payments.spencerpainting.net Open in urlscan Pro
74.208.151.122 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://payments.spencerpainting.net/
Submission: On April 14 via automatic, source certstream-suspicious (April 14th 2023, 2:40:30 am UTC) — Scanned from DE

Summary HTTP 64 Redirects Behaviour Indicators

Summary

This website contacted 14 IPs in 4 countries across 8 domains to perform 64 HTTP transactions. The main IP is 74.208.151.122, located in United States and belongs to IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE. The main domain is payments.spencerpainting.net.
TLS certificate: Issued by R3 on April 14th 2023. Valid for: 3 months.

This is the only time payments.spencerpainting.net was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
8	74.208.151.122 74.208.151.122	8560 (IONOS-AS ...) (IONOS-AS This is the joint network for IONOS)
4	2600:9000:225... 2600:9000:2251:1a00:1:f8a6:840:93a1	16509 (AMAZON-02) (AMAZON-02)
3	151.101.193.49 151.101.193.49	54113 (FASTLY) (FASTLY)
8	172.66.0.28 172.66.0.28	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	162.159.140.28 162.159.140.28	13335 (CLOUDFLAR...) (CLOUDFLARENET)
6	2a00:1450:401... 2a00:1450:4013:c01::5c	15169 (GOOGLE) (GOOGLE)
1	13.32.104.23 13.32.104.23	16509 (AMAZON-02) (AMAZON-02)
10	2a00:1450:400... 2a00:1450:4001:82a::2003	15169 (GOOGLE) (GOOGLE)
16	2a00:1450:400... 2a00:1450:4001:82f::200e	15169 (GOOGLE) (GOOGLE)
2	99.83.176.153 99.83.176.153	16509 (AMAZON-02) (AMAZON-02)
1	2a00:1450:400... 2a00:1450:4001:812::200a	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:80b::2003	15169 (GOOGLE) (GOOGLE)
1	2600:1f18:24e... 2600:1f18:24e6:b901:4924:1683:6b84:60b3	14618 (AMAZON-AES) (AMAZON-AES)
64	14

8 74.208.151.122 (United States)

ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE)
PTR: spencerpainting.net

payments.spencerpainting.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2600:9000:2251:1a00:1:f8a6:840:93a1 (United States)

ASN16509 (AMAZON-02, US)

sandbox.web.squarecdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 151.101.193.49 (United States)

ASN54113 (FASTLY, US)

square-fonts-production-f.squarecdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 172.66.0.28 (United States)

ASN13335 (CLOUDFLARENET, US)

pci-connect.squareupsandbox.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 162.159.140.28 (None, )

ASN13335 (CLOUDFLARENET, US)

js.squareupsandbox.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
connect.squareupsandbox.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a00:1450:4013:c01::5c (Groningen, Netherlands)

ASN15169 (GOOGLE, US)

pay.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.32.104.23 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-32-104-23.fra60.r.cloudfront.net

cdn.plaid.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 2a00:1450:4001:82a::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

16 2a00:1450:4001:82f::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

play.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 99.83.176.153 (United States)

ASN16509 (AMAZON-02, US)
PTR: ab3378e3025098c17.awsglobalaccelerator.com

nd.squarecdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:812::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:80b::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:1f18:24e6:b901:4924:1683:6b84:60b3 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)

csp-report.browser-intake-datadoghq.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
22	google.com pay.google.com — Cisco Umbrella Rank: 3232 play.google.com — Cisco Umbrella Rank: 31	443 KB
11	gstatic.com www.gstatic.com fonts.gstatic.com	213 KB
11	squareupsandbox.com pci-connect.squareupsandbox.com js.squareupsandbox.com — Cisco Umbrella Rank: 540833 connect.squareupsandbox.com	41 KB
9	squarecdn.com sandbox.web.squarecdn.com — Cisco Umbrella Rank: 520092 square-fonts-production-f.squarecdn.com — Cisco Umbrella Rank: 45402 nd.squarecdn.com — Cisco Umbrella Rank: 61973	325 KB
8	spencerpainting.net payments.spencerpainting.net	11 KB
1	browser-intake-datadoghq.com csp-report.browser-intake-datadoghq.com — Cisco Umbrella Rank: 56943
1	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 47	1 KB
1	plaid.com cdn.plaid.com — Cisco Umbrella Rank: 17103	42 KB
64	8

	Domain	Requested by
16	play.google.com	www.gstatic.com
10	www.gstatic.com	pay.google.com www.gstatic.com
8	pci-connect.squareupsandbox.com	sandbox.web.squarecdn.com
8	payments.spencerpainting.net	payments.spencerpainting.net
6	pay.google.com	sandbox.web.squarecdn.com pay.google.com payments.spencerpainting.net www.gstatic.com
4	sandbox.web.squarecdn.com	payments.spencerpainting.net sandbox.web.squarecdn.com
3	square-fonts-production-f.squarecdn.com	payments.spencerpainting.net square-fonts-production-f.squarecdn.com
2	nd.squarecdn.com	js.squareupsandbox.com nd.squarecdn.com
2	connect.squareupsandbox.com	js.squareupsandbox.com connect.squareupsandbox.com
1	csp-report.browser-intake-datadoghq.com	payments.spencerpainting.net
1	fonts.gstatic.com	fonts.googleapis.com
1	fonts.googleapis.com	client
1	cdn.plaid.com	sandbox.web.squarecdn.com
1	js.squareupsandbox.com	sandbox.web.squarecdn.com
64	14

This site contains no links.

Subject Issuer	Validity	Valid
payments.spencerpainting.net R3	`2023-04-14` - `2023-07-13`	3 months	crt.sh
sandbox.web.squarecdn.com Amazon RSA 2048 M01	`2023-04-02` - `2024-04-30`	a year	crt.sh
*.squarecdn.com R3	`2023-04-02` - `2023-07-01`	3 months	crt.sh
api.squareup.com Entrust Certification Authority - L1K	`2023-03-24` - `2024-03-23`	a year	crt.sh
squareupsandbox.com Cloudflare Inc ECC CA-3	`2023-03-30` - `2024-03-28`	a year	crt.sh
*.google.com GTS CA 1C3	`2023-03-20` - `2023-06-12`	3 months	crt.sh
secure.plaid.com DigiCert EV RSA CA G2	`2023-03-09` - `2024-04-08`	a year	crt.sh
*.gstatic.com GTS CA 1C3	`2023-03-28` - `2023-06-20`	3 months	crt.sh
nd.squarecdn.com Amazon RSA 2048 M01	`2023-02-28` - `2024-01-24`	a year	crt.sh
upload.video.google.com GTS CA 1C3	`2023-03-28` - `2023-06-20`	3 months	crt.sh
*.browser-intake-datadoghq.com DigiCert TLS RSA SHA256 2020 CA1	`2022-07-21` - `2023-07-22`	a year	crt.sh

This page contains 6 frames:

Primary Page: https://payments.spencerpainting.net/
Frame ID: 0F691C2A423BC7870AA9B4AF18447D5A
Requests: 25 HTTP requests in this frame

Frame: https://sandbox.web.squarecdn.com/1.48.1/main-iframe.html?applicationId=sandbox-sq0idb-bFhF7xpEWlwCVfnKlmPcyA&hostname=payments.spencerpainting.net
Frame ID: 6FC210AA3CFA51CA1E3A15E35DA90DF5
Requests: 4 HTTP requests in this frame

Frame: https://sandbox.web.squarecdn.com/1.48.1/single-card-element-iframe.html
Frame ID: 0F93778195FD0CFA78CCE702D1DB7694
Requests: 2 HTTP requests in this frame

Frame: https://pay.google.com/gp/p/ui/payframe?origin=https%3A%2F%2Fpayments.spencerpainting.net&mid=
Frame ID: AF7A006E22FFF6E11F95B3DE3FFFAC6B
Requests: 15 HTTP requests in this frame

Frame: https://connect.squareupsandbox.com/payments/data/frame.html?referer=https%3A%2F%2Fpayments.spencerpainting.net%2F
Frame ID: 1A548D3C7288558D2ED072EADA3126FB
Requests: 3 HTTP requests in this frame

Frame: https://pay.google.com/gp/p/generate_gpay_btn_img?buttonColor=default&browserLocale=en&buttonSizeMode=static&enableGpayNewButtonAsset=false
Frame ID: 2FCCCB042F8A3E53E045762EB25DD82B
Requests: 6 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

My Payment Flow

Detected technologies

Google Pay (Payment processors) Expand

Overall confidence: 100%
Detected patterns

pay\.google\.com/([a-z/]+)/pay\.js

Page Statistics

64
Requests

100 %
HTTPS

54 %
IPv6

8
Domains

14
Subdomains

14
IPs

4
Countries

1076 kB
Transfer

3377 kB
Size

3
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

64 HTTP transactions
1 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request / Show response
payments.spencerpainting.net/ 2 KB
894 B 1422ms
549ms Document
text/html 74.208.151.122
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to

Full URL: https://payments.spencerpainting.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 74.208.151.122 , United States, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS: spencerpainting.net
Software: nginx/1.18.0 (Ubuntu) / PHP/7.4.3
Resource Hash: a09d69fe2006ef01e2e9832f459b28d9f3b83b9a01c63f939e93f7c263f55588

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

content-encoding: gzip
content-type: text/html; charset=UTF-8
date: Fri, 14 Apr 2023 02:40:25 GMT
host: 74.208.151.122:8888
server: nginx/1.18.0 (Ubuntu)
x-powered-by: PHP/7.4.3

GET
H2 200 square.js Show response
sandbox.web.squarecdn.com/v1/ 354 KB
102 KB 69ms
11ms Script
application/javascript 2600:9000:2251:1a00:1:f8a6:840:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://sandbox.web.squarecdn.com/v1/square.js
Requested by: Host: payments.spencerpainting.net
URL: https://payments.spencerpainting.net/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2251:1a00:1:f8a6:840:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: d5c9830df54606d042caa70de0ff84a6dc8d85459a9a090823ca0ba5c71e05c4

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://payments.spencerpainting.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

x-amz-version-id: Hnftm5xmEqKvtUxesSS6HmayRtC2ty.P
content-encoding: gzip
via: 1.1 0c792defeeaa18965559ad74895ea56a.cloudfront.net (CloudFront)
date: Thu, 13 Apr 2023 16:53:49 GMT
x-amz-cf-pop: FRA60-P3
age: 35197
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-meta-websdk-version: 1.48.1
last-modified: Wed, 12 Apr 2023 00:09:41 GMT
server: AmazonS3
etag: W/"a9c1ecaceecc7a1e7c4a8999c60e0c7a"
access-control-max-age: 300
x-amz-meta-md5checksum: qcHsrO7Meh58SomZxg4Meg==
access-control-allow-methods: GET, HEAD
access-control-allow-origin: *
content-type: application/javascript
cache-control: public, max-age=300
vary: Accept-Encoding
x-amz-cf-id: J4HI5bHftg6BMlWrze3Y2SdNhA-1SOJ6kigJqtAbvgr2OJjuYRRWmg==

GET
H2 200 style.css
payments.spencerpainting.net/public/stylesheets/ 1 KB
1 KB 146ms
145ms Stylesheet
text/css 74.208.151.122
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to

Full URL: https://payments.spencerpainting.net/public/stylesheets/style.css
Requested by: Host: payments.spencerpainting.net
URL: https://payments.spencerpainting.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 74.208.151.122 , United States, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS: spencerpainting.net
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: a941e2f9f0f5bceff932a45c3e390bed2b2aa27c2acfa7d5bc80a8549f2897d5

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://payments.spencerpainting.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Fri, 14 Apr 2023 02:40:25 GMT
server: nginx/1.18.0 (Ubuntu)
host: 74.208.151.122:8888
content-length: 1167
content-type: text/css; charset=UTF-8

GET
H2 200 sq-payment.css
payments.spencerpainting.net/public/stylesheets/ 2 KB
2 KB 147ms
145ms Stylesheet
text/css 74.208.151.122
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to

