serial-choices-mo-slightly.trycloudflare.com Open in urlscan Pro
104.17.123.55 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
http://serial-choices-mo-slightly.trycloudflare.com/login.html.php
Submission: On May 11 via automatic, source openphish (May 11th 2023, 6:05:05 pm UTC) — Scanned from DE

Summary HTTP 17 Redirects Links 9 Behaviour Indicators

Summary

This website contacted 7 IPs in 3 countries across 4 domains to perform 17 HTTP transactions. The main IP is 104.17.123.55, located in and belongs to CLOUDFLARENET, US. The main domain is serial-choices-mo-slightly.trycloudflare.com.

This is the only time serial-choices-mo-slightly.trycloudflare.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: eBay (E-commerce)

Domain & IP information

	IP Address	AS Autonomous System
1	104.17.123.55 104.17.123.55	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2 7	104.111.217.17 104.111.217.17	16625 (AKAMAI-AS) (AKAMAI-AS)
2 2	2.19.225.87 2.19.225.87	16625 (AKAMAI-AS) (AKAMAI-AS)
3	2a04:4e42:400... 2a04:4e42:400::718	54113 (FASTLY) (FASTLY)
1	104.75.89.51 104.75.89.51	16625 (AKAMAI-AS) (AKAMAI-AS)
5	151.101.65.35 151.101.65.35	54113 (FASTLY) (FASTLY)
1 2	64.4.245.84 64.4.245.84	17012 (PAYPAL) (PAYPAL)
17	7

1 104.17.123.55 (None, )

ASN13335 (CLOUDFLARENET, US)

serial-choices-mo-slightly.trycloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 104.111.217.17 (Frankfurt am Main, Germany) 2 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a104-111-217-17.deploy.static.akamaitechnologies.com

www.ebay.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
secureinclude.ebaystatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
securepics.ebaystatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2.19.225.87 (Frankfurt am Main, Germany) 2 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a2-19-225-87.deploy.static.akamaitechnologies.com

pages.ebay.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a04:4e42:400::718 (United States)

ASN54113 (FASTLY, US)

ir.ebaystatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.75.89.51 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a104-75-89-51.deploy.static.akamaitechnologies.com

secureir.ebaystatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 151.101.65.35 (United States)

ASN54113 (FASTLY, US)

c.paypal.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 64.4.245.84 (United States) 1 redirects

ASN17012 (PAYPAL, US)

b.stats.paypal.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
dub.stats.paypal.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
7	paypal.com 1 redirects c.paypal.com — Cisco Umbrella Rank: 5582 b.stats.paypal.com — Cisco Umbrella Rank: 4935 dub.stats.paypal.com — Cisco Umbrella Rank: 23669	39 KB
7	ebaystatic.com secureinclude.ebaystatic.com — Cisco Umbrella Rank: 60212 ir.ebaystatic.com — Cisco Umbrella Rank: 6776 secureir.ebaystatic.com — Cisco Umbrella Rank: 5550 securepics.ebaystatic.com — Cisco Umbrella Rank: 25459	84 KB
6	ebay.com 4 redirects www.ebay.com — Cisco Umbrella Rank: 4638 pages.ebay.com — Cisco Umbrella Rank: 11024	2 KB
1	trycloudflare.com serial-choices-mo-slightly.trycloudflare.com	47 KB
17	4

	Domain	Requested by
5	c.paypal.com	serial-choices-mo-slightly.trycloudflare.com c.paypal.com
4	www.ebay.com	2 redirects serial-choices-mo-slightly.trycloudflare.com
3	ir.ebaystatic.com	serial-choices-mo-slightly.trycloudflare.com
2	securepics.ebaystatic.com	serial-choices-mo-slightly.trycloudflare.com
2	pages.ebay.com	2 redirects
1	dub.stats.paypal.com	serial-choices-mo-slightly.trycloudflare.com
1	b.stats.paypal.com	1 redirects
1	secureir.ebaystatic.com	serial-choices-mo-slightly.trycloudflare.com
1	secureinclude.ebaystatic.com	serial-choices-mo-slightly.trycloudflare.com
1	serial-choices-mo-slightly.trycloudflare.com
17	10

This site contains links to these domains. Also see Links.

Domain
www.ebay.com
reg.ebay.com
scgi.ebay.com
www.ebayinc.com
pages.ebay.com
cgi6.ebay.com
trustsealinfo.websecurity.norton.com

Subject Issuer	Validity	Valid
www.ebay.com Sectigo RSA Organization Validation Secure Server CA	`2022-08-16` - `2023-08-16`	a year	crt.sh
i.ebayimg.com Sectigo RSA Organization Validation Secure Server CA	`2023-05-02` - `2024-05-01`	a year	crt.sh
www.paypal.com DigiCert SHA2 Extended Validation Server CA	`2022-11-10` - `2023-11-10`	a year	crt.sh

This page contains 5 frames:

Primary Page: http://serial-choices-mo-slightly.trycloudflare.com/login.html.php
Frame ID: 222623457A8532FB732797E512D93F46
Requests: 9 HTTP requests in this frame

Frame: https://c.paypal.com/da/r/fb-all-prod.pp.min.js
Frame ID: 3858FF1F2BA05E9F933683E817E60E07
Requests: 1 HTTP requests in this frame

