web-proxy.io Open in urlscan Pro
2606:4700:3035::6812:26ec  Malicious Activity! Public Scan

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

1. https://web-proxy.io/proxy/www.paypal.com/ch/signin Page URL
2. https://web-proxy.io/auth/validatecaptcha Page URL

---

Redirected requests

There were HTTP redirect chains for the following requests:

23 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	signin Show response web-proxy.io/proxy/www.paypal.com/ch/	7 KB 3 KB	598ms 574ms	Document text/html	2606:4700:3035::6812:26ec CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://web-proxy.io/proxy/www.paypal.com/ch/signin Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3035::6812:26ec , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Express Resource Hash 07eaef599b02ebe517d00263e84e98ce0941974c5ed967ebdff56277f7d579d2 Request headers :method GET :authority web-proxy.io :scheme https :path /proxy/www.paypal.com/ch/signin pragma no-cache cache-control no-cache upgrade-insecure-requests 1 user-agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 accept text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 sec-fetch-site none sec-fetch-mode navigate sec-fetch-user ?1 sec-fetch-dest document accept-encoding gzip, deflate, br accept-language en-US Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Wed, 09 Dec 2020 00:18:21 GMT content-type text/html; charset=utf-8 set-cookie __cfduid=d9b5200b41bd1e4517a5212589141a2741607473100; expires=Fri, 08-Jan-21 00:18:20 GMT; path=/; domain=.web-proxy.io; HttpOnly; SameSite=Lax x-powered-by Express vary Accept-Encoding cache-control max-age=14400 cf-cache-status MISS cf-request-id 06e6760f320000dffba98e1000000001 expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=8bq4Mw8gfeEMA9eg0Zvjw8eUflJn8tQTrghjV6WmoHcE1iG9%2BFKj3FZ%2BmBEFJGZ4nyebzQMeqTDtoFJSwNgrdXT%2FwLQ8J9zLaFvUhkTTVrAKvCcYFTzCULc%3D"}],"group":"cf-nel","max_age":604800} nel {"report_to":"cf-nel","max_age":604800} server cloudflare cf-ray 5fea8c5ebf1fdffb-FRA content-encoding br
GET H2	200	pa.js Show response web-proxy.io/proxy/www.paypalobjects.com/pa/js/	49 KB 18 KB	215ms 214ms	Script application/javascript	2606:4700:3035::6812:26ec CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://web-proxy.io/proxy/www.paypalobjects.com/pa/js/pa.js Requested by Host: web-proxy.io URL: https://web-proxy.io/proxy/www.paypal.com/ch/signin Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3035::6812:26ec , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Express Resource Hash c6482fe77ac7dc6fc145cc367d9380b3e9ffb592ed39ca6fc560182c33612688 Security Headers Name Value Strict-Transport-Security max-age=31536000 X-Content-Type-Options nosniff Request headers Referer https://web-proxy.io/proxy/www.paypal.com/ch/signin User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Wed, 09 Dec 2020 00:18:21 GMT content-encoding br x-content-type-options nosniff cf-cache-status MISS nel {"report_to":"cf-nel","max_age":604800} x-powered-by Express surrogate-control max-age=31536000 paypal-debug-id a7d5e60fd9c68 access-control-allow-methods GET dc phx-origin-www-3.paypal.com vary Accept-Encoding cf-request-id 06e67611760000dffb57a96000000001 last-modified Tue, 24 Nov 2020 05:46:35 GMT server cloudflare etag W/"5fbc9e3b-c421" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" strict-transport-security max-age=31536000 report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=qdKdMyxkjzeari%2Bde5E1ElXFZdH%2BLRLi%2FOZWlMH15Jde0r1vawC35xbN02f3TXPUNqbioxDmjLQjKZMHK74h7xlkSNoL1GqeYH1B6BhSo9KlK1DUj3ds1zU%3D"}],"group":"cf-nel","max_age":604800} content-type application/javascript access-control-allow-origin * cache-control max-age=14400 cf-ray 5fea8c625ae1dffb-FRA access-control-allow-headers x-csrf-token expires Wed, 09 Dec 2020 01:18:21 GMT
GET H2	404	ts web-proxy.io/proxy/https//t.paypal.com/	72 B 72 B	37ms 36ms	Image text/html	2606:4700:3035::6812:26ec CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://web-proxy.io/proxy/https//t.paypal.com/ts?nojs=1&pgrp=authchallengenodeweb%2Fpublic%2Ftemplates%2Fauthcaptcha.dust&page=authchallengenodeweb%2Fpublic%2Ftemplates%2Fauthcaptcha.dust&pgst=1607473100719&calc=bba299d8cd3bd&nsid=yBpTu6X7ealz4DymAu5WyXcDi0rLH7yu&rsta=en_US&pgtf=Nodejs&env=live&s=ci&ccpg=US&csci=07e6eb2aa63d4554ba1e70d23ab13a7c&comp=authchallengenodeweb&tsrce=authchallengenodeweb&cu=0&ef_policy=ccpa Requested by Host: web-proxy.io URL: https://web-proxy.io/proxy/www.paypal.com/ch/signin Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3035::6812:26ec , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Express Resource Hash 1cfdcde6589c3242279a43730a0fd03009e95333c46b61456e540ecc65c9d9e1 Request headers Referer https://web-proxy.io/proxy/www.paypal.com/ch/signin User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Wed, 09 Dec 2020 00:18:21 GMT content-encoding br cf-cache-status MISS nel {"report_to":"cf-nel","max_age":604800} server cloudflare x-powered-by Express expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=vQpPHbFJ%2B07TXh7CKSOxWOs9h3BQdBArp54aNajvNWDfgTx%2BHPp47XUSnZCyfL8t8aufHpWjH0c9zcC6FJaZFjzIgLUE1E669iYLhVVvF%2Fp6dgdCURRGX3Y%3D"}],"group":"cf-nel","max_age":604800} content-type text/html cache-control max-age=14400 cf-ray 5fea8c625ae2dffb-FRA cf-request-id 06e67611770000dffb3b162000000001
