paypal-service.pages.dev Open in urlscan Pro
2606:4700:310c::ac42:2f96 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://paypal-service.pages.dev/signin/challenge/sms
Submission: On December 23 via api (December 23rd 2024, 3:21:59 am UTC) from BY — Scanned from CA

Summary HTTP 51 Redirects Behaviour Indicators

Summary

This website contacted 12 IPs in 1 countries across 8 domains to perform 51 HTTP transactions. The main IP is 2606:4700:310c::ac42:2f96, located in United States and belongs to CLOUDFLARENET, US. The main domain is paypal-service.pages.dev.
TLS certificate: Issued by WE1 on November 23rd 2024. Valid for: 3 months.

This is the only time paypal-service.pages.dev was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: PayPal (Financial) Generic Cloudflare (Online)

Domain & IP information

	IP Address	AS Autonomous System
1 6	2606:4700:310... 2606:4700:310c::ac42:2f96	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	172.217.197.157 172.217.197.157	15169 (GOOGLE) (GOOGLE)
14	192.229.210.155 192.229.210.155	15133 (EDGECAST) (EDGECAST)
1 2	172.253.115.156 172.253.115.156	15169 (GOOGLE) (GOOGLE)
4	151.101.193.21 151.101.193.21	54113 (FASTLY) (FASTLY)
1 2	172.253.115.103 172.253.115.103	15169 (GOOGLE) (GOOGLE)
2	142.251.16.94 142.251.16.94	15169 (GOOGLE) (GOOGLE)
3	151.101.1.21 151.101.1.21	54113 (FASTLY) (FASTLY)
2	2606:2800:21f... 2606:2800:21f:5dfa:af2c:7a6d:4339:27e7	15133 (EDGECAST) (EDGECAST)
11	172.66.44.106 172.66.44.106	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 2	34.106.92.18 34.106.92.18	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
51	12

6 2606:4700:310c::ac42:2f96 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

paypal-service.pages.dev	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 172.217.197.157 (United States)

ASN15169 (GOOGLE, US)
PTR: qa-in-f157.1e100.net

www.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

14 192.229.210.155 (United States)

ASN15133 (EDGECAST, US)

www.paypalobjects.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 172.253.115.156 (United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: bg-in-f156.1e100.net

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 151.101.193.21 (San Francisco, United States)

ASN54113 (FASTLY, US)

c.paypal.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 172.253.115.103 (United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: bg-in-f103.1e100.net

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.251.16.94 (Farmingdale, United States)

ASN15169 (GOOGLE, US)
PTR: bl-in-f94.1e100.net

www.google.ca	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 151.101.1.21 (San Francisco, United States)

ASN54113 (FASTLY, US)

c.paypal.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:2800:21f:5dfa:af2c:7a6d:4339:27e7 (United States)

ASN15133 (EDGECAST, US)

c6.paypal.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 172.66.44.106 (United States)

ASN13335 (CLOUDFLARENET, US)

paypal-service.pages.dev	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.106.92.18 (Salt Lake City, United States) 1 redirects

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 18.92.106.34.bc.googleusercontent.com

b.stats.paypal.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
slc.stats.paypal.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
17	pages.dev 1 redirects paypal-service.pages.dev	53 KB
14	paypalobjects.com www.paypalobjects.com — Cisco Umbrella Rank: 2811 Failed	147 KB
11	paypal.com 1 redirects c.paypal.com — Cisco Umbrella Rank: 8145 slc.stats.paypal.com — Cisco Umbrella Rank: 11627 Failed c6.paypal.com — Cisco Umbrella Rank: 9713 b.stats.paypal.com — Cisco Umbrella Rank: 6750	73 KB
2	google.ca www.google.ca — Cisco Umbrella Rank: 11557	128 B
2	google.com 1 redirects www.google.com — Cisco Umbrella Rank: 3	88 B
2	doubleclick.net 1 redirects googleads.g.doubleclick.net — Cisco Umbrella Rank: 43	2 KB
2	googleadservices.com www.googleadservices.com — Cisco Umbrella Rank: 96	24 KB
0	Failed function sub() { [native code] }. Failed
51	8

	Domain	Requested by
17	paypal-service.pages.dev	1 redirects paypal-service.pages.dev www.paypalobjects.com
14	www.paypalobjects.com	paypal-service.pages.dev www.paypalobjects.com
7	c.paypal.com	paypal-service.pages.dev c.paypal.com www.paypalobjects.com
2	c6.paypal.com	paypal-service.pages.dev
2	www.google.ca	paypal-service.pages.dev
2	www.google.com	1 redirects paypal-service.pages.dev
2	googleads.g.doubleclick.net	1 redirects paypal-service.pages.dev
2	www.googleadservices.com	paypal-service.pages.dev
1	b.stats.paypal.com	1 redirects
1	slc.stats.paypal.com	paypal-service.pages.dev
0	192.55.233.1 Failed	www.paypalobjects.com
51	11

This site contains no links.

Subject Issuer	Validity	Valid
paypal-service.pages.dev WE1	`2024-11-23` - `2025-02-21`	3 months	crt.sh
*.googleadservices.com WR2	`2024-12-02` - `2025-02-24`	3 months	crt.sh
www.paypal.com DigiCert SHA2 Extended Validation Server CA	`2024-06-13` - `2025-06-12`	a year	crt.sh
*.g.doubleclick.net WR2	`2024-12-02` - `2025-02-24`	3 months	crt.sh
*.google.com WR2	`2024-12-02` - `2025-02-24`	3 months	crt.sh
*.google.ca WR2	`2024-12-02` - `2025-02-24`	3 months	crt.sh

This page contains 8 frames:

Primary Page: https://paypal-service.pages.dev/signin/challenge/sms
Frame ID: A4A7161535A3F46229D2DB0C1C4F1B65
Requests: 43 HTTP requests in this frame

Frame: https://www.paypalobjects.com/webcaptcha/grcenterprise_v3_static.html
Frame ID: 5AECFDEE233043838141EDD22F2D7B34
Requests: 1 HTTP requests in this frame

Frame: https://c.paypal.com/v1/r/d/i?js_src=https://c.paypal.com/da/r/fb.js
Frame ID: 8003576010851564975F20D13E9C461F
Requests: 1 HTTP requests in this frame

Frame: https://c.paypal.com/v1/r/d/i?js_src=https://c.paypal.com/da/r/fb.js
Frame ID: B54859D0BC99A9A86014A8A6C0D73B7C
Requests: 1 HTTP requests in this frame

Frame: https://slc.stats.paypal.com/v1/counter2.cgi?r=cD1FQy01WEo5Mjc2MEpONTM1NTEyUCZpPTEwMy4xMjkuMTUwLjUmdD0xNzA2ODE1MTkzLjUyOCZhPTIxJnM9VU5JRklFRF9MT0dJThddxD1G2QJYUXL0yaHkp1YUkHRW
Frame ID: 9B9F2684B59995CE113360D0B2B52E4F
Requests: 1 HTTP requests in this frame

Frame: https://c.paypal.com/v1/r/d/i?js_src=https://c.paypal.com/da/r/fb.js
Frame ID: E1F4A6781C15EE88A78F474BA50EEA3D
Requests: 1 HTTP requests in this frame

Frame: https://c.paypal.com/v1/r/d/i?js_src=https://c.paypal.com/da/r/fb.js
Frame ID: 25140E11A63A2E5A0A1D4FE828F86A14
Requests: 1 HTTP requests in this frame

Frame: https://slc.stats.paypal.com/v1/counter2.cgi?r=cD1FQy01WEo5Mjc2MEpONTM1NTEyUCZpPTEwMy4xMjkuMTUwLjUmdD0xNzA2ODE1MTkzLjUyOCZhPTIxJnM9VU5JRklFRF9MT0dJThddxD1G2QJYUXL0yaHkp1YUkHRW
Frame ID: F76030DA579C8F0527E59987D98478A4
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Log in to your PayPal account

Page URL History Show full URLs

https://paypal-service.pages.dev/signin/challenge/sms Page URL
https://paypal-service.pages.dev/cdn-cgi/phish-bypass?atok=NgkbiYUVkqmTv0mNsZl5hbAzi4PwVaGmmWQg5I40cuo-173492... HTTP 301
https://paypal-service.pages.dev/signin/challenge/sms Page URL

Detected technologies

PayPal (Payment Processors) Expand

Overall confidence: 100%
Detected patterns

paypalobjects\.com

Modernizr (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

([\d.]+)?/modernizr(?:\.([\d.]+))?.*\.js

Page Statistics

51
Requests

86 %
HTTPS

18 %
IPv6

8
Domains

11
Subdomains

12
IPs

1
Countries

298 kB
Transfer

934 kB
Size

3
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://paypal-service.pages.dev/signin/challenge/sms Page URL
https://paypal-service.pages.dev/cdn-cgi/phish-bypass?atok=NgkbiYUVkqmTv0mNsZl5hbAzi4PwVaGmmWQg5I40cuo-1734924110-0.0.1.1-%2Fsignin%2Fchallenge%2Fsms HTTP 301
https://paypal-service.pages.dev/signin/challenge/sms Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 22

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/965352860/?random=860270529&cv=9&fst=1706815193749&num=1&label=K7FtCJDsl_4CEJy7qMwD&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&eid=466465925%2C509562772%2C512247838&u_h=768&u_w=1366&u_ah=728&u_aw=1366&u_cd=24&u_his=6&u_tz=420&u_java=false&u_nplug=5&u_nmime=2&sendb=1&ig=1&data=event%3Dconversion&frm=0&url=https%3A%2F%2Fwww.paypal.com%2Fsignin%3Fcountry.x%3DID%26locale.x%3Den_US&ref=https%3A%2F%2Fwww.paypal.com%2Fsignin%3Fcountry.x%3DID%26locale.x%3Den_US%26langTgl%3Den&tiba=Log%20in%20to%20your%20PayPal%20account&hn=www.googleadservices.com&async=1&fmt=3&ct_cookie_present=false&crd=CKG4sQIIscGxAgiwwbECCLHDsQIIisWxAgjCybECCOvGsQIItMaxAgijxbECCNPFsQJKJ3RyaWdnZXIsIGV2ZW50LXNvdXJjZTtuYXZpZ2F0aW9uLXNvdXJjZVoDCgEBYgQKAgID&pscrd=IhMI9r_I_Pe8igMVLQ2ICR0tGQWkMgIIAzICCAQyAggHMgIICDICCAkyAggKMgIIAjICCAsyAggVMgIIHzICCBMyAggSOiFodHRwczovL3BheXBhbC1zZXJ2aWNlLnBhZ2VzLmRldi8 HTTP 302
https://www.google.com/pagead/1p-conversion/965352860/?random=860270529&cv=9&fst=1706815193749&num=1&label=K7FtCJDsl_4CEJy7qMwD&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&eid=466465925%2C509562772%2C512247838&u_h=768&u_w=1366&u_ah=728&u_aw=1366&u_cd=24&u_his=6&u_tz=420&u_java=false&u_nplug=5&u_nmime=2&sendb=1&ig=1&data=event%3Dconversion&frm=0&url=https%3A%2F%2Fwww.paypal.com%2Fsignin%3Fcountry.x%3DID%26locale.x%3Den_US&ref=https%3A%2F%2Fwww.paypal.com%2Fsignin%3Fcountry.x%3DID%26locale.x%3Den_US%26langTgl%3Den&tiba=Log%20in%20to%20your%20PayPal%20account&hn=www.googleadservices.com&async=1&fmt=3&ct_cookie_present=false&crd=CKG4sQIIscGxAgiwwbECCLHDsQIIisWxAgjCybECCOvGsQIItMaxAgijxbECCNPFsQJKJ3RyaWdnZXIsIGV2ZW50LXNvdXJjZTtuYXZpZ2F0aW9uLXNvdXJjZVoDCgEBYgQKAgID&pscrd=IhMI9r_I_Pe8igMVLQ2ICR0tGQWkMgIIAzICCAQyAggHMgIICDICCAkyAggKMgIIAjICCAsyAggVMgIIHzICCBMyAggSOiFodHRwczovL3BheXBhbC1zZXJ2aWNlLnBhZ2VzLmRldi8&is_vtc=1&cid=CAQSGwCa7L7deVSox1LJwsTe7VKnnnG59gJNtfiZjA&random=933949213&resp=GooglemKTybQhCsO HTTP 302
https://www.google.ca/pagead/1p-conversion/965352860/?random=860270529&cv=9&fst=1706815193749&num=1&label=K7FtCJDsl_4CEJy7qMwD&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&eid=466465925%2C509562772%2C512247838&u_h=768&u_w=1366&u_ah=728&u_aw=1366&u_cd=24&u_his=6&u_tz=420&u_java=false&u_nplug=5&u_nmime=2&sendb=1&ig=1&data=event%3Dconversion&frm=0&url=https%3A%2F%2Fwww.paypal.com%2Fsignin%3Fcountry.x%3DID%26locale.x%3Den_US&ref=https%3A%2F%2Fwww.paypal.com%2Fsignin%3Fcountry.x%3DID%26locale.x%3Den_US%26langTgl%3Den&tiba=Log%20in%20to%20your%20PayPal%20account&hn=www.googleadservices.com&async=1&fmt=3&ct_cookie_present=false&crd=CKG4sQIIscGxAgiwwbECCLHDsQIIisWxAgjCybECCOvGsQIItMaxAgijxbECCNPFsQJKJ3RyaWdnZXIsIGV2ZW50LXNvdXJjZTtuYXZpZ2F0aW9uLXNvdXJjZVoDCgEBYgQKAgID&pscrd=IhMI9r_I_Pe8igMVLQ2ICR0tGQWkMgIIAzICCAQyAggHMgIICDICCAkyAggKMgIIAjICCAsyAggVMgIIHzICCBMyAggSOiFodHRwczovL3BheXBhbC1zZXJ2aWNlLnBhZ2VzLmRldi8&is_vtc=1&cid=CAQSGwCa7L7deVSox1LJwsTe7VKnnnG59gJNtfiZjA&random=933949213&resp=GooglemKTybQhCsO&ipr=y