Frame: https://www.ebay.com/n/error
Frame ID: 28FF979F69DA906E0FDCC1CAAA6C6D0E
Requests: 1 HTTP requests in this frame

Frame: https://dub.stats.paypal.com/v1/counter2.cgi?r=cD0zNWYyOTZiZTE2NDBhYTEyYTZkMWUwZDZmM2Y5N2M4ZCZpPTc5LjEwNi4xMjYuMCZ0PTE1Mjk5MTM0NjQmYT0yMF1gswZvvRuEgtAQEyMPuaHcIkRW
Frame ID: 463B2167A922C580276D4168F35E6677
Requests: 1 HTTP requests in this frame

Frame: https://c.paypal.com/v1/r/d/i?js_src=https://c.paypal.com/da/r/fb-all-prod.pp.min.js
Frame ID: F7430BFBD2F3B0FF8B058C24B207CD96
Requests: 4 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Sign in or Register | eBay

Detected technologies

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

\.php(?:$|\?)

Page Statistics

17
Requests

76 %
HTTPS

14 %
IPv6

4
Domains

10
Subdomains

7
IPs

3
Countries

169 kB
Transfer

506 kB
Size

3
Cookies

9 Outgoing links

These are links going to different origins than the main page.

URL: https://www.ebay.com/
Title: eBay

Search URL Search Domain Scan URL

URL: https://reg.ebay.com/reg/PartialReg?siteid=0&UsingSSL=1&co_partnerId=2&errmsg=&src=&ru=https%3A%2F%2Fwww.ebay.com%2Fitm%2FWINDOWS-PASSWORD-RESET-PC-LOGIN-DAOSSOFT-PASSCAPE-ALL-WINDOWS-XP-7-8-1-10%2F222195616714%3Fhash%3Ditem33bbe40bca%253Am%253Amcu81Vm6_o_X4BqYhX4AbNw%26var%3D521032520366&signInUrl=https%3A%2F%2Fwww.ebay.com%3A443%2Fws%2FeBayISAPI.dll%3FSignIn%26ru%3Dhttps%253A%252F%252Fwww.ebay.com%252Fitm%252FWINDOWS-PASSWORD-RESET-PC-LOGIN-DAOSSOFT-PASSCAPE-ALL-WINDOWS-XP-7-8-1-10%252F222195616714%253Fhash%253Ditem33bbe40bca%25253Am%25253Amcu81Vm6_o_X4BqYhX4AbNw%2526var%253D521032520366&rv4=1
Title: Register

Search URL Search Domain Scan URL

URL: https://scgi.ebay.com/ws/eBayISAPI.dll?FYPShow&_trksid=p4853.m2379.l4061&otpFyp=1&signInUrl=https%3A%2F%2Fwww.ebay.com%3A443%2Fws%2FeBayISAPI.dll%3FSignIn%26ru%3Dhttps%253A%252F%252Fwww.ebay.com%252Fitm%252FWINDOWS-PASSWORD-RESET-PC-LOGIN-DAOSSOFT-PASSCAPE-ALL-WINDOWS-XP-7-8-1-10%252F222195616714%253Fhash%253Ditem33bbe40bca%25253Am%25253Amcu81Vm6_o_X4BqYhX4AbNw%2526var%253D521032520366&ru=https%3A%2F%2Fwww.ebay.com%2Fitm%2FWINDOWS-PASSWORD-RESET-PC-LOGIN-DAOSSOFT-PASSCAPE-ALL-WINDOWS-XP-7-8-1-10%2F222195616714%3Fhash%3Ditem33bbe40bca%253Am%253Amcu81Vm6_o_X4BqYhX4AbNw%26var%3D521032520366
Title: Reset your password

Search URL Search Domain Scan URL

URL: https://www.ebayinc.com/accessibility/
Title: Accessibility

Search URL Search Domain Scan URL

URL: https://pages.ebay.com/help/policies/user-agreement.html
Title: User Agreement

Search URL Search Domain Scan URL

URL: https://pages.ebay.com/help/policies/privacy-policy.html
Title: Privacy

Search URL Search Domain Scan URL

URL: https://pages.ebay.com/help/account/cookies-web-beacons.html
Title: Cookies

Search URL Search Domain Scan URL

URL: https://cgi6.ebay.com/ws/eBayISAPI.dll?AdChoiceLandingPage&partner=0
Title: AdChoice

Search URL Search Domain Scan URL

URL: https://trustsealinfo.websecurity.norton.com/splash?form_file=fdf/splash.fdf&dn=www.ebay.com&lang=en
Title: Norton Secured - powered by Verisign

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0

https://www.ebay.com/rdr/js/s/rrbundle-v1.0.2.js HTTP 302
https://pages.ebay.com/rdr/js/s/rrbundle-v1.0.2.js HTTP 301
https://www.ebay.com/n/error

Request Chain 8

https://www.ebay.com/t_n.html?org_id=usllpic0&session_id=35f2d58d1640ab6005673d37ffe94eb2&suppressFlash=true HTTP 302
https://pages.ebay.com/t_n.html?org_id=usllpic0&session_id=35f2d58d1640ab6005673d37ffe94eb2&suppressFlash=true HTTP 301
https://www.ebay.com/n/error