GET H2	200	app.css web-proxy.io/proxy/www.paypalobjects.com/web/res/dc9/99e63da7c23f04e84d0e82bce06b5/css/	33 KB 6 KB	150ms 150ms	Stylesheet text/css	2606:4700:3035::6812:26ec CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://web-proxy.io/proxy/www.paypalobjects.com/web/res/dc9/99e63da7c23f04e84d0e82bce06b5/css/app.css Requested by Host: web-proxy.io URL: https://web-proxy.io/proxy/www.paypal.com/ch/signin Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3035::6812:26ec , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Express Resource Hash 3a10e94adc4b9facb2258e11abf6e0c992f22e9d773fe61bc0ba5580e0591309 Security Headers Name Value Strict-Transport-Security max-age=31536000 X-Content-Type-Options nosniff Request headers Referer https://web-proxy.io/proxy/www.paypal.com/ch/signin User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Wed, 09 Dec 2020 00:18:21 GMT content-encoding br x-content-type-options nosniff cf-cache-status MISS nel {"report_to":"cf-nel","max_age":604800} x-powered-by Express vary Accept-Encoding cf-request-id 06e676119c0000dffb3e99f000000001 last-modified Fri, 04 Sep 2020 17:40:56 GMT server cloudflare expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" strict-transport-security max-age=31536000 report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=2He6bdpGOD0zllk6t9J80Rg6Gi1omS4wJfLDq1fX7Eju5vZudblOl%2B053V%2BsyAjpWxzAUFBz2mRmqxd12BerAZVVHTRy11lnEbhUhoJG3nxol%2B84CYQFbOs%3D"}],"group":"cf-nel","max_age":604800} content-type text/css cache-control max-age=31536000 cf-ray 5fea8c629b22dffb-FRA expires Thu, 09 Dec 2021 00:18:21 GMT
GET H2	200	modernizr-2.6.1.js Show response web-proxy.io/proxy/www.paypalobjects.com/web/res/dc9/99e63da7c23f04e84d0e82bce06b5/js/lib/	4 KB 2 KB	162ms 162ms	Script application/x-javascript	2606:4700:3035::6812:26ec CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://web-proxy.io/proxy/www.paypalobjects.com/web/res/dc9/99e63da7c23f04e84d0e82bce06b5/js/lib/modernizr-2.6.1.js Requested by Host: web-proxy.io URL: https://web-proxy.io/proxy/www.paypal.com/ch/signin Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3035::6812:26ec , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Express Resource Hash a6c3bff965978df8093c3a29f7071c21d7439a212af41e7b40ce70d94d6bcc44 Security Headers Name Value Strict-Transport-Security max-age=31536000 X-Content-Type-Options nosniff Request headers Referer https://web-proxy.io/proxy/www.paypal.com/ch/signin User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Wed, 09 Dec 2020 00:18:21 GMT content-encoding br x-content-type-options nosniff cf-cache-status MISS nel {"report_to":"cf-nel","max_age":604800} x-powered-by Express access-control-allow-methods GET vary Accept-Encoding cf-request-id 06e67612340000dffb4f9ce000000001 last-modified Fri, 04 Sep 2020 17:40:56 GMT server cloudflare expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" strict-transport-security max-age=31536000 report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=zYYiNqhhgHrHic61fYOdzVArut9qVEPDtxaLM4T7U5HFo04yd4ad%2FWhn%2F8aNpA8F0zs0QlbnkhGHg1db6zAOhsym3%2Bn6YqpKy4A1XEeT1wMdia11HaTKDNE%3D"}],"group":"cf-nel","max_age":604800} content-type application/x-javascript access-control-allow-origin * cache-control max-age=31536000 cf-ray 5fea8c638c51dffb-FRA access-control-allow-headers x-csrf-token expires Thu, 09 Dec 2021 00:18:21 GMT
GET H2	200	authchallenge.js Show response web-proxy.io/proxy/www.paypalobjects.com/web/res/dc9/99e63da7c23f04e84d0e82bce06b5/js/	15 KB 4 KB	107ms 106ms	Script application/x-javascript	2606:4700:3035::6812:26ec CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://web-proxy.io/proxy/www.paypalobjects.com/web/res/dc9/99e63da7c23f04e84d0e82bce06b5/js/authchallenge.js Requested by Host: web-proxy.io URL: https://web-proxy.io/proxy/www.paypal.com/ch/signin Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3035::6812:26ec , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Express Resource Hash 1f758f186455381a56a7c9c67e6d03e155cbe2485fa4404fadc9e8960e525d53 Security Headers Name Value Strict-Transport-Security max-age=31536000 X-Content-Type-Options nosniff Request headers Referer https://web-proxy.io/proxy/www.paypal.com/ch/signin User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Wed, 09 Dec 2020 00:18:21 GMT content-encoding br x-content-type-options nosniff cf-cache-status MISS nel {"report_to":"cf-nel","max_age":604800} x-powered-by Express access-control-allow-methods GET vary Accept-Encoding cf-request-id 06e67612570000dffb8a8d8000000001 last-modified Fri, 04 Sep 2020 17:40:56 GMT server cloudflare expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" strict-transport-security max-age=31536000 report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=Vt2m%2Bn6eXQJtji1xN1LG7tMFzLI0o49kaVud%2FUmESsxnWhvEeIw5EFWBu%2BpUQts%2FLwCP%2F8I8BILB2ZjDO75eZJdbru0K0ifchvdfhbLUzsYV9ywNTFJauqg%3D"}],"group":"cf-nel","max_age":604800} content-type application/x-javascript access-control-allow-origin * cache-control max-age=31536000 cf-ray 5fea8c63bc87dffb-FRA access-control-allow-headers x-csrf-token expires Thu, 09 Dec 2021 00:18:21 GMT