Request Chain 29

https://b.stats.paypal.com/v1/counter.cgi?r=cD1FQy01WEo5Mjc2MEpONTM1NTEyUCZpPTEwMy4xMjkuMTUwLjUmdD0xNzA2ODE1MTkzLjUyOCZhPTIxJnM9VU5JRklFRF9MT0dJThddxD1G2QJYUXL0yaHkp1YUkHRW HTTP 302
https://slc.stats.paypal.com/v1/counter2.cgi?r=cD1FQy01WEo5Mjc2MEpONTM1NTEyUCZpPTEwMy4xMjkuMTUwLjUmdD0xNzA2ODE1MTkzLjUyOCZhPTIxJnM9VU5JRklFRF9MT0dJThddxD1G2QJYUXL0yaHkp1YUkHRW

Request Chain 43

https://b.stats.paypal.com/v1/counter.cgi?r=cD1FQy01WEo5Mjc2MEpONTM1NTEyUCZpPTEwMy4xMjkuMTUwLjUmdD0xNzA2ODE1MTkzLjUyOCZhPTIxJnM9VU5JRklFRF9MT0dJThddxD1G2QJYUXL0yaHkp1YUkHRW HTTP 302
https://slc.stats.paypal.com/v1/counter2.cgi?r=cD1FQy01WEo5Mjc2MEpONTM1NTEyUCZpPTEwMy4xMjkuMTUwLjUmdD0xNzA2ODE1MTkzLjUyOCZhPTIxJnM9VU5JRklFRF9MT0dJThddxD1G2QJYUXL0yaHkp1YUkHRW

51 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 403 sms Show response
paypal-service.pages.dev/signin/challenge/ 4 KB
2 KB 80ms
23ms Document
text/html 2606:4700:310c::ac42:2f96
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://paypal-service.pages.dev/signin/challenge/sms

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:310c::ac42:2f96 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4db0df061de68b0b5ec3e87773e13797916d8eddee6e38f4c340c3ff556e270b

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

cf-ray: 8f6539488ca2a27f-YUL
content-encoding: gzip
content-type: text/html; charset=UTF-8
date: Mon, 23 Dec 2024 03:21:50 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=E88W7oCs4rLFemkp7%2BbDO286Qyk22dzfXysamZcSTOIQLdhUNyAzwgAADtzus01fucxVc1%2FLzgljB2w7b6Jt7yFJqXwmJ2KFrQImgiFT3F2loAqSed8%2BrgvRehOZGaKQ1kQp0xdZ7FG79tLL7phfxoOu8xs8k04%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
x-frame-options: SAMEORIGIN

GET
H2 200 cf.errors.css
paypal-service.pages.dev/cdn-cgi/styles/ 23 KB
5 KB 21ms
21ms Stylesheet
text/css 2606:4700:310c::ac42:2f96
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://paypal-service.pages.dev/cdn-cgi/styles/cf.errors.css

Requested by

Host: paypal-service.pages.dev
URL: https://paypal-service.pages.dev/signin/challenge/sms

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:310c::ac42:2f96 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

84e3c77025ace5af143972b4a40fc834dcdfd4e449d4b36a57e62326f16b3091

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://paypal-service.pages.dev/signin/challenge/sms

Response headers

vary: Accept-Encoding
cache-control: max-age=7200, public
content-encoding: gzip
etag: W/"67531899-5df3"
x-content-type-options: nosniff
cf-ray: 8f653948bcf1a27f-YUL
expires: Mon, 23 Dec 2024 05:21:50 GMT
date: Mon, 23 Dec 2024 03:21:50 GMT
content-type: text/css
last-modified: Fri, 06 Dec 2024 15:30:33 GMT
server: cloudflare
x-frame-options: DENY

GET
H2 200 icon-exclamation.png
paypal-service.pages.dev/cdn-cgi/images/ 452 B
541 B 19ms
19ms Image
image/png 2606:4700:310c::ac42:2f96
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://paypal-service.pages.dev/cdn-cgi/images/icon-exclamation.png?1376755637

Requested by

Host: paypal-service.pages.dev
URL: https://paypal-service.pages.dev/cdn-cgi/styles/cf.errors.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:310c::ac42:2f96 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f1591a5221136c49438642155691ae6c68e25b7241f3d7ebe975b09a77662016

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://paypal-service.pages.dev/cdn-cgi/styles/cf.errors.css

Response headers

vary: Accept-Encoding
cache-control: max-age=7200, public
etag: "67531899-1c4"
x-content-type-options: nosniff
cf-ray: 8f653948ed2ca27f-YUL
expires: Mon, 23 Dec 2024 05:21:50 GMT
accept-ranges: bytes
content-length: 452
date: Mon, 23 Dec 2024 03:21:50 GMT
content-type: image/png
last-modified: Fri, 06 Dec 2024 15:30:33 GMT
server: cloudflare
x-frame-options: DENY

GET
H2 200 favicon.ico
paypal-service.pages.dev/ 42 KB
11 KB 67ms
67ms Other
text/html 2606:4700:310c::ac42:2f96
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://paypal-service.pages.dev/favicon.ico

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:310c::ac42:2f96 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

38174b63b4995736d72761639f38873978fef87590f24e4ae88a79f8c657b3ca

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://paypal-service.pages.dev/signin/challenge/sms

Response headers

cache-control: public, max-age=0, must-revalidate
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding: br
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Z6BeR1XjaxsI9RJFGOhZwOb%2Bbvao8pH62nTIIEBfeCJZ7l0T8GxAomi%2FmaqrPXHZ9BME3pP%2BENqVu%2BtLVadN46oBDi%2F6BFUBwAknw8iE8GtGSlbMXdPVT%2FlBk0hbkAlI9G9L2O8ee02fpwg09xj13pymvrfAOeQ%3D"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
cf-ray: 8f6539490d65a27f-YUL
access-control-allow-origin: *
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=17385&min_rtt=16405&rtt_var=1455&sent=26&recv=23&lost=0&retrans=0&sent_bytes=11806&recv_bytes=2785&delivery_rate=697103&cwnd=257&unsent_bytes=0&cid=fc18c602a09ea95d&ts=162&x=0"
date: Mon, 23 Dec 2024 03:21:50 GMT
content-type: text/html; charset=utf-8
vary: Accept-Encoding
server: cloudflare

GET
H2

200

Primary Request sms Show response
paypal-service.pages.dev/signin/challenge/
Redirect Chain

https://paypal-service.pages.dev/cdn-cgi/phish-bypass?atok=NgkbiYUVkqmTv0mNsZl5hbAzi4PwVaGmmWQg5I40cuo-1734924110-0.0.1.1-%2Fsignin%2Fchallenge%2Fsms
https://paypal-service.pages.dev/signin/challenge/sms

42 KB
11 KB

42ms
42ms

Document
text/html

2606:4700:310c::ac42:2f96
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://paypal-service.pages.dev/signin/challenge/sms

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:310c::ac42:2f96 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

38174b63b4995736d72761639f38873978fef87590f24e4ae88a79f8c657b3ca

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://paypal-service.pages.dev/signin/challenge/sms
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

access-control-allow-origin: *
alt-svc: h3=":443"; ma=86400
cache-control: public, max-age=0, must-revalidate
cf-ray: 8f6539631d00a27f-YUL
content-encoding: br
content-type: text/html; charset=utf-8
date: Mon, 23 Dec 2024 03:21:54 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
referrer-policy: strict-origin-when-cross-origin
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=T0cSBOjRiGuoaqYcthoVQmUgc%2FO8%2FaHQujgRQ%2BJkhWTbQ5hk2701EidB39d0ff5wcBlYM9a8xS12bOz6E0rEljjHPL%2BLWbFBf8527kFqGsT8KD1khLVmpjqfPwpjEclnPXu8XqO6yQqFiIGomacwUViiakgPujc%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
server-timing: cfL4;desc="?proto=TCP&rtt=16805&min_rtt=16405&rtt_var=298&sent=46&recv=39&lost=0&retrans=0&sent_bytes=23535&recv_bytes=3063&delivery_rate=1192849&cwnd=257&unsent_bytes=0&cid=fc18c602a09ea95d&ts=4304&x=0"
vary: Accept-Encoding
x-content-type-options: nosniff

Redirect headers

cache-control: private, no-cache
cf-ray: 8f653962ece3a27f-YUL
content-length: 167
content-type: text/html
date: Mon, 23 Dec 2024 03:21:54 GMT
location: https://paypal-service.pages.dev/signin/challenge/sms
server: cloudflare
x-content-type-options: nosniff
x-frame-options: DENY

GET
H3 200 conversion_async.js Show response
www.googleadservices.com/pagead/ 60 KB
21 KB 92ms
46ms Script
text/javascript 172.217.197.157
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/conversion_async.js

Requested by

Host: paypal-service.pages.dev
URL: https://paypal-service.pages.dev/signin/challenge/sms

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.197.157 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

qa-in-f157.1e100.net

Software

cafe /

Resource Hash

1467343f63cc98647d59c1ff575fe51349be70fe08d456cbab385a1378fb4062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://paypal-service.pages.dev/

Response headers

content-encoding: br
etag: 386282949569220296
x-content-type-options: nosniff
expires: Mon, 23 Dec 2024 03:21:54 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
date: Mon, 23 Dec 2024 03:21:54 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
content-disposition: attachment; filename="f.txt"
cache-control: private, max-age=3600
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-length: 21869
x-xss-protection: 0
server: cafe

GET analytics.js
www.paypalobjects.com/pa/mi/3p/gtag/ 0
0

GET
H2 200 latmconf.js Show response
www.paypalobjects.com/pa/mi/paypal/ 15 KB
5 KB 147ms
26ms Script
application/javascript 192.229.210.155
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL

https://www.paypalobjects.com/pa/mi/paypal/latmconf.js

Requested by

Host: paypal-service.pages.dev
URL: https://paypal-service.pages.dev/signin/challenge/sms

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.229.210.155 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECAcc (nyd/D14C) /

Resource Hash

a988b87ab698928f0f5962f63b782eb8cac80531839aea8c94249178ed91bc4e

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin: https://paypal-service.pages.dev
Referer: https://paypal-service.pages.dev/

Response headers

paypal-debug-id: 119b132e62004
content-encoding: br
etag: W/"67652fe1-3b1a"
access-control-allow-methods: GET
x-content-type-options: nosniff
expires: Mon, 23 Dec 2024 04:21:54 GMT
traceparent: 00-0000000000000000000119b132e62004-44279276c0512205-01
dc: ccg11-origin-www-1.paypal.com
x-cache: HIT
date: Mon, 23 Dec 2024 03:21:54 GMT
content-type: application/javascript
last-modified: Fri, 20 Dec 2024 08:50:41 GMT
vary: Accept-Encoding
access-control-allow-headers: x-csrf-token
strict-transport-security: max-age=63072000; includeSubDomains; preload
cache-control: s-maxage=31536000, public,max-age=3600
timing-allow-origin: https://www.paypal.com,https://www.sandbox.paypal.com
accept-ranges: bytes
access-control-allow-origin: *
content-length: 4143
server: ECAcc (nyd/D14C)

GET
H2 200 ngrlCaptcha.min.js Show response
www.paypalobjects.com/webcaptcha/ 23 KB
6 KB 28ms
27ms Script
application/javascript 192.229.210.155
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL

https://www.paypalobjects.com/webcaptcha/ngrlCaptcha.min.js

Requested by

Host: paypal-service.pages.dev
URL: https://paypal-service.pages.dev/signin/challenge/sms