Full URL: https://payments.spencerpainting.net/public/stylesheets/sq-payment.css
Requested by: Host: payments.spencerpainting.net
URL: https://payments.spencerpainting.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 74.208.151.122 , United States, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS: spencerpainting.net
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: 5228eefbdf239ca2ddde9f3d532d74a8e58a8f5aa6ea0d07a5ddaf307365bc56

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://payments.spencerpainting.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Fri, 14 Apr 2023 02:40:25 GMT
server: nginx/1.18.0 (Ubuntu)
host: 74.208.151.122:8888
content-length: 2005
content-type: text/css; charset=UTF-8

GET
H2 200 sq-ach.js Show response
payments.spencerpainting.net/public/js/ 1 KB
2 KB 147ms
146ms Script
application/javascript 74.208.151.122
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to

Full URL: https://payments.spencerpainting.net/public/js/sq-ach.js
Requested by: Host: payments.spencerpainting.net
URL: https://payments.spencerpainting.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 74.208.151.122 , United States, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS: spencerpainting.net
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: 91f041aea0179b7c3c424a53954e2c63aaae23be045361721b891d09e875df0f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://payments.spencerpainting.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Fri, 14 Apr 2023 02:40:25 GMT
server: nginx/1.18.0 (Ubuntu)
host: 74.208.151.122:8888
content-length: 1519
content-type: application/javascript

GET
H2 200 sq-apple-pay.js Show response
payments.spencerpainting.net/public/js/ 870 B
984 B 147ms
146ms Script
application/javascript 74.208.151.122
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to

Full URL: https://payments.spencerpainting.net/public/js/sq-apple-pay.js
Requested by: Host: payments.spencerpainting.net
URL: https://payments.spencerpainting.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 74.208.151.122 , United States, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS: spencerpainting.net
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: 07673e4c4cf487802235eee63c8211a07a0ab7d1c525a28bef0ad40259cc5f8d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://payments.spencerpainting.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Fri, 14 Apr 2023 02:40:25 GMT
server: nginx/1.18.0 (Ubuntu)
host: 74.208.151.122:8888
content-length: 870
content-type: application/javascript

GET
H2 200 sq-card-pay.js Show response
payments.spencerpainting.net/public/js/ 887 B
1001 B 281ms
280ms Script
application/javascript 74.208.151.122
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to

Full URL: https://payments.spencerpainting.net/public/js/sq-card-pay.js
Requested by: Host: payments.spencerpainting.net
URL: https://payments.spencerpainting.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 74.208.151.122 , United States, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS: spencerpainting.net
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: c053e776efdd949b114c5699f149b246691b0d0e99e0b60bb16dfbf970181fac

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://payments.spencerpainting.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Fri, 14 Apr 2023 02:40:25 GMT
server: nginx/1.18.0 (Ubuntu)
host: 74.208.151.122:8888
content-length: 887
content-type: application/javascript

GET
H2 200 sq-google-pay.js Show response
payments.spencerpainting.net/public/js/ 829 B
943 B 281ms
280ms Script
application/javascript 74.208.151.122
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to

Full URL: https://payments.spencerpainting.net/public/js/sq-google-pay.js
Requested by: Host: payments.spencerpainting.net
URL: https://payments.spencerpainting.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 74.208.151.122 , United States, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS: spencerpainting.net
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: 2967eac70f2aba30c6513c9bf2bba9ac3d54d0ac4b88b7e30122751b7cc7b393

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://payments.spencerpainting.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Fri, 14 Apr 2023 02:40:25 GMT
server: nginx/1.18.0 (Ubuntu)
host: 74.208.151.122:8888
content-length: 829
content-type: application/javascript

GET
H2 200 sq-payment-flow.js Show response
payments.spencerpainting.net/public/js/ 3 KB
3 KB 282ms
281ms Script
application/javascript 74.208.151.122
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to

Full URL: https://payments.spencerpainting.net/public/js/sq-payment-flow.js
Requested by: Host: payments.spencerpainting.net
URL: https://payments.spencerpainting.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 74.208.151.122 , United States, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS: spencerpainting.net
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: e0f647e68ebb478eee0d0d7f361201ff8eefee7ab97ebdfb5eb2a16cd46b1762

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://payments.spencerpainting.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Fri, 14 Apr 2023 02:40:25 GMT
server: nginx/1.18.0 (Ubuntu)
host: 74.208.151.122:8888
content-length: 2643
content-type: application/javascript

GET
H2 200 square-sans.min.css
square-fonts-production-f.squarecdn.com/ 9 KB
1 KB 50ms
7ms Stylesheet
text/css 151.101.193.49
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://square-fonts-production-f.squarecdn.com/square-sans.min.css
Requested by: Host: payments.spencerpainting.net
URL: https://payments.spencerpainting.net/public/stylesheets/style.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.193.49 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 6e5f8d9e585a2b723138a01907ece55bcf8cef0b37739854ae7d6558d9731222

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://payments.spencerpainting.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

x-amz-version-id: xdzSbkLv_h416HLxDQJxB_0iWjFqvTj4
content-encoding: gzip
via: 1.1 varnish
date: Fri, 14 Apr 2023 02:40:25 GMT
x-amz-request-id: GD9S4Y543J8KF8X2
age: 5615
x-amz-server-side-encryption: AES256
x-cache: HIT
content-length: 656
x-amz-id-2: NWIBuqRT1w6KNi1gOVGVjYpO0wfeZ2B+L0/ImCAZFEFUIUAulf4uDCjhLRmpk7NcyYW6qKFyHa4=
x-served-by: cache-fra-eddf8230115-FRA
last-modified: Mon, 10 Apr 2023 22:33:03 GMT
server: AmazonS3
x-timer: S1681440026.792052,VS0,VE1
etag: "ae41d12d00bae89987faeab66de43bc0"
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31536000
accept-ranges: bytes
x-cache-hits: 1

GET
H2 200 SquareSansText-Upright-VF.woff2
square-fonts-production-f.squarecdn.com/square-text/ 35 KB
35 KB 20ms
6ms Font
font/woff2 151.101.193.49
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://square-fonts-production-f.squarecdn.com/square-text/SquareSansText-Upright-VF.woff2
Requested by: Host: square-fonts-production-f.squarecdn.com
URL: https://square-fonts-production-f.squarecdn.com/square-sans.min.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.193.49 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 5575694036a2d342f18ca455251396c6dc98214f30641c3c7539d5568aefd6e9

Request headers

Referer: https://square-fonts-production-f.squarecdn.com/square-sans.min.css
Origin: https://payments.spencerpainting.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

x-amz-version-id: 4VnhvuC1ADAOOUuce_e2VhgtynEFsenk
date: Fri, 14 Apr 2023 02:40:25 GMT
via: 1.1 varnish
x-amz-request-id: FCAYZVPFH69BTNG2
age: 273949
x-amz-server-side-encryption: AES256
x-cache: HIT
content-length: 35844
x-amz-id-2: ZjPr4psNHF+JOC3hggDCGjIuUyLCkV1LQadmlAVicdrOXmELsidM1Y66YD/2a0dN+DguZHi0QHg=
x-served-by: cache-fra-eddf8230020-FRA
last-modified: Mon, 10 Apr 2023 22:33:04 GMT
server: AmazonS3
x-timer: S1681440026.816304,VS0,VE0
etag: "b4a5ad35b82b05e604dd82769f724078"
content-type: font/woff2
access-control-allow-origin: *
cache-control: max-age=31536000
accept-ranges: bytes
x-cache-hits: 8

GET
H2 200 main-iframe.html Show response
sandbox.web.squarecdn.com/1.48.1/ Frame 6FC2 340 KB
92 KB 9ms
8ms Document
text/html 2600:9000:2251:1a00:1:f8a6:840:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://sandbox.web.squarecdn.com/1.48.1/main-iframe.html?applicationId=sandbox-sq0idb-bFhF7xpEWlwCVfnKlmPcyA&hostname=payments.spencerpainting.net
Requested by: Host: sandbox.web.squarecdn.com
URL: https://sandbox.web.squarecdn.com/v1/square.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2251:1a00:1:f8a6:840:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: c60399c3e7c1d7efdf91e4831b092cf162df9af094a21f6a5949a231424b2587

Request headers

Referer: https://payments.spencerpainting.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-methods: GET, HEAD
access-control-allow-origin: *
access-control-max-age: 300
age: 33819
cache-control: public, max-age=300
content-encoding: gzip
content-type: text/html
date: Thu, 13 Apr 2023 17:16:47 GMT
etag: W/"d36a0bbfa8ad6ac7f6f64b7a850d971c"
last-modified: Wed, 12 Apr 2023 00:09:41 GMT
server: AmazonS3
vary: Accept-Encoding
via: 1.1 0c792defeeaa18965559ad74895ea56a.cloudfront.net (CloudFront)
x-amz-cf-id: EL9GxbxsDLtrENVDm4PwjWDaw7M6evwRCVFBjMCcbataGenKleAaBg==
x-amz-cf-pop: FRA60-P3
x-amz-meta-md5checksum: 02oLv6itasf29kt6hQ2XHA==
x-amz-meta-websdk-version: 1.48.1
x-amz-server-side-encryption: AES256
x-amz-version-id: mf051BSBbua1k07btKr8kyW0T2ABbHP3
x-cache: Hit from cloudfront

GET
H2 200 hydrate Show response
pci-connect.squareupsandbox.com/payments/ Frame 6FC2 1 KB
1 KB 698ms
680ms Fetch
application/json 172.66.0.28
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://pci-connect.squareupsandbox.com/payments/hydrate?applicationId=sandbox-sq0idb-bFhF7xpEWlwCVfnKlmPcyA&hostname=payments.spencerpainting.net&locationId=LMKMF7BVQJ3SD&version=1.48.1

Requested by

Host: sandbox.web.squarecdn.com
URL: https://sandbox.web.squarecdn.com/1.48.1/main-iframe.html?applicationId=sandbox-sq0idb-bFhF7xpEWlwCVfnKlmPcyA&hostname=payments.spencerpainting.net

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.66.0.28 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

aa85e86d9db80d22d87af2c422f947105d797bd28e29dec6048c91b548bbf2cd

Security Headers

Name	Value
Strict-Transport-Security	max-age=631152000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept: application/json
Referer: https://sandbox.web.squarecdn.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36
content-type: application/json; charset=utf-8

Response headers

date: Fri, 14 Apr 2023 02:40:27 GMT
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=631152000; includeSubDomains; preload
cf-cache-status: DYNAMIC
square-version: 2023-03-15
x-permitted-cross-domain-policies: none
x-sq-dc: sjc2b
x-speleo-traceid: CDN-7cdaec2a-7a48-4209-a71c-3616e7025585
x-sq-region: sjc2b
content-length: 580
x-xss-protection: 1; mode=block
server: cloudflare
x-download-options: noopen
vary: Origin, Accept-Encoding
access-control-allow-methods: OPTIONS, GET
content-type: application/json
access-control-allow-origin: https://sandbox.web.squarecdn.com
x-frame-options: SAMEORIGIN
access-control-allow-credentials: true
cf-ray: 7b7895876c039213-FRA
access-control-allow-headers: Origin, Content-Type, X-Allow-Cookies, X-Block-Cookies

OPTIONS
H2 200 hydrate
pci-connect.squareupsandbox.com/payments/ Frame 0
0 762ms
463ms Preflight 172.66.0.28
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://pci-connect.squareupsandbox.com/payments/hydrate?applicationId=sandbox-sq0idb-bFhF7xpEWlwCVfnKlmPcyA&hostname=payments.spencerpainting.net&locationId=LMKMF7BVQJ3SD&version=1.48.1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.66.0.28 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=631152000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: GET
Origin: https://sandbox.web.squarecdn.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Origin, Content-Type, X-Allow-Cookies, X-Block-Cookies
access-control-allow-methods: OPTIONS, GET
access-control-allow-origin: https://sandbox.web.squarecdn.com
cf-cache-status: DYNAMIC
cf-ray: 7b7895846d3f3644-FRA
content-length: 0
date: Fri, 14 Apr 2023 02:40:26 GMT
server: cloudflare
strict-transport-security: max-age=631152000; includeSubDomains; preload
vary: Origin, Accept-Encoding
x-content-type-options: nosniff
x-download-options: noopen
x-frame-options: SAMEORIGIN
x-permitted-cross-domain-policies: none
x-sq-dc: sjc2b
x-sq-region: sjc2b
x-xss-protection: 1; mode=block

