:
x-amz-cf-pop
FRA50-C1
x-amz-cf-id
mNQfXnQ7SjJeOcHaR5KB3GqCkh0eWnKs-0ycmTmecMbxXbKMmlHrmQ==
x-content-security-policy
default-src 'self' global.visioncritical.com; script-src 'self' global.visioncritical.com *.visioncritical.net *.visioncritical.com ajax.googleapis.com www.google-analytics.com cdn.pendo.io app.pendo.io pendo-io-static.storage.googleapis.com pendo-static-5851380381646848.storage.googleapis.com; connect-src 'self' global.visioncritical.com cdn.pendo.io app.pendo.io pendo-io-static.storage.googleapis.com pendo-static-5851380381646848.storage.googleapis.com api-int.global.visioncritical.com; frame-src 'self' *.global.visioncritical.com global.visioncritical.com; img-src 'self' *.global.visioncritical.com global.visioncritical.com cdn.pendo.io app.pendo.io pendo-io-static.storage.googleapis.com pendo-static-5851380381646848.storage.googleapis.com; style-src 'unsafe-inline' 'self' global.visioncritical.com *.visioncritical.net *.visioncritical.com cdn.pendo.io app.pendo.io pendo-io-static.storage.googleapis.com pendo-static-5851380381646848.storage.googleapis.com fast.fonts.net fonts.googleapis.com; object-src 'none'; font-src 'self' global.visioncritical.com *.visioncritical.net *.visioncritical.com fonts.gstatic.com data:
jquery-1.12.3.min.js
static.global.visioncritical.com/s1/4.5.155.303321/r/js/ 		95 KB
35 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.global.visioncritical.com/s1/4.5.155.303321/r/js/jquery-1.12.3.min.js
Requested by
Host: survey.paypalcredit.com
URL: https://survey.paypalcredit.com/S.aspx?s=215&r=bI4fq62Op0V5Sl3D0Tr9fB&so=true&a=214&as=V4C0j86gJ5
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
143.204.101.38 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
server-143-204-101-38.fra50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
4946fcf019e50cf850a0344e45b3a8f93d5ead5e1dade33695025ef732913af1
Security Headers
Name Value
Content-Security-Policy default-src 'self' global.visioncritical.com; script-src 'self' global.visioncritical.com *.visioncritical.net *.visioncritical.com ajax.googleapis.com www.google-analytics.com cdn.pendo.io app.pendo.io pendo-io-static.storage.googleapis.com pendo-static-5851380381646848.storage.googleapis.com; connect-src 'self' global.visioncritical.com cdn.pendo.io app.pendo.io pendo-io-static.storage.googleapis.com pendo-static-5851380381646848.storage.googleapis.com api-int.global.visioncritical.com; frame-src 'self' *.global.visioncritical.com global.visioncritical.com; img-src 'self' *.global.visioncritical.com global.visioncritical.com cdn.pendo.io app.pendo.io pendo-io-static.storage.googleapis.com pendo-static-5851380381646848.storage.googleapis.com; style-src 'unsafe-inline' 'self' global.visioncritical.com *.visioncritical.net *.visioncritical.com cdn.pendo.io app.pendo.io pendo-io-static.storage.googleapis.com pendo-static-5851380381646848.storage.googleapis.com fast.fonts.net fonts.googleapis.com; object-src 'none'; font-src 'self' global.visioncritical.com *.visioncritical.net *.visioncritical.com fonts.gstatic.com data:
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Security-Policy default-src 'self' global.visioncritical.com; script-src 'self' global.visioncritical.com *.visioncritical.net *.visioncritical.com ajax.googleapis.com www.google-analytics.com cdn.pendo.io app.pendo.io pendo-io-static.storage.googleapis.com pendo-static-5851380381646848.storage.googleapis.com; connect-src 'self' global.visioncritical.com cdn.pendo.io app.pendo.io pendo-io-static.storage.googleapis.com pendo-static-5851380381646848.storage.googleapis.com api-int.global.visioncritical.com; frame-src 'self' *.global.visioncritical.com global.visioncritical.com; img-src 'self' *.global.visioncritical.com global.visioncritical.com cdn.pendo.io app.pendo.io pendo-io-static.storage.googleapis.com pendo-static-5851380381646848.storage.googleapis.com; style-src 'unsafe-inline' 'self' global.visioncritical.com *.visioncritical.net *.visioncritical.com cdn.pendo.io app.pendo.io pendo-io-static.storage.googleapis.com pendo-static-5851380381646848.storage.googleapis.com fast.fonts.net fonts.googleapis.com; object-src 'none'; font-src 'self' global.visioncritical.com *.visioncritical.net *.visioncritical.com fonts.gstatic.com data:
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://survey.paypalcredit.com/S.aspx?s=215&r=bI4fq62Op0V5Sl3D0Tr9fB&so=true&a=214&as=V4C0j86gJ5
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Tue, 11 Jun 2019 22:23:21 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
865133
x-cache
Hit from cloudfront
status
200
vary
Accept-Encoding
x-xss-protection
1; mode=block
last-modified
Mon, 10 Jun 2019 22:55:37 GMT
server
AmazonS3
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript
via
1.1 9eb0e845437929074828e0cf53f179af.cloudfront.net (CloudFront)
cache-control
max-age=2592000,public
content-security-policy
default-src 'self' global.visioncritical.com; script-src 'self' global.visioncritical.com *.visioncritical.net *.visioncritical.com ajax.googleapis.com www.google-analytics.com cdn.pendo.io app.pendo.io pendo-io-static.storage.googleapis.com pendo-static-5851380381646848.storage.googleapis.com; connect-src 'self' global.visioncritical.com cdn.pendo.io app.pendo.io pendo-io-static.storage.googleapis.com pendo-static-5851380381646848.storage.googleapis.com api-int.global.visioncritical.com; frame-src 'self' *.global.visioncritical.com global.visioncritical.com; img-src 'self' *.global.visioncritical.com global.visioncritical.com cdn.pendo.io app.pendo.io pendo-io-static.storage.googleapis.com pendo-static-5851380381646848.storage.googleapis.com; style-src 'unsafe-inline' 'self' global.visioncritical.com *.visioncritical.net *.visioncritical.com cdn.pendo.io app.pendo.io pendo-io-static.storage.googleapis.com pendo-static-5851380381646848.storage.googleapis.com fast.fonts.net fonts.googleapis.com; object-src 'none'; font-src 'self' global.visioncritical.com *.visioncritical.net *.visioncritical.com fonts.gstatic.com data:
x-amz-cf-pop
FRA50-C1
x-amz-cf-id
kY5WyVu5AnAjSX8WDgu2jM9FzT0iJGD1Or7tS6d5H66zOQrzFFNOEw==
x-content-security-policy