GET H2	200	require.js Show response web-proxy.io/proxy/www.paypalobjects.com/web/res/dc9/99e63da7c23f04e84d0e82bce06b5/js/lib/	15 KB 6 KB	114ms 114ms	Script application/x-javascript	2606:4700:3035::6812:26ec CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://web-proxy.io/proxy/www.paypalobjects.com/web/res/dc9/99e63da7c23f04e84d0e82bce06b5/js/lib/require.js Requested by Host: web-proxy.io URL: https://web-proxy.io/proxy/www.paypal.com/ch/signin Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3035::6812:26ec , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Express Resource Hash c007d73792ac2d25882bfbb573e700e721a0adacfab947e6a0b64a61991fecf0 Security Headers Name Value Strict-Transport-Security max-age=31536000 X-Content-Type-Options nosniff Request headers Referer https://web-proxy.io/proxy/www.paypal.com/ch/signin User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Wed, 09 Dec 2020 00:18:21 GMT content-encoding br x-content-type-options nosniff cf-cache-status MISS nel {"report_to":"cf-nel","max_age":604800} x-powered-by Express access-control-allow-methods GET vary Accept-Encoding cf-request-id 06e67612510000dffb30114000000001 last-modified Fri, 04 Sep 2020 17:40:56 GMT server cloudflare expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" strict-transport-security max-age=31536000 report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=9bLBBgLhjmGyFCAXWMfnWDHIEIg%2BXvmGKAJAVurLgWsmherJ4zOoL3CsfxPgzEH9mfaWod3G4V1IbP1P8Y9M6r9LIm%2Byzhjh5ASFNeIeVVm8AeePaxft8n8%3D"}],"group":"cf-nel","max_age":604800} content-type application/x-javascript access-control-allow-origin * cache-control max-age=31536000 cf-ray 5fea8c63bc81dffb-FRA access-control-allow-headers x-csrf-token expires Thu, 09 Dec 2021 00:18:21 GMT
GET H2	200	recaptcha_v2.html Show response web-proxy.io/proxy/www.paypalobjects.com/web/res/dc9/99e63da7c23f04e84d0e82bce06b5/recaptcha/ Frame 4437	7 KB 2 KB	166ms 166ms	Document text/html	2606:4700:3035::6812:26ec CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://web-proxy.io/proxy/www.paypalobjects.com/web/res/dc9/99e63da7c23f04e84d0e82bce06b5/recaptcha/recaptcha_v2.html?siteKey=6LeZ6egUAAAAAGwL8CjkDE8dcSw2DtvuVpdwTkwG&locale.x=en_US&country.x=US&checkConnectionTimeout=5000&reCaptchaEnterpriseEnabled=true Requested by Host: web-proxy.io URL: https://web-proxy.io/proxy/www.paypal.com/ch/signin Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3035::6812:26ec , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Express Resource Hash 6119ac6d472ccadd7fb7b2dedc5eaeee89ff479d0a56c090d06d1786f7dd4ee3 Request headers :method GET :authority web-proxy.io :scheme https :path /proxy/www.paypalobjects.com/web/res/dc9/99e63da7c23f04e84d0e82bce06b5/recaptcha/recaptcha_v2.html?siteKey=6LeZ6egUAAAAAGwL8CjkDE8dcSw2DtvuVpdwTkwG&locale.x=en_US&country.x=US&checkConnectionTimeout=5000&reCaptchaEnterpriseEnabled=true pragma no-cache cache-control no-cache upgrade-insecure-requests 1 user-agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 accept text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 sec-fetch-site same-origin sec-fetch-mode navigate sec-fetch-dest iframe referer https://web-proxy.io/proxy/www.paypal.com/ch/signin accept-encoding gzip, deflate, br accept-language en-US cookie __cfduid=d9b5200b41bd1e4517a5212589141a2741607473100 Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Referer https://web-proxy.io/proxy/www.paypal.com/ch/signin Response headers date Wed, 09 Dec 2020 00:18:21 GMT content-type text/html; charset=utf-8 x-powered-by Express vary Accept-Encoding cache-control max-age=14400 cf-cache-status MISS cf-request-id 06e67612da0000dffb5f9c0000000001 expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=q2M0CJjK56bhDVIjJZy9rN75qBO6ltWQTURgLuOoxFF%2Fue4Xya%2F%2FpOjuNfKWYemygbe%2B%2BngyYIDKEVnQkrK7WF7mRIM0jQhrSX7i7yivOS0GFPxr%2FJPw4Nk%3D"}],"group":"cf-nel","max_age":604800} nel {"report_to":"cf-nel","max_age":604800} server cloudflare cf-ray 5fea8c649d6bdffb-FRA content-encoding br
POST H2	404	logclientdata Show response web-proxy.io/auth/	158 B 431 B	41ms 40ms	XHR text/html	2606:4700:3035::6812:26ec CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://web-proxy.io/auth/logclientdata Requested by Host: web-proxy.io URL: https://web-proxy.io/proxy/www.paypalobjects.com/web/res/dc9/99e63da7c23f04e84d0e82bce06b5/js/authchallenge.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3035::6812:26ec , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Express Resource Hash 7f86a24a10a1eeed3c466d4ef9c2c770cee74a5c7ddb5abe46254fe332b5d2a6 Security Headers Name Value Content-Security-Policy default-src 'self' X-Content-Type-Options nosniff Request headers Referer https://web-proxy.io/proxy/www.paypal.com/ch/signin User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Content-Type application/json;charset=UTF-8 Response headers date Wed, 09 Dec 2020 00:18:21 GMT content-encoding br x-content-type-options nosniff cf-cache-status DYNAMIC nel {"report_to":"cf-nel","max_age":604800} server cloudflare x-powered-by Express expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=QXDE859mH%2Bubd6nQTJ6tDR6G6HiD8FJrWe2YUKOZj8TEFVDCBCs7sEYBLd27DUoNdyohuUl5xKeL6z1dL%2B8%2BHXHB%2F9EgxQ6x0F%2B0%2BKrcUxJhbZZUHXgJXOM%3D"}],"group":"cf-nel","max_age":604800} content-type text/html; charset=utf-8 content-security-policy default-src 'self' cf-ray 5fea8c649d79dffb-FRA cf-request-id 06e67612e00000dffb66261000000001