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.229.210.155 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECAcc (nyd/D10D) /

Resource Hash

d81bfefd8585b694222d3e94e9dee5d7935049c65355f9fd096800301d51545b

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://paypal-service.pages.dev/

Response headers

paypal-debug-id: 71280eff5b5ae
content-encoding: br
etag: W/"6697f682-5a55"
x-content-type-options: nosniff
expires: Mon, 23 Dec 2024 04:21:54 GMT
traceparent: 00-000000000000000000071280eff5b5ae-9f9c1f2f8210c085-01
dc: ccg11-origin-www-1.paypal.com
x-cache: HIT
date: Mon, 23 Dec 2024 03:21:54 GMT
content-type: application/javascript
last-modified: Wed, 17 Jul 2024 16:51:14 GMT
vary: Accept-Encoding
strict-transport-security: max-age=63072000; includeSubDomains; preload
cache-control: s-maxage=31536000, public,max-age=3600
timing-allow-origin: https://www.paypal.com,https://www.sandbox.paypal.com
accept-ranges: bytes
content-length: 6477
server: ECAcc (nyd/D10D)

GET
H2 200 contextualLoginElementalUIv2.css
www.paypalobjects.com/web/res/d92/d3850ccc8b36d093234151c519ea5/css/ 151 KB
24 KB 151ms
30ms Stylesheet
text/css 192.229.210.155
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL

https://www.paypalobjects.com/web/res/d92/d3850ccc8b36d093234151c519ea5/css/contextualLoginElementalUIv2.css

Requested by

Host: paypal-service.pages.dev
URL: https://paypal-service.pages.dev/signin/challenge/sms

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.229.210.155 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECAcc (nyd/D166) /

Resource Hash

69be7adca53f8e3b8d56a359e63ec6510fd119768ec947d343a853f698d7a5c5

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://paypal-service.pages.dev/

Response headers

paypal-debug-id: 1f33229772329
content-encoding: br
etag: W/"65bb5bdc-25c40"
access-control-allow-methods: GET
x-content-type-options: nosniff
expires: Tue, 23 Dec 2025 03:21:54 GMT
traceparent: 00-00000000000000000001f33229772329-734196ac49b7805c-01
dc: ccg11-origin-www-1.paypal.com
x-cache: HIT
date: Mon, 23 Dec 2024 03:21:54 GMT
content-type: text/css
last-modified: Thu, 01 Feb 2024 08:52:44 GMT
vary: Accept-Encoding
access-control-allow-headers: x-csrf-token
strict-transport-security: max-age=63072000; includeSubDomains; preload
cache-control: max-age=31536000, s-maxage=31536000
timing-allow-origin: https://www.paypal.com,https://www.sandbox.paypal.com
access-control-allow-origin: *
content-length: 24523
server: ECAcc (nyd/D166)

GET
H2 200 modernizr-2.6.1.js Show response
www.paypalobjects.com/web/res/d92/d3850ccc8b36d093234151c519ea5/js/lib/ 4 KB
2 KB 149ms
28ms Script
application/javascript 192.229.210.155
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL

https://www.paypalobjects.com/web/res/d92/d3850ccc8b36d093234151c519ea5/js/lib/modernizr-2.6.1.js

Requested by

Host: paypal-service.pages.dev
URL: https://paypal-service.pages.dev/signin/challenge/sms

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.229.210.155 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECAcc (nyd/D106) /

Resource Hash

a6c3bff965978df8093c3a29f7071c21d7439a212af41e7b40ce70d94d6bcc44

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://paypal-service.pages.dev/

Response headers

paypal-debug-id: a9d012cb62983
content-encoding: br
etag: W/"65bb5be1-edf"
access-control-allow-methods: GET
x-content-type-options: nosniff
expires: Tue, 23 Dec 2025 03:21:54 GMT
traceparent: 00-0000000000000000000a9d012cb62983-e9b5c13c32c7e238-01
dc: ccg11-origin-www-1.paypal.com
x-cache: HIT
date: Mon, 23 Dec 2024 03:21:54 GMT
content-type: application/javascript
last-modified: Thu, 01 Feb 2024 08:52:49 GMT
vary: Accept-Encoding
access-control-allow-headers: x-csrf-token
strict-transport-security: max-age=63072000; includeSubDomains; preload
cache-control: max-age=31536000, s-maxage=31536000
timing-allow-origin: https://www.paypal.com,https://www.sandbox.paypal.com
access-control-allow-origin: *
content-length: 1747
server: ECAcc (nyd/D106)

GET
H3 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/965352860/ 5 KB
2 KB 109ms
43ms Script
text/javascript 172.253.115.156
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/965352860/?random=1706815193734&cv=9&fst=1706815193734&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&eid=466465925&u_h=768&u_w=1366&u_ah=728&u_aw=1366&u_cd=24&u_his=6&u_tz=420&u_java=false&u_nplug=5&u_nmime=2&sendb=1&ig=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwww.paypal.com%2Fsignin%3Fcountry.x%3DID%26locale.x%3Den_US&ref=https%3A%2F%2Fwww.paypal.com%2Fsignin%3Fcountry.x%3DID%26locale.x%3Den_US%26langTgl%3Den&tiba=Log%20in%20to%20your%20PayPal%20account&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4

Requested by

Host: paypal-service.pages.dev
URL: https://paypal-service.pages.dev/signin/challenge/sms

Protocol

Security

QUIC, , AES_128_GCM

Server

172.253.115.156 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bg-in-f156.1e100.net

Software

cafe /

Resource Hash

4478db0b30afdb0e8474f766c8edfa4aa81559faeaa5d06053f3a65f63bd5ea5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://paypal-service.pages.dev/

Response headers

cache-control: no-cache, must-revalidate
timing-allow-origin: *
content-encoding: br
pragma: no-cache
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-length: 2253
date: Mon, 23 Dec 2024 03:21:54 GMT
x-xss-protection: 0
content-type: text/javascript; charset=UTF-8
content-disposition: attachment; filename="f.txt"
server: cafe

GET
H3 200 / Show response
www.googleadservices.com/pagead/conversion/965352860/ 5 KB
2 KB 48ms
47ms Script
text/javascript 172.217.197.157
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/conversion/965352860/?random=1706815193749&cv=9&fst=1706815193749&num=1&label=K7FtCJDsl_4CEJy7qMwD&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&eid=466465925%2C509562772%2C512247838&u_h=768&u_w=1366&u_ah=728&u_aw=1366&u_cd=24&u_his=6&u_tz=420&u_java=false&u_nplug=5&u_nmime=2&sendb=1&ig=1&data=event%3Dconversion&frm=0&url=https%3A%2F%2Fwww.paypal.com%2Fsignin%3Fcountry.x%3DID%26locale.x%3Den_US&ref=https%3A%2F%2Fwww.paypal.com%2Fsignin%3Fcountry.x%3DID%26locale.x%3Den_US%26langTgl%3Den&tiba=Log%20in%20to%20your%20PayPal%20account&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4

Requested by

Host: paypal-service.pages.dev
URL: https://paypal-service.pages.dev/signin/challenge/sms

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.197.157 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

qa-in-f157.1e100.net

Software

cafe /

Resource Hash

35c941cd4d8fd3f57cab637553f053bfb5109b8b68cc98c4647bbac74821edec

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://paypal-service.pages.dev/

Response headers

cache-control: no-cache, must-revalidate
timing-allow-origin: *
content-encoding: br
pragma: no-cache
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length: 2484
date: Mon, 23 Dec 2024 03:21:54 GMT
x-xss-protection: 0
content-type: text/javascript; charset=UTF-8
content-disposition: attachment; filename="f.txt"
server: cafe

GET
H2 200 icon-PN-check.png
www.paypalobjects.com/images/shared/ 2 KB
2 KB 150ms
29ms Image
image/png 192.229.210.155
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.paypalobjects.com/images/shared/icon-PN-check.png

Requested by

Host: paypal-service.pages.dev
URL: https://paypal-service.pages.dev/signin/challenge/sms

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.229.210.155 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECAcc (nyd/D142) /

Resource Hash

4a77d272b8cf508cc4a7e0da5763faa9958e42a5554fdb5d29fc3be51d685653

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://paypal-service.pages.dev/

Response headers

paypal-debug-id: b30183cafa1e5
etag: "60271b47-8bc"
x-content-type-options: nosniff
expires: Mon, 23 Dec 2024 04:21:54 GMT
traceparent: 00-0000000000000000000b30183cafa1e5-59eeae2e4b9ec5a1-01
dc: ccg11-origin-www-1.paypal.com
x-cache: HIT
date: Mon, 23 Dec 2024 03:21:54 GMT
content-type: image/png
last-modified: Sat, 13 Feb 2021 00:20:23 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
cache-control: s-maxage=31536000, public,max-age=3600
timing-allow-origin: https://www.paypal.com,https://www.sandbox.paypal.com
accept-ch: DPR, Viewport-Width, Width, ECT, Downlink
accept-ranges: bytes
content-length: 2236
server: ECAcc (nyd/D142)

GET
H2 200 glyph_alert_critical_big-2x.png
www.paypalobjects.com/images/shared/ 6 KB
6 KB 153ms
32ms Image
image/png 192.229.210.155
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.paypalobjects.com/images/shared/glyph_alert_critical_big-2x.png

Requested by

Host: paypal-service.pages.dev
URL: https://paypal-service.pages.dev/signin/challenge/sms

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.229.210.155 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECAcc (nyd/D1A2) /

Resource Hash

13e4806e5c517e074ab1ea26fe0f2b7b87eaa3988006f35ed0bd4c89502d0d79

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://paypal-service.pages.dev/

Response headers

paypal-debug-id: ee96c6367f612
etag: "54130c54-16c4"
x-content-type-options: nosniff
expires: Mon, 23 Dec 2024 04:21:54 GMT
traceparent: 00-0000000000000000000ee96c6367f612-abf803167a788aa0-01
dc: ccg11-origin-www-1.paypal.com
x-cache: HIT
date: Mon, 23 Dec 2024 03:21:54 GMT
content-type: image/png
last-modified: Fri, 12 Sep 2014 15:08:04 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
cache-control: s-maxage=31536000, public,max-age=3600
timing-allow-origin: https://www.paypal.com,https://www.sandbox.paypal.com
accept-ch: DPR, Viewport-Width, Width, ECT, Downlink
accept-ranges: bytes
content-length: 5828
server: ECAcc (nyd/D1A2)

GET
H2 200 fn-sync-telemetry-min.js Show response
www.paypalobjects.com/web/res/d92/d3850ccc8b36d093234151c519ea5/js/lib/ 5 KB
2 KB 30ms
29ms Script
application/javascript 192.229.210.155
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL

https://www.paypalobjects.com/web/res/d92/d3850ccc8b36d093234151c519ea5/js/lib/fn-sync-telemetry-min.js

Requested by

Host: paypal-service.pages.dev
URL: https://paypal-service.pages.dev/signin/challenge/sms

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.229.210.155 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECAcc (nyd/D10B) /

Resource Hash

8b202d5bd55968ce4bfc21c063166eaebe62104275ce7ec362d78b64b2581c95

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://paypal-service.pages.dev/

Response headers

paypal-debug-id: 0de30a886bb04
content-encoding: br
etag: W/"65bb5be1-159e"
access-control-allow-methods: GET
x-content-type-options: nosniff
expires: Tue, 23 Dec 2025 03:21:54 GMT
traceparent: 00-00000000000000000000de30a886bb04-554ea7da60c9932f-01
dc: ccg11-origin-www-1.paypal.com
x-cache: HIT
date: Mon, 23 Dec 2024 03:21:54 GMT
content-type: application/javascript
last-modified: Thu, 01 Feb 2024 08:52:49 GMT
vary: Accept-Encoding
access-control-allow-headers: x-csrf-token
strict-transport-security: max-age=63072000; includeSubDomains; preload
cache-control: max-age=31536000, s-maxage=31536000
timing-allow-origin: https://www.paypal.com,https://www.sandbox.paypal.com
access-control-allow-origin: *
content-length: 2321
server: ECAcc (nyd/D10B)

GET
H2 200 signin-split.js Show response
www.paypalobjects.com/web/res/d92/d3850ccc8b36d093234151c519ea5/js/ 232 KB
51 KB 30ms
29ms Script
application/javascript 192.229.210.155
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL

https://www.paypalobjects.com/web/res/d92/d3850ccc8b36d093234151c519ea5/js/signin-split.js

Requested by

Host: paypal-service.pages.dev
URL: https://paypal-service.pages.dev/signin/challenge/sms

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.229.210.155 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECAcc (nyd/D149) /