default-src 'self' global.visioncritical.com; script-src 'self' global.visioncritical.com *.visioncritical.net *.visioncritical.com ajax.googleapis.com www.google-analytics.com cdn.pendo.io app.pendo.io pendo-io-static.storage.googleapis.com pendo-static-5851380381646848.storage.googleapis.com; connect-src 'self' global.visioncritical.com cdn.pendo.io app.pendo.io pendo-io-static.storage.googleapis.com pendo-static-5851380381646848.storage.googleapis.com api-int.global.visioncritical.com; frame-src 'self' *.global.visioncritical.com global.visioncritical.com; img-src 'self' *.global.visioncritical.com global.visioncritical.com cdn.pendo.io app.pendo.io pendo-io-static.storage.googleapis.com pendo-static-5851380381646848.storage.googleapis.com; style-src 'unsafe-inline' 'self' global.visioncritical.com *.visioncritical.net *.visioncritical.com cdn.pendo.io app.pendo.io pendo-io-static.storage.googleapis.com pendo-static-5851380381646848.storage.googleapis.com fast.fonts.net fonts.googleapis.com; object-src 'none'; font-src 'self' global.visioncritical.com *.visioncritical.net *.visioncritical.com fonts.gstatic.com data:
jquery-migrate-1.4.0.min.js
static.global.visioncritical.com/s1/4.5.155.303321/r/js/ 		11 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.global.visioncritical.com/s1/4.5.155.303321/r/js/jquery-migrate-1.4.0.min.js
Requested by
Host: survey.paypalcredit.com
URL: https://survey.paypalcredit.com/S.aspx?s=215&r=bI4fq62Op0V5Sl3D0Tr9fB&so=true&a=214&as=V4C0j86gJ5
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
143.204.101.38 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
server-143-204-101-38.fra50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
b0ca8bac7a207c213726823b43e22d7331139945ff30bba2e74b4b613c0eb7bd
Security Headers
Name Value
Content-Security-Policy default-src 'self' global.visioncritical.com; script-src 'self' global.visioncritical.com *.visioncritical.net *.visioncritical.com ajax.googleapis.com www.google-analytics.com cdn.pendo.io app.pendo.io pendo-io-static.storage.googleapis.com pendo-static-5851380381646848.storage.googleapis.com; connect-src 'self' global.visioncritical.com cdn.pendo.io app.pendo.io pendo-io-static.storage.googleapis.com pendo-static-5851380381646848.storage.googleapis.com api-int.global.visioncritical.com; frame-src 'self' *.global.visioncritical.com global.visioncritical.com; img-src 'self' *.global.visioncritical.com global.visioncritical.com cdn.pendo.io app.pendo.io pendo-io-static.storage.googleapis.com pendo-static-5851380381646848.storage.googleapis.com; style-src 'unsafe-inline' 'self' global.visioncritical.com *.visioncritical.net *.visioncritical.com cdn.pendo.io app.pendo.io pendo-io-static.storage.googleapis.com pendo-static-5851380381646848.storage.googleapis.com fast.fonts.net fonts.googleapis.com; object-src 'none'; font-src 'self' global.visioncritical.com *.visioncritical.net *.visioncritical.com fonts.gstatic.com data:
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Security-Policy default-src 'self' global.visioncritical.com; script-src 'self' global.visioncritical.com *.visioncritical.net *.visioncritical.com ajax.googleapis.com www.google-analytics.com cdn.pendo.io app.pendo.io pendo-io-static.storage.googleapis.com pendo-static-5851380381646848.storage.googleapis.com; connect-src 'self' global.visioncritical.com cdn.pendo.io app.pendo.io pendo-io-static.storage.googleapis.com pendo-static-5851380381646848.storage.googleapis.com api-int.global.visioncritical.com; frame-src 'self' *.global.visioncritical.com global.visioncritical.com; img-src 'self' *.global.visioncritical.com global.visioncritical.com cdn.pendo.io app.pendo.io pendo-io-static.storage.googleapis.com pendo-static-5851380381646848.storage.googleapis.com; style-src 'unsafe-inline' 'self' global.visioncritical.com *.visioncritical.net *.visioncritical.com cdn.pendo.io app.pendo.io pendo-io-static.storage.googleapis.com pendo-static-5851380381646848.storage.googleapis.com fast.fonts.net fonts.googleapis.com; object-src 'none'; font-src 'self' global.visioncritical.com *.visioncritical.net *.visioncritical.com fonts.gstatic.com data:
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://survey.paypalcredit.com/S.aspx?s=215&r=bI4fq62Op0V5Sl3D0Tr9fB&so=true&a=214&as=V4C0j86gJ5
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Tue, 11 Jun 2019 22:23:21 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
865133
x-cache
Hit from cloudfront
status
200
vary
Accept-Encoding
x-xss-protection
1; mode=block
last-modified
Mon, 10 Jun 2019 22:55:37 GMT
server
AmazonS3
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript
via
1.1 9eb0e845437929074828e0cf53f179af.cloudfront.net (CloudFront)
cache-control
max-age=2592000,public
content-security-policy
default-src 'self' global.visioncritical.com; script-src 'self' global.visioncritical.com *.visioncritical.net *.visioncritical.com ajax.googleapis.com www.google-analytics.com cdn.pendo.io app.pendo.io pendo-io-static.storage.googleapis.com pendo-static-5851380381646848.storage.googleapis.com; connect-src 'self' global.visioncritical.com cdn.pendo.io app.pendo.io pendo-io-static.storage.googleapis.com pendo-static-5851380381646848.storage.googleapis.com api-int.global.visioncritical.com; frame-src 'self' *.global.visioncritical.com global.visioncritical.com; img-src 'self' *.global.visioncritical.com global.visioncritical.com cdn.pendo.io app.pendo.io pendo-io-static.storage.googleapis.com pendo-static-5851380381646848.storage.googleapis.com; style-src 'unsafe-inline' 'self' global.visioncritical.com *.visioncritical.net *.visioncritical.com cdn.pendo.io app.pendo.io pendo-io-static.storage.googleapis.com pendo-static-5851380381646848.storage.googleapis.com fast.fonts.net fonts.googleapis.com; object-src 'none'; font-src 'self' global.visioncritical.com *.visioncritical.net *.visioncritical.com fonts.gstatic.com data:
x-amz-cf-pop
FRA50-C1
x-amz-cf-id
XqrG75vMMwujnaowP-vDMGIUBrnJuxSvkOo5SI1ytLDVY6YVHL7LrA==
x-content-security-policy