GET H2	200	momgram@2x.png www.paypalobjects.com/images/shared/	2 KB 2 KB	49ms 7ms	Image image/png	151.101.114.133 FASTLY
General Check archive.org Show headers Download Go to Show image Full URL https://www.paypalobjects.com/images/shared/momgram@2x.png Requested by Host: web-proxy.io URL: https://web-proxy.io/proxy/www.paypalobjects.com/web/res/dc9/99e63da7c23f04e84d0e82bce06b5/css/app.css Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 151.101.114.133 Frankfurt am Main, Germany, ASN54113 (FASTLY, US), Reverse DNS Software / Resource Hash b3f1bf1d5e25838bcad8535a2b700486644f4ea888e46c77d3e82783cb9da1b4 Security Headers Name Value Strict-Transport-Security max-age=31557600 X-Content-Type-Options nosniff Request headers Referer https://web-proxy.io/proxy/www.paypalobjects.com/web/res/dc9/99e63da7c23f04e84d0e82bce06b5/css/app.css User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Wed, 09 Dec 2020 00:18:21 GMT via 1.1 varnish, 1.1 varnish x-content-type-options nosniff age 2841811 x-cache HIT, HIT fastly-io-info ifsz=1996 idim=60x74 ifmt=png ofsz=1768 odim=60x74 ofmt=png paypal-debug-id 324f5cf7bde6a fastly-stats io=1 dc phx-origin-www-2.paypal.com content-length 1768 x-served-by cache-sjc10063-SJC, cache-hhn4045-HHN x-timer S1607473102.580226,VS0,VE0 etag "n1eiFwTHQZT8r7LMVF4RJSE9QNnoZS4jSUvEYSZDtgw" strict-transport-security max-age=31557600 content-type image/png cache-control max-age=3600 accept-ranges bytes x-cache-hits 6200, 4
GET H2	200	config.js Show response www.paypalobjects.com/web/res/dc9/99e63da7c23f04e84d0e82bce06b5/js/	1 KB 879 B	35ms 7ms	Script application/x-javascript	151.101.114.133 FASTLY
General Check archive.org Show headers Download Go to Full URL https://www.paypalobjects.com/web/res/dc9/99e63da7c23f04e84d0e82bce06b5/js/config.js Requested by Host: web-proxy.io URL: https://web-proxy.io/proxy/www.paypalobjects.com/web/res/dc9/99e63da7c23f04e84d0e82bce06b5/js/lib/require.js Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 151.101.114.133 Frankfurt am Main, Germany, ASN54113 (FASTLY, US), Reverse DNS Software Apache / Resource Hash f977d4284f71bb9418da0e2ced1408b073cd2484cba7fc04a90ff3ee72eab60c Security Headers Name Value Strict-Transport-Security max-age=31557600 X-Content-Type-Options nosniff Request headers Referer https://web-proxy.io/proxy/www.paypal.com/ch/signin User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Wed, 09 Dec 2020 00:18:21 GMT via 1.1 varnish, 1.1 varnish, 1.1 varnish x-content-type-options nosniff age 8173454 x-cache HIT, HIT, HIT content-encoding gzip vary Accept-Encoding content-length 572 x-served-by cache-lax8639-LAX, cache-sjc10066-SJC, cache-hhn4045-HHN last-modified Fri, 04 Sep 2020 17:40:56 GMT server Apache x-timer S1607473102.580308,VS0,VE0 strict-transport-security max-age=31557600 access-control-allow-methods GET content-type application/x-javascript access-control-allow-origin * cache-control max-age=31536000 accept-ranges bytes access-control-allow-headers x-csrf-token x-cache-hits 1, 1939, 155099
GET H2	200	app.js Show response www.paypalobjects.com/web/res/dc9/99e63da7c23f04e84d0e82bce06b5/js/	154 KB 51 KB	8ms 7ms	Script application/x-javascript	151.101.114.133 FASTLY
General Check archive.org Show headers Download Go to Full URL https://www.paypalobjects.com/web/res/dc9/99e63da7c23f04e84d0e82bce06b5/js/app.js Requested by Host: web-proxy.io URL: https://web-proxy.io/proxy/www.paypalobjects.com/web/res/dc9/99e63da7c23f04e84d0e82bce06b5/js/lib/require.js Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 151.101.114.133 Frankfurt am Main, Germany, ASN54113 (FASTLY, US), Reverse DNS Software Apache / Resource Hash 3ab59d6a93eea708acd7de12f0f1a969ee43aec05af9c8233cf8bd8b7ebbb9ac Security Headers Name Value Strict-Transport-Security max-age=31557600 X-Content-Type-Options nosniff Request headers Referer https://web-proxy.io/proxy/www.paypal.com/ch/signin User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Wed, 09 Dec 2020 00:18:21 GMT via 1.1 varnish, 1.1 varnish, 1.1 varnish x-content-type-options nosniff age 8173454 x-cache HIT, HIT, HIT content-encoding gzip vary Accept-Encoding content-length 52350 x-served-by cache-lax8621-LAX, cache-sjc10076-SJC, cache-hhn4045-HHN last-modified Fri, 04 Sep 2020 17:40:56 GMT server Apache x-timer S1607473102.595729,VS0,VE0 strict-transport-security max-age=31557600 access-control-allow-methods GET content-type application/x-javascript access-control-allow-origin * cache-control max-age=31536000 accept-ranges bytes access-control-allow-headers x-csrf-token x-cache-hits 1, 128, 156312