Resource Hash

cd6a23981ce0bebccb348348c949626f854894dbb5c031ef494467c942be1cce

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://paypal-service.pages.dev/

Response headers

paypal-debug-id: c1011d7e111a9
content-encoding: br
etag: W/"65bb5bdf-39f1f"
access-control-allow-methods: GET
x-content-type-options: nosniff
expires: Tue, 23 Dec 2025 03:21:54 GMT
traceparent: 00-0000000000000000000c1011d7e111a9-845345e897950e3a-01
dc: ccg11-origin-www-1.paypal.com
x-cache: HIT
date: Mon, 23 Dec 2024 03:21:54 GMT
content-type: application/javascript
last-modified: Thu, 01 Feb 2024 08:52:47 GMT
vary: Accept-Encoding
access-control-allow-headers: x-csrf-token
strict-transport-security: max-age=63072000; includeSubDomains; preload
cache-control: max-age=31536000, s-maxage=31536000
timing-allow-origin: https://www.paypal.com,https://www.sandbox.paypal.com
access-control-allow-origin: *
content-length: 52490
server: ECAcc (nyd/D149)

GET
H2 200 ioc.js Show response
www.paypalobjects.com/web/res/d92/d3850ccc8b36d093234151c519ea5/js/ 5 KB
2 KB 28ms
26ms Script
application/javascript 192.229.210.155
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL

https://www.paypalobjects.com/web/res/d92/d3850ccc8b36d093234151c519ea5/js/ioc.js

Requested by

Host: paypal-service.pages.dev
URL: https://paypal-service.pages.dev/signin/challenge/sms

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.229.210.155 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECAcc (nyd/D13C) /

Resource Hash

07d4a44d248156a0e3d0c604d7359e54f3b021eeec70b7c3a1d127a141f76d97

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://paypal-service.pages.dev/

Response headers

paypal-debug-id: a0cae611787b0
content-encoding: br
etag: W/"65bb5bdf-1407"
access-control-allow-methods: GET
x-content-type-options: nosniff
expires: Tue, 23 Dec 2025 03:21:54 GMT
traceparent: 00-0000000000000000000a0cae611787b0-7951ff2f47c57b67-01
dc: ccg11-origin-www-1.paypal.com
x-cache: HIT
date: Mon, 23 Dec 2024 03:21:54 GMT
content-type: application/javascript
last-modified: Thu, 01 Feb 2024 08:52:47 GMT
vary: Accept-Encoding
access-control-allow-headers: x-csrf-token
strict-transport-security: max-age=63072000; includeSubDomains; preload
cache-control: max-age=31536000, s-maxage=31536000
timing-allow-origin: https://www.paypal.com,https://www.sandbox.paypal.com
access-control-allow-origin: *
content-length: 1984
server: ECAcc (nyd/D13C)

GET
H2 200 fb.js Show response
c.paypal.com/da/r/ 70 KB
24 KB 150ms
19ms Script
application/javascript 151.101.193.21
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://c.paypal.com/da/r/fb.js

Requested by

Host: paypal-service.pages.dev
URL: https://paypal-service.pages.dev/signin/challenge/sms

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.193.21 San Francisco, United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

ECAcc (dac/9C80) /

Resource Hash

72561daecad9d07460125458467e9c4ae115aa992bf99bf5856d7606519be13c

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://paypal-service.pages.dev/

Response headers

access-control-max-age: 86400
paypal-debug-id: 09e90dcc906d3
content-encoding: gzip
etag: W/"673387c8-118bf"
age: 503317
x-content-type-options: nosniff
access-control-allow-methods: GET
traceparent: 00-000000000000000000009e90dcc906d3-a05d4c7b0b321712-01
expires: Tue, 24 Dec 2024 03:21:54 GMT
server-timing: content-encoding;desc="gzip",x-cdn;desc="fastly"
dc: ccg11-origin-www-1.paypal.com
x-cache: HIT
date: Mon, 23 Dec 2024 03:21:54 GMT
content-type: application/javascript
x-served-by: cache-yul1970056-YUL
x-cache-hits: 91439
last-modified: Tue, 12 Nov 2024 16:52:24 GMT
access-control-allow-headers: x-csrf-token
strict-transport-security: max-age=63072000; includeSubDomains; preload
vary: Accept-Encoding, Accept-Encoding
cache-control: no-cache, no-store, must-revalidate,max-age=86400
timing-allow-origin: *
x-timer: S1734924115.847546,VS0,VE1
access-control-allow-credentials: false
via: 1.1 varnish
accept-ranges: bytes
access-control-allow-origin: *
content-length: 23767
server: ECAcc (dac/9C80)

GET
H2 200 paypal-mark-color.svg
www.paypalobjects.com/paypal-ui/logos/svg/ 709 B
584 B 40ms
39ms Image
image/svg+xml 192.229.210.155
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.paypalobjects.com/paypal-ui/logos/svg/paypal-mark-color.svg

Requested by

Host: www.paypalobjects.com
URL: https://www.paypalobjects.com/web/res/d92/d3850ccc8b36d093234151c519ea5/css/contextualLoginElementalUIv2.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.229.210.155 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECAcc (nyd/D14E) /

Resource Hash

8766a4211434d2c318fbfa412ea9633b385ecf1cab6119f8894019d91ed7e027

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.paypalobjects.com/web/res/d92/d3850ccc8b36d093234151c519ea5/css/contextualLoginElementalUIv2.css

Response headers

paypal-debug-id: b75dbc1a5cc15
content-encoding: br
etag: "66d9ab63-2c5+gzip+br"
x-content-type-options: nosniff
expires: Mon, 23 Dec 2024 04:21:54 GMT
traceparent: 00-0000000000000000000b75dbc1a5cc15-1b23e5d8e53dfd26-01
dc: ccg11-origin-www-1.paypal.com
x-cache: HIT
date: Mon, 23 Dec 2024 03:21:54 GMT
content-type: image/svg+xml
last-modified: Thu, 05 Sep 2024 13:00:19 GMT
vary: Accept-Encoding
strict-transport-security: max-age=63072000; includeSubDomains; preload
cache-control: s-maxage=31536000, public,max-age=3600
timing-allow-origin: https://www.paypal.com,https://www.sandbox.paypal.com
access-control-allow-origin: *
content-length: 422
server: ECAcc (nyd/D14E)

GET
H2 200 PayPalSansBig-Regular.woff2
www.paypalobjects.com/paypal-ui/fonts/ 25 KB
25 KB 27ms
27ms Font
application/font-woff2 192.229.210.155
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL

https://www.paypalobjects.com/paypal-ui/fonts/PayPalSansBig-Regular.woff2

Requested by

Host: www.paypalobjects.com
URL: https://www.paypalobjects.com/web/res/d92/d3850ccc8b36d093234151c519ea5/css/contextualLoginElementalUIv2.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.229.210.155 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECAcc (nyd/D193) /

Resource Hash

1f70ff447ed799a34f4c3ae37ef1f49ed4af71123ba2c2aefe354565354284be

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin: https://paypal-service.pages.dev
Referer: https://www.paypalobjects.com/web/res/d92/d3850ccc8b36d093234151c519ea5/css/contextualLoginElementalUIv2.css

Response headers

paypal-debug-id: 6f225e1b3eca7
etag: "60271cda-6318"
access-control-allow-methods: GET
x-content-type-options: nosniff
expires: Mon, 23 Dec 2024 04:21:54 GMT
traceparent: 00-00000000000000000006f225e1b3eca7-65a10b2e8586bdff-01
dc: ccg11-origin-www-1.paypal.com
x-cache: HIT
date: Mon, 23 Dec 2024 03:21:54 GMT
content-type: application/font-woff2
last-modified: Sat, 13 Feb 2021 00:27:06 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
cache-control: s-maxage=31536000, public,max-age=31536000
timing-allow-origin: https://www.paypal.com,https://www.sandbox.paypal.com
accept-ranges: bytes
access-control-allow-origin: *
content-length: 25368
server: ECAcc (nyd/D193)

GET
H2 200 PayPalSansBig-Medium.woff2
www.paypalobjects.com/paypal-ui/fonts/ 18 KB
18 KB 28ms
28ms Font
application/font-woff2 192.229.210.155
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL

https://www.paypalobjects.com/paypal-ui/fonts/PayPalSansBig-Medium.woff2

Requested by

Host: www.paypalobjects.com
URL: https://www.paypalobjects.com/web/res/d92/d3850ccc8b36d093234151c519ea5/css/contextualLoginElementalUIv2.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.229.210.155 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECAcc (nyd/D14B) /

Resource Hash

2ae6779c6c3579643ab6deb5cfb822e843bf637d006a4ec25d9857ec7fb6d8c1

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin: https://paypal-service.pages.dev
Referer: https://www.paypalobjects.com/web/res/d92/d3850ccc8b36d093234151c519ea5/css/contextualLoginElementalUIv2.css

Response headers

paypal-debug-id: 08b8aaa5a9b01
etag: "60271cda-484c"
access-control-allow-methods: GET
x-content-type-options: nosniff
expires: Mon, 23 Dec 2024 04:21:54 GMT
traceparent: 00-000000000000000000008b8aaa5a9b01-25292c51e557567b-01
dc: ccg11-origin-www-1.paypal.com
x-cache: HIT
date: Mon, 23 Dec 2024 03:21:54 GMT
content-type: application/font-woff2
last-modified: Sat, 13 Feb 2021 00:27:06 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
cache-control: s-maxage=31536000, public,max-age=31536000
timing-allow-origin: https://www.paypal.com,https://www.sandbox.paypal.com
accept-ranges: bytes
access-control-allow-origin: *
content-length: 18508
server: ECAcc (nyd/D14B)

GET
H2 200 grcenterprise_v3_static.html
www.paypalobjects.com/webcaptcha/ Frame 5AEC 0
0 98ms
26ms Document
text/html 192.229.210.155
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL

https://www.paypalobjects.com/webcaptcha/grcenterprise_v3_static.html

Requested by

Host: paypal-service.pages.dev
URL: https://paypal-service.pages.dev/signin/challenge/sms

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.229.210.155 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECAcc (nyd/D18D) /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://paypal-service.pages.dev/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

cache-control: s-maxage=31536000, public,max-age=3600
content-encoding: br
content-length: 2084
content-type: text/html
date: Mon, 23 Dec 2024 03:21:54 GMT
dc: ccg11-origin-www-1.paypal.com
etag: "6633898b-19bd+gzip+br"
expires: Mon, 23 Dec 2024 04:21:54 GMT
last-modified: Thu, 02 May 2024 12:39:39 GMT
paypal-debug-id: 3e337e25f1733
server: ECAcc (nyd/D18D)
strict-transport-security: max-age=63072000; includeSubDomains; preload
timing-allow-origin: https://www.paypal.com,https://www.sandbox.paypal.com
traceparent: 00-00000000000000000003e337e25f1733-5972509d51136c7e-01
vary: Accept-Encoding
x-cache: HIT
x-content-type-options: nosniff

GET
H3

200

/
www.google.ca/pagead/1p-conversion/965352860/
Redirect Chain

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/965352860/?random=860270529&cv=9&fst=1706815193749&num=1&label=K7FtCJDsl_4CEJy7qMwD&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&eid=4664...
https://www.google.com/pagead/1p-conversion/965352860/?random=860270529&cv=9&fst=1706815193749&num=1&label=K7FtCJDsl_4CEJy7qMwD&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&eid=466465925%2C509562772%2C5...
https://www.google.ca/pagead/1p-conversion/965352860/?random=860270529&cv=9&fst=1706815193749&num=1&label=K7FtCJDsl_4CEJy7qMwD&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&eid=466465925%2C509562772%2C51...