default-src 'self' global.visioncritical.com; script-src 'self' global.visioncritical.com *.visioncritical.net *.visioncritical.com ajax.googleapis.com www.google-analytics.com cdn.pendo.io app.pendo.io pendo-io-static.storage.googleapis.com pendo-static-5851380381646848.storage.googleapis.com; connect-src 'self' global.visioncritical.com cdn.pendo.io app.pendo.io pendo-io-static.storage.googleapis.com pendo-static-5851380381646848.storage.googleapis.com api-int.global.visioncritical.com; frame-src 'self' *.global.visioncritical.com global.visioncritical.com; img-src 'self' *.global.visioncritical.com global.visioncritical.com cdn.pendo.io app.pendo.io pendo-io-static.storage.googleapis.com pendo-static-5851380381646848.storage.googleapis.com; style-src 'unsafe-inline' 'self' global.visioncritical.com *.visioncritical.net *.visioncritical.com cdn.pendo.io app.pendo.io pendo-io-static.storage.googleapis.com pendo-static-5851380381646848.storage.googleapis.com fast.fonts.net fonts.googleapis.com; object-src 'none'; font-src 'self' global.visioncritical.com *.visioncritical.net *.visioncritical.com fonts.gstatic.com data:
jquery-ui.min.js
static.global.visioncritical.com/s1/4.5.155.303321/r/htmlVisual/EQF/lib/ 		247 KB
69 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.global.visioncritical.com/s1/4.5.155.303321/r/htmlVisual/EQF/lib/jquery-ui.min.js
Requested by
Host: survey.paypalcredit.com
URL: https://survey.paypalcredit.com/S.aspx?s=215&r=bI4fq62Op0V5Sl3D0Tr9fB&so=true&a=214&as=V4C0j86gJ5
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
143.204.101.38 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
server-143-204-101-38.fra50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
e79a2c1e429495d3c084b8e6fa8b7b1651c123b9cc4ef5c51acc5eefcc534f38
Security Headers
Name Value
Content-Security-Policy default-src 'self' global.visioncritical.com; script-src 'self' global.visioncritical.com *.visioncritical.net *.visioncritical.com ajax.googleapis.com www.google-analytics.com cdn.pendo.io app.pendo.io pendo-io-static.storage.googleapis.com pendo-static-5851380381646848.storage.googleapis.com; connect-src 'self' global.visioncritical.com cdn.pendo.io app.pendo.io pendo-io-static.storage.googleapis.com pendo-static-5851380381646848.storage.googleapis.com api-int.global.visioncritical.com; frame-src 'self' *.global.visioncritical.com global.visioncritical.com; img-src 'self' *.global.visioncritical.com global.visioncritical.com cdn.pendo.io app.pendo.io pendo-io-static.storage.googleapis.com pendo-static-5851380381646848.storage.googleapis.com; style-src 'unsafe-inline' 'self' global.visioncritical.com *.visioncritical.net *.visioncritical.com cdn.pendo.io app.pendo.io pendo-io-static.storage.googleapis.com pendo-static-5851380381646848.storage.googleapis.com fast.fonts.net fonts.googleapis.com; object-src 'none'; font-src 'self' global.visioncritical.com *.visioncritical.net *.visioncritical.com fonts.gstatic.com data:
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Security-Policy default-src 'self' global.visioncritical.com; script-src 'self' global.visioncritical.com *.visioncritical.net *.visioncritical.com ajax.googleapis.com www.google-analytics.com cdn.pendo.io app.pendo.io pendo-io-static.storage.googleapis.com pendo-static-5851380381646848.storage.googleapis.com; connect-src 'self' global.visioncritical.com cdn.pendo.io app.pendo.io pendo-io-static.storage.googleapis.com pendo-static-5851380381646848.storage.googleapis.com api-int.global.visioncritical.com; frame-src 'self' *.global.visioncritical.com global.visioncritical.com; img-src 'self' *.global.visioncritical.com global.visioncritical.com cdn.pendo.io app.pendo.io pendo-io-static.storage.googleapis.com pendo-static-5851380381646848.storage.googleapis.com; style-src 'unsafe-inline' 'self' global.visioncritical.com *.visioncritical.net *.visioncritical.com cdn.pendo.io app.pendo.io pendo-io-static.storage.googleapis.com pendo-static-5851380381646848.storage.googleapis.com fast.fonts.net fonts.googleapis.com; object-src 'none'; font-src 'self' global.visioncritical.com *.visioncritical.net *.visioncritical.com fonts.gstatic.com data:
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://survey.paypalcredit.com/S.aspx?s=215&r=bI4fq62Op0V5Sl3D0Tr9fB&so=true&a=214&as=V4C0j86gJ5
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Tue, 11 Jun 2019 22:23:21 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
865133
x-cache
Hit from cloudfront
status
200
vary
Accept-Encoding
x-xss-protection
1; mode=block
last-modified
Mon, 10 Jun 2019 22:55:34 GMT
server
AmazonS3
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript
via
1.1 9eb0e845437929074828e0cf53f179af.cloudfront.net (CloudFront)
cache-control
max-age=2592000,public
content-security-policy
default-src 'self' global.visioncritical.com; script-src 'self' global.visioncritical.com *.visioncritical.net *.visioncritical.com ajax.googleapis.com www.google-analytics.com cdn.pendo.io app.pendo.io pendo-io-static.storage.googleapis.com pendo-static-5851380381646848.storage.googleapis.com; connect-src 'self' global.visioncritical.com cdn.pendo.io app.pendo.io pendo-io-static.storage.googleapis.com pendo-static-5851380381646848.storage.googleapis.com api-int.global.visioncritical.com; frame-src 'self' *.global.visioncritical.com global.visioncritical.com; img-src 'self' *.global.visioncritical.com global.visioncritical.com cdn.pendo.io app.pendo.io pendo-io-static.storage.googleapis.com pendo-static-5851380381646848.storage.googleapis.com; style-src 'unsafe-inline' 'self' global.visioncritical.com *.visioncritical.net *.visioncritical.com cdn.pendo.io app.pendo.io pendo-io-static.storage.googleapis.com pendo-static-5851380381646848.storage.googleapis.com fast.fonts.net fonts.googleapis.com; object-src 'none'; font-src 'self' global.visioncritical.com *.visioncritical.net *.visioncritical.com fonts.gstatic.com data:
x-amz-cf-pop
FRA50-C1
x-amz-cf-id
FP2oGPJf3O71f1u4-LMZYrwEwv3AFg78TiLAMcWM-MV_CDkGZmW9Vg==
x-content-security-policy
default-src 'self' global.visioncritical.com; script-src 'self' global.visioncritical.com *.visioncritical.net *.visioncritical.com ajax.googleapis.com www.google-analytics.com cdn.pendo.io app.pendo.io pendo-io-static.storage.googleapis.com pendo-static-5851380381646848.storage.googleapis.com; connect-src 'self' global.visioncritical.com cdn.pendo.io app.pendo.io pendo-io-static.storage.googleapis.com pendo-static-5851380381646848.storage.googleapis.com api-int.global.visioncritical.com; frame-src 'self' *.global.visioncritical.com global.visioncritical.com; img-src 'self' *.global.visioncritical.com global.visioncritical.com cdn.pendo.io app.pendo.io pendo-io-static.storage.googleapis.com pendo-static-5851380381646848.storage.googleapis.com; style-src 'unsafe-inline' 'self' global.visioncritical.com *.visioncritical.net *.visioncritical.com cdn.pendo.io app.pendo.io pendo-io-static.storage.googleapis.com pendo-static-5851380381646848.storage.googleapis.com fast.fonts.net fonts.googleapis.com; object-src 'none'; font-src 'self' global.visioncritical.com *.visioncritical.net *.visioncritical.com fonts.gstatic.com data:
require_combined.js
static.global.visioncritical.com/s1/4.5.155.303321/r/htmlVisual/EQF/lib/ 		17 KB
9 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.global.visioncritical.com/s1/4.5.155.303321/r/htmlVisual/EQF/lib/require_combined.js
Requested by
Host: survey.paypalcredit.com
URL: https://survey.paypalcredit.com/S.aspx?s=215&r=bI4fq62Op0V5Sl3D0Tr9fB&so=true&a=214&as=V4C0j86gJ5
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
143.204.101.38 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
server-143-204-101-38.fra50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
2ef0b5c8e71400db78094eda03f4650ca191ef5b40711008255cac0e3a842964
Security Headers
Name Value
Content-Security-Policy default-src 'self' global.visioncritical.com; script-src 'self' global.visioncritical.com *.visioncritical.net *.visioncritical.com ajax.googleapis.com www.google-analytics.com cdn.pendo.io app.pendo.io pendo-io-static.storage.googleapis.com pendo-static-5851380381646848.storage.googleapis.com; connect-src 'self' global.visioncritical.com cdn.pendo.io app.pendo.io pendo-io-static.storage.googleapis.com pendo-static-5851380381646848.storage.googleapis.com api-int.global.visioncritical.com; frame-src 'self' *.global.visioncritical.com global.visioncritical.com; img-src 'self' *.global.visioncritical.com global.visioncritical.com cdn.pendo.io app.pendo.io pendo-io-static.storage.googleapis.com pendo-static-5851380381646848.storage.googleapis.com; style-src 'unsafe-inline' 'self' global.visioncritical.com *.visioncritical.net *.visioncritical.com cdn.pendo.io app.pendo.io pendo-io-static.storage.googleapis.com pendo-static-5851380381646848.storage.googleapis.com fast.fonts.net fonts.googleapis.com; object-src 'none'; font-src 'self' global.visioncritical.com *.visioncritical.net *.visioncritical.com fonts.gstatic.com data:
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Security-Policy default-src 'self' global.visioncritical.com; script-src 'self' global.visioncritical.com *.visioncritical.net *.visioncritical.com ajax.googleapis.com www.google-analytics.com cdn.pendo.io app.pendo.io pendo-io-static.storage.googleapis.com pendo-static-5851380381646848.storage.googleapis.com; connect-src 'self' global.visioncritical.com cdn.pendo.io app.pendo.io pendo-io-static.storage.googleapis.com pendo-static-5851380381646848.storage.googleapis.com api-int.global.visioncritical.com; frame-src 'self' *.global.visioncritical.com global.visioncritical.com; img-src 'self' *.global.visioncritical.com global.visioncritical.com cdn.pendo.io app.pendo.io pendo-io-static.storage.googleapis.com pendo-static-5851380381646848.storage.googleapis.com; style-src 'unsafe-inline' 'self' global.visioncritical.com *.visioncritical.net *.visioncritical.com cdn.pendo.io app.pendo.io pendo-io-static.storage.googleapis.com pendo-static-5851380381646848.storage.googleapis.com fast.fonts.net fonts.googleapis.com; object-src 'none'; font-src 'self' global.visioncritical.com *.visioncritical.net *.visioncritical.com fonts.gstatic.com data:
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://survey.paypalcredit.com/S.aspx?s=215&r=bI4fq62Op0V5Sl3D0Tr9fB&so=true&a=214&as=V4C0j86gJ5
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Tue, 11 Jun 2019 22:23:21 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
865133
x-cache
Hit from cloudfront
status
200
vary
Accept-Encoding
x-xss-protection
1; mode=block
last-modified
Mon, 10 Jun 2019 22:55:34 GMT
server
AmazonS3
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript
via
1.1 9eb0e845437929074828e0cf53f179af.cloudfront.net (CloudFront)
cache-control
max-age=2592000,public
content-security-policy
default-src 'self' global.visioncritical.com; script-src 'self' global.visioncritical.com *.visioncritical.net *.visioncritical.com ajax.googleapis.com www.google-analytics.com cdn.pendo.io app.pendo.io pendo-io-static.storage.googleapis.com pendo-static-5851380381646848.storage.googleapis.com; connect-src 'self' global.visioncritical.com cdn.pendo.io app.pendo.io pendo-io-static.storage.googleapis.com pendo-static-5851380381646848.storage.googleapis.com api-int.global.visioncritical.com; frame-src 'self' *.global.visioncritical.com global.visioncritical.com; img-src 'self' *.global.visioncritical.com global.visioncritical.com cdn.pendo.io app.pendo.io pendo-io-static.storage.googleapis.com pendo-static-5851380381646848.storage.googleapis.com; style-src 'unsafe-inline' 'self' global.visioncritical.com *.visioncritical.net *.visioncritical.com cdn.pendo.io app.pendo.io pendo-io-static.storage.googleapis.com pendo-static-5851380381646848.storage.googleapis.com fast.fonts.net fonts.googleapis.com; object-src 'none'; font-src 'self' global.visioncritical.com *.visioncritical.net *.visioncritical.com fonts.gstatic.com data:
x-amz-cf-pop
FRA50-C1
x-amz-cf-id
LTnywli_eUBuMsvEP6F-VYOumllE-6Xz2vJgNj2QgwArHOLJwZigiQ==
x-content-security-policy
default-src 'self' global.visioncritical.com; script-src 'self' global.visioncritical.com *.visioncritical.net *.visioncritical.com ajax.googleapis.com www.google-analytics.com cdn.pendo.io app.pendo.io pendo-io-static.storage.googleapis.com pendo-static-5851380381646848.storage.googleapis.com; connect-src 'self' global.visioncritical.com cdn.pendo.io app.pendo.io pendo-io-static.storage.googleapis.com pendo-static-5851380381646848.storage.googleapis.com api-int.global.visioncritical.com; frame-src 'self' *.global.visioncritical.com global.visioncritical.com; img-src 'self' *.global.visioncritical.com global.visioncritical.com cdn.pendo.io app.pendo.io pendo-io-static.storage.googleapis.com pendo-static-5851380381646848.storage.googleapis.com; style-src 'unsafe-inline' 'self' global.visioncritical.com *.visioncritical.net *.visioncritical.com cdn.pendo.io app.pendo.io pendo-io-static.storage.googleapis.com pendo-static-5851380381646848.storage.googleapis.com fast.fonts.net fonts.googleapis.com; object-src 'none'; font-src 'self' global.visioncritical.com *.visioncritical.net *.visioncritical.com fonts.gstatic.com data:
combined.css
static.global.visioncritical.com/s1/4.5.155.303321/r/htmlVisual/EQF/framework/css/ 		146 KB
35 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://static.global.visioncritical.com/s1/4.5.155.303321/r/htmlVisual/EQF/framework/css/combined.css?version=303321;
Requested by
Host: survey.paypalcredit.com
URL: https://survey.paypalcredit.com/S.aspx?s=215&r=bI4fq62Op0V5Sl3D0Tr9fB&so=true&a=214&as=V4C0j86gJ5
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
143.204.101.38 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
server-143-204-101-38.fra50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
05d98c7217d7c892a08cea0c9eae2c9db33373180af222106ea8002d6f69feb3
Security Headers
Name Value
Content-Security-Policy default-src 'self' global.visioncritical.com; script-src 'self' global.visioncritical.com *.visioncritical.net *.visioncritical.com ajax.googleapis.com www.google-analytics.com cdn.pendo.io app.pendo.io pendo-io-static.storage.googleapis.com pendo-static-5851380381646848.storage.googleapis.com; connect-src 'self' global.visioncritical.com cdn.pendo.io app.pendo.io pendo-io-static.storage.googleapis.com pendo-static-5851380381646848.storage.googleapis.com api-int.global.visioncritical.com; frame-src 'self' *.global.visioncritical.com global.visioncritical.com; img-src 'self' *.global.visioncritical.com global.visioncritical.com cdn.pendo.io app.pendo.io pendo-io-static.storage.googleapis.com pendo-static-5851380381646848.storage.googleapis.com; style-src 'unsafe-inline' 'self' global.visioncritical.com *.visioncritical.net *.visioncritical.com cdn.pendo.io app.pendo.io pendo-io-static.storage.googleapis.com pendo-static-5851380381646848.storage.googleapis.com fast.fonts.net fonts.googleapis.com; object-src 'none'; font-src 'self' global.visioncritical.com *.visioncritical.net *.visioncritical.com fonts.gstatic.com data:
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Security-Policy default-src 'self' global.visioncritical.com; script-src 'self' global.visioncritical.com *.visioncritical.net *.visioncritical.com ajax.googleapis.com www.google-analytics.com cdn.pendo.io app.pendo.io pendo-io-static.storage.googleapis.com pendo-static-5851380381646848.storage.googleapis.com; connect-src 'self' global.visioncritical.com cdn.pendo.io app.pendo.io pendo-io-static.storage.googleapis.com pendo-static-5851380381646848.storage.googleapis.com api-int.global.visioncritical.com; frame-src 'self' *.global.visioncritical.com global.visioncritical.com; img-src 'self' *.global.visioncritical.com global.visioncritical.com cdn.pendo.io app.pendo.io pendo-io-static.storage.googleapis.com pendo-static-5851380381646848.storage.googleapis.com; style-src 'unsafe-inline' 'self' global.visioncritical.com *.visioncritical.net *.visioncritical.com cdn.pendo.io app.pendo.io pendo-io-static.storage.googleapis.com pendo-static-5851380381646848.storage.googleapis.com fast.fonts.net fonts.googleapis.com; object-src 'none'; font-src 'self' global.visioncritical.com *.visioncritical.net *.visioncritical.com fonts.gstatic.com data:
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://survey.paypalcredit.com/S.aspx?s=215&r=bI4fq62Op0V5Sl3D0Tr9fB&so=true&a=214&as=V4C0j86gJ5
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Tue, 11 Jun 2019 22:23:21 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
865133
x-cache
Hit from cloudfront
status
200
vary
Accept-Encoding
x-xss-protection
1; mode=block
last-modified
Mon, 10 Jun 2019 22:55:34 GMT
server
AmazonS3
strict-transport-security
max-age=31536000; includeSubDomains
content-type
text/css
via
1.1 9eb0e845437929074828e0cf53f179af.cloudfront.net (CloudFront)
cache-control
max-age=2592000,public
content-security-policy
default-src 'self' global.visioncritical.com; script-src 'self' global.visioncritical.com *.visioncritical.net *.visioncritical.com ajax.googleapis.com www.google-analytics.com cdn.pendo.io app.pendo.io pendo-io-static.storage.googleapis.com pendo-static-5851380381646848.storage.googleapis.com; connect-src 'self' global.visioncritical.com cdn.pendo.io app.pendo.io pendo-io-static.storage.googleapis.com pendo-static-5851380381646848.storage.googleapis.com api-int.global.visioncritical.com; frame-src 'self' *.global.visioncritical.com global.visioncritical.com; img-src 'self' *.global.visioncritical.com global.visioncritical.com cdn.pendo.io app.pendo.io pendo-io-static.storage.googleapis.com pendo-static-5851380381646848.storage.googleapis.com; style-src 'unsafe-inline' 'self' global.visioncritical.com *.visioncritical.net *.visioncritical.com cdn.pendo.io app.pendo.io pendo-io-static.storage.googleapis.com pendo-static-5851380381646848.storage.googleapis.com fast.fonts.net fonts.googleapis.com; object-src 'none'; font-src 'self' global.visioncritical.com *.visioncritical.net *.visioncritical.com fonts.gstatic.com data:
x-amz-cf-pop
FRA50-C1
x-amz-cf-id
fPnkioYKpM-wdJFGeXjytuGULMYQb8McmbXhRLEtQ509SGV4crSHxw==
x-content-security-policy
default-src 'self' global.visioncritical.com; script-src 'self' global.visioncritical.com *.visioncritical.net *.visioncritical.com ajax.googleapis.com www.google-analytics.com cdn.pendo.io app.pendo.io pendo-io-static.storage.googleapis.com pendo-static-5851380381646848.storage.googleapis.com; connect-src 'self' global.visioncritical.com cdn.pendo.io app.pendo.io pendo-io-static.storage.googleapis.com pendo-static-5851380381646848.storage.googleapis.com api-int.global.visioncritical.com; frame-src 'self' *.global.visioncritical.com global.visioncritical.com; img-src 'self' *.global.visioncritical.com global.visioncritical.com cdn.pendo.io app.pendo.io pendo-io-static.storage.googleapis.com pendo-static-5851380381646848.storage.googleapis.com; style-src 'unsafe-inline' 'self' global.visioncritical.com *.visioncritical.net *.visioncritical.com cdn.pendo.io app.pendo.io pendo-io-static.storage.googleapis.com pendo-static-5851380381646848.storage.googleapis.com fast.fonts.net fonts.googleapis.com; object-src 'none'; font-src 'self' global.visioncritical.com *.visioncritical.net *.visioncritical.com fonts.gstatic.com data:
htmlvisual_combined.js
static.global.visioncritical.com/s1/4.5.155.303321/r/htmlVisual/require-build-output/framework/ 		519 KB