GET H2	200	dust-core.js Show response www.paypalobjects.com/web/res/dc9/99e63da7c23f04e84d0e82bce06b5/js/lib/	11 KB 4 KB	8ms 7ms	Script application/x-javascript	151.101.114.133 FASTLY
General Check archive.org Show headers Download Go to Full URL https://www.paypalobjects.com/web/res/dc9/99e63da7c23f04e84d0e82bce06b5/js/lib/dust-core.js Requested by Host: web-proxy.io URL: https://web-proxy.io/proxy/www.paypalobjects.com/web/res/dc9/99e63da7c23f04e84d0e82bce06b5/js/lib/require.js Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 151.101.114.133 Frankfurt am Main, Germany, ASN54113 (FASTLY, US), Reverse DNS Software Apache / Resource Hash f054fae6fb3433f5e1f7d3f964156276a85b82298d8b5bdc12aac342124f88be Security Headers Name Value Strict-Transport-Security max-age=31557600 X-Content-Type-Options nosniff Request headers Referer https://web-proxy.io/proxy/www.paypal.com/ch/signin User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Wed, 09 Dec 2020 00:18:21 GMT via 1.1 varnish, 1.1 varnish, 1.1 varnish x-content-type-options nosniff age 8173454 x-cache HIT, HIT, HIT content-encoding gzip vary Accept-Encoding content-length 3862 x-served-by cache-lax8641-LAX, cache-sjc10057-SJC, cache-hhn4045-HHN last-modified Fri, 04 Sep 2020 17:40:56 GMT server Apache x-timer S1607473102.634542,VS0,VE0 strict-transport-security max-age=31557600 access-control-allow-methods GET content-type application/x-javascript access-control-allow-origin * cache-control max-age=31536000 accept-ranges bytes access-control-allow-headers x-csrf-token x-cache-hits 3, 2, 152411
GET H2	200	authcaptcha.js Show response www.paypalobjects.com/web/res/dc9/99e63da7c23f04e84d0e82bce06b5/js/view/	2 KB 860 B	7ms 7ms	Script application/x-javascript	151.101.114.133 FASTLY
General Check archive.org Show headers Download Go to Full URL https://www.paypalobjects.com/web/res/dc9/99e63da7c23f04e84d0e82bce06b5/js/view/authcaptcha.js Requested by Host: web-proxy.io URL: https://web-proxy.io/proxy/www.paypalobjects.com/web/res/dc9/99e63da7c23f04e84d0e82bce06b5/js/lib/require.js Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 151.101.114.133 Frankfurt am Main, Germany, ASN54113 (FASTLY, US), Reverse DNS Software Apache / Resource Hash b5a8625ac074103a36ddef69e1a8ee3a4dcb10df29abe8be9511469bc0d7d479 Security Headers Name Value Strict-Transport-Security max-age=31557600 X-Content-Type-Options nosniff Request headers Referer https://web-proxy.io/proxy/www.paypal.com/ch/signin User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Wed, 09 Dec 2020 00:18:21 GMT via 1.1 varnish, 1.1 varnish x-content-type-options nosniff age 8173454 x-cache HIT, HIT content-encoding gzip vary Accept-Encoding content-length 756 x-served-by cache-lax8633-LAX, cache-hhn4045-HHN last-modified Fri, 04 Sep 2020 17:40:56 GMT server Apache x-timer S1607473102.651722,VS0,VE0 strict-transport-security max-age=31557600 access-control-allow-methods GET content-type application/x-javascript access-control-allow-origin * cache-control max-age=31536000 accept-ranges bytes access-control-allow-headers x-csrf-token x-cache-hits 1, 148569
GET H2	200	pageView.js Show response www.paypalobjects.com/web/res/dc9/99e63da7c23f04e84d0e82bce06b5/js/view/	962 B 707 B	8ms 7ms	Script application/x-javascript	151.101.114.133 FASTLY
General Check archive.org Show headers Download Go to Full URL https://www.paypalobjects.com/web/res/dc9/99e63da7c23f04e84d0e82bce06b5/js/view/pageView.js Requested by Host: web-proxy.io URL: https://web-proxy.io/proxy/www.paypalobjects.com/web/res/dc9/99e63da7c23f04e84d0e82bce06b5/js/lib/require.js Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 151.101.114.133 Frankfurt am Main, Germany, ASN54113 (FASTLY, US), Reverse DNS Software Apache / Resource Hash 7549618e528fd1eccd42defb37f7b18d7330813a4c7214f5b9660f7a6c23032b Security Headers Name Value Strict-Transport-Security max-age=31557600 X-Content-Type-Options nosniff Request headers Referer https://web-proxy.io/proxy/www.paypal.com/ch/signin User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Wed, 09 Dec 2020 00:18:21 GMT via 1.1 varnish, 1.1 varnish, 1.1 varnish x-content-type-options nosniff age 8170666 x-cache HIT, HIT, HIT content-encoding gzip vary Accept-Encoding content-length 547 x-served-by cache-lax8651-LAX, cache-sjc10081-SJC, cache-hhn4045-HHN last-modified Fri, 04 Sep 2020 17:40:56 GMT server Apache x-timer S1607473102.661338,VS0,VE0 strict-transport-security max-age=31557600 access-control-allow-methods GET content-type application/x-javascript access-control-allow-origin * cache-control max-age=31536000 accept-ranges bytes access-control-allow-headers x-csrf-token x-cache-hits 2846, 3514, 145697
GET H2	200	validation.js Show response www.paypalobjects.com/web/res/dc9/99e63da7c23f04e84d0e82bce06b5/js/widgets/	693 B 697 B	9ms 8ms	Script application/x-javascript	151.101.114.133 FASTLY