42 B
64 B

49ms
48ms

Image
image/gif

142.251.16.94
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.ca/pagead/1p-conversion/965352860/?random=860270529&cv=9&fst=1706815193749&num=1&label=K7FtCJDsl_4CEJy7qMwD&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&eid=466465925%2C509562772%2C512247838&u_h=768&u_w=1366&u_ah=728&u_aw=1366&u_cd=24&u_his=6&u_tz=420&u_java=false&u_nplug=5&u_nmime=2&sendb=1&ig=1&data=event%3Dconversion&frm=0&url=https%3A%2F%2Fwww.paypal.com%2Fsignin%3Fcountry.x%3DID%26locale.x%3Den_US&ref=https%3A%2F%2Fwww.paypal.com%2Fsignin%3Fcountry.x%3DID%26locale.x%3Den_US%26langTgl%3Den&tiba=Log%20in%20to%20your%20PayPal%20account&hn=www.googleadservices.com&async=1&fmt=3&ct_cookie_present=false&crd=CKG4sQIIscGxAgiwwbECCLHDsQIIisWxAgjCybECCOvGsQIItMaxAgijxbECCNPFsQJKJ3RyaWdnZXIsIGV2ZW50LXNvdXJjZTtuYXZpZ2F0aW9uLXNvdXJjZVoDCgEBYgQKAgID&pscrd=IhMI9r_I_Pe8igMVLQ2ICR0tGQWkMgIIAzICCAQyAggHMgIICDICCAkyAggKMgIIAjICCAsyAggVMgIIHzICCBMyAggSOiFodHRwczovL3BheXBhbC1zZXJ2aWNlLnBhZ2VzLmRldi8&is_vtc=1&cid=CAQSGwCa7L7deVSox1LJwsTe7VKnnnG59gJNtfiZjA&random=933949213&resp=GooglemKTybQhCsO&ipr=y

Requested by

Host: paypal-service.pages.dev
URL: https://paypal-service.pages.dev/signin/challenge/sms

Protocol

Server

142.251.16.94 Farmingdale, United States, ASN15169 (GOOGLE, US),

Reverse DNS

bl-in-f94.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://paypal-service.pages.dev/

Response headers

content-security-policy: script-src 'none'; object-src 'none'
cache-control: no-cache, no-store, must-revalidate
timing-allow-origin: *
pragma: no-cache
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length: 42
date: Mon, 23 Dec 2024 03:21:54 GMT
x-xss-protection: 0
content-type: image/gif
server: cafe

Redirect headers

content-security-policy: script-src 'none'; object-src 'none'
cache-control: no-cache, no-store, must-revalidate
timing-allow-origin: *
location: https://www.google.ca/pagead/1p-conversion/965352860/?random=860270529&cv=9&fst=1706815193749&num=1&label=K7FtCJDsl_4CEJy7qMwD&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&eid=466465925%2C509562772%2C512247838&u_h=768&u_w=1366&u_ah=728&u_aw=1366&u_cd=24&u_his=6&u_tz=420&u_java=false&u_nplug=5&u_nmime=2&sendb=1&ig=1&data=event%3Dconversion&frm=0&url=https%3A%2F%2Fwww.paypal.com%2Fsignin%3Fcountry.x%3DID%26locale.x%3Den_US&ref=https%3A%2F%2Fwww.paypal.com%2Fsignin%3Fcountry.x%3DID%26locale.x%3Den_US%26langTgl%3Den&tiba=Log%20in%20to%20your%20PayPal%20account&hn=www.googleadservices.com&async=1&fmt=3&ct_cookie_present=false&crd=CKG4sQIIscGxAgiwwbECCLHDsQIIisWxAgjCybECCOvGsQIItMaxAgijxbECCNPFsQJKJ3RyaWdnZXIsIGV2ZW50LXNvdXJjZTtuYXZpZ2F0aW9uLXNvdXJjZVoDCgEBYgQKAgID&pscrd=IhMI9r_I_Pe8igMVLQ2ICR0tGQWkMgIIAzICCAQyAggHMgIICDICCAkyAggKMgIIAjICCAsyAggVMgIIHzICCBMyAggSOiFodHRwczovL3BheXBhbC1zZXJ2aWNlLnBhZ2VzLmRldi8&is_vtc=1&cid=CAQSGwCa7L7deVSox1LJwsTe7VKnnnG59gJNtfiZjA&random=933949213&resp=GooglemKTybQhCsO&ipr=y
pragma: no-cache
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length: 42
date: Mon, 23 Dec 2024 03:21:54 GMT
x-xss-protection: 0
content-type: image/gif
server: cafe

GET
H3 200 /
www.google.com/pagead/1p-user-list/965352860/ 42 B
64 B 119ms
50ms Image
image/gif 172.253.115.103
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/965352860/?random=1706815193734&cv=9&fst=1706814000000&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&eid=466465925&u_h=768&u_w=1366&u_ah=728&u_aw=1366&u_cd=24&u_his=6&u_tz=420&u_java=false&u_nplug=5&u_nmime=2&sendb=1&ig=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwww.paypal.com%2Fsignin%3Fcountry.x%3DID%26locale.x%3Den_US&ref=https%3A%2F%2Fwww.paypal.com%2Fsignin%3Fcountry.x%3DID%26locale.x%3Den_US%26langTgl%3Den&tiba=Log%20in%20to%20your%20PayPal%20account&hn=www.googleadservices.com&async=1&rfmt=3&fmt=3&is_vtc=1&cid=CAQSGwCa7L7dbWwUbYO9PWdR-6dO702UZPAGFZykmA&random=3014341240&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y

Requested by

Host: paypal-service.pages.dev
URL: https://paypal-service.pages.dev/signin/challenge/sms

Protocol

Security

QUIC, , AES_128_GCM

Server

172.253.115.103 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bg-in-f103.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://paypal-service.pages.dev/

Response headers

content-security-policy: script-src 'none'; object-src 'none'
cache-control: no-cache, no-store, must-revalidate
timing-allow-origin: *
pragma: no-cache
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length: 42
date: Mon, 23 Dec 2024 03:21:54 GMT
x-xss-protection: 0
content-type: image/gif
server: cafe

GET
H3 200 /
www.google.ca/pagead/1p-user-list/965352860/ 42 B
64 B 94ms
45ms Image
image/gif 142.251.16.94
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.ca/pagead/1p-user-list/965352860/?random=1706815193734&cv=9&fst=1706814000000&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&eid=466465925&u_h=768&u_w=1366&u_ah=728&u_aw=1366&u_cd=24&u_his=6&u_tz=420&u_java=false&u_nplug=5&u_nmime=2&sendb=1&ig=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwww.paypal.com%2Fsignin%3Fcountry.x%3DID%26locale.x%3Den_US&ref=https%3A%2F%2Fwww.paypal.com%2Fsignin%3Fcountry.x%3DID%26locale.x%3Den_US%26langTgl%3Den&tiba=Log%20in%20to%20your%20PayPal%20account&hn=www.googleadservices.com&async=1&rfmt=3&fmt=3&is_vtc=1&cid=CAQSGwCa7L7dbWwUbYO9PWdR-6dO702UZPAGFZykmA&random=3014341240&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y

Requested by

Host: paypal-service.pages.dev
URL: https://paypal-service.pages.dev/signin/challenge/sms

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.16.94 Farmingdale, United States, ASN15169 (GOOGLE, US),

Reverse DNS

bl-in-f94.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://paypal-service.pages.dev/

Response headers

content-security-policy: script-src 'none'; object-src 'none'
cache-control: no-cache, no-store, must-revalidate
timing-allow-origin: *
pragma: no-cache
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length: 42
date: Mon, 23 Dec 2024 03:21:54 GMT
x-xss-protection: 0
content-type: image/gif
server: cafe

GET
H2 204 e Show response
c.paypal.com/v1/r/d/b/ 0
440 B 207ms
207ms Script
text/plain 151.101.193.21
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://c.paypal.com/v1/r/d/b/e?appId=undefined&correlationID=undefined&ed=%5B%7B%22location%22%3A%22FN%22%2C%22field%22%3A%22init%22%2C%22issue%22%3A%22e%3DNONE%26stack%3DError%3A%20NONE%5Cn%20%20%20%20at%20Fn.asyncData.initAndCollect%20(https%3A%2F%2Fc.paypal.com%2Fda%2Fr%2Ffb.js%3A1%3A71776)%5Cn%20%20%20%20at%20https%3A%2F%2Fc.paypal.com%2Fda%2Fr%2Ffb.js%3A1%3A71852%5Cn%20%20%20%20at%20https%3A%2F%2Fc.paypal.com%2Fda%2Fr%2Ffb.js%3A1%3A71869%26url%3Dhttps%3A%2F%2Fpaypal-service.pages.dev%2Fsignin%2Fchallenge%2F%22%7D%5D&rvr=3.8.1-TP&ua=Mozilla/5.0%20(X11;%20Linux%20x86_64)%20AppleWebKit/537.36%20(KHTML,%20like%20Gecko)%20Chrome/131.0.0.0%20Safari/537.36&wv=undefined

Requested by

Host: c.paypal.com
URL: https://c.paypal.com/da/r/fb.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.193.21 San Francisco, United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://paypal-service.pages.dev/

Response headers

access-control-expose-headers: Server-Timing
paypal-debug-id: fe466532bc17d
correlation-id: fe466532bc17d
traceparent: 00-0000000000000000000fe466532bc17d-f24e4249e29a3f8b-01
server-timing: "traceparent;desc="00-0000000000000000000fe466532bc17d-89bb1a5cda863f72-01"";content-encoding;desc="",x-cdn;desc="fastly"
x-cache: MISS, MISS
date: Mon, 23 Dec 2024 03:21:55 GMT
x-served-by: cache-bur-kbur8200122-BUR, cache-yul1970056-YUL
x-cache-hits: 0, 0
vary: Accept-Encoding
strict-transport-security: max-age=63072000; includeSubDomains; preload
cache-control: max-age=0, no-cache, no-store, must-revalidate
timing-allow-origin: *
x-timer: S1734924115.885288,VS0,VE187
access-control-allow-credentials: true
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
access-control-allow-origin: https://www.paypal.com

GET i
c.paypal.com/v1/r/d/ Frame 8003 0
0

GET
H2 200 fb.js Show response
c.paypal.com/da/r/ 70 KB
23 KB 21ms
19ms Script
application/javascript 151.101.193.21
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://c.paypal.com/da/r/fb.js

Requested by

Host: paypal-service.pages.dev
URL: https://paypal-service.pages.dev/signin/challenge/sms

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.193.21 San Francisco, United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

ECAcc (dac/9C80) /

Resource Hash

72561daecad9d07460125458467e9c4ae115aa992bf99bf5856d7606519be13c

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://paypal-service.pages.dev/

Response headers

access-control-max-age: 86400
paypal-debug-id: 09e90dcc906d3
content-encoding: gzip
etag: W/"673387c8-118bf"
age: 503317
x-content-type-options: nosniff
access-control-allow-methods: GET
traceparent: 00-000000000000000000009e90dcc906d3-a05d4c7b0b321712-01
expires: Tue, 24 Dec 2024 03:21:54 GMT
server-timing: content-encoding;desc="gzip",x-cdn;desc="fastly"
dc: ccg11-origin-www-1.paypal.com
x-cache: HIT
date: Mon, 23 Dec 2024 03:21:54 GMT
content-type: application/javascript
x-served-by: cache-yul1970056-YUL
x-cache-hits: 91440
last-modified: Tue, 12 Nov 2024 16:52:24 GMT
access-control-allow-headers: x-csrf-token
strict-transport-security: max-age=63072000; includeSubDomains; preload
vary: Accept-Encoding, Accept-Encoding
cache-control: no-cache, no-store, must-revalidate,max-age=86400
timing-allow-origin: *
x-timer: S1734924115.896970,VS0,VE1
access-control-allow-credentials: false
via: 1.1 varnish
accept-ranges: bytes
access-control-allow-origin: *
content-length: 23767
server: ECAcc (dac/9C80)

GET
H2 200 i
c.paypal.com/v1/r/d/ Frame B548 0
0 138ms
137ms Document
text/html 151.101.1.21
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://c.paypal.com/v1/r/d/i?js_src=https://c.paypal.com/da/r/fb.js

Requested by

Host: c.paypal.com
URL: https://c.paypal.com/da/r/fb.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.1.21 San Francisco, United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://paypal-service.pages.dev/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

accept-ch: sec-ch-ua, sec-ch-ua-mobile, sec-ch-ua-full-version, sec-ch-ua-full-version-list, sec-ch-ua-platform, sec-ch-ua-platform-version, sec-ch-ua-arch, sec-ch-ua-wow64, sec-ch-ua-bitness, sec-ch-ua-model, sec-ch-ua-full
accept-ranges: none
access-control-expose-headers: Server-Timing
cache-control: max-age=0, no-cache, no-store, must-revalidate
content-encoding: br
content-security-policy-report-only: default-src 'self' https://*.paypal.com https://*.paypalobjects.com; script-src 'self' https://*.paypal.com https://*.paypalobjects.com https://*.paypalinc.com https://www.facebook.com 'unsafe-eval' 'unsafe-inline' blob:; connect-src 'self' https://*.paypal.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com data:; img-src 'self' https: data:; form-action 'self' https://*.paypal.com; base-uri 'self' https://*.paypal.com; object-src 'self' https://*.paypal.com https://*.paypalobjects.com; report-uri https://www.paypal.com/csplog/api/log/csp
content-type: text/html;charset=UTF-8
correlation-id: 62d6ef4b98c10
date: Mon, 23 Dec 2024 03:21:55 GMT
origin-trial: A0A/uBW0ogQIica1KkPCeSOoHfvTATXdyRg8F/Ka8gjK4pCprEDwF3d3wTxNzSPn1ASb5ncpd46h7RQiSqGYpA8AAACMeyJvcmlnaW4iOiJodHRwczovL2MucGF5cGFsLmNvbTo0NDMiLCJmZWF0dXJlIjoiU2VuZEZ1bGxVc2VyQWdlbnRBZnRlclJlZHVjdGlvbiIsImV4cGlyeSI6MTY5NTUxMzU5OSwiaXNTdWJkb21haW4iOnRydWUsImlzVGhpcmRQYXJ0eSI6dHJ1ZX0=
paypal-debug-id: 62d6ef4b98c10
server-timing: "traceparent;desc="00-000000000000000000062d6ef4b98c10-4c58615f30494cc7-01"";content-encoding;desc="br",x-cdn;desc="fastly"
strict-transport-security: max-age=63072000; includeSubDomains; preload
timing-allow-origin: *
traceparent: 00-000000000000000000062d6ef4b98c10-ac078cf8135d6c78-01
vary: Accept-Encoding
via: 1.1 varnish, 1.1 varnish
x-cache: MISS, MISS
x-cache-hits: 0, 0
x-content-type-options: nosniff
x-served-by: cache-bur-kbur8200039-BUR, cache-yul1970070-YUL
x-timer: S1734924115.953233,VS0,VE120
x-xss-protection: 1; mode=block