POST
H2 204 v2
pci-connect.squareupsandbox.com/payments/mtx/ 0
275 B 597ms
596ms Ping
text/plain 172.66.0.28
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://pci-connect.squareupsandbox.com/payments/mtx/v2

Requested by

Host: sandbox.web.squarecdn.com
URL: https://sandbox.web.squarecdn.com/v1/square.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.66.0.28 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=631152000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://payments.spencerpainting.net/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36
Content-Type: text/plain;charset=utf-8

Response headers

date: Fri, 14 Apr 2023 02:40:27 GMT
strict-transport-security: max-age=631152000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
x-sq-dc: sjc2b
x-permitted-cross-domain-policies: none
x-sq-region: sjc2b
x-xss-protection: 1; mode=block
server: cloudflare
x-download-options: noopen
vary: Origin, Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: https://payments.spencerpainting.net
x-frame-options: SAMEORIGIN
access-control-allow-credentials: true
cf-ray: 7b7895881c5b9213-FRA
access-control-allow-headers: Origin, Content-Type, X-Allow-Cookies, X-Block-Cookies

POST
H2 204 v2
pci-connect.squareupsandbox.com/payments/mtx/ Frame 6FC2 0
652 B 460ms
459ms Ping
text/plain 172.66.0.28
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://pci-connect.squareupsandbox.com/payments/mtx/v2

Requested by

Host: sandbox.web.squarecdn.com
URL: https://sandbox.web.squarecdn.com/1.48.1/main-iframe.html?applicationId=sandbox-sq0idb-bFhF7xpEWlwCVfnKlmPcyA&hostname=payments.spencerpainting.net

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.66.0.28 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=631152000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://sandbox.web.squarecdn.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36
Content-Type: text/plain;charset=utf-8

Response headers

date: Fri, 14 Apr 2023 02:40:27 GMT
strict-transport-security: max-age=631152000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
x-sq-dc: sjc2b
x-permitted-cross-domain-policies: none
x-sq-region: sjc2b
x-xss-protection: 1; mode=block
server: cloudflare
x-download-options: noopen
vary: Origin, Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: https://sandbox.web.squarecdn.com
x-frame-options: SAMEORIGIN
access-control-allow-credentials: true
cf-ray: 7b789588bcb09213-FRA
access-control-allow-headers: Origin, Content-Type, X-Allow-Cookies, X-Block-Cookies

GET
H2 200 data.js Show response
js.squareupsandbox.com/payments/ 85 KB
26 KB 685ms
654ms Script
application/javascript 162.159.140.28
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js.squareupsandbox.com/payments/data.js

Requested by

Host: sandbox.web.squarecdn.com
URL: https://sandbox.web.squarecdn.com/v1/square.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

162.159.140.28 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0471dedab60242d25b5326265b4e7895149662684a29567a784872e192749e97

Security Headers

Name	Value
Strict-Transport-Security	max-age=631152000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://payments.spencerpainting.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Fri, 14 Apr 2023 02:40:28 GMT
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=631152000; includeSubDomains; preload
cf-cache-status: DYNAMIC
x-permitted-cross-domain-policies: none
x-sq-dc: sjc2b
server: cloudflare
x-download-options: noopen
vary: Origin, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
x-sq-region: sjc2b
cf-ray: 7b78958be9999030-FRA
x-xss-protection: 1; mode=block

GET
H2 200 pay.js Show response
pay.google.com/gp/p/js/ 115 KB
35 KB 122ms
62ms Script
application/javascript 2a00:1450:4013:c01::5c
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pay.google.com/gp/p/js/pay.js

Requested by

Host: sandbox.web.squarecdn.com
URL: https://sandbox.web.squarecdn.com/v1/square.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4013:c01::5c Groningen, Netherlands, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

f4ebaa46cb7fd434b788ac85a1164d3c4bdcf992706fe83de8821a35015e2a6e

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-jpDXb552MiLI_yh6avObuQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/InstantbuyFrontendHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/InstantbuyFrontendHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/InstantbuyFrontendHttp/cspreport
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://payments.spencerpainting.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Fri, 14 Apr 2023 02:40:27 GMT
strict-transport-security: max-age=31536000
content-encoding: gzip
content-security-policy: script-src 'report-sample' 'nonce-jpDXb552MiLI_yh6avObuQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/InstantbuyFrontendHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/InstantbuyFrontendHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/InstantbuyFrontendHttp/cspreport
x-content-type-options: nosniff
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin; report-to="InstantbuyFrontendHttp"
server: ESF
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
report-to: {"group":"InstantbuyFrontendHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/InstantbuyFrontendHttp/external"}]}
content-type: application/javascript; charset=utf-8
x-frame-options: SAMEORIGIN
cache-control: private, max-age=600
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-platform=*, ch-ua-platform-version=*
expires: Fri, 14 Apr 2023 02:40:27 GMT

GET
H2 200 link-initialize.js Show response
cdn.plaid.com/link/v2/stable/ 135 KB
42 KB 63ms
35ms Script
application/javascript 13.32.104.23
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.plaid.com/link/v2/stable/link-initialize.js
Requested by: Host: sandbox.web.squarecdn.com
URL: https://sandbox.web.squarecdn.com/v1/square.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.104.23 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-104-23.fra60.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 98894cef8b2d79eb6bda6e6680f2509a117a64fe32418a3965bb8418c67634d4

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://payments.spencerpainting.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Thu, 13 Apr 2023 11:41:24 GMT
x-amz-version-id: IfSt1B8fyPyheb49XilbAoebvatgoxbH
content-encoding: gzip
via: 1.1 b3fce8903671f8346e7a6a138d2d4610.cloudfront.net (CloudFront)
x-amz-request-id: EH41QXREVXJDZ8S3
x-amz-cf-pop: FRA60-P1
x-amz-server-side-encryption: AES256
age: 53944
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
x-amz-id-2: 1YOut92H30VCS/9QgCq5SZHOvt1UKQsmSmI5HL7bxyAIVyqaKby1/CIoD9c9nrEpk72Ea23AbrA=
last-modified: Thu, 13 Apr 2023 11:27:52 GMT
server: AmazonS3
etag: W/"1329898cc01f0e12385213e2bf4f3349"
vary: Accept-Encoding
content-type: application/javascript
cache-control: no-cache,must-revalidate,max-age=0
x-amz-cf-id: 2_93_QI9-J-64jPunIOWfiebOCNmZaJHNRLjEexUOpBJ8leYIL-DUA==

GET
H2 200 single-card-element-iframe.html Show response
sandbox.web.squarecdn.com/1.48.1/ Frame 0F93 8 KB
2 KB 9ms
8ms Document
text/html 2600:9000:2251:1a00:1:f8a6:840:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://sandbox.web.squarecdn.com/1.48.1/single-card-element-iframe.html
Requested by: Host: sandbox.web.squarecdn.com
URL: https://sandbox.web.squarecdn.com/v1/square.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2251:1a00:1:f8a6:840:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: d77d0d728b89e28863f08f544e1b74af4742cb911dcb44a1bca989c5c9fcc475

Request headers

Referer: https://payments.spencerpainting.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-methods: GET, HEAD
access-control-allow-origin: *
access-control-max-age: 300
age: 33819
cache-control: public, max-age=300
content-encoding: gzip
content-type: text/html
date: Thu, 13 Apr 2023 17:16:49 GMT
etag: W/"03e704396b83c27986cdb35eb350b127"
last-modified: Wed, 12 Apr 2023 00:09:41 GMT
server: AmazonS3
vary: Accept-Encoding
via: 1.1 0c792defeeaa18965559ad74895ea56a.cloudfront.net (CloudFront)
x-amz-cf-id: 4XVXAy2_4rJR3LtR9sk3-_82UNOgW765LSKvUSM1rosM5tB_Lzqg8g==
x-amz-cf-pop: FRA60-P3
x-amz-meta-md5checksum: A+cEOWuDwnmGzbNes1CxJw==
x-amz-meta-websdk-version: 1.48.1
x-amz-server-side-encryption: AES256
x-amz-version-id: RkgjBmSgq_3F9UWoxLWDAvB5UdKfkv7X
x-cache: Hit from cloudfront

POST
H2 200 token Show response
pci-connect.squareupsandbox.com/digital-wallets/google-pay/ Frame 6FC2 272 B
371 B 382ms
382ms Fetch
application/json 172.66.0.28
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://pci-connect.squareupsandbox.com/digital-wallets/google-pay/token

Requested by

Host: sandbox.web.squarecdn.com
URL: https://sandbox.web.squarecdn.com/1.48.1/main-iframe.html?applicationId=sandbox-sq0idb-bFhF7xpEWlwCVfnKlmPcyA&hostname=payments.spencerpainting.net

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.66.0.28 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d6603d56a470de112c336ba9175eb4b925cb61afd282a1fe692567b9d18584b3

Security Headers

Name	Value
Strict-Transport-Security	max-age=631152000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept: application/json
Referer: https://sandbox.web.squarecdn.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36
content-type: application/json; charset=utf-8

Response headers

date: Fri, 14 Apr 2023 02:40:28 GMT
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=631152000; includeSubDomains; preload
cf-cache-status: DYNAMIC
square-version: 2023-03-15
x-permitted-cross-domain-policies: none
x-sq-dc: sjc2b
x-speleo-traceid: CDN-522e85cb-ca75-44de-b979-4c19c3f6b6ce
x-sq-region: sjc2b
content-length: 255
x-xss-protection: 1; mode=block
server: cloudflare
x-download-options: noopen
vary: Origin, Accept-Encoding
access-control-allow-methods: POST, OPTIONS
content-type: application/json
access-control-allow-origin: https://sandbox.web.squarecdn.com
x-frame-options: SAMEORIGIN
access-control-allow-credentials: true
cf-ray: 7b78958fd85a9213-FRA
access-control-allow-headers: Origin, Content-Type, X-Allow-Cookies, X-Block-Cookies

OPTIONS
H2 200 token
pci-connect.squareupsandbox.com/digital-wallets/google-pay/ Frame 0
0 657ms
657ms Preflight 172.66.0.28
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://pci-connect.squareupsandbox.com/digital-wallets/google-pay/token

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.66.0.28 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=631152000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://sandbox.web.squarecdn.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Origin, Content-Type, X-Allow-Cookies, X-Block-Cookies
access-control-allow-methods: POST, OPTIONS
access-control-allow-origin: https://sandbox.web.squarecdn.com
cf-cache-status: DYNAMIC
cf-ray: 7b78958bca3f3644-FRA
content-length: 0
date: Fri, 14 Apr 2023 02:40:28 GMT
server: cloudflare
strict-transport-security: max-age=631152000; includeSubDomains; preload
vary: Origin, Accept-Encoding
x-content-type-options: nosniff
x-download-options: noopen
x-frame-options: SAMEORIGIN
x-permitted-cross-domain-policies: none
x-sq-dc: sjc2b
x-sq-region: sjc2b
x-xss-protection: 1; mode=block

GET
H2 200 card-wrapper.css
sandbox.web.squarecdn.com/1.48.1/ 5 KB
2 KB 9ms
8ms Stylesheet
text/css 2600:9000:2251:1a00:1:f8a6:840:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://sandbox.web.squarecdn.com/1.48.1/card-wrapper.css
Requested by: Host: sandbox.web.squarecdn.com
URL: https://sandbox.web.squarecdn.com/v1/square.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2251:1a00:1:f8a6:840:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 0675db7c540643bc6b01b6dca8ba4ce76a792710be650dde4ded05d375f194e8