Request Chain 10

https://b.stats.paypal.com/v1/counter.cgi?r=cD0zNWYyOTZiZTE2NDBhYTEyYTZkMWUwZDZmM2Y5N2M4ZCZpPTc5LjEwNi4xMjYuMCZ0PTE1Mjk5MTM0NjQmYT0yMF1gswZvvRuEgtAQEyMPuaHcIkRW HTTP 302
https://dub.stats.paypal.com/v1/counter2.cgi?r=cD0zNWYyOTZiZTE2NDBhYTEyYTZkMWUwZDZmM2Y5N2M4ZCZpPTc5LjEwNi4xMjYuMCZ0PTE1Mjk5MTM0NjQmYT0yMF1gswZvvRuEgtAQEyMPuaHcIkRW

17 HTTP transactions
-1 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request login.html.php Show response
serial-choices-mo-slightly.trycloudflare.com/ 175 KB
47 KB 197ms
176ms Document
text/html 104.17.123.55
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: http://serial-choices-mo-slightly.trycloudflare.com/login.html.php
Protocol: HTTP/1.1
Server: 104.17.123.55 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / PHP/8.2.4
Resource Hash: dbbcc268297a8f8642655015065ea2fc985c99268fe8165257a2c52d853baede

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

CF-Cache-Status: DYNAMIC
CF-Ray: 7c5c58f099042c5b-FRA
Connection: keep-alive
Content-Encoding: gzip
Content-Type: text/html; charset=UTF-8
Date: Thu, 11 May 2023 18:04:58 GMT
Host: serial-choices-mo-slightly.trycloudflare.com
Server: cloudflare
Transfer-Encoding: chunked
Vary: Accept-Encoding
X-Powered-By: PHP/8.2.4

GET
H2

404

error
www.ebay.com/n/
Redirect Chain

https://www.ebay.com/rdr/js/s/rrbundle-v1.0.2.js
https://pages.ebay.com/rdr/js/s/rrbundle-v1.0.2.js
https://www.ebay.com/n/error

0
0

327ms
326ms

Script
text/html

104.111.217.17
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://www.ebay.com/n/error
Requested by: Host: serial-choices-mo-slightly.trycloudflare.com
URL: http://serial-choices-mo-slightly.trycloudflare.com/login.html.php
Protocol: H2
Server: 104.111.217.17 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-111-217-17.deploy.static.akamaitechnologies.com
Software: /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://serial-choices-mo-slightly.trycloudflare.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

Redirect headers

x-edgeconnect-origin-mex-latency: 650, 650, 650
strict-transport-security: max-age=600
date: Thu, 11 May 2023 18:04:59 GMT
server: ebay-proxy-server
x-ebay-pop-id: SLBRNOAZ03
x-edgeconnect-midmile-rtt: 0, 0, 0
location: https://www.ebay.com/n/error
x-envoy-upstream-service-time: 30
rlogid: t6fug%60f%3F%3Cumjcwbbc*%3A%7Daka%28rbpv6710-1880bfcd6e6-0xf3
content-length: 0

GET
H/1.1 200
OK roverlv.js Show response
secureinclude.ebaystatic.com/js/v/in/ 63 KB
18 KB 145ms
32ms Script
application/javascript 104.111.217.17
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://secureinclude.ebaystatic.com/js/v/in/roverlv.js

Requested by

Host: serial-choices-mo-slightly.trycloudflare.com
URL: http://serial-choices-mo-slightly.trycloudflare.com/login.html.php

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

104.111.217.17 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-111-217-17.deploy.static.akamaitechnologies.com

Software

Apache/2.4.41 (Ubuntu) /

Resource Hash

f0f85849af7c4c628a8b4f53f72debe9888f3df2414f0b8af30c743a765f6c56

Security Headers

Name	Value
Strict-Transport-Security	max-age=600 ; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://serial-choices-mo-slightly.trycloudflare.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

Date: Thu, 11 May 2023 18:04:58 GMT
Content-Encoding: gzip
X-Cache-Lookup: HIT from include-cache-1:8080
Last-Modified: Mon, 11 Jul 2022 09:32:22 GMT
Server: Apache/2.4.41 (Ubuntu)
Strict-Transport-Security: max-age=600 ; includeSubDomains
ETag: "fa01-5e3843aa4bd28-gzip"
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: max-age=22092
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 17588
Expires: Fri, 12 May 2023 00:13:10 GMT

GET
H2 200 fxxj3ttftm5ltcqnto1o4baovyl.png
ir.ebaystatic.com/rs/v/ 5 KB
5 KB 91ms
7ms Image
image/png 2a04:4e42:400::718
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ir.ebaystatic.com/rs/v/fxxj3ttftm5ltcqnto1o4baovyl.png

Requested by

Host: serial-choices-mo-slightly.trycloudflare.com
URL: http://serial-choices-mo-slightly.trycloudflare.com/login.html.php

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:400::718 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

ebay server /

Resource Hash

5440e48584e47738479ccd905576e9ddf2097d07b6c7ba81dda6eeb13b1d4af0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31557600