152 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.global.visioncritical.com/s1/4.5.155.303321/r/htmlVisual/require-build-output/framework/htmlvisual_combined.js?version=303321;
Requested by
Host: survey.paypalcredit.com
URL: https://survey.paypalcredit.com/S.aspx?s=215&r=bI4fq62Op0V5Sl3D0Tr9fB&so=true&a=214&as=V4C0j86gJ5
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
143.204.101.38 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
server-143-204-101-38.fra50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
44158b1e9066a1c80e7eb78f301a188ee4f4c8f50fcdcfae963513ba12463207
Security Headers
Name Value
Content-Security-Policy default-src 'self' global.visioncritical.com; script-src 'self' global.visioncritical.com *.visioncritical.net *.visioncritical.com ajax.googleapis.com www.google-analytics.com cdn.pendo.io app.pendo.io pendo-io-static.storage.googleapis.com pendo-static-5851380381646848.storage.googleapis.com; connect-src 'self' global.visioncritical.com cdn.pendo.io app.pendo.io pendo-io-static.storage.googleapis.com pendo-static-5851380381646848.storage.googleapis.com api-int.global.visioncritical.com; frame-src 'self' *.global.visioncritical.com global.visioncritical.com; img-src 'self' *.global.visioncritical.com global.visioncritical.com cdn.pendo.io app.pendo.io pendo-io-static.storage.googleapis.com pendo-static-5851380381646848.storage.googleapis.com; style-src 'unsafe-inline' 'self' global.visioncritical.com *.visioncritical.net *.visioncritical.com cdn.pendo.io app.pendo.io pendo-io-static.storage.googleapis.com pendo-static-5851380381646848.storage.googleapis.com fast.fonts.net fonts.googleapis.com; object-src 'none'; font-src 'self' global.visioncritical.com *.visioncritical.net *.visioncritical.com fonts.gstatic.com data:
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Security-Policy default-src 'self' global.visioncritical.com; script-src 'self' global.visioncritical.com *.visioncritical.net *.visioncritical.com ajax.googleapis.com www.google-analytics.com cdn.pendo.io app.pendo.io pendo-io-static.storage.googleapis.com pendo-static-5851380381646848.storage.googleapis.com; connect-src 'self' global.visioncritical.com cdn.pendo.io app.pendo.io pendo-io-static.storage.googleapis.com pendo-static-5851380381646848.storage.googleapis.com api-int.global.visioncritical.com; frame-src 'self' *.global.visioncritical.com global.visioncritical.com; img-src 'self' *.global.visioncritical.com global.visioncritical.com cdn.pendo.io app.pendo.io pendo-io-static.storage.googleapis.com pendo-static-5851380381646848.storage.googleapis.com; style-src 'unsafe-inline' 'self' global.visioncritical.com *.visioncritical.net *.visioncritical.com cdn.pendo.io app.pendo.io pendo-io-static.storage.googleapis.com pendo-static-5851380381646848.storage.googleapis.com fast.fonts.net fonts.googleapis.com; object-src 'none'; font-src 'self' global.visioncritical.com *.visioncritical.net *.visioncritical.com fonts.gstatic.com data:
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://survey.paypalcredit.com/S.aspx?s=215&r=bI4fq62Op0V5Sl3D0Tr9fB&so=true&a=214&as=V4C0j86gJ5
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Tue, 11 Jun 2019 22:23:21 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
865133
x-cache
Hit from cloudfront
status
200
vary
Accept-Encoding
x-xss-protection
1; mode=block
last-modified
Mon, 10 Jun 2019 22:55:36 GMT
server
AmazonS3
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript
via
1.1 9eb0e845437929074828e0cf53f179af.cloudfront.net (CloudFront)
cache-control
max-age=2592000,public
content-security-policy
default-src 'self' global.visioncritical.com; script-src 'self' global.visioncritical.com *.visioncritical.net *.visioncritical.com ajax.googleapis.com www.google-analytics.com cdn.pendo.io app.pendo.io pendo-io-static.storage.googleapis.com pendo-static-5851380381646848.storage.googleapis.com; connect-src 'self' global.visioncritical.com cdn.pendo.io app.pendo.io pendo-io-static.storage.googleapis.com pendo-static-5851380381646848.storage.googleapis.com api-int.global.visioncritical.com; frame-src 'self' *.global.visioncritical.com global.visioncritical.com; img-src 'self' *.global.visioncritical.com global.visioncritical.com cdn.pendo.io app.pendo.io pendo-io-static.storage.googleapis.com pendo-static-5851380381646848.storage.googleapis.com; style-src 'unsafe-inline' 'self' global.visioncritical.com *.visioncritical.net *.visioncritical.com cdn.pendo.io app.pendo.io pendo-io-static.storage.googleapis.com pendo-static-5851380381646848.storage.googleapis.com fast.fonts.net fonts.googleapis.com; object-src 'none'; font-src 'self' global.visioncritical.com *.visioncritical.net *.visioncritical.com fonts.gstatic.com data:
x-amz-cf-pop
FRA50-C1
x-amz-cf-id
-Yy39Pn_YL2QLbonicqkHM8ZgnNX-mgQw3fpfqa8qCNIEJ66UyCKXA==
x-content-security-policy
default-src 'self' global.visioncritical.com; script-src 'self' global.visioncritical.com *.visioncritical.net *.visioncritical.com ajax.googleapis.com www.google-analytics.com cdn.pendo.io app.pendo.io pendo-io-static.storage.googleapis.com pendo-static-5851380381646848.storage.googleapis.com; connect-src 'self' global.visioncritical.com cdn.pendo.io app.pendo.io pendo-io-static.storage.googleapis.com pendo-static-5851380381646848.storage.googleapis.com api-int.global.visioncritical.com; frame-src 'self' *.global.visioncritical.com global.visioncritical.com; img-src 'self' *.global.visioncritical.com global.visioncritical.com cdn.pendo.io app.pendo.io pendo-io-static.storage.googleapis.com pendo-static-5851380381646848.storage.googleapis.com; style-src 'unsafe-inline' 'self' global.visioncritical.com *.visioncritical.net *.visioncritical.com cdn.pendo.io app.pendo.io pendo-io-static.storage.googleapis.com pendo-static-5851380381646848.storage.googleapis.com fast.fonts.net fonts.googleapis.com; object-src 'none'; font-src 'self' global.visioncritical.com *.visioncritical.net *.visioncritical.com fonts.gstatic.com data:
video-js.min.css
static.global.visioncritical.com/s1/4.5.155.303321/r/css/ 		35 KB
11 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://static.global.visioncritical.com/s1/4.5.155.303321/r/css/video-js.min.css?version=303321;
Requested by
Host: survey.paypalcredit.com
URL: https://survey.paypalcredit.com/S.aspx?s=215&r=bI4fq62Op0V5Sl3D0Tr9fB&so=true&a=214&as=V4C0j86gJ5
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