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://payments.spencerpainting.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

x-amz-version-id: 2jW1Rh_hU0GUrtJKy9F0K3OUqBJsDOf0
content-encoding: gzip
via: 1.1 0c792defeeaa18965559ad74895ea56a.cloudfront.net (CloudFront)
date: Thu, 13 Apr 2023 17:16:49 GMT
x-amz-cf-pop: FRA60-P3
age: 33819
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-meta-websdk-version: 1.48.1
last-modified: Wed, 12 Apr 2023 00:09:41 GMT
server: AmazonS3
etag: W/"fc8dede0a55deae1322d5d80b0e848a9"
access-control-max-age: 300
x-amz-meta-md5checksum: /I3t4KVd6uEyLV2AsOhIqQ==
access-control-allow-methods: GET, HEAD
access-control-allow-origin: *
content-type: text/css
cache-control: public, max-age=300
vary: Accept-Encoding
x-amz-cf-id: mcRSC_Fb0g5pUfi98vXhk89EqIyG4E3lt-R7W715cKzUFGdtvkbHYQ==

GET
DATA 200
OK truncated
/ 487 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: f89929a556909e88126e8544bcc55ae94f6a967d723306b74c63907ca65e8619

Request headers

Referer
Origin: https://payments.spencerpainting.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H2 200 SquareSansText-Regular.woff2
square-fonts-production-f.squarecdn.com/square-text/ Frame 0F93 32 KB
32 KB 7ms
6ms Font
font/woff2 151.101.193.49
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://square-fonts-production-f.squarecdn.com/square-text/SquareSansText-Regular.woff2
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.193.49 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: ce0d0b6cec57d33ad715219c18d983654cedc833e895ed8cccc792d08da5ab83

Request headers

Referer: https://sandbox.web.squarecdn.com/
Origin: https://sandbox.web.squarecdn.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

x-amz-version-id: QOKhsyK8X68AxVIMO80C44ymI5m8cyAK
date: Fri, 14 Apr 2023 02:40:27 GMT
via: 1.1 varnish
x-amz-request-id: 1C39AFAFG2WVD29V
age: 273961
x-amz-server-side-encryption: AES256
x-cache: HIT
content-length: 32724
x-amz-id-2: 7a/Y3oM+bpesqeuNlYI2rVKBu+LwSSBY56V3Y5miUtv2NpSZryupKzHDaxQuCH9d5sH9N6U9H0k=
x-served-by: cache-fra-eddf8230020-FRA
last-modified: Mon, 10 Apr 2023 22:33:04 GMT
server: AmazonS3
x-timer: S1681440028.526044,VS0,VE0
etag: "8bd78348f371229eadd661171386f3b8"
content-type: font/woff2
access-control-allow-origin: *
cache-control: max-age=31536000
accept-ranges: bytes
x-cache-hits: 4

GET
H2 200 payframe Show response
pay.google.com/gp/p/ui/ Frame AF7A 18 KB
8 KB 219ms
218ms Document
text/html 2a00:1450:4013:c01::5c
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pay.google.com/gp/p/ui/payframe?origin=https%3A%2F%2Fpayments.spencerpainting.net&mid=

Requested by

Host: pay.google.com
URL: https://pay.google.com/gp/p/js/pay.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4013:c01::5c Groningen, Netherlands, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

786c9e3588c6175b6693ff67443d366b95b361a71ec3b4a0adfae39b5e14b008

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-OZV0my9kFMNcGhYL6-JN_Q' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/InstantbuyFrontendBuyflowPayframeUi/cspreport;worker-src 'self' script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/InstantbuyFrontendBuyflowPayframeUi/cspreport/allowlist require-trusted-types-for 'script';report-uri /_/InstantbuyFrontendBuyflowPayframeUi/cspreport
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://payments.spencerpainting.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=3600
content-encoding: gzip
content-security-policy: script-src 'report-sample' 'nonce-OZV0my9kFMNcGhYL6-JN_Q' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/InstantbuyFrontendBuyflowPayframeUi/cspreport;worker-src 'self' script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/InstantbuyFrontendBuyflowPayframeUi/cspreport/allowlist require-trusted-types-for 'script';report-uri /_/InstantbuyFrontendBuyflowPayframeUi/cspreport
content-type: text/html; charset=utf-8
cross-origin-opener-policy: same-origin; report-to="InstantbuyFrontendBuyflowPayframeUi"
cross-origin-resource-policy: same-site
date: Fri, 14 Apr 2023 02:40:27 GMT
expires: Fri, 14 Apr 2023 02:40:27 GMT
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-platform=*, ch-ua-platform-version=*
report-to: {"group":"InstantbuyFrontendBuyflowPayframeUi","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/InstantbuyFrontendBuyflowPayframeUi/external"}]}
server: ESF
strict-transport-security: max-age=31536000
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
x-content-type-options: nosniff
x-ua-compatible: IE=edge
x-xss-protection: 0

POST
H3 404 cspreport
pay.google.com/_/InstantbuyFrontendBuyflowPayframeUi/ Frame AF7A 2 KB
2 KB 115ms
114ms Other
text/html 2a00:1450:4013:c01::5c
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://pay.google.com/_/InstantbuyFrontendBuyflowPayframeUi/cspreport
Requested by: Host: payments.spencerpainting.net
URL: https://payments.spencerpainting.net/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4013:c01::5c Groningen, Netherlands, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: d6ff339ddb4525268c21fa26ded66b0703f177e742281dc9bcd558288f8e1101

Request headers

Referer: https://pay.google.com/gp/p/ui/payframe?origin=https%3A%2F%2Fpayments.spencerpainting.net&mid=
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36
Content-Type: application/csp-report

Response headers

date: Fri, 14 Apr 2023 02:40:27 GMT
referrer-policy: no-referrer
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1608
content-type: text/html; charset=UTF-8

GET
H2 200 m=_b,_tp,_r Show response
www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US.zHthi849arc.es5.O/am=wPEAIA/d=1/excm=_b,_r,_tp,payframeview/ed=1/dg=0/wt=2/ujg=1/r... Frame AF7A 158 KB
56 KB 28ms
7ms Script
text/javascript 2a00:1450:4001:82a::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US.zHthi849arc.es5.O/am=wPEAIA/d=1/excm=_b,_r,_tp,payframeview/ed=1/dg=0/wt=2/ujg=1/rs=AMitfrjlk436OU04oT8DSOYRiLvwwkMh4w/m=_b,_tp,_r

Requested by

Host: pay.google.com
URL: https://pay.google.com/gp/p/ui/payframe?origin=https%3A%2F%2Fpayments.spencerpainting.net&mid=

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2ddc0cedb042a0ab60ec35a74d78b72af0b6839655accba9e0c702404cd0d474

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pay.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Thu, 13 Apr 2023 17:23:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 33445
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/boq-infra/payments-consumer-boq-js-css-signers
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 57044
x-xss-protection: 0
last-modified: Thu, 13 Apr 2023 03:26:48 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="boq-infra/payments-consumer-boq-js-css-signers"
vary: Accept-Encoding, Origin
report-to: {"group":"boq-infra/payments-consumer-boq-js-css-signers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/boq-infra/payments-consumer-boq-js-css-signers"}]}
content-type: text/javascript; charset=UTF-8
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
expires: Fri, 12 Apr 2024 17:23:02 GMT

POST
H2 204 v2
pci-connect.squareupsandbox.com/payments/mtx/ 0
67 B 511ms
511ms Ping
text/plain 172.66.0.28
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://pci-connect.squareupsandbox.com/payments/mtx/v2

Requested by

Host: sandbox.web.squarecdn.com
URL: https://sandbox.web.squarecdn.com/v1/square.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.66.0.28 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=631152000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://payments.spencerpainting.net/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36
Content-Type: text/plain;charset=utf-8

Response headers

date: Fri, 14 Apr 2023 02:40:28 GMT
strict-transport-security: max-age=631152000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
x-sq-dc: sjc2b
x-permitted-cross-domain-policies: none
x-sq-region: sjc2b
x-xss-protection: 1; mode=block
server: cloudflare
x-download-options: noopen
vary: Origin, Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: https://payments.spencerpainting.net
x-frame-options: SAMEORIGIN
access-control-allow-credentials: true
cf-ray: 7b78958e5f839213-FRA
access-control-allow-headers: Origin, Content-Type, X-Allow-Cookies, X-Block-Cookies

GET
H2 200 m=IZT63,ZyYHPb,ws9Tlc,vfuNJf,PrPYRd,hc6Ubd,Das5Le Show response
www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US.zHthi849arc.es5.O/ck=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.gju... Frame AF7A 70 KB
26 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:82a::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US.zHthi849arc.es5.O/ck=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.gjupQ2KWQ-A.L.B1.O/am=wPEAIA/d=1/exm=_b,_r,_tp/excm=_b,_r,_tp,payframeview/ed=1/wt=2/rs=AMitfrhfPrn19N_T6AmwfO-0wS_BnONSnw/ee=cEt90b:ws9Tlc;QGR0gd:Mlhmy;uY49fb:COQbmf;yEQyxe:p8L0ob;yxTchf:KUM7Z;qddgKe:xQtZb;JsbNhc:Xd8iUd;iFQyKf:vfuNJf;nAFL3:NTMZac;oGtAuc:sOXFj;wR5FRb:siKnQd;dIoSBb:SpsfSb;eBAeSb:zbML3c;EmZ2Bf:zr1jrb;NPKaK:PVlQOd;LBgRLc:XVMNvd;NSEoX:lazG7b;Pjplud:EEDORb;io8t5d:yDVVkb;Oj465e:KG2eXe;Erl4fe:FloWmf;ul9GGd:VDovNc;sP4Vbe:VwDzFe;a56pNe:JEfCwb;Me32dd:MEeYgc;kMFpHd:OTA3Ae;SNUn3:ZwDk9d/ujg=1/m=IZT63,ZyYHPb,ws9Tlc,vfuNJf,PrPYRd,hc6Ubd,Das5Le

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US.zHthi849arc.es5.O/am=wPEAIA/d=1/excm=_b,_r,_tp,payframeview/ed=1/dg=0/wt=2/ujg=1/rs=AMitfrjlk436OU04oT8DSOYRiLvwwkMh4w/m=_b,_tp,_r

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c936621705aabd70114ecdc1cc9634ce6a02a0f091caa52392e1d8b523ab3d5b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pay.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Thu, 13 Apr 2023 18:00:06 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 31221
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/boq-infra/payments-consumer-boq-js-css-signers
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 26127
x-xss-protection: 0
last-modified: Mon, 10 Apr 2023 20:28:05 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="boq-infra/payments-consumer-boq-js-css-signers"
vary: Accept-Encoding, Origin
report-to: {"group":"boq-infra/payments-consumer-boq-js-css-signers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/boq-infra/payments-consumer-boq-js-css-signers"}]}
content-type: text/javascript; charset=UTF-8
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
expires: Fri, 12 Apr 2024 18:00:06 GMT

GET
H3 200 pay Show response
pay.google.com/gp/p/ui/ Frame AF7A 1 MB
387 KB 67ms
66ms XHR
text/html 2a00:1450:4013:c01::5c
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pay.google.com/gp/p/ui/pay

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4013:c01::5c Groningen, Netherlands, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

130c8b1dd4064e9b0eeac49278acc0730f8e16020b96aafe83c015d5a25b547b

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-cU0cZ6GuvNjZ3gPCDzUW7w' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/InstantbuyFrontendBuyflowPayUi/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com https://sandbox.google.com https://payments.google.com https://pay.google.com https://pay.sandbox.google.com;report-uri /_/InstantbuyFrontendBuyflowPayUi/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/InstantbuyFrontendBuyflowPayUi/cspreport
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pay.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Fri, 14 Apr 2023 02:40:27 GMT
strict-transport-security: max-age=31536000
content-encoding: gzip
content-security-policy: script-src 'report-sample' 'nonce-cU0cZ6GuvNjZ3gPCDzUW7w' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/InstantbuyFrontendBuyflowPayUi/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com https://sandbox.google.com https://payments.google.com https://pay.google.com https://pay.sandbox.google.com;report-uri /_/InstantbuyFrontendBuyflowPayUi/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/InstantbuyFrontendBuyflowPayUi/cspreport
x-content-type-options: nosniff
cross-origin-resource-policy: same-site
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
x-ua-compatible: IE=edge
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: unsafe-none; report-to="InstantbuyFrontendBuyflowPayUi"
server: ESF
x-frame-options: DENY
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
content-type: text/html; charset=utf-8
report-to: {"group":"InstantbuyFrontendBuyflowPayUi","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/InstantbuyFrontendBuyflowPayUi/external"}]}
cache-control: private, max-age=3600
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-platform=*, ch-ua-platform-version=*
expires: Fri, 14 Apr 2023 02:40:27 GMT