GET

counter2.cgi
slc.stats.paypal.com/v1/ Frame 9B9F
Redirect Chain

https://b.stats.paypal.com/v1/counter.cgi?r=cD1FQy01WEo5Mjc2MEpONTM1NTEyUCZpPTEwMy4xMjkuMTUwLjUmdD0xNzA2ODE1MTkzLjUyOCZhPTIxJnM9VU5JRklFRF9MT0dJThddxD1G2QJYUXL0yaHkp1YUkHRW
https://slc.stats.paypal.com/v1/counter2.cgi?r=cD1FQy01WEo5Mjc2MEpONTM1NTEyUCZpPTEwMy4xMjkuMTUwLjUmdD0xNzA2ODE1MTkzLjUyOCZhPTIxJnM9VU5JRklFRF9MT0dJThddxD1G2QJYUXL0yaHkp1YUkHRW

0
0

GET
H2 200 p3
c6.paypal.com/v1/r/d/b/ 0
419 B 587ms
372ms Image
text/plain 2606:2800:21f:5dfa:af2c:7a6d:4339:27e7
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://c6.paypal.com/v1/r/d/b/p3?f=EC-5XJ92760JN535512P&s=UNIFIED_LOGIN_INPUT_PASSWORD

Requested by

Host: paypal-service.pages.dev
URL: https://paypal-service.pages.dev/signin/challenge/sms

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2606:2800:21f:5dfa:af2c:7a6d:4339:27e7 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECAcc (dcd/7D43) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://paypal-service.pages.dev/

Response headers

strict-transport-security: max-age=63072000; includeSubDomains; preload
access-control-expose-headers: Server-Timing
cache-control: max-age=0, no-cache, no-store, must-revalidate
content-encoding: gzip
paypal-debug-id: 81a6728c2c1ce
timing-allow-origin: *
correlation-id: 81a6728c2c1ce
traceparent: 00-000000000000000000081a6728c2c1ce-8d6f49ab39e177f1-01
server-timing: traceparent;desc="00-000000000000000000081a6728c2c1ce-49ab2a1750074839-01", content-encoding;desc="", x-cdn;desc="edgecast"
content-length: 20
date: Mon, 23 Dec 2024 03:21:54 GMT
vary: Accept-Encoding
server: ECAcc (dcd/7D43)

GET
H2 200 i
c.paypal.com/v1/r/d/ Frame E1F4 0
0 263ms
130ms Document
text/html 151.101.1.21
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://c.paypal.com/v1/r/d/i?js_src=https://c.paypal.com/da/r/fb.js

Requested by

Host: paypal-service.pages.dev
URL: https://paypal-service.pages.dev/signin/challenge/sms

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.1.21 San Francisco, United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://paypal-service.pages.dev/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

accept-ch: sec-ch-ua, sec-ch-ua-mobile, sec-ch-ua-full-version, sec-ch-ua-full-version-list, sec-ch-ua-platform, sec-ch-ua-platform-version, sec-ch-ua-arch, sec-ch-ua-wow64, sec-ch-ua-bitness, sec-ch-ua-model, sec-ch-ua-full
accept-ranges: none
access-control-expose-headers: Server-Timing
cache-control: max-age=0, no-cache, no-store, must-revalidate
content-encoding: br
content-security-policy-report-only: default-src 'self' https://*.paypal.com https://*.paypalobjects.com; script-src 'self' https://*.paypal.com https://*.paypalobjects.com https://*.paypalinc.com https://www.facebook.com 'unsafe-eval' 'unsafe-inline' blob:; connect-src 'self' https://*.paypal.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com data:; img-src 'self' https: data:; form-action 'self' https://*.paypal.com; base-uri 'self' https://*.paypal.com; object-src 'self' https://*.paypal.com https://*.paypalobjects.com; report-uri https://www.paypal.com/csplog/api/log/csp
content-type: text/html;charset=UTF-8
correlation-id: 69c34ae4e0adb
date: Mon, 23 Dec 2024 03:21:55 GMT
origin-trial: A0A/uBW0ogQIica1KkPCeSOoHfvTATXdyRg8F/Ka8gjK4pCprEDwF3d3wTxNzSPn1ASb5ncpd46h7RQiSqGYpA8AAACMeyJvcmlnaW4iOiJodHRwczovL2MucGF5cGFsLmNvbTo0NDMiLCJmZWF0dXJlIjoiU2VuZEZ1bGxVc2VyQWdlbnRBZnRlclJlZHVjdGlvbiIsImV4cGlyeSI6MTY5NTUxMzU5OSwiaXNTdWJkb21haW4iOnRydWUsImlzVGhpcmRQYXJ0eSI6dHJ1ZX0=
paypal-debug-id: 69c34ae4e0adb
server-timing: "traceparent;desc="00-000000000000000000069c34ae4e0adb-50e1192dcbff32a3-01"";content-encoding;desc="br",x-cdn;desc="fastly"
strict-transport-security: max-age=63072000; includeSubDomains; preload
timing-allow-origin: *
traceparent: 00-000000000000000000069c34ae4e0adb-07858694eb532018-01
vary: Accept-Encoding
via: 1.1 varnish, 1.1 varnish
x-cache: MISS, MISS
x-cache-hits: 0, 0
x-content-type-options: nosniff
x-served-by: cache-bur-kbur8200108-BUR, cache-yul1970070-YUL
x-timer: S1734924115.093747,VS0,VE113
x-xss-protection: 1; mode=block

OPTIONS resourceaccesstoken
192.55.233.1/ Frame 0
0

POST
H3 403 client-log Show response
paypal-service.pages.dev/signin/ 4 KB
2 KB 30ms
28ms XHR
text/html 172.66.44.106
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://paypal-service.pages.dev/signin/client-log

Requested by

Host: www.paypalobjects.com
URL: https://www.paypalobjects.com/webcaptcha/ngrlCaptcha.min.js

Protocol

Security

QUIC, , AES_128_GCM

Server

172.66.44.106 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6277deede8f2efab00d7f0fe47431d4d40befa8ded6a6fff3ca7e504f11614b9

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://paypal-service.pages.dev/signin/challenge/sms
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Accept: application/json
Content-type: application/x-www-form-urlencoded

Response headers

nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding: gzip
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=IvHzZKFdZpCdt9KkQ2AdfKDbR4JqtcInL7clGg0EdcCAhDQfsIFA1eM2NvucJ7JXi63KR7ApGKOvmnyglMBpWzRh9%2Fz76kFqc2zVKiRRlYVM1H6O9kUnDACbUQGzwX4rfBn3rjDt3ekKBBc%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 8f65396a2887ab09-YYZ
date: Mon, 23 Dec 2024 03:21:55 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
server: cloudflare
x-frame-options: SAMEORIGIN

GET
H2 200 fb.js Show response
c.paypal.com/da/r/ 70 KB
24 KB 19ms
19ms Script
application/javascript 151.101.193.21
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://c.paypal.com/da/r/fb.js

Requested by

Host: www.paypalobjects.com
URL: https://www.paypalobjects.com/web/res/d92/d3850ccc8b36d093234151c519ea5/js/signin-split.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.193.21 San Francisco, United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

ECAcc (dac/9C80) /

Resource Hash

72561daecad9d07460125458467e9c4ae115aa992bf99bf5856d7606519be13c

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://paypal-service.pages.dev/

Response headers

access-control-max-age: 86400
paypal-debug-id: 09e90dcc906d3
content-encoding: gzip
etag: W/"673387c8-118bf"
age: 503318
x-content-type-options: nosniff
access-control-allow-methods: GET
traceparent: 00-000000000000000000009e90dcc906d3-a05d4c7b0b321712-01
expires: Tue, 24 Dec 2024 03:21:55 GMT
server-timing: content-encoding;desc="gzip",x-cdn;desc="fastly"
dc: ccg11-origin-www-1.paypal.com
x-cache: HIT
date: Mon, 23 Dec 2024 03:21:55 GMT
content-type: application/javascript
x-served-by: cache-yul1970056-YUL
x-cache-hits: 91441
last-modified: Tue, 12 Nov 2024 16:52:24 GMT
access-control-allow-headers: x-csrf-token
strict-transport-security: max-age=63072000; includeSubDomains; preload
vary: Accept-Encoding, Accept-Encoding
cache-control: no-cache, no-store, must-revalidate,max-age=86400
timing-allow-origin: *
x-timer: S1734924116.543175,VS0,VE1
access-control-allow-credentials: false
via: 1.1 varnish
accept-ranges: bytes
access-control-allow-origin: *
content-length: 23767
server: ECAcc (dac/9C80)

POST
H3 403 client-log Show response
paypal-service.pages.dev/signin/ 4 KB
2 KB 33ms
31ms XHR
text/html 172.66.44.106
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://paypal-service.pages.dev/signin/client-log

Requested by

Host: www.paypalobjects.com
URL: https://www.paypalobjects.com/webcaptcha/ngrlCaptcha.min.js

Protocol

Security

QUIC, , AES_128_GCM

Server

172.66.44.106 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8cf3c114076635853757dbb21266a5703892f8c72e8263bde6401750b0c27faa

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://paypal-service.pages.dev/signin/challenge/sms
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Accept: application/json
Content-type: application/x-www-form-urlencoded

Response headers

nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding: gzip
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=DYRFZB2EoR%2FO9nlb%2B6m1v%2FGUW2y53ibIFKDtI73aasnoCpUyCvhEOgXSKvHB7Hh1M8%2F1zSJvPJM7nUcUIrwzGCa3iPnVW7S24ur1DtdsQ%2Bsw67X0UKVort0U9nDPu%2FTd0NmH%2FFgYDTzzHn4%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 8f65396a3891ab09-YYZ
date: Mon, 23 Dec 2024 03:21:55 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
server: cloudflare
x-frame-options: SAMEORIGIN

GET
H3 403 challenge.js Show response
paypal-service.pages.dev/auth/createchallenge/5de5dc66420ba2ba/ 4 KB
2 KB 28ms
27ms XHR
text/html 172.66.44.106
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://paypal-service.pages.dev/auth/createchallenge/5de5dc66420ba2ba/challenge.js

Requested by

Host: www.paypalobjects.com
URL: https://www.paypalobjects.com/webcaptcha/ngrlCaptcha.min.js

Protocol

Security

QUIC, , AES_128_GCM

Server

172.66.44.106 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

38995dffb99a5cd24bbe8a508e7224ce9137ec72179a7bbb102b66d7babeb21b

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://paypal-service.pages.dev/signin/challenge/sms
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Accept: application/json

Response headers

nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding: gzip
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=iYEfYNB%2Fn8cMdcRHYs52Z8gtCyfZm8zsamI42MaG25mZ83i%2BxJOH1p2OB%2FBOYExtt7u8AAnZWjxlb16f33IX415eF9863283dr%2Bq2O4Ez%2BO2d%2BQbnnm2NIMosviP7QvEBeAaLXppRA3lPTk%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 8f65396a3894ab09-YYZ
date: Mon, 23 Dec 2024 03:21:55 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
server: cloudflare
x-frame-options: SAMEORIGIN

POST
H3 403 client-log Show response
paypal-service.pages.dev/signin/ 4 KB
2 KB 28ms
26ms XHR
text/html 172.66.44.106
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://paypal-service.pages.dev/signin/client-log

Requested by

Host: www.paypalobjects.com
URL: https://www.paypalobjects.com/webcaptcha/ngrlCaptcha.min.js

Protocol

Security

QUIC, , AES_128_GCM

Server

172.66.44.106 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

bbb0a1b08b4df1a53977227b2bc23fbb9f1b39a714c096d664950998221f0256

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://paypal-service.pages.dev/signin/challenge/sms
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Accept: application/json
Content-type: application/x-www-form-urlencoded

Response headers

nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding: gzip
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=nP%2BS5dgK4Hif10CON2UKS%2Frn%2BEvaSU71eMzPNooAOj%2F5BLyoqeHWwHiJmXEsPzcbBC6WSjLxb1M50YHenA8R7WGWG24rHf1ZL7BWnyl5BDNdmSlLiMpn3sTQRRRxD%2FA3pnKXtlI%2B88q7xP8%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 8f65396a3895ab09-YYZ
date: Mon, 23 Dec 2024 03:21:55 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
server: cloudflare
x-frame-options: SAMEORIGIN

POST resourceaccesstoken
192.55.233.1/ 0
0

GET
H3 403 cookie-banner Show response
paypal-service.pages.dev/signin/ 4 KB
2 KB 31ms
30ms XHR
text/html 172.66.44.106
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://paypal-service.pages.dev/signin/cookie-banner?