General Check archive.org Show headers Download Go to Full URL https://www.paypalobjects.com/web/res/dc9/99e63da7c23f04e84d0e82bce06b5/js/widgets/validation.js Requested by Host: web-proxy.io URL: https://web-proxy.io/proxy/www.paypalobjects.com/web/res/dc9/99e63da7c23f04e84d0e82bce06b5/js/lib/require.js Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 151.101.114.133 Frankfurt am Main, Germany, ASN54113 (FASTLY, US), Reverse DNS Software Apache / Resource Hash b9c1fbd8f6b13011e0c3e0e9ca294884f09dc3ec0c305b41f567bf9b088aebbe Security Headers Name Value Strict-Transport-Security max-age=31557600 X-Content-Type-Options nosniff Request headers Referer https://web-proxy.io/proxy/www.paypal.com/ch/signin User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Wed, 09 Dec 2020 00:18:21 GMT via 1.1 varnish, 1.1 varnish, 1.1 varnish x-content-type-options nosniff age 8171980 x-cache HIT, HIT, HIT content-encoding gzip vary Accept-Encoding content-length 387 x-served-by cache-lax8648-LAX, cache-sjc10031-SJC, cache-hhn4045-HHN last-modified Fri, 04 Sep 2020 17:40:56 GMT server Apache x-timer S1607473102.661448,VS0,VE0 strict-transport-security max-age=31557600 access-control-allow-methods GET content-type application/x-javascript access-control-allow-origin * cache-control max-age=31536000 accept-ranges bytes access-control-allow-headers x-csrf-token x-cache-hits 3, 458, 145604
GET H2	200	errorDisplay.js Show response www.paypalobjects.com/web/res/dc9/99e63da7c23f04e84d0e82bce06b5/js/widgets/	2 KB 1 KB	8ms 7ms	Script application/x-javascript	151.101.114.133 FASTLY
General Check archive.org Show headers Download Go to Full URL https://www.paypalobjects.com/web/res/dc9/99e63da7c23f04e84d0e82bce06b5/js/widgets/errorDisplay.js Requested by Host: web-proxy.io URL: https://web-proxy.io/proxy/www.paypalobjects.com/web/res/dc9/99e63da7c23f04e84d0e82bce06b5/js/lib/require.js Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 151.101.114.133 Frankfurt am Main, Germany, ASN54113 (FASTLY, US), Reverse DNS Software Apache / Resource Hash d1a7d216019da8388df7eae074e71b0acfc005ad84409a5ff6c7e0f36ef9eb96 Security Headers Name Value Strict-Transport-Security max-age=31557600 X-Content-Type-Options nosniff Request headers Referer https://web-proxy.io/proxy/www.paypal.com/ch/signin User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Wed, 09 Dec 2020 00:18:21 GMT via 1.1 varnish, 1.1 varnish, 1.1 varnish x-content-type-options nosniff age 8170667 x-cache HIT, HIT, HIT content-encoding gzip vary Accept-Encoding content-length 900 x-served-by cache-lax8648-LAX, cache-sjc10080-SJC, cache-hhn4045-HHN last-modified Fri, 04 Sep 2020 17:40:56 GMT server Apache x-timer S1607473102.661551,VS0,VE0 strict-transport-security max-age=31557600 access-control-allow-methods GET content-type application/x-javascript access-control-allow-origin * cache-control max-age=31536000 accept-ranges bytes access-control-allow-headers x-csrf-token x-cache-hits 1, 3431, 144819
GET H2	200	enterprise.js Show response www.recaptcha.net/recaptcha/ Frame 4437	1012 B 1 KB	38ms 18ms	Script text/javascript	2a00:1450:4001:803::2003 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.recaptcha.net/recaptcha/enterprise.js?onload=recaptchaEnterpriseCallback&render=explicit&hl=en Requested by Host: web-proxy.io URL: https://web-proxy.io/proxy/www.paypalobjects.com/web/res/dc9/99e63da7c23f04e84d0e82bce06b5/recaptcha/recaptcha_v2.html?siteKey=6LeZ6egUAAAAAGwL8CjkDE8dcSw2DtvuVpdwTkwG&locale.x=en_US&country.x=US&checkConnectionTimeout=5000&reCaptchaEnterpriseEnabled=true Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:803::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software GSE / Resource Hash d77ac2a04e151edafd3c999339aaba5b79fee3967621ed5172838d8ef7312528 Security Headers Name Value Content-Security-Policy frame-ancestors 'self' X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers Referer https://web-proxy.io/proxy/www.paypalobjects.com/web/res/dc9/99e63da7c23f04e84d0e82bce06b5/recaptcha/recaptcha_v2.html?siteKey=6LeZ6egUAAAAAGwL8CjkDE8dcSw2DtvuVpdwTkwG&locale.x=en_US&country.x=US&checkConnectionTimeout=5000&reCaptchaEnterpriseEnabled=true User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Wed, 09 Dec 2020 00:18:21 GMT content-encoding gzip x-content-type-options nosniff server GSE x-frame-options SAMEORIGIN content-type text/javascript; charset=UTF-8 cache-control private, max-age=300 cross-origin-resource-policy cross-origin content-security-policy frame-ancestors 'self' alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 611 x-xss-protection 1; mode=block expires Wed, 09 Dec 2020 00:18:21 GMT