GET
H3 200 m=Wt6vjf,hhhU8,FCpbqb,WhJNk Show response
www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US.zHthi849arc.es5.O/ck=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.gju... Frame AF7A 23 KB
9 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:82a::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US.zHthi849arc.es5.O/ck=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.gjupQ2KWQ-A.L.B1.O/am=wPEAIA/d=1/exm=Das5Le,IZT63,PrPYRd,ZyYHPb,_b,_r,_tp,hc6Ubd,vfuNJf,ws9Tlc/excm=_b,_r,_tp,payframeview/ed=1/wt=2/rs=AMitfrhfPrn19N_T6AmwfO-0wS_BnONSnw/ee=cEt90b:ws9Tlc;QGR0gd:Mlhmy;uY49fb:COQbmf;yEQyxe:p8L0ob;yxTchf:KUM7Z;qddgKe:xQtZb;JsbNhc:Xd8iUd;iFQyKf:vfuNJf;nAFL3:NTMZac;oGtAuc:sOXFj;wR5FRb:siKnQd;dIoSBb:SpsfSb;eBAeSb:zbML3c;EmZ2Bf:zr1jrb;NPKaK:PVlQOd;LBgRLc:XVMNvd;NSEoX:lazG7b;Pjplud:EEDORb;io8t5d:yDVVkb;Oj465e:KG2eXe;Erl4fe:FloWmf;ul9GGd:VDovNc;sP4Vbe:VwDzFe;a56pNe:JEfCwb;Me32dd:MEeYgc;kMFpHd:OTA3Ae;SNUn3:ZwDk9d/ujg=1/m=Wt6vjf,hhhU8,FCpbqb,WhJNk

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3edbd2ce2330584334597357e25b6eb1ab3c434195e6b5857536e66b8022d704

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pay.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Thu, 13 Apr 2023 17:46:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 32033
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/boq-infra/payments-consumer-boq-js-css-signers
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9369
x-xss-protection: 0
last-modified: Mon, 10 Apr 2023 20:28:05 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="boq-infra/payments-consumer-boq-js-css-signers"
vary: Accept-Encoding, Origin
report-to: {"group":"boq-infra/payments-consumer-boq-js-css-signers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/boq-infra/payments-consumer-boq-js-css-signers"}]}
content-type: text/javascript; charset=UTF-8
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
expires: Fri, 12 Apr 2024 17:46:34 GMT

GET
H3 200 m=byfTOb,lsjVmc,LEikZe,lwddkf,EFQ78c Show response
www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US.zHthi849arc.es5.O/ck=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.gju... Frame AF7A 35 KB
13 KB 8ms
8ms Script
text/javascript 2a00:1450:4001:82a::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US.zHthi849arc.es5.O/ck=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.gjupQ2KWQ-A.L.B1.O/am=wPEAIA/d=1/exm=Das5Le,FCpbqb,IZT63,PrPYRd,WhJNk,Wt6vjf,ZyYHPb,_b,_r,_tp,hc6Ubd,hhhU8,vfuNJf,ws9Tlc/excm=_b,_r,_tp,payframeview/ed=1/wt=2/rs=AMitfrhfPrn19N_T6AmwfO-0wS_BnONSnw/ee=cEt90b:ws9Tlc;QGR0gd:Mlhmy;uY49fb:COQbmf;yEQyxe:p8L0ob;yxTchf:KUM7Z;qddgKe:xQtZb;JsbNhc:Xd8iUd;iFQyKf:vfuNJf;nAFL3:NTMZac;oGtAuc:sOXFj;wR5FRb:siKnQd;dIoSBb:SpsfSb;eBAeSb:zbML3c;EmZ2Bf:zr1jrb;NPKaK:PVlQOd;LBgRLc:XVMNvd;NSEoX:lazG7b;Pjplud:EEDORb;io8t5d:yDVVkb;Oj465e:KG2eXe;Erl4fe:FloWmf;ul9GGd:VDovNc;sP4Vbe:VwDzFe;a56pNe:JEfCwb;Me32dd:MEeYgc;kMFpHd:OTA3Ae;SNUn3:ZwDk9d/ujg=1/m=byfTOb,lsjVmc,LEikZe,lwddkf,EFQ78c

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9dcb37165140365f24c86cfb7df4de632a1e02fd778cb4d5f9515393d7f78145

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pay.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Thu, 13 Apr 2023 17:46:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 32033
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/boq-infra/payments-consumer-boq-js-css-signers
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13541
x-xss-protection: 0
last-modified: Mon, 10 Apr 2023 20:28:05 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="boq-infra/payments-consumer-boq-js-css-signers"
vary: Accept-Encoding, Origin
report-to: {"group":"boq-infra/payments-consumer-boq-js-css-signers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/boq-infra/payments-consumer-boq-js-css-signers"}]}
content-type: text/javascript; charset=UTF-8
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
expires: Fri, 12 Apr 2024 17:46:34 GMT

POST
H3 200 log Show response
play.google.com/ Frame AF7A 131 B
155 B 31ms
17ms XHR
text/plain 2a00:1450:4001:82f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://play.google.com/log?format=json&hasfast=true&authuser=0

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Playlog /

Resource Hash

502e9680cfa78fa8be779cbf4f1947c8eaa3d43bf8c7464800ec772b2ddea358

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://pay.google.com/
X-Goog-AuthUser: 0
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36
Content-Type: application/x-www-form-urlencoded;charset=UTF-8

Response headers

date: Fri, 14 Apr 2023 02:40:28 GMT
content-encoding: gzip
server: Playlog
x-frame-options: SAMEORIGIN
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://pay.google.com
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
cache-control: private
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: X-Playlog-Web
content-length: 131
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Fri, 14 Apr 2023 02:40:28 GMT

OPTIONS
H2 200 log
play.google.com/ Frame 0
0 49ms
13ms Preflight
text/plain 2a00:1450:4001:82f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://play.google.com/log?format=json&hasfast=true&authuser=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Playlog /

Resource Hash

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept: */*
Access-Control-Request-Headers: x-goog-authuser
Access-Control-Request-Method: POST
Origin: https://pay.google.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: X-Playlog-Web,authorization,origin,x-goog-authuser
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: https://pay.google.com
access-control-max-age: 86400
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-length: 0
content-type: text/plain; charset=UTF-8
date: Fri, 14 Apr 2023 02:40:27 GMT
expires: Fri, 14 Apr 2023 02:40:27 GMT
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
server: Playlog
x-frame-options: SAMEORIGIN
x-xss-protection: 0

POST
H3 200 log Show response
play.google.com/ Frame AF7A 131 B
155 B 32ms
18ms XHR
text/plain 2a00:1450:4001:82f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://play.google.com/log?format=json&hasfast=true&authuser=0

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Playlog /

Resource Hash

502e9680cfa78fa8be779cbf4f1947c8eaa3d43bf8c7464800ec772b2ddea358

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://pay.google.com/
X-Goog-AuthUser: 0
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36
Content-Type: application/x-www-form-urlencoded;charset=UTF-8

Response headers

date: Fri, 14 Apr 2023 02:40:28 GMT
content-encoding: gzip
server: Playlog
x-frame-options: SAMEORIGIN
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://pay.google.com
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
cache-control: private
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: X-Playlog-Web
content-length: 131
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Fri, 14 Apr 2023 02:40:28 GMT

OPTIONS
H2 200 log
play.google.com/ Frame 0
0 48ms
14ms Preflight
text/plain 2a00:1450:4001:82f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://play.google.com/log?format=json&hasfast=true&authuser=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Playlog /

Resource Hash

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept: */*
Access-Control-Request-Headers: x-goog-authuser
Access-Control-Request-Method: POST
Origin: https://pay.google.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: X-Playlog-Web,authorization,origin,x-goog-authuser
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: https://pay.google.com
access-control-max-age: 86400
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-length: 0
content-type: text/plain; charset=UTF-8
date: Fri, 14 Apr 2023 02:40:27 GMT
expires: Fri, 14 Apr 2023 02:40:27 GMT
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
server: Playlog
x-frame-options: SAMEORIGIN
x-xss-protection: 0

POST
H3 200 log Show response
play.google.com/ Frame AF7A 131 B
155 B 31ms
17ms XHR
text/plain 2a00:1450:4001:82f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://play.google.com/log?format=json&hasfast=true&authuser=0

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Playlog /

Resource Hash

502e9680cfa78fa8be779cbf4f1947c8eaa3d43bf8c7464800ec772b2ddea358

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://pay.google.com/
X-Goog-AuthUser: 0
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36
Content-Type: application/x-www-form-urlencoded;charset=UTF-8

Response headers

date: Fri, 14 Apr 2023 02:40:28 GMT
content-encoding: gzip
server: Playlog
x-frame-options: SAMEORIGIN
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://pay.google.com
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
cache-control: private
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: X-Playlog-Web
content-length: 131
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Fri, 14 Apr 2023 02:40:28 GMT

OPTIONS
H2 200 log
play.google.com/ Frame 0
0 48ms
15ms Preflight
text/plain 2a00:1450:4001:82f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://play.google.com/log?format=json&hasfast=true&authuser=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Playlog /

Resource Hash

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept: */*
Access-Control-Request-Headers: x-goog-authuser
Access-Control-Request-Method: POST
Origin: https://pay.google.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: X-Playlog-Web,authorization,origin,x-goog-authuser
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: https://pay.google.com
access-control-max-age: 86400
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-length: 0
content-type: text/plain; charset=UTF-8
date: Fri, 14 Apr 2023 02:40:27 GMT
expires: Fri, 14 Apr 2023 02:40:27 GMT
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
server: Playlog
x-frame-options: SAMEORIGIN
x-xss-protection: 0

GET
H2 200 frame.html Show response
connect.squareupsandbox.com/payments/data/ Frame 1A54 33 KB
12 KB 665ms
658ms Document
text/html 162.159.140.28
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.squareupsandbox.com/payments/data/frame.html?referer=https%3A%2F%2Fpayments.spencerpainting.net%2F

Requested by

Host: js.squareupsandbox.com
URL: https://js.squareupsandbox.com/payments/data.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

162.159.140.28 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b510b09ebb7056d1a832c6d52ff06e9c493e3400d0fd5413b866a339388298cb

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; script-src 'unsafe-inline' https://browser.sentry-cdn.com; connect-src 'self' https://sentry.io; report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pubb119f8492ddb8bdf4934c5212c4b03d2&dd-evp-origin=content-security-policy&ddsource=csp-report&ddtags=service%3Apayapi-analytics%2Cenv%3Asandbox&service=payapi-analytics
Strict-Transport-Security	max-age=631152000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://payments.spencerpainting.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: no-cache, no-store, must-revalidate
cf-cache-status: DYNAMIC
cf-ray: 7b7895901bdb9030-FRA
content-encoding: gzip
content-security-policy: default-src 'none'; script-src 'unsafe-inline' https://browser.sentry-cdn.com; connect-src 'self' https://sentry.io; report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pubb119f8492ddb8bdf4934c5212c4b03d2&dd-evp-origin=content-security-policy&ddsource=csp-report&ddtags=service%3Apayapi-analytics%2Cenv%3Asandbox&service=payapi-analytics
content-type: text/html
date: Fri, 14 Apr 2023 02:40:28 GMT
expires: Thu, 01 Jan 1970 00:00:00 UTC
pragma: no-cache
server: cloudflare
strict-transport-security: max-age=631152000; includeSubDomains; preload
vary: Origin, Accept-Encoding
x-content-type-options: nosniff
x-download-options: noopen
x-permitted-cross-domain-policies: none
x-sq-dc: sjc2b
x-sq-region: sjc2b
x-xss-protection: 1; mode=block

GET
H2 200 / Show response
nd.squarecdn.com/2.2/w/w-669810/sync/js/ 306 KB
57 KB 355ms
120ms Script
application/javascript 99.83.176.153
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://nd.squarecdn.com/2.2/w/w-669810/sync/js/