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://serial-choices-mo-slightly.trycloudflare.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

x-cache-hits: 57350
date: Thu, 11 May 2023 18:04:58 GMT
via: 1.1 include-cache-2 (squid), 1.1 varnish
x-cache-lookup: HIT from include-cache-2:80
x-cdn: Fastly
strict-transport-security: max-age=31557600
age: 20021763
x-cache: HIT from include-cache-2, HIT
x-ebay-c-version: 1.0.0
content-length: 4820
x-served-by: cache-fra-eddf8230034-FRA
last-modified: Wed, 29 Oct 2014 18:09:24 GMT
server: ebay server
x-timer: S1683828299.605688,VS0,VE0
warning: 113 squid "This cache hit is still fresh and more than 1 day old"
content-type: image/png
access-control-allow-origin: *
access-control-allow-methods: GET
cache-control: public, max-age=31536000, immutable
rlogid: t6q%60utuf%3C%3Dosuufvuq%60%282t7g2*w%60ut3540-1836298fe27-0xdd
accept-ranges: bytes
access-control-allow-headers: *
expires: Fri, 22 Sep 2023 00:28:57 GMT

GET
H2 200 aaa5p3nkya2onh2wvw0vhpasj.js Show response
secureir.ebaystatic.com/v4js/z/yy/ 102 KB
28 KB 96ms
16ms Script
application/x-javascript 104.75.89.51
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://secureir.ebaystatic.com/v4js/z/yy/aaa5p3nkya2onh2wvw0vhpasj.js

Requested by

Host: serial-choices-mo-slightly.trycloudflare.com
URL: http://serial-choices-mo-slightly.trycloudflare.com/login.html.php

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.75.89.51 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-75-89-51.deploy.static.akamaitechnologies.com

Software

Akamai Resource Optimizer /

Resource Hash

8e27b0403bf1062e5c8df7f76bb053bac530db88e86a3f5b99930b4dc78c69d1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://serial-choices-mo-slightly.trycloudflare.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

x-edgeconnect-origin-mex-latency: 212
x-ebay-client-tls-version: TLSv1.2, 23.59.89.136
content-encoding: br
x-cache-lookup: MISS from include-cache-4:80
x-cdn: AKAMAI, AKAMAI
date: Thu, 11 May 2023 18:04:58 GMT
akamai-grn: 0.10200117.1661552622.25cc5ec1, , , , , , , , , 0.8b6656b8.1683828298.10b40e3e
x-edgeconnect-midmile-rtt: 0
strict-transport-security: max-age=31536000
x-ebay-c-version: 1.0.0
content-length: 28326
last-modified: Fri, 26 Aug 2022 22:23:43 GMT
server: Akamai Resource Optimizer
access-control-allow-methods: GET
content-type: application/x-javascript;charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, immutable
rlogid: t6q%60utuf%3C%3Dosuufvuq%60%281%60%7B%7Fp*w%60ut355%3F-182dc40fe1c-0xe5
x-ebay-request-id: 182dc40f-e1c0-a7b2-7750-3998ffc53f3a!v3resource.cview!lvsressvc-7gxzv-tess0038.stratus.lvs.ebay.com!r1ressvc[]
access-control-allow-headers: *
expires: Fri, 10 May 2024 18:04:58 GMT

GET
H2 200 dw5a31rmxmzjfazlcvx4wnwylmt.js Show response
ir.ebaystatic.com/rs/v/ 31 KB
10 KB 93ms
8ms Script
application/x-javascript 2a04:4e42:400::718
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://ir.ebaystatic.com/rs/v/dw5a31rmxmzjfazlcvx4wnwylmt.js

Requested by

Host: serial-choices-mo-slightly.trycloudflare.com
URL: http://serial-choices-mo-slightly.trycloudflare.com/login.html.php

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:400::718 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

ebay server /

Resource Hash

391f1eb710e4c55cd679045b3fa1f78a090fd4678f8b49b6f0c72a6d645bdee2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31557600

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://serial-choices-mo-slightly.trycloudflare.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

x-cache-hits: 1
date: Thu, 11 May 2023 18:04:58 GMT
content-encoding: gzip
via: 1.1 include-cache-1 (squid), 1.1 varnish
x-cache-lookup: MISS from include-cache-1:8080
x-cdn: Fastly
strict-transport-security: max-age=31557600
age: 101947
x-cache: MISS from include-cache-1, HIT
x-ebay-c-version: 1.0.0
content-length: 9454
x-served-by: cache-fra-eddf8230034-FRA
last-modified: Thu, 26 Jan 2017 12:39:07 GMT
server: ebay server
x-timer: S1683828299.605729,VS0,VE1
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/x-javascript;charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, immutable
rlogid: t6q%60utuf%3C%3Dosuufvuq%60%28j0a2d*w%60ut3530-18805e93c14-0xce
accept-ranges: bytes
access-control-allow-headers: *
expires: Thu, 09 May 2024 13:45:51 GMT

GET
H2 200 imgbg.jpg
securepics.ebaystatic.com/aw/pics/cmp/ds3/ 1 KB
2 KB 77ms
30ms Image
image/jpeg 104.111.217.17
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://securepics.ebaystatic.com/aw/pics/cmp/ds3/imgbg.jpg

Requested by

Host: serial-choices-mo-slightly.trycloudflare.com
URL: http://serial-choices-mo-slightly.trycloudflare.com/login.html.php