143.204.101.38 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
server-143-204-101-38.fra50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
9ae8eacf58c6f1d8dc071a099ef7ef4c88d1c73ef2e71369cd8d7cc7c6aee5c9
Security Headers
Name Value
Content-Security-Policy default-src 'self' global.visioncritical.com; script-src 'self' global.visioncritical.com *.visioncritical.net *.visioncritical.com ajax.googleapis.com www.google-analytics.com cdn.pendo.io app.pendo.io pendo-io-static.storage.googleapis.com pendo-static-5851380381646848.storage.googleapis.com; connect-src 'self' global.visioncritical.com cdn.pendo.io app.pendo.io pendo-io-static.storage.googleapis.com pendo-static-5851380381646848.storage.googleapis.com api-int.global.visioncritical.com; frame-src 'self' *.global.visioncritical.com global.visioncritical.com; img-src 'self' *.global.visioncritical.com global.visioncritical.com cdn.pendo.io app.pendo.io pendo-io-static.storage.googleapis.com pendo-static-5851380381646848.storage.googleapis.com; style-src 'unsafe-inline' 'self' global.visioncritical.com *.visioncritical.net *.visioncritical.com cdn.pendo.io app.pendo.io pendo-io-static.storage.googleapis.com pendo-static-5851380381646848.storage.googleapis.com fast.fonts.net fonts.googleapis.com; object-src 'none'; font-src 'self' global.visioncritical.com *.visioncritical.net *.visioncritical.com fonts.gstatic.com data:
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Security-Policy default-src 'self' global.visioncritical.com; script-src 'self' global.visioncritical.com *.visioncritical.net *.visioncritical.com ajax.googleapis.com www.google-analytics.com cdn.pendo.io app.pendo.io pendo-io-static.storage.googleapis.com pendo-static-5851380381646848.storage.googleapis.com; connect-src 'self' global.visioncritical.com cdn.pendo.io app.pendo.io pendo-io-static.storage.googleapis.com pendo-static-5851380381646848.storage.googleapis.com api-int.global.visioncritical.com; frame-src 'self' *.global.visioncritical.com global.visioncritical.com; img-src 'self' *.global.visioncritical.com global.visioncritical.com cdn.pendo.io app.pendo.io pendo-io-static.storage.googleapis.com pendo-static-5851380381646848.storage.googleapis.com; style-src 'unsafe-inline' 'self' global.visioncritical.com *.visioncritical.net *.visioncritical.com cdn.pendo.io app.pendo.io pendo-io-static.storage.googleapis.com pendo-static-5851380381646848.storage.googleapis.com fast.fonts.net fonts.googleapis.com; object-src 'none'; font-src 'self' global.visioncritical.com *.visioncritical.net *.visioncritical.com fonts.gstatic.com data:
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://survey.paypalcredit.com/S.aspx?s=215&r=bI4fq62Op0V5Sl3D0Tr9fB&so=true&a=214&as=V4C0j86gJ5
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Tue, 11 Jun 2019 22:23:21 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
865133
x-cache
Hit from cloudfront
status
200
vary
Accept-Encoding
x-xss-protection
1; mode=block
last-modified
Mon, 10 Jun 2019 22:55:34 GMT
server
AmazonS3
strict-transport-security
max-age=31536000; includeSubDomains
content-type
text/css
via
1.1 9eb0e845437929074828e0cf53f179af.cloudfront.net (CloudFront)
cache-control
max-age=2592000,public
content-security-policy
default-src 'self' global.visioncritical.com; script-src 'self' global.visioncritical.com *.visioncritical.net *.visioncritical.com ajax.googleapis.com www.google-analytics.com cdn.pendo.io app.pendo.io pendo-io-static.storage.googleapis.com pendo-static-5851380381646848.storage.googleapis.com; connect-src 'self' global.visioncritical.com cdn.pendo.io app.pendo.io pendo-io-static.storage.googleapis.com pendo-static-5851380381646848.storage.googleapis.com api-int.global.visioncritical.com; frame-src 'self' *.global.visioncritical.com global.visioncritical.com; img-src 'self' *.global.visioncritical.com global.visioncritical.com cdn.pendo.io app.pendo.io pendo-io-static.storage.googleapis.com pendo-static-5851380381646848.storage.googleapis.com; style-src 'unsafe-inline' 'self' global.visioncritical.com *.visioncritical.net *.visioncritical.com cdn.pendo.io app.pendo.io pendo-io-static.storage.googleapis.com pendo-static-5851380381646848.storage.googleapis.com fast.fonts.net fonts.googleapis.com; object-src 'none'; font-src 'self' global.visioncritical.com *.visioncritical.net *.visioncritical.com fonts.gstatic.com data:
x-amz-cf-pop
FRA50-C1
x-amz-cf-id
ATNhTPgMNoYkDky0dVQMXRJWzAjbG5ESf_wIHkTLr6HSiXuzd1z2rw==
x-content-security-policy
default-src 'self' global.visioncritical.com; script-src 'self' global.visioncritical.com *.visioncritical.net *.visioncritical.com ajax.googleapis.com www.google-analytics.com cdn.pendo.io app.pendo.io pendo-io-static.storage.googleapis.com pendo-static-5851380381646848.storage.googleapis.com; connect-src 'self' global.visioncritical.com cdn.pendo.io app.pendo.io pendo-io-static.storage.googleapis.com pendo-static-5851380381646848.storage.googleapis.com api-int.global.visioncritical.com; frame-src 'self' *.global.visioncritical.com global.visioncritical.com; img-src 'self' *.global.visioncritical.com global.visioncritical.com cdn.pendo.io app.pendo.io pendo-io-static.storage.googleapis.com pendo-static-5851380381646848.storage.googleapis.com; style-src 'unsafe-inline' 'self' global.visioncritical.com *.visioncritical.net *.visioncritical.com cdn.pendo.io app.pendo.io pendo-io-static.storage.googleapis.com pendo-static-5851380381646848.storage.googleapis.com fast.fonts.net fonts.googleapis.com; object-src 'none'; font-src 'self' global.visioncritical.com *.visioncritical.net *.visioncritical.com fonts.gstatic.com data:
header-repeat.jpg
survey.paypalcredit.com/skin/images/ 		1 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://survey.paypalcredit.com/skin/images/header-repeat.jpg
Requested by
Host: survey.paypalcredit.com
URL: https://survey.paypalcredit.com/S.aspx?s=215&r=bI4fq62Op0V5Sl3D0Tr9fB&so=true&a=214&as=V4C0j86gJ5
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.60.233.41 Montreal, Canada, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
ec2-52-60-233-41.ca-central-1.compute.amazonaws.com
Software
/
Resource Hash
f169d0230d98549fda46a602d31d6c39bf92715327bbe15954be5e955344a1db
Security Headers
Name Value
Strict-Transport-Security max-age=63072000
X-Content-Type-Options nosniff