Requested by

Host: js.squareupsandbox.com
URL: https://js.squareupsandbox.com/payments/data.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

99.83.176.153 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ab3378e3025098c17.awsglobalaccelerator.com

Software

nginx /

Resource Hash

c5ccdbabe03c1ea6dee3f29408beadc71dd96c027eecd5a8b3651bf40c8ac7c1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains;, max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff, nosniff, nosniff
X-Frame-Options	SAMEORIGIN, SAMEORIGIN
X-Xss-Protection	1; mode=block, 1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://payments.spencerpainting.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

x-nds-datacontractrequirement1: Placement, No matching URL placement for w-669810 at https://payments.spencerpainting.net/.
date: Fri, 14 Apr 2023 02:40:28 GMT
strict-transport-security: max-age=31536000; includeSubDomains;, max-age=31536000; includeSubDomains
x-content-type-options: nosniff, nosniff, nosniff
x-nds-datacontractrequirement2: Placement, Placement page number has not been detected.
server: nginx
content-encoding: gzip
x-frame-options: SAMEORIGIN, SAMEORIGIN
vary: Accept-Encoding
content-type: application/javascript
x-nds-datacontractrequirement0: Placement, Placement page has not been detected.
x-xss-protection: 1; mode=block, 1; mode=block

GET
H2 200 css
fonts.googleapis.com/ 4 KB
1 KB 41ms
16ms Stylesheet
text/css 2a00:1450:4001:812::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Google+Sans:500

Requested by

Host: client
URL: about:client

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

4b003cb5fc48fc617c86951e4f6f7cbb68ad674f83ec7f4c1afed0d53ffe8f9d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://payments.spencerpainting.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Fri, 14 Apr 2023 02:40:28 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Fri, 14 Apr 2023 02:40:28 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Fri, 14 Apr 2023 02:40:28 GMT

GET
H3 200 generate_gpay_btn_img Show response
pay.google.com/gp/p/ Frame 2FCC 18 KB
7 KB 66ms
66ms Document
text/html 2a00:1450:4013:c01::5c
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pay.google.com/gp/p/generate_gpay_btn_img?buttonColor=default&browserLocale=en&buttonSizeMode=static&enableGpayNewButtonAsset=false

Requested by

Host: sandbox.web.squarecdn.com
URL: https://sandbox.web.squarecdn.com/v1/square.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4013:c01::5c Groningen, Netherlands, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

03fa63a009000655d10763bfdaa9a65803bdf1f9970a99bbafd77f490d89aadf

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script';report-uri /_/InstantbuyFrontendBuyflowPayButtonUi/cspreport script-src 'report-sample' 'nonce-V6pAj69vx985_XNQD5gyqw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/InstantbuyFrontendBuyflowPayButtonUi/cspreport;worker-src 'self' script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/InstantbuyFrontendBuyflowPayButtonUi/cspreport/allowlist
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://payments.spencerpainting.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, no-store, max-age=0, must-revalidate
content-encoding: gzip
content-security-policy: require-trusted-types-for 'script';report-uri /_/InstantbuyFrontendBuyflowPayButtonUi/cspreport script-src 'report-sample' 'nonce-V6pAj69vx985_XNQD5gyqw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/InstantbuyFrontendBuyflowPayButtonUi/cspreport;worker-src 'self' script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/InstantbuyFrontendBuyflowPayButtonUi/cspreport/allowlist
content-type: text/html; charset=utf-8
cross-origin-opener-policy: same-origin; report-to="InstantbuyFrontendBuyflowPayButtonUi"
cross-origin-resource-policy: same-site
date: Fri, 14 Apr 2023 02:40:28 GMT
expires: Mon, 01 Jan 1990 00:00:00 GMT
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-platform=*, ch-ua-platform-version=*
pragma: no-cache
report-to: {"group":"InstantbuyFrontendBuyflowPayButtonUi","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/InstantbuyFrontendBuyflowPayButtonUi/external"}]}
server: ESF
strict-transport-security: max-age=31536000
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
x-content-type-options: nosniff
x-ua-compatible: IE=edge
x-xss-protection: 0

GET
H3 200 payment_white_36dp.png
www.gstatic.com/images/icons/material/system/1x/ 149 B
173 B 8ms
7ms Image
image/png 2a00:1450:4001:82a::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/images/icons/material/system/1x/payment_white_36dp.png

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

004d7aa90e2889f6291a71c84ac3d3e394e0cade32bd41dc214736418f769181

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://payments.spencerpainting.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Fri, 07 Apr 2023 18:05:19 GMT
x-content-type-options: nosniff
age: 549309
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 149
x-xss-protection: 0
last-modified: Tue, 22 Oct 2019 18:15:00 GMT
server: sffe
vary: Origin
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type: image/png
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
expires: Sat, 06 Apr 2024 18:05:19 GMT

GET
H3 200 dark_gpay.svg
www.gstatic.com/instantbuy/svg/ 2 KB
953 B 7ms
7ms Image
image/svg+xml 2a00:1450:4001:82a::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/instantbuy/svg/dark_gpay.svg

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f383d270511912b2da11555947cb3e6012e6375cb5f0d90493c25f6048169073

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://payments.spencerpainting.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Mon, 10 Apr 2023 14:02:28 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 304680
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 928
x-xss-protection: 0
last-modified: Thu, 03 Oct 2019 10:15:00 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type: image/svg+xml
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
expires: Tue, 09 Apr 2024 14:02:28 GMT

POST
H3 200 log Show response
play.google.com/ Frame AF7A 131 B
155 B 19ms
17ms XHR
text/plain 2a00:1450:4001:82f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://play.google.com/log?format=json&hasfast=true&authuser=0

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Playlog /

Resource Hash

502e9680cfa78fa8be779cbf4f1947c8eaa3d43bf8c7464800ec772b2ddea358

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://pay.google.com/
X-Goog-AuthUser: 0
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36
Content-Type: application/x-www-form-urlencoded;charset=UTF-8

Response headers

date: Fri, 14 Apr 2023 02:40:28 GMT
content-encoding: gzip
server: Playlog
x-frame-options: SAMEORIGIN
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://pay.google.com
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
cache-control: private
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: X-Playlog-Web
content-length: 131
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Fri, 14 Apr 2023 02:40:28 GMT

OPTIONS
H2 200 log
play.google.com/ Frame 0
0 14ms
14ms Preflight
text/plain 2a00:1450:4001:82f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://play.google.com/log?format=json&hasfast=true&authuser=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Playlog /

Resource Hash

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept: */*
Access-Control-Request-Headers: x-goog-authuser
Access-Control-Request-Method: POST
Origin: https://pay.google.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: X-Playlog-Web,authorization,origin,x-goog-authuser
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: https://pay.google.com
access-control-max-age: 86400
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-length: 0
content-type: text/plain; charset=UTF-8
date: Fri, 14 Apr 2023 02:40:28 GMT
expires: Fri, 14 Apr 2023 02:40:28 GMT
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
server: Playlog
x-frame-options: SAMEORIGIN
x-xss-protection: 0

POST
H3 200 log Show response
play.google.com/ Frame AF7A 131 B
155 B 18ms
18ms XHR
text/plain 2a00:1450:4001:82f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://play.google.com/log?format=json&hasfast=true&authuser=0

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Playlog /

Resource Hash

502e9680cfa78fa8be779cbf4f1947c8eaa3d43bf8c7464800ec772b2ddea358

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://pay.google.com/
X-Goog-AuthUser: 0
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36
Content-Type: application/x-www-form-urlencoded;charset=UTF-8

Response headers

date: Fri, 14 Apr 2023 02:40:28 GMT
content-encoding: gzip
server: Playlog
x-frame-options: SAMEORIGIN
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://pay.google.com
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
cache-control: private
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: X-Playlog-Web
content-length: 131
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Fri, 14 Apr 2023 02:40:28 GMT

OPTIONS
H2 200 log
play.google.com/ Frame 0
0 14ms
14ms Preflight
text/plain 2a00:1450:4001:82f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://play.google.com/log?format=json&hasfast=true&authuser=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Playlog /

Resource Hash

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept: */*
Access-Control-Request-Headers: x-goog-authuser
Access-Control-Request-Method: POST
Origin: https://pay.google.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: X-Playlog-Web,authorization,origin,x-goog-authuser
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: https://pay.google.com
access-control-max-age: 86400
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-length: 0
content-type: text/plain; charset=UTF-8
date: Fri, 14 Apr 2023 02:40:28 GMT
expires: Fri, 14 Apr 2023 02:40:28 GMT
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
server: Playlog
x-frame-options: SAMEORIGIN
x-xss-protection: 0

POST
H3 200 log Show response
play.google.com/ Frame AF7A 131 B
155 B 18ms
16ms XHR
text/plain 2a00:1450:4001:82f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://play.google.com/log?format=json&hasfast=true&authuser=0

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Playlog /

Resource Hash

502e9680cfa78fa8be779cbf4f1947c8eaa3d43bf8c7464800ec772b2ddea358

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://pay.google.com/
X-Goog-AuthUser: 0
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36
Content-Type: application/x-www-form-urlencoded;charset=UTF-8

Response headers

date: Fri, 14 Apr 2023 02:40:28 GMT
content-encoding: gzip
server: Playlog
x-frame-options: SAMEORIGIN
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://pay.google.com
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
cache-control: private
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: X-Playlog-Web
content-length: 131
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Fri, 14 Apr 2023 02:40:28 GMT

OPTIONS
H2 200 log
play.google.com/ Frame 0
0 14ms
13ms Preflight
text/plain 2a00:1450:4001:82f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://play.google.com/log?format=json&hasfast=true&authuser=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Playlog /

Resource Hash

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept: */*
Access-Control-Request-Headers: x-goog-authuser
Access-Control-Request-Method: POST
Origin: https://pay.google.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: X-Playlog-Web,authorization,origin,x-goog-authuser
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: https://pay.google.com
access-control-max-age: 86400
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-length: 0
content-type: text/plain; charset=UTF-8
date: Fri, 14 Apr 2023 02:40:28 GMT
expires: Fri, 14 Apr 2023 02:40:28 GMT
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
server: Playlog
x-frame-options: SAMEORIGIN
x-xss-protection: 0

POST
H3 200 log Show response
play.google.com/ Frame AF7A 131 B
155 B 16ms
16ms XHR
text/plain 2a00:1450:4001:82f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://play.google.com/log?format=json&hasfast=true&authuser=0

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Playlog /

Resource Hash

502e9680cfa78fa8be779cbf4f1947c8eaa3d43bf8c7464800ec772b2ddea358

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://pay.google.com/
X-Goog-AuthUser: 0
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36
Content-Type: application/x-www-form-urlencoded;charset=UTF-8

Response headers

date: Fri, 14 Apr 2023 02:40:28 GMT
content-encoding: gzip
server: Playlog
x-frame-options: SAMEORIGIN
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://pay.google.com
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
cache-control: private
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: X-Playlog-Web
content-length: 131
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Fri, 14 Apr 2023 02:40:28 GMT

OPTIONS
H2 200 log
play.google.com/ Frame 0
0 14ms
14ms Preflight
text/plain 2a00:1450:4001:82f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://play.google.com/log?format=json&hasfast=true&authuser=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Playlog /

Resource Hash

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept: */*
Access-Control-Request-Headers: x-goog-authuser
Access-Control-Request-Method: POST
Origin: https://pay.google.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: X-Playlog-Web,authorization,origin,x-goog-authuser
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: https://pay.google.com
access-control-max-age: 86400
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-length: 0
content-type: text/plain; charset=UTF-8
date: Fri, 14 Apr 2023 02:40:28 GMT
expires: Fri, 14 Apr 2023 02:40:28 GMT
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
server: Playlog
x-frame-options: SAMEORIGIN
x-xss-protection: 0

POST
H3 200 log Show response
play.google.com/ Frame AF7A 131 B
155 B 16ms
16ms XHR
text/plain 2a00:1450:4001:82f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://play.google.com/log?format=json&hasfast=true&authuser=0