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.111.217.17 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-111-217-17.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

b054c21c769e6e73a3f3f2e51ff27783043d87f8c4cb963c0554b33010fa3efc

Security Headers

Name	Value
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://serial-choices-mo-slightly.trycloudflare.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Thu, 11 May 2023 18:04:58 GMT
x-cache-lookup: HIT from pics-cache-3:80
last-modified: Tue, 30 May 2017 20:58:47 GMT
server: Apache
etag: "570-550c411e57d01"
content-type: image/jpeg
cache-control: max-age=3267489
accept-ranges: bytes
content-length: 1392
x-xss-protection: 1; mode=block
expires: Sun, 18 Jun 2023 13:43:07 GMT

GET
H2 200 sprSignIn3.png
securepics.ebaystatic.com/aw/pics/register/ 19 KB
20 KB 85ms
39ms Image
image/png 104.111.217.17
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://securepics.ebaystatic.com/aw/pics/register/sprSignIn3.png

Requested by

Host: serial-choices-mo-slightly.trycloudflare.com
URL: http://serial-choices-mo-slightly.trycloudflare.com/login.html.php

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.111.217.17 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-111-217-17.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

e2192eadf7564ceb9202cb5b5ddcfb244c4a2627ffd46b7292855972181623ec

Security Headers

Name	Value
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://serial-choices-mo-slightly.trycloudflare.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Thu, 11 May 2023 18:04:58 GMT
x-cache-lookup: MISS from pics-cache-3:80
last-modified: Tue, 30 May 2017 21:02:38 GMT
server: Apache
etag: "4de3-550c41fb00e9b"
content-type: image/png
cache-control: max-age=3860713
accept-ranges: bytes
content-length: 19939
x-xss-protection: 1; mode=block
expires: Sun, 25 Jun 2023 10:30:11 GMT

GET
H2 200 fb-all-prod.pp.min.js Show response
c.paypal.com/da/r/ Frame 3858 55 KB
18 KB 77ms
18ms Script
application/javascript 151.101.65.35
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://c.paypal.com/da/r/fb-all-prod.pp.min.js

Requested by

Host: serial-choices-mo-slightly.trycloudflare.com
URL: http://serial-choices-mo-slightly.trycloudflare.com/login.html.php

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.65.35 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

6a9e8f2089bfb54a69cca47cc0ae3a17df0aefbe0b939d6da4a74bdcea52a273

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: http://serial-choices-mo-slightly.trycloudflare.com/
Origin: http://serial-choices-mo-slightly.trycloudflare.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

x-cache-hits: 0, 0, 1
date: Thu, 11 May 2023 18:04:58 GMT
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish, 1.1 varnish
x-content-type-options: nosniff
strict-transport-security: max-age=63072000; includeSubDomains; preload
age: 769846
x-cache: MISS, MISS, HIT
paypal-debug-id: 978e0abf60c98
server-timing: content-encoding;desc="gzip",x-cdn;desc="fastly"
dc: ccg11-origin-www-1.paypal.com
content-length: 17379
x-served-by: cache-sjc10025-SJC, cache-fra-etou8220048-FRA, cache-fra-eddf8230066-FRA
last-modified: Sat, 13 Feb 2021 00:19:20 GMT
traceparent: 00-0000000000000000000978e0abf60c98-7fa6d822dd461653-01
x-timer: S1683828299.807383,VS0,VE3
etag: W/"60271b08-da45"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: *
cache-control: s-maxage=31536000, public,max-age=86400
access-control-allow-credentials: false
access-control-max-age: 86400
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 12 May 2023 18:04:58 GMT

GET
H2

404

error
www.ebay.com/n/ Frame 28FF
Redirect Chain

https://www.ebay.com/t_n.html?org_id=usllpic0&session_id=35f2d58d1640ab6005673d37ffe94eb2&suppressFlash=true
https://pages.ebay.com/t_n.html?org_id=usllpic0&session_id=35f2d58d1640ab6005673d37ffe94eb2&suppressFlash=true
https://www.ebay.com/n/error

0
0

253ms
253ms

Document
text/html

104.111.217.17
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.ebay.com/n/error

Requested by

Host: serial-choices-mo-slightly.trycloudflare.com
URL: http://serial-choices-mo-slightly.trycloudflare.com/login.html.php

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.111.217.17 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-111-217-17.deploy.static.akamaitechnologies.com

Software

ebay-proxy-server /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: http://serial-choices-mo-slightly.trycloudflare.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ch: sec-ch-ua-model,sec-ch-ua-platform-version,sec-ch-ua-full-version
content-encoding: gzip
content-type: text/html; charset=utf-8
date: Thu, 11 May 2023 18:05:00 GMT
rlogid: t6p%60iovg%60b25%3C%3Dosutfjnracc63(jkhkn*w%60ut351%3E-1880bfcd8ab-0x1b05
server: ebay-proxy-server
strict-transport-security: max-age=31536000
vary: Accept-Encoding
x-content-type-options: nosniff
x-edgeconnect-midmile-rtt: 2
x-edgeconnect-origin-mex-latency: 214
x-envoy-upstream-service-time: 209
x-frame-options: SAMEORIGIN
x-origin-ip: 66.135.207.145
x-xss-protection: 1; mode=block

Redirect headers

content-length: 0
date: Thu, 11 May 2023 18:04:59 GMT
location: https://www.ebay.com/n/error
rlogid: t6fug%60f%3F%3Cumjcwbbc*%3Bc%7E%3Fo%28rbpv6702-1880bfcd7ea-0xea
server: ebay-proxy-server
strict-transport-security: max-age=600
x-ebay-pop-id: SLBLVSAZ01
x-edgeconnect-midmile-rtt: 0
x-edgeconnect-origin-mex-latency: 641
x-envoy-upstream-service-time: 21