GET H2	200	recaptcha__en.js Show response www.gstatic.com/recaptcha/releases/UFwvoDBMjc8LiYc1DKXiAomK/ Frame 4437	335 KB 131 KB	25ms 6ms	Script text/javascript	2a00:1450:4001:816::2003 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.gstatic.com/recaptcha/releases/UFwvoDBMjc8LiYc1DKXiAomK/recaptcha__en.js Requested by Host: www.recaptcha.net URL: https://www.recaptcha.net/recaptcha/enterprise.js?onload=recaptchaEnterpriseCallback&render=explicit&hl=en Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:816::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 14a2806a256579773a3680e21459dea7827d002104c6336856e0bef9a39be0c9 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Origin https://web-proxy.io Referer https://web-proxy.io/proxy/www.paypalobjects.com/web/res/dc9/99e63da7c23f04e84d0e82bce06b5/recaptcha/recaptcha_v2.html?siteKey=6LeZ6egUAAAAAGwL8CjkDE8dcSw2DtvuVpdwTkwG&locale.x=en_US&country.x=US&checkConnectionTimeout=5000&reCaptchaEnterpriseEnabled=true User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Tue, 08 Dec 2020 23:35:05 GMT content-encoding gzip x-content-type-options nosniff age 2596 cross-origin-resource-policy cross-origin alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 133988 x-xss-protection 0 last-modified Mon, 16 Nov 2020 01:06:46 GMT server sffe vary Accept-Encoding content-type text/javascript access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes expires Wed, 08 Dec 2021 23:35:05 GMT
GET H2	200	anchor www.google.com/recaptcha/enterprise/ Frame 1DE4	0 0	58ms 58ms	Document text/html	2a00:1450:4001:802::2004 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.google.com/recaptcha/enterprise/anchor?ar=1&k=6LeZ6egUAAAAAGwL8CjkDE8dcSw2DtvuVpdwTkwG&co=aHR0cHM6Ly93ZWItcHJveHkuaW86NDQz&hl=en&v=UFwvoDBMjc8LiYc1DKXiAomK&theme=light&size=normal&cb=e4cifkj07hpa Requested by Host: www.gstatic.com URL: https://www.gstatic.com/recaptcha/releases/UFwvoDBMjc8LiYc1DKXiAomK/recaptcha__en.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:802::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software GSE / Resource Hash Security Headers Name Value Content-Security-Policy script-src 'report-sample' 'nonce-QjT7JUVo1yxFPIYzo6vn4Q' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1 X-Content-Type-Options nosniff X-Xss-Protection 1; mode=block Request headers :method GET :authority www.google.com :scheme https :path /recaptcha/enterprise/anchor?ar=1&k=6LeZ6egUAAAAAGwL8CjkDE8dcSw2DtvuVpdwTkwG&co=aHR0cHM6Ly93ZWItcHJveHkuaW86NDQz&hl=en&v=UFwvoDBMjc8LiYc1DKXiAomK&theme=light&size=normal&cb=e4cifkj07hpa pragma no-cache cache-control no-cache upgrade-insecure-requests 1 user-agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 accept text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 sec-fetch-site cross-site sec-fetch-mode navigate sec-fetch-dest iframe referer https://web-proxy.io/proxy/www.paypalobjects.com/web/res/dc9/99e63da7c23f04e84d0e82bce06b5/recaptcha/recaptcha_v2.html?siteKey=6LeZ6egUAAAAAGwL8CjkDE8dcSw2DtvuVpdwTkwG&locale.x=en_US&country.x=US&checkConnectionTimeout=5000&reCaptchaEnterpriseEnabled=true accept-encoding gzip, deflate, br accept-language en-US Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Referer https://web-proxy.io/proxy/www.paypalobjects.com/web/res/dc9/99e63da7c23f04e84d0e82bce06b5/recaptcha/recaptcha_v2.html?siteKey=6LeZ6egUAAAAAGwL8CjkDE8dcSw2DtvuVpdwTkwG&locale.x=en_US&country.x=US&checkConnectionTimeout=5000&reCaptchaEnterpriseEnabled=true Response headers content-security-policy script-src 'report-sample' 'nonce-QjT7JUVo1yxFPIYzo6vn4Q' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1 content-type text/html; charset=utf-8 content-encoding gzip date Wed, 09 Dec 2020 00:18:21 GMT expires Wed, 09 Dec 2020 00:18:21 GMT cache-control private, max-age=0 x-content-type-options nosniff x-xss-protection 1; mode=block content-length 1054 server GSE alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
POST H2	404	logclientdata Show response web-proxy.io/auth/	158 B 380 B	34ms 34ms	XHR text/html	2606:4700:3035::6812:26ec CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://web-proxy.io/auth/logclientdata Requested by Host: web-proxy.io URL: https://web-proxy.io/proxy/www.paypalobjects.com/web/res/dc9/99e63da7c23f04e84d0e82bce06b5/js/authchallenge.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3035::6812:26ec , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Express Resource Hash 7f86a24a10a1eeed3c466d4ef9c2c770cee74a5c7ddb5abe46254fe332b5d2a6 Security Headers Name Value Content-Security-Policy default-src 'self' X-Content-Type-Options nosniff Request headers Referer https://web-proxy.io/proxy/www.paypal.com/ch/signin User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Content-Type application/json;charset=UTF-8 Response headers date Wed, 09 Dec 2020 00:18:21 GMT content-encoding br x-content-type-options nosniff cf-cache-status DYNAMIC nel {"report_to":"cf-nel","max_age":604800} server cloudflare x-powered-by Express expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=IO0N5reAmU4Gpmv0%2Fn%2FAEHDTBLLcIJ63yuKXiWi22HqupiV91T8qOrKTVmiy5g7suyEADlRvpTs4DRzQ%2BZzxe71XUzFRS5FlZuSggE2hzOVZAWK01PhbfFE%3D"}],"group":"cf-nel","max_age":604800} content-type text/html; charset=utf-8 content-security-policy default-src 'self' cf-ray 5fea8c665f60dffb-FRA cf-request-id 06e67613fb0000dffb371c7000000001