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Playlog /

Resource Hash

502e9680cfa78fa8be779cbf4f1947c8eaa3d43bf8c7464800ec772b2ddea358

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://pay.google.com/
X-Goog-AuthUser: 0
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36
Content-Type: application/x-www-form-urlencoded;charset=UTF-8

Response headers

date: Fri, 14 Apr 2023 02:40:28 GMT
content-encoding: gzip
server: Playlog
x-frame-options: SAMEORIGIN
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://pay.google.com
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
cache-control: private
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: X-Playlog-Web
content-length: 131
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Fri, 14 Apr 2023 02:40:28 GMT

OPTIONS
H2 200 log
play.google.com/ Frame 0
0 17ms
16ms Preflight
text/plain 2a00:1450:4001:82f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://play.google.com/log?format=json&hasfast=true&authuser=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Playlog /

Resource Hash

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept: */*
Access-Control-Request-Headers: x-goog-authuser
Access-Control-Request-Method: POST
Origin: https://pay.google.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: X-Playlog-Web,authorization,origin,x-goog-authuser
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: https://pay.google.com
access-control-max-age: 86400
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-length: 0
content-type: text/plain; charset=UTF-8
date: Fri, 14 Apr 2023 02:40:28 GMT
expires: Fri, 14 Apr 2023 02:40:28 GMT
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
server: Playlog
x-frame-options: SAMEORIGIN
x-xss-protection: 0

GET
H2 200 / Show response
nd.squarecdn.com/2.2/w/w-669810/init/js/ 537 B
1 KB 112ms
111ms Script
application/javascript 99.83.176.153
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://nd.squarecdn.com/2.2/w/w-669810/init/js/?q=%7B%22e%22%3A346099%2C%22oq%22%3A%221600%3A1200%3A1600%3A1200%3A1600%3A1200%22%2C%22wfi%22%3A%22flap-1%22%2C%22ji%22%3A%222.3.1%22%2C%22yf%22%3A%7B%7D%2C%22uers%22%3A%22uggcf%3A%2F%2Fcnlzragf.fcraprecnvagvat.arg%2F%22%2C%22ov%22%3A%22o2%7C1600k1200%201600k1200%2024%2024%7C0%7Cra-HF%7Coc1-q400qo6n8n86q525%7Csnyfr%7C%7CZbmvyyn%2F5.0%20(Jvaqbjf%20AG%2010.0%3B%20Jva64%3B%20k64)%20NccyrJroXvg%2F537.36%20(XUGZY%2C%20yvxr%20Trpxb)%20Puebzr%2F111.0.5563.146%20Fnsnev%2F537.36%7Cjt1-n46p01n68sp5740r%22%7D

Requested by

Host: nd.squarecdn.com
URL: https://nd.squarecdn.com/2.2/w/w-669810/sync/js/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

99.83.176.153 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ab3378e3025098c17.awsglobalaccelerator.com

Software

nginx /

Resource Hash

378b3f8fc0a4c650d15389f3b8c8a137e9c4d4471db68ced46402b19f26c0e32

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains;
X-Content-Type-Options	nosniff, nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://payments.spencerpainting.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Fri, 14 Apr 2023 02:40:28 GMT
strict-transport-security: max-age=31536000; includeSubDomains;
x-content-type-options: nosniff, nosniff
server: nginx
x-frame-options: SAMEORIGIN
access-control-allow-methods: GET, POST
content-type: application/javascript
access-control-allow-origin: *
content-length: 537
x-xss-protection: 1; mode=block

POST
H3 404 cspreport
pay.google.com/_/InstantbuyFrontendBuyflowPayButtonUi/ Frame 2FCC 2 KB
2 KB 115ms
114ms Other
text/html 2a00:1450:4013:c01::5c
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://pay.google.com/_/InstantbuyFrontendBuyflowPayButtonUi/cspreport
Requested by: Host: payments.spencerpainting.net
URL: https://payments.spencerpainting.net/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4013:c01::5c Groningen, Netherlands, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: 65ff9ae6d7be23f1b0164644acc1c8af7d7daccc143c976fd133b5b19f0505ff

Request headers

Referer: https://pay.google.com/gp/p/generate_gpay_btn_img?buttonColor=default&browserLocale=en&buttonSizeMode=static&enableGpayNewButtonAsset=false
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36
Content-Type: application/csp-report

Response headers

date: Fri, 14 Apr 2023 02:40:28 GMT
referrer-policy: no-referrer
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1609
content-type: text/html; charset=UTF-8

GET
H3 200 m=_b,_tp,_r Show response
www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayButtonUi.en_US.kIeC1xCddoE.es5.O/am=wLEBQA/d=1/excm=_b,_r,_tp,generategooglepaybuttonimage/ed=1/... Frame 2FCC 161 KB
57 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:82a::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayButtonUi.en_US.kIeC1xCddoE.es5.O/am=wLEBQA/d=1/excm=_b,_r,_tp,generategooglepaybuttonimage/ed=1/dg=0/wt=2/ujg=1/rs=AMitfrhUJBBAmi6QxP4YGDIIChYyCnlwwA/m=_b,_tp,_r

Requested by

Host: pay.google.com
URL: https://pay.google.com/gp/p/generate_gpay_btn_img?buttonColor=default&browserLocale=en&buttonSizeMode=static&enableGpayNewButtonAsset=false

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

37625d785f80c345ffb5377e93685609c9bff5a78c3427dd7fdfa3c58de5c08a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pay.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Thu, 13 Apr 2023 17:18:52 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 33696
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/boq-infra/payments-consumer-boq-js-css-signers
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 58223
x-xss-protection: 0
last-modified: Thu, 13 Apr 2023 03:26:48 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="boq-infra/payments-consumer-boq-js-css-signers"
vary: Accept-Encoding, Origin
report-to: {"group":"boq-infra/payments-consumer-boq-js-css-signers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/boq-infra/payments-consumer-boq-js-css-signers"}]}
content-type: text/javascript; charset=UTF-8
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
expires: Fri, 12 Apr 2024 17:18:52 GMT

GET
H2 200 4Ua_rENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RFD48TE63OOYKtrw2IJllpyk.woff2
fonts.gstatic.com/s/googlesans/v46/ 19 KB
19 KB 29ms
7ms Font
font/woff2 2a00:1450:4001:80b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/googlesans/v46/4Ua_rENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RFD48TE63OOYKtrw2IJllpyk.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Google+Sans:500

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e279d129f2bab6f05d19432d16ab708dae86b30278dd9de186ba135414f104cd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://payments.spencerpainting.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Mon, 10 Apr 2023 14:02:17 GMT
x-content-type-options: nosniff
age: 304691
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 19384
x-xss-protection: 0
last-modified: Mon, 03 Apr 2023 16:59:43 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 09 Apr 2024 14:02:17 GMT

GET
H3 200 en.svg
www.gstatic.com/instantbuy/svg/dark/ Frame 2FCC 4 KB
2 KB 7ms
7ms Image
image/svg+xml 2a00:1450:4001:82a::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/instantbuy/svg/dark/en.svg

Requested by

Host: pay.google.com
URL: https://pay.google.com/gp/p/generate_gpay_btn_img?buttonColor=default&browserLocale=en&buttonSizeMode=static&enableGpayNewButtonAsset=false

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ce527fafef4b207a04a9a69a1b016429ac94b16d6289db2ca5175b9cbf357d0f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pay.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Fri, 07 Apr 2023 18:05:27 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 549301
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1779
x-xss-protection: 0
last-modified: Thu, 03 Oct 2019 10:15:00 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type: image/svg+xml
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
expires: Sat, 06 Apr 2024 18:05:27 GMT

GET
H3 200 m=Wt6vjf,hhhU8,FCpbqb,ws9Tlc,WhJNk Show response
www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayButtonUi.en_US.kIeC1xCddoE.es5.O/ck=boq-payments-consumer.InstantbuyFrontendBuyflowPayButtonUi.V... Frame 2FCC 41 KB
16 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:82a::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayButtonUi.en_US.kIeC1xCddoE.es5.O/ck=boq-payments-consumer.InstantbuyFrontendBuyflowPayButtonUi.VszS5Z8RQmk.L.B1.O/am=wLEBQA/d=1/exm=_b,_r,_tp/excm=_b,_r,_tp,generategooglepaybuttonimage/ed=1/wt=2/rs=AMitfrgBj37gMuOsQFFU5iDCYNEbPR_sNg/ee=cEt90b:ws9Tlc;QGR0gd:Mlhmy;uY49fb:COQbmf;yEQyxe:p8L0ob;yxTchf:KUM7Z;qddgKe:xQtZb;JsbNhc:Xd8iUd;iFQyKf:vfuNJf;nAFL3:NTMZac;oGtAuc:sOXFj;wR5FRb:siKnQd;dIoSBb:SpsfSb;eBAeSb:zbML3c;EmZ2Bf:zr1jrb;NPKaK:PVlQOd;LBgRLc:XVMNvd;NSEoX:lazG7b;Pjplud:EEDORb;io8t5d:yDVVkb;Oj465e:KG2eXe;Erl4fe:FloWmf;ul9GGd:VDovNc;sP4Vbe:VwDzFe;a56pNe:JEfCwb;Me32dd:MEeYgc;kMFpHd:OTA3Ae;SNUn3:ZwDk9d/ujg=1/m=Wt6vjf,hhhU8,FCpbqb,ws9Tlc,WhJNk

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayButtonUi.en_US.kIeC1xCddoE.es5.O/am=wLEBQA/d=1/excm=_b,_r,_tp,generategooglepaybuttonimage/ed=1/dg=0/wt=2/ujg=1/rs=AMitfrhUJBBAmi6QxP4YGDIIChYyCnlwwA/m=_b,_tp,_r

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

fefe7f1b8817019989126deac2c94e866bb5c00dbba0b69ba61f8539bacadd7f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pay.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Thu, 13 Apr 2023 17:18:52 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 33696
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/boq-infra/payments-consumer-boq-js-css-signers
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 16264
x-xss-protection: 0
last-modified: Mon, 10 Apr 2023 20:28:05 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="boq-infra/payments-consumer-boq-js-css-signers"
vary: Accept-Encoding, Origin
report-to: {"group":"boq-infra/payments-consumer-boq-js-css-signers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/boq-infra/payments-consumer-boq-js-css-signers"}]}
content-type: text/javascript; charset=UTF-8
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
expires: Fri, 12 Apr 2024 17:18:52 GMT

GET
H3 200 m=byfTOb,lsjVmc,LEikZe,lwddkf,EFQ78c Show response
www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayButtonUi.en_US.kIeC1xCddoE.es5.O/ck=boq-payments-consumer.InstantbuyFrontendBuyflowPayButtonUi.V... Frame 2FCC 35 KB
13 KB 9ms
8ms Script
text/javascript 2a00:1450:4001:82a::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayButtonUi.en_US.kIeC1xCddoE.es5.O/ck=boq-payments-consumer.InstantbuyFrontendBuyflowPayButtonUi.VszS5Z8RQmk.L.B1.O/am=wLEBQA/d=1/exm=FCpbqb,WhJNk,Wt6vjf,_b,_r,_tp,hhhU8,ws9Tlc/excm=_b,_r,_tp,generategooglepaybuttonimage/ed=1/wt=2/rs=AMitfrgBj37gMuOsQFFU5iDCYNEbPR_sNg/ee=cEt90b:ws9Tlc;QGR0gd:Mlhmy;uY49fb:COQbmf;yEQyxe:p8L0ob;yxTchf:KUM7Z;qddgKe:xQtZb;JsbNhc:Xd8iUd;iFQyKf:vfuNJf;nAFL3:NTMZac;oGtAuc:sOXFj;wR5FRb:siKnQd;dIoSBb:SpsfSb;eBAeSb:zbML3c;EmZ2Bf:zr1jrb;NPKaK:PVlQOd;LBgRLc:XVMNvd;NSEoX:lazG7b;Pjplud:EEDORb;io8t5d:yDVVkb;Oj465e:KG2eXe;Erl4fe:FloWmf;ul9GGd:VDovNc;sP4Vbe:VwDzFe;a56pNe:JEfCwb;Me32dd:MEeYgc;kMFpHd:OTA3Ae;SNUn3:ZwDk9d/ujg=1/m=byfTOb,lsjVmc,LEikZe,lwddkf,EFQ78c