GET
H2 200 f5uxsy10bmz05dtrtrqybl5qquv.png
ir.ebaystatic.com/rs/v/ 994 B
2 KB 9ms
9ms Image
image/png 2a04:4e42:400::718
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ir.ebaystatic.com/rs/v/f5uxsy10bmz05dtrtrqybl5qquv.png?e

Requested by

Host: serial-choices-mo-slightly.trycloudflare.com
URL: http://serial-choices-mo-slightly.trycloudflare.com/login.html.php

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:400::718 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

ebay server /

Resource Hash

7e0f4cd0590e2cf36c094d4226d70ccf2bc12107c46f3aeb8b3b5801396b44b0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31557600

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://serial-choices-mo-slightly.trycloudflare.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

x-cache-hits: 1
x-ebay-client-tls-version: TLSv1.2, 140.248.75.68
via: 1.1 include-cache-3 (squid), 1.1 varnish
x-cache-lookup: MISS from include-cache-3:80
x-cdn: Fastly
date: Thu, 11 May 2023 18:04:58 GMT
age: 836341
strict-transport-security: max-age=31557600
x-cache: MISS from include-cache-3, HIT
x-ebay-c-version: 1.0.0
content-length: 994
x-served-by: cache-fra-eddf8230034-FRA
last-modified: Fri, 12 Feb 2016 00:01:35 GMT
server: ebay server
x-timer: S1683828299.809576,VS0,VE1
access-control-allow-methods: GET
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000, immutable
rlogid: t6q%60utuf%3C%3Dosuufvuq%60%28e%7Fpg%3E*w%60ut355%3F-187da234826-0xcf
accept-ranges: bytes
access-control-allow-headers: *
expires: Wed, 01 May 2024 01:45:58 GMT

GET
H/1.1

200
OK

counter2.cgi
dub.stats.paypal.com/v1/ Frame 463B
Redirect Chain

https://b.stats.paypal.com/v1/counter.cgi?r=cD0zNWYyOTZiZTE2NDBhYTEyYTZkMWUwZDZmM2Y5N2M4ZCZpPTc5LjEwNi4xMjYuMCZ0PTE1Mjk5MTM0NjQmYT0yMF1gswZvvRuEgtAQEyMPuaHcIkRW
https://dub.stats.paypal.com/v1/counter2.cgi?r=cD0zNWYyOTZiZTE2NDBhYTEyYTZkMWUwZDZmM2Y5N2M4ZCZpPTc5LjEwNi4xMjYuMCZ0PTE1Mjk5MTM0NjQmYT0yMF1gswZvvRuEgtAQEyMPuaHcIkRW

42 B
299 B

103ms
30ms

Image
image/jpeg

64.4.245.84
PAYPAL

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dub.stats.paypal.com/v1/counter2.cgi?r=cD0zNWYyOTZiZTE2NDBhYTEyYTZkMWUwZDZmM2Y5N2M4ZCZpPTc5LjEwNi4xMjYuMCZ0PTE1Mjk5MTM0NjQmYT0yMF1gswZvvRuEgtAQEyMPuaHcIkRW
Requested by: Host: serial-choices-mo-slightly.trycloudflare.com
URL: http://serial-choices-mo-slightly.trycloudflare.com/login.html.php
Protocol: HTTP/1.1
Server: 64.4.245.84 , United States, ASN17012 (PAYPAL, US),
Reverse DNS
Software: PayPal-B.Stats/1.0 /
Resource Hash: 47043e4823a6c21a8881de789b4185355330b5804629d23f6b43dd93f5265292

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://serial-choices-mo-slightly.trycloudflare.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

Date: Thu, 11 May 2023 18:04:59 GMT
Server: PayPal-B.Stats/1.0
Connection: close
Content-Length: 42
Content-Type: image/jpeg

Redirect headers

Location: https://dub.stats.paypal.com/v1/counter2.cgi?r=cD0zNWYyOTZiZTE2NDBhYTEyYTZkMWUwZDZmM2Y5N2M4ZCZpPTc5LjEwNi4xMjYuMCZ0PTE1Mjk5MTM0NjQmYT0yMF1gswZvvRuEgtAQEyMPuaHcIkRW
Date: Thu, 11 May 2023 18:04:58 GMT
Server: PayPal-B.Stats/1.0
Connection: close
Content-Length: 0
Content-Type: application/octet-stream

GET
H2 200 i Show response
c.paypal.com/v1/r/d/ Frame F743 176 B
2 KB 240ms
218ms Document
text/html 151.101.65.35
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://c.paypal.com/v1/r/d/i?js_src=https://c.paypal.com/da/r/fb-all-prod.pp.min.js