Request headers

Referer
https://survey.paypalcredit.com/skin/css/surveyLayout.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Fri, 21 Jun 2019 22:42:13 GMT
X-Content-Type-Options
nosniff
Last-Modified
Tue, 19 Aug 2014 17:34:26 GMT
ETag
"3c4f8d2d3bbcf1:0"
Strict-Transport-Security
max-age=63072000
Content-Type
image/jpeg
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
1185
header.jpg
survey.paypalcredit.com/skin/images/ 		13 KB
13 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://survey.paypalcredit.com/skin/images/header.jpg
Requested by
Host: survey.paypalcredit.com
URL: https://survey.paypalcredit.com/S.aspx?s=215&r=bI4fq62Op0V5Sl3D0Tr9fB&so=true&a=214&as=V4C0j86gJ5
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.60.233.41 Montreal, Canada, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
ec2-52-60-233-41.ca-central-1.compute.amazonaws.com
Software
/
Resource Hash
7ee49c3b9adaed027b6fb98f2e761a9504f702e6b980d27a52dd1f04edb85842
Security Headers
Name Value
Strict-Transport-Security max-age=63072000
X-Content-Type-Options nosniff

Request headers

Referer
https://survey.paypalcredit.com/skin/css/surveyLayout.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Fri, 21 Jun 2019 22:42:13 GMT
X-Content-Type-Options
nosniff
Last-Modified
Tue, 19 Aug 2014 23:18:25 GMT
ETag
"704a49e03bccf1:0"
Strict-Transport-Security
max-age=63072000
Content-Type
image/jpeg
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
12801
vclogo_grey.png
logo.visioncriticalpanels.com/ 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://logo.visioncriticalpanels.com/vclogo_grey.png
Requested by
Host: static.global.visioncritical.com
URL: https://static.global.visioncritical.com/s1/4.5.155.303321/r/js/jquery-1.12.3.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
143.204.101.76 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
server-143-204-101-76.fra50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
51bcf62f2aaf4c53cf067de73b490468eeab2e552d152615c7d4714d630b5272

Request headers

Referer
https://survey.paypalcredit.com/skin/css/surveyLayout.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Fri, 21 Jun 2019 05:32:33 GMT
via
1.1 ba77f90aac0ddbc2c4c2c02062fac762.cloudfront.net (CloudFront)
last-modified
Thu, 08 Nov 2018 23:41:34 GMT
server
AmazonS3
age
61781
etag
"7588e97444cc98b4dbec1538e637c974"
x-cache
Hit from cloudfront
content-type
image/png
status
200
x-amz-cf-pop
FRA50-C1
accept-ranges
bytes
content-length
1837
x-amz-cf-id
txsTEzEjKlBuBGxRGQZLfWOqRU6mo-Lh6ZWRaw4CcOIgDN7J-b4XDw==
maru.gif
survey.paypalcredit.com/skin/images/ 		3 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://survey.paypalcredit.com/skin/images/maru.gif
Requested by
Host: static.global.visioncritical.com
URL: https://static.global.visioncritical.com/s1/4.5.155.303321/r/js/jquery-1.12.3.min.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.60.233.41 Montreal, Canada, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
ec2-52-60-233-41.ca-central-1.compute.amazonaws.com
Software
/
Resource Hash
02a5e0cb487da4e13f0fd8aa493a11034bf845cd6d0cd5548c86d584cb7e01b9
Security Headers
Name Value
Strict-Transport-Security max-age=63072000
X-Content-Type-Options nosniff

Request headers

Referer
https://survey.paypalcredit.com/skin/css/surveyLayout.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Fri, 21 Jun 2019 22:42:13 GMT
X-Content-Type-Options
nosniff
Last-Modified
Wed, 14 Dec 2016 17:18:41 GMT
ETag
"5da4f51d2e56d21:0"
Strict-Transport-Security
max-age=63072000
Content-Type
image/gif
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
3502
EndRequestImage.aspx
survey.paypalcredit.com/ 		43 B
315 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://survey.paypalcredit.com/EndRequestImage.aspx?&sn=Member%20Support%20Study%202015&ps=&stepType=ShowQuestionAction&random=636967285331469336
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.60.233.41 Montreal, Canada, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
ec2-52-60-233-41.ca-central-1.compute.amazonaws.com
Software
/
Resource Hash
98b3d9d20e032f90aca49e9b116225d539ff6fbdb7e42c3c363f63896ac03d2a
Security Headers
Name Value
Strict-Transport-Security max-age=63072000
X-Content-Type-Options nosniff

Request headers

Referer
https://survey.paypalcredit.com/S.aspx?s=215&r=bI4fq62Op0V5Sl3D0Tr9fB&so=true&a=214&as=V4C0j86gJ5
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Fri, 21 Jun 2019 22:42:13 GMT
X-Content-Type-Options
nosniff
Last-Modified
Fri, 21 Jun 2019 22:42:13 GMT
Strict-Transport-Security
max-age=63072000
Content-Type
image/gif
Cache-Control
public
Connection
keep-alive
Content-Length
43

Verdicts & Comments Add Verdict or Comment

74 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onselectstart object| onselectionchange function| queueMicrotask function| ShowElement string| HiddenCacheAssetsID string| DecimalDelimiter string| BrowserID function| $vcget function| AttachE function| DetachE function| IsSafari function| GlobalOnKeyDown function| hookupExclusiveOptionBehavior function| ExclusiveOptionBehaviourList function| DeselectAllButOne function| DeselectAllExclusives function| GetSelectedItems function| ExclusiveOptionBehavior function| CheckForSelectedExclusiveOptions function| AutoPostBack function| hookupAutoPostBack function| unhookAutoPostBack function| hookupOSBehavior function| OSBehavior function| RemoveTdHighlight function| GridBehaviorInput function| GridBehaviorKeyInput function| GridBehaviorTD function| GridBehaviorKeyTD function| ConfirmGridTD function| GridBehaviourProcessChange function| hookupGridBehavior function| hookupAllocGridBehavior function| FormatNumberToString function| ParseFormattedNumber function| GetDecimalPrecision function| AllocGridBehaviorInput function| ReCalcAllocTotal function| ChangeImage function| isPanelElement function| assetLoad function| preloadFiles function| preloadSwf function| preloadJs function| getFileExtension function| backButtonOverride function| backButtonOverrideBody function| attachOnClick function| ButtonClick function| postBackTheForm object| validateRequestEntityMap function| validateRequestHtmlEncode boolean| DoCancelFurtherActions function| $ function| jQuery function| requirejs function| require function| define function| getParameterByName function| getResponseId object| net function| _ boolean| isChrome number| backButtonTimeout object| theForm function| __doPostBack string| prevId string| nextId function| postBack function| page_OnLoad function| recordClientLoadTime function| pageLoadComplete boolean| loadingAssetsPostOnLoad boolean| pageLoaded

1 Cookies

Domain/Path Name / Value
survey.paypalcredit.com/ Name: ASP.NET_SessionId
Value: nmic0fc10h0fsiqlxywafnln

1 Console Messages

Source Level URL
Text
console-api log URL: https://static.global.visioncritical.com/s1/4.5.155.303321/r/js/jquery-migrate-1.4.0.min.js(Line 2)
Message:
JQMIGRATE: Migrate is installed, version 1.4.0

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=63072000
X-Content-Type-Options nosniff