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ec29a5f8ea70ab69959ce595cef3773667d80effca1ae3baae3f294aa4533f25

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pay.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Thu, 13 Apr 2023 17:18:53 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 33695
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/boq-infra/payments-consumer-boq-js-css-signers
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13254
x-xss-protection: 0
last-modified: Mon, 10 Apr 2023 20:28:05 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="boq-infra/payments-consumer-boq-js-css-signers"
vary: Accept-Encoding, Origin
report-to: {"group":"boq-infra/payments-consumer-boq-js-css-signers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/boq-infra/payments-consumer-boq-js-css-signers"}]}
content-type: text/javascript; charset=UTF-8
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
expires: Fri, 12 Apr 2024 17:18:53 GMT

POST
H2 202 logs
csp-report.browser-intake-datadoghq.com/api/v2/ Frame 1A54 0
0 440ms
104ms Other
application/json 2600:1f18:24e6:b901:4924:1683:6b84:60b3
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pubb119f8492ddb8bdf4934c5212c4b03d2&dd-evp-origin=content-security-policy&ddsource=csp-report&ddtags=service%3Apayapi-analytics%2Cenv%3Asandbox&service=payapi-analytics
Requested by: Host: payments.spencerpainting.net
URL: https://payments.spencerpainting.net/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f18:24e6:b901:4924:1683:6b84:60b3 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://connect.squareupsandbox.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36
Content-Type: application/csp-report

Response headers

POST
H2 200 token Show response
connect.squareupsandbox.com/v2/analytics/ Frame 1A54 108 B
525 B 323ms
322ms XHR
application/json 162.159.140.28
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.squareupsandbox.com/v2/analytics/token

Requested by

Host: connect.squareupsandbox.com
URL: https://connect.squareupsandbox.com/payments/data/frame.html?referer=https%3A%2F%2Fpayments.spencerpainting.net%2F

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

162.159.140.28 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

27ebb5ef220dc0842b989aa071428e5235e1526f24a3552801040acbd96a045d

Security Headers

Name	Value
Strict-Transport-Security	max-age=631152000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://connect.squareupsandbox.com/payments/data/frame.html?referer=https%3A%2F%2Fpayments.spencerpainting.net%2F
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36
Content-Type: application/json

Response headers

date: Fri, 14 Apr 2023 02:40:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=631152000; includeSubDomains; preload
cf-cache-status: DYNAMIC
square-version: 2023-03-15
x-permitted-cross-domain-policies: none
x-sq-dc: sjc2b
x-speleo-traceid: CDN-b7beae39-b25f-4ba1-aad8-4ccda3aaa4aa
x-sq-region: sjc2b
content-length: 125
x-xss-protection: 1; mode=block
server: cloudflare
x-download-options: noopen
vary: Origin, Accept-Encoding
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS
content-type: application/json
access-control-allow-origin: https://connect.squareupsandbox.com
x-frame-options: SAMEORIGIN
access-control-allow-credentials: true
cf-ray: 7b7895949e2e9030-FRA
access-control-allow-headers: Origin, Content-Type, Authorization, X-Requested-With, _connect_js_csrf, X-JS-ID, X-CSRF-Token, Square-Version, X-Allow-Cookies, X-Block-Cookies

POST
H2 204 v2
pci-connect.squareupsandbox.com/payments/mtx/ 0
67 B 474ms
473ms Ping
text/plain 172.66.0.28
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://pci-connect.squareupsandbox.com/payments/mtx/v2

Requested by

Host: sandbox.web.squarecdn.com
URL: https://sandbox.web.squarecdn.com/v1/square.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.66.0.28 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=631152000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://payments.spencerpainting.net/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36
Content-Type: text/plain;charset=utf-8

Response headers

date: Fri, 14 Apr 2023 02:40:29 GMT
strict-transport-security: max-age=631152000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
x-sq-dc: sjc2b
x-permitted-cross-domain-policies: none
x-sq-region: sjc2b
x-xss-protection: 1; mode=block
server: cloudflare
x-download-options: noopen
vary: Origin, Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: https://payments.spencerpainting.net
x-frame-options: SAMEORIGIN
access-control-allow-credentials: true
cf-ray: 7b7895949aaa9213-FRA
access-control-allow-headers: Origin, Content-Type, X-Allow-Cookies, X-Block-Cookies

Verdicts & Comments Add Verdict or Comment

154 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

3 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.squareupsandbox.com/	1970-01-20 20:40:00	Name: _savt Value: 8eb2ee19-568e-4a40-86b4-300de0ea206e
.squareupsandbox.com/	1970-01-20 11:04:01	Name: __cf_bm Value: NQNn76ngY.bzAGpaqfG3pxrvWU_RdFKL67ZIy3a3igI-1681440027-0-AdILD6flJhT/8PgjD1BTfIXctNK1q5bJgw7aUloGUN6BJrRPizAkAQ8DUPHfA48YcXiZskJ5XT6TTpMoBVKILDM=
.google.com/	1970-01-20 15:27:31	Name: NID Value: 511=m9HxZcYZlyEMsIcJD_vc_e7bRMfNvf_FPsVmnlHVbBUgbczJq8fuLYXqc8jJTC8XSycz8VxaK5tCV0tLyGk-Cn_L1Zk2gYmFuqQ1diVvHSRSUEPMgYZYlPv7qorFL7S_5gZ0PiweomMREy03rvTF-6EtU0LLn8klccB9AxeF6PY

4 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
security	error	(Line 6) Message: This document requires 'TrustedScript' assignment.
network	error	URL: https://pay.google.com/_/InstantbuyFrontendBuyflowPayframeUi/cspreport Message: Failed to load resource: the server responded with a status of 404 ()
security	error	(Line 6) Message: This document requires 'TrustedScript' assignment.
network	error	URL: https://pay.google.com/_/InstantbuyFrontendBuyflowPayButtonUi/cspreport Message: Failed to load resource: the server responded with a status of 404 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

cdn.plaid.com
connect.squareupsandbox.com
csp-report.browser-intake-datadoghq.com
fonts.googleapis.com
fonts.gstatic.com
js.squareupsandbox.com
nd.squarecdn.com
pay.google.com
payments.spencerpainting.net
pci-connect.squareupsandbox.com
play.google.com
sandbox.web.squarecdn.com
square-fonts-production-f.squarecdn.com
www.gstatic.com
13.32.104.23
151.101.193.49
162.159.140.28
172.66.0.28
2600:1f18:24e6:b901:4924:1683:6b84:60b3
2600:9000:2251:1a00:1:f8a6:840:93a1
2a00:1450:4001:80b::2003
2a00:1450:4001:812::200a
2a00:1450:4001:82a::2003
2a00:1450:4001:82f::200e
2a00:1450:4013:c01::5c
74.208.151.122
99.83.176.153
004d7aa90e2889f6291a71c84ac3d3e394e0cade32bd41dc214736418f769181
03fa63a009000655d10763bfdaa9a65803bdf1f9970a99bbafd77f490d89aadf
0471dedab60242d25b5326265b4e7895149662684a29567a784872e192749e97
0675db7c540643bc6b01b6dca8ba4ce76a792710be650dde4ded05d375f194e8
07673e4c4cf487802235eee63c8211a07a0ab7d1c525a28bef0ad40259cc5f8d
130c8b1dd4064e9b0eeac49278acc0730f8e16020b96aafe83c015d5a25b547b
27ebb5ef220dc0842b989aa071428e5235e1526f24a3552801040acbd96a045d
2967eac70f2aba30c6513c9bf2bba9ac3d54d0ac4b88b7e30122751b7cc7b393
2ddc0cedb042a0ab60ec35a74d78b72af0b6839655accba9e0c702404cd0d474
37625d785f80c345ffb5377e93685609c9bff5a78c3427dd7fdfa3c58de5c08a
378b3f8fc0a4c650d15389f3b8c8a137e9c4d4471db68ced46402b19f26c0e32
3edbd2ce2330584334597357e25b6eb1ab3c434195e6b5857536e66b8022d704
4b003cb5fc48fc617c86951e4f6f7cbb68ad674f83ec7f4c1afed0d53ffe8f9d
502e9680cfa78fa8be779cbf4f1947c8eaa3d43bf8c7464800ec772b2ddea358
5228eefbdf239ca2ddde9f3d532d74a8e58a8f5aa6ea0d07a5ddaf307365bc56
5575694036a2d342f18ca455251396c6dc98214f30641c3c7539d5568aefd6e9
65ff9ae6d7be23f1b0164644acc1c8af7d7daccc143c976fd133b5b19f0505ff
6e5f8d9e585a2b723138a01907ece55bcf8cef0b37739854ae7d6558d9731222
786c9e3588c6175b6693ff67443d366b95b361a71ec3b4a0adfae39b5e14b008
91f041aea0179b7c3c424a53954e2c63aaae23be045361721b891d09e875df0f
98894cef8b2d79eb6bda6e6680f2509a117a64fe32418a3965bb8418c67634d4
9dcb37165140365f24c86cfb7df4de632a1e02fd778cb4d5f9515393d7f78145
a09d69fe2006ef01e2e9832f459b28d9f3b83b9a01c63f939e93f7c263f55588
a941e2f9f0f5bceff932a45c3e390bed2b2aa27c2acfa7d5bc80a8549f2897d5
aa85e86d9db80d22d87af2c422f947105d797bd28e29dec6048c91b548bbf2cd
b510b09ebb7056d1a832c6d52ff06e9c493e3400d0fd5413b866a339388298cb
c053e776efdd949b114c5699f149b246691b0d0e99e0b60bb16dfbf970181fac
c5ccdbabe03c1ea6dee3f29408beadc71dd96c027eecd5a8b3651bf40c8ac7c1
c60399c3e7c1d7efdf91e4831b092cf162df9af094a21f6a5949a231424b2587
c936621705aabd70114ecdc1cc9634ce6a02a0f091caa52392e1d8b523ab3d5b
ce0d0b6cec57d33ad715219c18d983654cedc833e895ed8cccc792d08da5ab83
ce527fafef4b207a04a9a69a1b016429ac94b16d6289db2ca5175b9cbf357d0f
d5c9830df54606d042caa70de0ff84a6dc8d85459a9a090823ca0ba5c71e05c4
d6603d56a470de112c336ba9175eb4b925cb61afd282a1fe692567b9d18584b3
d6ff339ddb4525268c21fa26ded66b0703f177e742281dc9bcd558288f8e1101
d77d0d728b89e28863f08f544e1b74af4742cb911dcb44a1bca989c5c9fcc475
e0f647e68ebb478eee0d0d7f361201ff8eefee7ab97ebdfb5eb2a16cd46b1762
e279d129f2bab6f05d19432d16ab708dae86b30278dd9de186ba135414f104cd
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
ec29a5f8ea70ab69959ce595cef3773667d80effca1ae3baae3f294aa4533f25
f383d270511912b2da11555947cb3e6012e6375cb5f0d90493c25f6048169073
f4ebaa46cb7fd434b788ac85a1164d3c4bdcf992706fe83de8821a35015e2a6e
f89929a556909e88126e8544bcc55ae94f6a967d723306b74c63907ca65e8619
fefe7f1b8817019989126deac2c94e866bb5c00dbba0b69ba61f8539bacadd7f

payments.spencerpainting.net Open in urlscan Pro 74.208.151.122 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

64 Requests

100 %HTTPS

54 %IPv6

8 Domains

14 Subdomains

14 IPs

4 Countries

1076 kBTransfer

3377 kBSize

3 Cookies

0 Outgoing links

Redirected requests

64 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

payments.spencerpainting.net Open in urlscan Pro
74.208.151.122 Public Scan

Screenshot
Live screenshot

Full Image

64
Requests

100 %
HTTPS

54 %
IPv6

8
Domains

14
Subdomains

14
IPs

4
Countries

1076 kB
Transfer

3377 kB
Size

3
Cookies

64 HTTP transactions
1 data transactions