Requested by

Host: c.paypal.com
URL: https://c.paypal.com/da/r/fb-all-prod.pp.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.65.35 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

e48031429ec676e4b6c5adaaa8243ffc9178d0c9596d9957ae8dc96f36951a3f

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: http://serial-choices-mo-slightly.trycloudflare.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Platform, Sec-CH-UA, Sec-CH-UA-Full
accept-ranges: none
access-control-expose-headers: Server-Timing
cache-control: max-age=0, no-cache, no-store, must-revalidate
content-encoding: br
content-security-policy-report-only: default-src 'self' https://*.paypal.com https://*.paypalobjects.com; script-src 'self' https://*.paypal.com https://*.paypalobjects.com https://*.paypalinc.com https://www.facebook.com 'unsafe-eval' 'unsafe-inline' blob:; connect-src 'self' https://*.paypal.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com data:; img-src 'self' https: data:; form-action 'self' https://*.paypal.com; base-uri 'self' https://*.paypal.com; object-src 'self' https://*.paypal.com https://*.paypalobjects.com; report-uri https://www.paypal.com/csplog/api/log/csp
content-type: text/html;charset=UTF-8
correlation-id: e6edd99fae1bb
date: Thu, 11 May 2023 18:04:59 GMT
origin-trial: A+THamRrv1ypMR6JeaJx7Wmo8rytLELMAeCL0XGhTihfUtp+dVqcCNYiWxOzySlH2Xk7lzRrFY3mxv6viKT1qggAAACKeyJvcmlnaW4iOiJodHRwczovL3BheXBhbC5jb206NDQzIiwiZmVhdHVyZSI6IlNlbmRGdWxsVXNlckFnZW50QWZ0ZXJSZWR1Y3Rpb24iLCJleHBpcnkiOjE2ODQ4ODYzOTksImlzU3ViZG9tYWluIjp0cnVlLCJpc1RoaXJkUGFydHkiOnRydWV9
paypal-debug-id: e6edd99fae1bb
server-timing: "traceparent;desc="00-0000000000000000000e6edd99fae1bb-f60aec424f5a102b-01"";content-encoding;desc="",x-cdn;desc="fastly"
strict-transport-security: max-age=63072000; includeSubDomains; preload
timing-allow-origin: *
traceparent: 00-0000000000000000000e6edd99fae1bb-01a2794de58c159d-01
vary: Accept-Encoding
via: 1.1 varnish
x-cache: MISS
x-cache-hits: 0
x-content-type-options: nosniff
x-served-by: cache-fra-eddf8230100-FRA
x-timer: S1683828299.894262,VS0,VE192
x-xss-protection: 1; mode=block

GET
H2 200 fb-all-prod.pp.min.js Show response
c.paypal.com/da/r/ Frame F743 55 KB
17 KB 14ms
14ms Script
application/javascript 151.101.65.35
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://c.paypal.com/da/r/fb-all-prod.pp.min.js

Requested by

Host: c.paypal.com
URL: https://c.paypal.com/v1/r/d/i?js_src=https://c.paypal.com/da/r/fb-all-prod.pp.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.65.35 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

6a9e8f2089bfb54a69cca47cc0ae3a17df0aefbe0b939d6da4a74bdcea52a273

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://c.paypal.com/v1/r/d/i?js_src=https://c.paypal.com/da/r/fb-all-prod.pp.min.js
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

x-cache-hits: 0, 0, 1
date: Thu, 11 May 2023 18:04:59 GMT
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish, 1.1 varnish
x-content-type-options: nosniff
strict-transport-security: max-age=63072000; includeSubDomains; preload
age: 769846
x-cache: MISS, MISS, HIT
paypal-debug-id: 978e0abf60c98
server-timing: content-encoding;desc="gzip",x-cdn;desc="fastly"
dc: ccg11-origin-www-1.paypal.com
content-length: 17379
x-served-by: cache-sjc10025-SJC, cache-fra-etou8220048-FRA, cache-fra-eddf8230100-FRA
last-modified: Sat, 13 Feb 2021 00:19:20 GMT
traceparent: 00-0000000000000000000978e0abf60c98-7fa6d822dd461653-01
x-timer: S1683828299.120955,VS0,VE5
etag: W/"60271b08-da45"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: *
cache-control: s-maxage=31536000, public,max-age=86400
access-control-allow-credentials: false
access-control-max-age: 86400
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 12 May 2023 18:04:59 GMT

POST
H2 200 p1 Show response
c.paypal.com/v1/r/d/b/ Frame F743 125 B
844 B 205ms
204ms XHR
application/json 151.101.65.35
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://c.paypal.com/v1/r/d/b/p1

Requested by

Host: c.paypal.com
URL: https://c.paypal.com/da/r/fb-all-prod.pp.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.65.35 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

bc87aecc741118c4e36d82bee54b1e0c4e2958749ad2283028a5180b14a7f72f

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

Referer: https://c.paypal.com/v1/r/d/i?js_src=https://c.paypal.com/da/r/fb-all-prod.pp.min.js
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
Content-Type: application/json

Response headers

date: Thu, 11 May 2023 18:04:59 GMT
via: 1.1 varnish
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-cache: MISS
p3p: policyref="/w3c/p3p.xml", CP="NON DSP COR ADM OUR IND COM"
paypal-debug-id: dc85983b233c5
server-timing: "traceparent;desc="00-0000000000000000000dc85983b233c5-3263e30a1c66ad44-01"";content-encoding;desc="",x-cdn;desc="fastly"
content-length: 125
x-served-by: cache-fra-eddf8230100-FRA
correlation-id: dc85983b233c5
traceparent: 00-0000000000000000000dc85983b233c5-68251788e4f95b96-01
content-type: application/json
access-control-allow-origin: https://www.paypal.com
access-control-expose-headers: Server-Timing
cache-control: max-age=0, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
accept-ranges: bytes
timing-allow-origin: *
x-cache-hits: 0