Requested by

Host: www.paypalobjects.com
URL: https://www.paypalobjects.com/webcaptcha/ngrlCaptcha.min.js

Protocol

Security

QUIC, , AES_128_GCM

Server

172.66.44.106 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4d4862fd9e99863228b8debfdc14aef9390f4231903c7d725b04b13f3d8e4386

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://paypal-service.pages.dev/signin/challenge/sms
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Accept: application/json

Response headers

nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding: gzip
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=RCEzVspNo9CD2ugC9PIFIdgHFu75WEHwKOcg7qxXJuL5F0Z1aHNOWJyfJCC5es%2F1V9VuFL6rEaswNUecXtePvCim3ElmciX1pR0jB0Ti8FTWNsv1vFnFrzf%2BfrkoiCj1xJErqElP8AG2cTQ%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 8f65396a3897ab09-YYZ
date: Mon, 23 Dec 2024 03:21:55 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
server: cloudflare
x-frame-options: SAMEORIGIN

POST
H3 403 load-resource Show response
paypal-service.pages.dev/signin/ 4 KB
2 KB 32ms
30ms XHR
text/html 172.66.44.106
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://paypal-service.pages.dev/signin/load-resource

Requested by

Host: www.paypalobjects.com
URL: https://www.paypalobjects.com/webcaptcha/ngrlCaptcha.min.js

Protocol

Security

QUIC, , AES_128_GCM

Server

172.66.44.106 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6b471ea35ce52749d7c752ad2e4c7be9a03e6a5415444debd7b86955a2ae9c5e

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://paypal-service.pages.dev/signin/challenge/sms
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Accept: application/json
Content-type: application/x-www-form-urlencoded

Response headers

nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding: gzip
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Y5%2FWDOW%2B2fNjR4%2FK7Eiru%2BjVCWGq0LioHnzAb9EdqHV6T1csrIL81U9FxPjNXuRAAHYYWg28ppld%2F78uBTYo51at0tWzXm3PDZzqDjKZuDr6q8wsbKDx54NcsHa2Ck%2BlEXLc36o1BGddfqE%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 8f65396a389aab09-YYZ
date: Mon, 23 Dec 2024 03:21:55 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
server: cloudflare
x-frame-options: SAMEORIGIN

GET
H2 200 pp_favicon_x.ico
www.paypalobjects.com/en_US/i/icon/ 5 KB
2 KB 32ms
31ms Other
image/x-icon 192.229.210.155
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL

https://www.paypalobjects.com/en_US/i/icon/pp_favicon_x.ico

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.229.210.155 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECAcc (nyd/D15E) /

Resource Hash

1690c4e20869c3763b7fc111e2f94035b0a7ee830311dd680ac91421daad3667

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://paypal-service.pages.dev/

Response headers

paypal-debug-id: 17748390dc4cf
content-encoding: br
etag: W/"5d5637bd-1536"
x-content-type-options: nosniff
expires: Mon, 23 Dec 2024 04:21:55 GMT
traceparent: 00-000000000000000000017748390dc4cf-d10b3e60678d6ae0-01
dc: ccg11-origin-www-1.paypal.com
x-cache: HIT
date: Mon, 23 Dec 2024 03:21:55 GMT
content-type: image/x-icon
last-modified: Fri, 16 Aug 2019 04:57:33 GMT
vary: Accept-Encoding
strict-transport-security: max-age=63072000; includeSubDomains; preload
cache-control: s-maxage=31536000, public,max-age=3600
timing-allow-origin: https://www.paypal.com,https://www.sandbox.paypal.com
content-length: 1471
server: ECAcc (nyd/D15E)

GET
H2 200 i
c.paypal.com/v1/r/d/ Frame 2514 0
0 139ms
138ms Document
text/html 151.101.1.21
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://c.paypal.com/v1/r/d/i?js_src=https://c.paypal.com/da/r/fb.js

Requested by

Host: c.paypal.com
URL: https://c.paypal.com/da/r/fb.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.1.21 San Francisco, United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://paypal-service.pages.dev/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

accept-ch: sec-ch-ua, sec-ch-ua-mobile, sec-ch-ua-full-version, sec-ch-ua-full-version-list, sec-ch-ua-platform, sec-ch-ua-platform-version, sec-ch-ua-arch, sec-ch-ua-wow64, sec-ch-ua-bitness, sec-ch-ua-model, sec-ch-ua-full
accept-ranges: none
access-control-expose-headers: Server-Timing
cache-control: max-age=0, no-cache, no-store, must-revalidate
content-encoding: br
content-security-policy-report-only: default-src 'self' https://*.paypal.com https://*.paypalobjects.com; script-src 'self' https://*.paypal.com https://*.paypalobjects.com https://*.paypalinc.com https://www.facebook.com 'unsafe-eval' 'unsafe-inline' blob:; connect-src 'self' https://*.paypal.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com data:; img-src 'self' https: data:; form-action 'self' https://*.paypal.com; base-uri 'self' https://*.paypal.com; object-src 'self' https://*.paypal.com https://*.paypalobjects.com; report-uri https://www.paypal.com/csplog/api/log/csp
content-type: text/html;charset=UTF-8
correlation-id: 83ce0d77a8ae1
date: Mon, 23 Dec 2024 03:21:55 GMT
origin-trial: A0A/uBW0ogQIica1KkPCeSOoHfvTATXdyRg8F/Ka8gjK4pCprEDwF3d3wTxNzSPn1ASb5ncpd46h7RQiSqGYpA8AAACMeyJvcmlnaW4iOiJodHRwczovL2MucGF5cGFsLmNvbTo0NDMiLCJmZWF0dXJlIjoiU2VuZEZ1bGxVc2VyQWdlbnRBZnRlclJlZHVjdGlvbiIsImV4cGlyeSI6MTY5NTUxMzU5OSwiaXNTdWJkb21haW4iOnRydWUsImlzVGhpcmRQYXJ0eSI6dHJ1ZX0=
paypal-debug-id: 83ce0d77a8ae1
server-timing: "traceparent;desc="00-000000000000000000083ce0d77a8ae1-f4a025343758b1dc-01"";content-encoding;desc="br",x-cdn;desc="fastly"
strict-transport-security: max-age=63072000; includeSubDomains; preload
timing-allow-origin: *
traceparent: 00-000000000000000000083ce0d77a8ae1-6cc0454bf9c13060-01
vary: Accept-Encoding
via: 1.1 varnish, 1.1 varnish
x-cache: MISS, MISS
x-cache-hits: 0, 0
x-content-type-options: nosniff
x-served-by: cache-bur-kbur8200037-BUR, cache-yul1970070-YUL
x-timer: S1734924116.588387,VS0,VE121
x-xss-protection: 1; mode=block

GET
H/1.1

200
OK

counter2.cgi
slc.stats.paypal.com/v1/ Frame F760
Redirect Chain

https://b.stats.paypal.com/v1/counter.cgi?r=cD1FQy01WEo5Mjc2MEpONTM1NTEyUCZpPTEwMy4xMjkuMTUwLjUmdD0xNzA2ODE1MTkzLjUyOCZhPTIxJnM9VU5JRklFRF9MT0dJThddxD1G2QJYUXL0yaHkp1YUkHRW
https://slc.stats.paypal.com/v1/counter2.cgi?r=cD1FQy01WEo5Mjc2MEpONTM1NTEyUCZpPTEwMy4xMjkuMTUwLjUmdD0xNzA2ODE1MTkzLjUyOCZhPTIxJnM9VU5JRklFRF9MT0dJThddxD1G2QJYUXL0yaHkp1YUkHRW

42 B
299 B

286ms
98ms

Image
image/jpeg

34.106.92.18
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://slc.stats.paypal.com/v1/counter2.cgi?r=cD1FQy01WEo5Mjc2MEpONTM1NTEyUCZpPTEwMy4xMjkuMTUwLjUmdD0xNzA2ODE1MTkzLjUyOCZhPTIxJnM9VU5JRklFRF9MT0dJThddxD1G2QJYUXL0yaHkp1YUkHRW
Protocol: HTTP/1.1
Server: 34.106.92.18 Salt Lake City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 18.92.106.34.bc.googleusercontent.com
Software: PayPal-B.Stats/1.0 /
Resource Hash: 47043e4823a6c21a8881de789b4185355330b5804629d23f6b43dd93f5265292

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://paypal-service.pages.dev/

Response headers

Content-Length: 42
Date: Mon, 23 Dec 2024 03:21:56 GMT
Content-Type: image/jpeg
Connection: close
Server: PayPal-B.Stats/1.0

Redirect headers

Location: https://slc.stats.paypal.com/v1/counter2.cgi?r=cD1FQy01WEo5Mjc2MEpONTM1NTEyUCZpPTEwMy4xMjkuMTUwLjUmdD0xNzA2ODE1MTkzLjUyOCZhPTIxJnM9VU5JRklFRF9MT0dJThddxD1G2QJYUXL0yaHkp1YUkHRW
Content-Length: 0
Date: Mon, 23 Dec 2024 03:21:55 GMT
Content-Type: application/octet-stream
Connection: close
Server: PayPal-B.Stats/1.0

GET
H2 200 p3
c6.paypal.com/v1/r/d/b/ 0
211 B 438ms
437ms Image
text/plain 2606:2800:21f:5dfa:af2c:7a6d:4339:27e7
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://c6.paypal.com/v1/r/d/b/p3?f=EC-5XJ92760JN535512P&s=UNIFIED_LOGIN_INPUT_PASSWORD

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2606:2800:21f:5dfa:af2c:7a6d:4339:27e7 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECAcc (dcd/7D65) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://paypal-service.pages.dev/

Response headers

strict-transport-security: max-age=63072000; includeSubDomains; preload
access-control-expose-headers: Server-Timing
cache-control: max-age=0, no-cache, no-store, must-revalidate
content-encoding: gzip
paypal-debug-id: 26d6834f1d22c
timing-allow-origin: *
correlation-id: 26d6834f1d22c
traceparent: 00-000000000000000000026d6834f1d22c-1eaca755c062cd56-01
server-timing: traceparent;desc="00-000000000000000000026d6834f1d22c-f820e175b6f59396-01", content-encoding;desc="", x-cdn;desc="edgecast"
content-length: 20
date: Mon, 23 Dec 2024 03:21:55 GMT
vary: Accept-Encoding
server: ECAcc (dcd/7D65)

POST
H3 403 load-resource Show response
paypal-service.pages.dev/signin/ 4 KB
2 KB 30ms
29ms XHR
text/html 172.66.44.106
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://paypal-service.pages.dev/signin/load-resource

Requested by

Host: www.paypalobjects.com
URL: https://www.paypalobjects.com/webcaptcha/ngrlCaptcha.min.js

Protocol

Security

QUIC, , AES_128_GCM

Server

172.66.44.106 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

adad7ef846113a8b2fb53b4a3bc5d9292742c3149c7ba9dcccbe418bf42e8ee0

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://paypal-service.pages.dev/signin/challenge/sms
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Accept: application/json
Content-type: application/x-www-form-urlencoded

Response headers

nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding: gzip
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=czzHTmh6w7l%2FO%2B26GsHbqLuyJS48mcDeRIKnMD4EpHmc0EbnJ7QssWOBmflWYoIOtd56gNwYnzB9vCkWWzV3GvBzvb0sOrSVRDSIuhSttt%2B657xeQPPvGEyvuKFdPbLy5UbFqGz9ba9JZog%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 8f65396a78cdab09-YYZ
date: Mon, 23 Dec 2024 03:21:55 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
server: cloudflare
x-frame-options: SAMEORIGIN

POST
H3 403 load-resource Show response
paypal-service.pages.dev/signin/ 4 KB
2 KB 29ms
27ms XHR
text/html 172.66.44.106
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://paypal-service.pages.dev/signin/load-resource