POST H2	404	logclientdata web-proxy.io/auth/	158 B 381 B	59ms 58ms	XHR text/html	2606:4700:3035::6812:26ec CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://web-proxy.io/auth/logclientdata Requested by Host: web-proxy.io URL: https://web-proxy.io/proxy/www.paypalobjects.com/web/res/dc9/99e63da7c23f04e84d0e82bce06b5/js/authchallenge.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3035::6812:26ec , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Express Resource Hash Security Headers Name Value Content-Security-Policy default-src 'self' X-Content-Type-Options nosniff Request headers Referer https://web-proxy.io/proxy/www.paypal.com/ch/signin User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Content-Type application/json;charset=UTF-8 Response headers date Wed, 09 Dec 2020 00:18:22 GMT content-encoding br x-content-type-options nosniff cf-cache-status DYNAMIC nel {"report_to":"cf-nel","max_age":604800} server cloudflare x-powered-by Express expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=JP8C6Yz47FZooZcNetQPzdpMCc5kBNJcebHQ34cykvnDfIYX7E7WkjPPNg%2BYbFk1BaJYEyjgu3L6D6mOplRUd6LChO%2BkkxMLdgiUyhq%2BTSQhiC5mEhAp0HA%3D"}],"group":"cf-nel","max_age":604800} content-type text/html; charset=utf-8 content-security-policy default-src 'self' cf-ray 5fea8c674873dffb-FRA cf-request-id 06e67614900000dffb87b4b000000001
POST H2	404	Primary Request validatecaptcha Show response web-proxy.io/auth/	160 B 360 B	58ms 58ms	Document text/html	2606:4700:3035::6812:26ec CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://web-proxy.io/auth/validatecaptcha Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3035::6812:26ec , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Express Resource Hash 366bae1b916be92a9770fe0e10eb743859678ba144f2527b1366af63cef0d4b1 Security Headers Name Value Content-Security-Policy default-src 'self' X-Content-Type-Options nosniff Request headers :method POST :authority web-proxy.io :scheme https :path /auth/validatecaptcha content-length 558 pragma no-cache cache-control no-cache upgrade-insecure-requests 1 origin https://web-proxy.io content-type application/x-www-form-urlencoded user-agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 accept text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 sec-fetch-site same-origin sec-fetch-mode navigate sec-fetch-dest document referer https://web-proxy.io/proxy/www.paypal.com/ch/signin accept-encoding gzip, deflate, br accept-language en-US cookie __cfduid=d9b5200b41bd1e4517a5212589141a2741607473100 Upgrade-Insecure-Requests 1 Origin https://web-proxy.io Content-Type application/x-www-form-urlencoded User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Referer https://web-proxy.io/proxy/www.paypal.com/ch/signin Response headers date Wed, 09 Dec 2020 00:18:22 GMT content-type text/html; charset=utf-8 x-powered-by Express content-security-policy default-src 'self' x-content-type-options nosniff vary Accept-Encoding cf-cache-status DYNAMIC cf-request-id 06e67614920000dffb7f1e4000000001 expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=ZKNBDbDNGOwpmTTj0sz0rx7t6AS1yDHMr3cXNRCCwhHkZ6wUcQyR%2BlSimAgmvcb5HSqS%2BDH%2FzC6eJ85jbMTKY%2Fdp7Gh8zR2Dxxjwr6VMfShsP8MZjkh3fPU%3D"}],"group":"cf-nel","max_age":604800} nel {"report_to":"cf-nel","max_age":604800} server cloudflare cf-ray 5fea8c67587adffb-FRA content-encoding br

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: PayPal (Financial)

9 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| cookieStore function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker object| trustedTypes boolean| crossOriginIsolated

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			.web-proxy.io/	1970-01-19 15:14:25	Name: __cfduid Value: d9b5200b41bd1e4517a5212589141a2741607473100

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

web-proxy.io
www.google.com
www.gstatic.com
www.paypalobjects.com
www.recaptcha.net
151.101.114.133
2606:4700:3035::6812:26ec
2a00:1450:4001:802::2004
2a00:1450:4001:803::2003
2a00:1450:4001:816::2003
07eaef599b02ebe517d00263e84e98ce0941974c5ed967ebdff56277f7d579d2
14a2806a256579773a3680e21459dea7827d002104c6336856e0bef9a39be0c9
1cfdcde6589c3242279a43730a0fd03009e95333c46b61456e540ecc65c9d9e1
1f758f186455381a56a7c9c67e6d03e155cbe2485fa4404fadc9e8960e525d53
366bae1b916be92a9770fe0e10eb743859678ba144f2527b1366af63cef0d4b1
3a10e94adc4b9facb2258e11abf6e0c992f22e9d773fe61bc0ba5580e0591309
3ab59d6a93eea708acd7de12f0f1a969ee43aec05af9c8233cf8bd8b7ebbb9ac
6119ac6d472ccadd7fb7b2dedc5eaeee89ff479d0a56c090d06d1786f7dd4ee3
7549618e528fd1eccd42defb37f7b18d7330813a4c7214f5b9660f7a6c23032b
7f86a24a10a1eeed3c466d4ef9c2c770cee74a5c7ddb5abe46254fe332b5d2a6
a6c3bff965978df8093c3a29f7071c21d7439a212af41e7b40ce70d94d6bcc44
b3f1bf1d5e25838bcad8535a2b700486644f4ea888e46c77d3e82783cb9da1b4
b5a8625ac074103a36ddef69e1a8ee3a4dcb10df29abe8be9511469bc0d7d479
b9c1fbd8f6b13011e0c3e0e9ca294884f09dc3ec0c305b41f567bf9b088aebbe
c007d73792ac2d25882bfbb573e700e721a0adacfab947e6a0b64a61991fecf0
c6482fe77ac7dc6fc145cc367d9380b3e9ffb592ed39ca6fc560182c33612688
d1a7d216019da8388df7eae074e71b0acfc005ad84409a5ff6c7e0f36ef9eb96
d77ac2a04e151edafd3c999339aaba5b79fee3967621ed5172838d8ef7312528
f054fae6fb3433f5e1f7d3f964156276a85b82298d8b5bdc12aac342124f88be
f977d4284f71bb9418da0e2ced1408b073cd2484cba7fc04a90ff3ee72eab60c