GET
H2 204 e Show response
c.paypal.com/v1/r/d/b/ Frame F743 0
448 B 181ms
181ms Script
text/plain 151.101.65.35
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://c.paypal.com/v1/r/d/b/e?e=Uncaught%20TypeError:%20Illegal%20invocation20170126

Requested by

Host: c.paypal.com
URL: https://c.paypal.com/da/r/fb-all-prod.pp.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.65.35 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://c.paypal.com/v1/r/d/i?js_src=https://c.paypal.com/da/r/fb-all-prod.pp.min.js
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Thu, 11 May 2023 18:04:59 GMT
via: 1.1 varnish
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-cache: MISS
paypal-debug-id: 1acecba2425f2
server-timing: "traceparent;desc="00-00000000000000000001acecba2425f2-88c5a4ca099b27aa-01"";content-encoding;desc="",x-cdn;desc="fastly"
x-served-by: cache-fra-eddf8230100-FRA
correlation-id: 1acecba2425f2
traceparent: 00-00000000000000000001acecba2425f2-389cc76c7e295bf8-01
x-timer: S1683828299.188794,VS0,VE174
access-control-allow-origin: https://www.paypal.com
access-control-expose-headers: Server-Timing
cache-control: max-age=0, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
accept-ranges: bytes
timing-allow-origin: *
x-cache-hits: 0

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: eBay (E-commerce)

133 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

3 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.c.paypal.com/	1970-01-20 21:19:48	Name: sc_f Value: CSUPN0TX0c0NOhEqcTx16J2-M18SSiKq-Rn9pERDrXtHMgloTjolAWAd1H9Xe8lXY3cq_bxM7f1huSk-6qKvMjohzP3Oa0SZl9ACt0
.paypal.com/	1970-01-20 21:19:48	Name: KHcl0EuY7AKSMgfvHl7J5E7hPtK Value: Cp6lVpTAf2QA8IAwCO-zKtGVB7is_JNmkIacNV9oV6tYCmnWCF0SxKRoeeADzd6oasAQldvGHjGMAOAE
.paypal.com/	1970-01-20 11:43:50	Name: l7_az Value: dcg02.phx

3 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://www.ebay.com/n/error Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: chrome-error://chromewebdata/ Message: Failed to load resource: the server responded with a status of 404 ()
other	error	URL: chrome-error://chromewebdata/ Message: Refused to display 'https://www.ebay.com/' in a frame because it set 'X-Frame-Options' to 'sameorigin'.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

b.stats.paypal.com
c.paypal.com
dub.stats.paypal.com
ir.ebaystatic.com
pages.ebay.com
secureinclude.ebaystatic.com
secureir.ebaystatic.com
securepics.ebaystatic.com
serial-choices-mo-slightly.trycloudflare.com
www.ebay.com
104.111.217.17
104.17.123.55
104.75.89.51
151.101.65.35
2.19.225.87
2a04:4e42:400::718
64.4.245.84
391f1eb710e4c55cd679045b3fa1f78a090fd4678f8b49b6f0c72a6d645bdee2
47043e4823a6c21a8881de789b4185355330b5804629d23f6b43dd93f5265292
5440e48584e47738479ccd905576e9ddf2097d07b6c7ba81dda6eeb13b1d4af0
6a9e8f2089bfb54a69cca47cc0ae3a17df0aefbe0b939d6da4a74bdcea52a273
7e0f4cd0590e2cf36c094d4226d70ccf2bc12107c46f3aeb8b3b5801396b44b0
8e27b0403bf1062e5c8df7f76bb053bac530db88e86a3f5b99930b4dc78c69d1
b054c21c769e6e73a3f3f2e51ff27783043d87f8c4cb963c0554b33010fa3efc
bc87aecc741118c4e36d82bee54b1e0c4e2958749ad2283028a5180b14a7f72f
dbbcc268297a8f8642655015065ea2fc985c99268fe8165257a2c52d853baede
e2192eadf7564ceb9202cb5b5ddcfb244c4a2627ffd46b7292855972181623ec
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e48031429ec676e4b6c5adaaa8243ffc9178d0c9596d9957ae8dc96f36951a3f
f0f85849af7c4c628a8b4f53f72debe9888f3df2414f0b8af30c743a765f6c56

serial-choices-mo-slightly.trycloudflare.com Open in urlscan Pro 104.17.123.55 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

17 Requests

76 %HTTPS

14 %IPv6

4 Domains

10 Subdomains

7 IPs

3 Countries

169 kBTransfer

506 kBSize

3 Cookies

9 Outgoing links

Redirected requests

17 HTTP transactions Everything HTML Script AJAX CSS Image Expand all -1 data transactions

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

133 JavaScript Global Variables

3 Cookies

3 Console Messages

Indicators

serial-choices-mo-slightly.trycloudflare.com Open in urlscan Pro
104.17.123.55 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

17
Requests

76 %
HTTPS

14 %
IPv6

4
Domains

10
Subdomains

7
IPs

3
Countries

169 kB
Transfer

506 kB
Size

3
Cookies

17 HTTP transactions
-1 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!