Requested by

Host: www.paypalobjects.com
URL: https://www.paypalobjects.com/webcaptcha/ngrlCaptcha.min.js

Protocol

Security

QUIC, , AES_128_GCM

Server

172.66.44.106 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c95d91af82191765ae2109f9fd35194c57ddb2c14a1cb379b8e95685181791dc

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://paypal-service.pages.dev/signin/challenge/sms
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Accept: application/json
Content-type: application/x-www-form-urlencoded

Response headers

nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding: gzip
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=BBSZDWOUwWNwF0DfGiEGWtiG99E3MKT99ftpaZcoGaqs%2FC6An3dfaEj3%2FJp9U6hN8%2FhJ2EkNNzAx%2FHJs2zMsfNRyRvBmAJgPW04RLfJtPgolRpE%2F2ZQtnAE%2Fa%2BipQzs8cLRWdNh17npDVec%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 8f65396a78ceab09-YYZ
date: Mon, 23 Dec 2024 03:21:55 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
server: cloudflare
x-frame-options: SAMEORIGIN

POST
H3 403 sms Show response
paypal-service.pages.dev/signin/challenge/ 4 KB
2 KB 30ms
28ms XHR
text/html 172.66.44.106
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://paypal-service.pages.dev/signin/challenge/sms

Requested by

Host: www.paypalobjects.com
URL: https://www.paypalobjects.com/webcaptcha/ngrlCaptcha.min.js

Protocol

Security

QUIC, , AES_128_GCM

Server

172.66.44.106 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

950871aecd6975eb15858319e5e9081b6f0c461e020961f5fc34a4e426a08176

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://paypal-service.pages.dev/signin/challenge/sms
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Accept: application/json
Content-type: application/x-www-form-urlencoded

Response headers

nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding: gzip
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=g2Yk7xyAFYfJ0lB0dbeNZkqND8O%2BKbv8ztftg2M8ecRCyyU88fas5%2Fxt1IzYsxvl9WTjWkY%2FrKQxpwfN8xpYxmoV2N3XO%2FL8%2BNfBk19OL%2Fan5o%2B2F3VoMORLhsvyEJzvzXTNEW%2FnA5Mz1R8%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 8f65396a88cfab09-YYZ
date: Mon, 23 Dec 2024 03:21:55 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
server: cloudflare
x-frame-options: SAMEORIGIN

POST
H3 403 client-log Show response
paypal-service.pages.dev/signin/ 4 KB
2 KB 39ms
37ms XHR
text/html 172.66.44.106
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://paypal-service.pages.dev/signin/client-log

Requested by

Host: www.paypalobjects.com
URL: https://www.paypalobjects.com/webcaptcha/ngrlCaptcha.min.js

Protocol

Security

QUIC, , AES_128_GCM

Server

172.66.44.106 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

22703d16aaa3fa8e0b11c11ccf14ecdf3a6e3987a8c053555ae2074e6913407e

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://paypal-service.pages.dev/signin/challenge/sms
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Accept: application/json
Content-type: application/x-www-form-urlencoded

Response headers

nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding: gzip
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=cRnWQLg%2Bo6UQgNE7lyKITafH%2BTJYgoNasfX3lLBbygZzUH5NGy1uQ1HWZV9iOcaoHm%2FUNnmslT4XNL7glyurUU1JbA8Ynp0LUcy1TinqXQ32HURQTqqtQkuz6%2BfvK3GBsO1a5Q0IEOHjxOU%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 8f65396ab91dab09-YYZ
date: Mon, 23 Dec 2024 03:21:55 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
server: cloudflare
x-frame-options: SAMEORIGIN

POST
H3 403 client-log Show response
paypal-service.pages.dev/signin/ 4 KB
2 KB 35ms
33ms XHR
text/html 172.66.44.106
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://paypal-service.pages.dev/signin/client-log

Requested by

Host: www.paypalobjects.com
URL: https://www.paypalobjects.com/webcaptcha/ngrlCaptcha.min.js

Protocol

Security

QUIC, , AES_128_GCM

Server

172.66.44.106 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5830180906cd21c6cb1fa15edf615a4c4f14dcf3ed6db194ef33af4089c167a6

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://paypal-service.pages.dev/signin/challenge/sms
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Accept: application/json
Content-type: application/x-www-form-urlencoded

Response headers

nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding: gzip
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=tzT8nMYQlJl35tMF73osINRGQ7r3K2ni0wsAlMwldzXcH4lGKE0M2o9LPEoZyWfm5wKWXyDTZhKI7YO6KUFw7m7gGAJIA%2FLpvIpFi8sGY9JUOnxzPZAnNVMZmkATCWWQMx4B5mfFqmPQjIM%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 8f65396ab921ab09-YYZ
date: Mon, 23 Dec 2024 03:21:55 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
server: cloudflare
x-frame-options: SAMEORIGIN

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: www.paypalobjects.com
URL: https://www.paypalobjects.com/pa/mi/3p/gtag/analytics.js

Domain: c.paypal.com
URL: https://c.paypal.com/v1/r/d/i?js_src=https://c.paypal.com/da/r/fb.js

Domain: slc.stats.paypal.com
URL: https://slc.stats.paypal.com/v1/counter2.cgi?r=cD1FQy01WEo5Mjc2MEpONTM1NTEyUCZpPTEwMy4xMjkuMTUwLjUmdD0xNzA2ODE1MTkzLjUyOCZhPTIxJnM9VU5JRklFRF9MT0dJThddxD1G2QJYUXL0yaHkp1YUkHRW

Domain: 192.55.233.1
URL: https://192.55.233.1/resourceaccesstoken

Domain: 192.55.233.1
URL: https://192.55.233.1/resourceaccesstoken

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: PayPal (Financial) Generic Cloudflare (Online)

22 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

3 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.paypal-service.pages.dev/	1970-01-21 01:56:50	Name: __cf_mw_byp Value: NgkbiYUVkqmTv0mNsZl5hbAzi4PwVaGmmWQg5I40cuo-1734924110-0.0.1.1-/signin/challenge/sms
.doubleclick.net/	1970-01-21 01:55:25	Name: test_cookie Value: CheckForPermission
.paypal.com/	1970-01-21 01:55:25	Name: l7_az Value: dcg15.slc

13 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://paypal-service.pages.dev/signin/challenge/sms Message: Failed to load resource: the server responded with a status of 403 ()
recommendation	verbose	URL: https://paypal-service.pages.dev/signin/challenge/sms Message: [DOM] Input elements should have autocomplete attributes (suggested: "current-password"): (More info: https://goo.gl/9p2vKq) %o
network	error	URL: https://paypal-service.pages.dev/signin/client-log Message: Failed to load resource: the server responded with a status of 403 ()
network	error	URL: https://paypal-service.pages.dev/auth/createchallenge/5de5dc66420ba2ba/challenge.js Message: Failed to load resource: the server responded with a status of 403 ()
network	error	URL: https://paypal-service.pages.dev/signin/client-log Message: Failed to load resource: the server responded with a status of 403 ()
network	error	URL: https://paypal-service.pages.dev/signin/client-log Message: Failed to load resource: the server responded with a status of 403 ()
network	error	URL: https://paypal-service.pages.dev/signin/cookie-banner? Message: Failed to load resource: the server responded with a status of 403 ()
network	error	URL: https://paypal-service.pages.dev/signin/load-resource Message: Failed to load resource: the server responded with a status of 403 ()
network	error	URL: https://paypal-service.pages.dev/signin/load-resource Message: Failed to load resource: the server responded with a status of 403 ()
network	error	URL: https://paypal-service.pages.dev/signin/load-resource Message: Failed to load resource: the server responded with a status of 403 ()
network	error	URL: https://paypal-service.pages.dev/signin/challenge/sms Message: Failed to load resource: the server responded with a status of 403 ()
network	error	URL: https://paypal-service.pages.dev/signin/client-log Message: Failed to load resource: the server responded with a status of 403 ()
network	error	URL: https://paypal-service.pages.dev/signin/client-log Message: Failed to load resource: the server responded with a status of 403 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
X-Frame-Options	SAMEORIGIN

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

192.55.233.1
b.stats.paypal.com
c.paypal.com
c6.paypal.com
googleads.g.doubleclick.net
paypal-service.pages.dev
slc.stats.paypal.com
www.google.ca
www.google.com
www.googleadservices.com
www.paypalobjects.com
192.55.233.1
c.paypal.com
slc.stats.paypal.com
www.paypalobjects.com
142.251.16.94
151.101.1.21
151.101.193.21
172.217.197.157
172.253.115.103
172.253.115.156
172.66.44.106
192.229.210.155
2606:2800:21f:5dfa:af2c:7a6d:4339:27e7
2606:4700:310c::ac42:2f96
34.106.92.18
07d4a44d248156a0e3d0c604d7359e54f3b021eeec70b7c3a1d127a141f76d97
13e4806e5c517e074ab1ea26fe0f2b7b87eaa3988006f35ed0bd4c89502d0d79
1467343f63cc98647d59c1ff575fe51349be70fe08d456cbab385a1378fb4062
1690c4e20869c3763b7fc111e2f94035b0a7ee830311dd680ac91421daad3667
1f70ff447ed799a34f4c3ae37ef1f49ed4af71123ba2c2aefe354565354284be
22703d16aaa3fa8e0b11c11ccf14ecdf3a6e3987a8c053555ae2074e6913407e
2ae6779c6c3579643ab6deb5cfb822e843bf637d006a4ec25d9857ec7fb6d8c1
35c941cd4d8fd3f57cab637553f053bfb5109b8b68cc98c4647bbac74821edec
38174b63b4995736d72761639f38873978fef87590f24e4ae88a79f8c657b3ca
38995dffb99a5cd24bbe8a508e7224ce9137ec72179a7bbb102b66d7babeb21b
4478db0b30afdb0e8474f766c8edfa4aa81559faeaa5d06053f3a65f63bd5ea5
47043e4823a6c21a8881de789b4185355330b5804629d23f6b43dd93f5265292
4a77d272b8cf508cc4a7e0da5763faa9958e42a5554fdb5d29fc3be51d685653
4d4862fd9e99863228b8debfdc14aef9390f4231903c7d725b04b13f3d8e4386
4db0df061de68b0b5ec3e87773e13797916d8eddee6e38f4c340c3ff556e270b
5830180906cd21c6cb1fa15edf615a4c4f14dcf3ed6db194ef33af4089c167a6
6277deede8f2efab00d7f0fe47431d4d40befa8ded6a6fff3ca7e504f11614b9
69be7adca53f8e3b8d56a359e63ec6510fd119768ec947d343a853f698d7a5c5
6b471ea35ce52749d7c752ad2e4c7be9a03e6a5415444debd7b86955a2ae9c5e
72561daecad9d07460125458467e9c4ae115aa992bf99bf5856d7606519be13c
84e3c77025ace5af143972b4a40fc834dcdfd4e449d4b36a57e62326f16b3091
8766a4211434d2c318fbfa412ea9633b385ecf1cab6119f8894019d91ed7e027
8b202d5bd55968ce4bfc21c063166eaebe62104275ce7ec362d78b64b2581c95
8cf3c114076635853757dbb21266a5703892f8c72e8263bde6401750b0c27faa
950871aecd6975eb15858319e5e9081b6f0c461e020961f5fc34a4e426a08176
a6c3bff965978df8093c3a29f7071c21d7439a212af41e7b40ce70d94d6bcc44
a988b87ab698928f0f5962f63b782eb8cac80531839aea8c94249178ed91bc4e
adad7ef846113a8b2fb53b4a3bc5d9292742c3149c7ba9dcccbe418bf42e8ee0
bbb0a1b08b4df1a53977227b2bc23fbb9f1b39a714c096d664950998221f0256
c95d91af82191765ae2109f9fd35194c57ddb2c14a1cb379b8e95685181791dc
cd6a23981ce0bebccb348348c949626f854894dbb5c031ef494467c942be1cce
d81bfefd8585b694222d3e94e9dee5d7935049c65355f9fd096800301d51545b
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f1591a5221136c49438642155691ae6c68e25b7241f3d7ebe975b09a77662016

paypal-service.pages.dev Open in urlscan Pro 2606:4700:310c::ac42:2f96 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

51 Requests

86 %HTTPS

18 %IPv6

8 Domains

11 Subdomains

12 IPs

1 Countries

298 kBTransfer

934 kBSize

3 Cookies

0 Outgoing links

Page URL History

Redirected requests

51 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

paypal-service.pages.dev Open in urlscan Pro
2606:4700:310c::ac42:2f96 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

51
Requests

86 %
HTTPS

18 %
IPv6

8
Domains

11
Subdomains

12
IPs

1
Countries

298 kB
Transfer

934 kB
Size

3
Cookies

51 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!