paypal-user01protect.com Open in urlscan Pro
2606:4700:3031::ac43:a7a4  Public Scan

2 Outgoing links

These are links going to different origins than the main page.

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

1. http://paypal-serviceauth01.com/ Page URL
2. https://paypal-user01protect.com/?apsignin Page URL
3. https://paypal-user01protect.com/?apsignin Page URL

---

Redirected requests

There were HTTP redirect chains for the following requests:

16 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
1 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	/ paypal-serviceauth01.com/	627 B 835 B	380ms 218ms	Document text/html	69.57.161.228 NAMECHEAP-NET
General Check archive.org Show headers Download Go to Full URL http://paypal-serviceauth01.com/ Protocol HTTP/1.1 Server 69.57.161.228 , United States, ASN22612 (NAMECHEAP-NET, US), Reverse DNS Software Apache / Resource Hash Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers Connection Keep-Alive Content-Type text/html; charset=UTF-8 Date Fri, 03 Jun 2022 10:25:39 GMT Keep-Alive timeout=5, max=100 Server Apache Transfer-Encoding chunked
GET H2	503	/ Show response paypal-user01protect.com/	10 KB 11 KB	50ms 20ms	Document text/html	2606:4700:3031::ac43:a7a4 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://paypal-user01protect.com/?apsignin Requested by Host: paypal-serviceauth01.com URL: http://paypal-serviceauth01.com/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3031::ac43:a7a4 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 67a2f1d7e5bfaca5d929eb6cb3d57b61156cf3238fb770218e8d835266d8fcd3 Security Headers Name Value X-Frame-Options SAMEORIGIN Request headers Referer http://paypal-serviceauth01.com/ Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 cache-control private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0 cf-ray 7157b9e18cbb9296-FRA content-type text/html; charset=UTF-8 date Fri, 03 Jun 2022 10:25:40 GMT expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" expires Thu, 01 Jan 1970 00:00:01 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} permissions-policy accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=() report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=y%2F1zeOlYUSrPb4VXstGsrKJh6Bsx40bF6k5zIc8D0L7N6H%2BP%2FFCOgtTGHhm83TXoAKiGheelSqeINZnS%2BEzs4e%2FTCpLnSS015W%2FBDR1%2FIZ%2B046sJua8Di7ofU5EI6KDxhYclIV5TV07XSJUtetrxuVbuf4U0loM%3D"}],"group":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding x-frame-options SAMEORIGIN
GET H2	200	v1 Show response paypal-user01protect.com/cdn-cgi/challenge-platform/h/g/orchestrate/jsch/	41 KB 15 KB	22ms 22ms	Script application/javascript	2606:4700:3031::ac43:a7a4 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://paypal-user01protect.com/cdn-cgi/challenge-platform/h/g/orchestrate/jsch/v1?ray=7157b9e18cbb9296 Requested by Host: paypal-user01protect.com URL: https://paypal-user01protect.com/?apsignin Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3031::ac43:a7a4 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 450df55f718b3abb570146d48202df19fac4aa43ce0ac2f31801fc14354b32b3 Request headers accept-language de-DE,de;q=0.9 Referer https://paypal-user01protect.com/?apsignin&__cf_chl_rt_tk=6edw.QDgIZZgov.I3FENBmZp1Im171x6YhJCYh4aSGY-1654251940-0-gaNycGzNCGU User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36 Response headers date Fri, 03 Jun 2022 10:25:40 GMT content-encoding br nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kZgIKDQoMKmTo8hpQciqOHts5J0J6QxXqcCoy0kTttDGK7zf0kYoh1rGaKfGEkGMqVfJk%2FLx4T2t9%2BbekSfNxebiJOxf%2Fcs2eWVdkumtnF%2FzrNytv%2BFS15PVXKsPP4ZKZXWyJisjQKw6EmF8TkIdq1deYb985rc%3D"}],"group":"cf-nel","max_age":604800} content-type application/javascript; charset=UTF-8 cache-control max-age=0, must-revalidate cf-ray 7157b9e1cd159296-FRA alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400
GET H2	200	transparent.gif paypal-user01protect.com/cdn-cgi/images/trace/jschal/js/	42 B 219 B	9ms 9ms	Image image/gif	2606:4700:3031::ac43:a7a4 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://paypal-user01protect.com/cdn-cgi/images/trace/jschal/js/transparent.gif?ray=7157b9e18cbb9296 Requested by Host: paypal-user01protect.com URL: https://paypal-user01protect.com/?apsignin&__cf_chl_rt_tk=6edw.QDgIZZgov.I3FENBmZp1Im171x6YhJCYh4aSGY-1654251940-0-gaNycGzNCGU Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3031::ac43:a7a4 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629 Security Headers Name Value X-Content-Type-Options nosniff X-Frame-Options DENY Request headers accept-language de-DE,de;q=0.9 Referer https://paypal-user01protect.com/?apsignin&__cf_chl_rt_tk=6edw.QDgIZZgov.I3FENBmZp1Im171x6YhJCYh4aSGY-1654251940-0-gaNycGzNCGU User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36 Response headers date Fri, 03 Jun 2022 10:25:40 GMT x-content-type-options nosniff last-modified Fri, 27 May 2022 19:21:52 GMT server cloudflare etag "629124d0-2a" x-frame-options DENY content-type image/gif cache-control max-age=7200, public accept-ranges bytes cf-ray 7157b9e1cd169296-FRA vary Accept-Encoding content-length 42 expires Fri, 03 Jun 2022 12:25:40 GMT
GET H2	200	transparent.gif paypal-user01protect.com/cdn-cgi/images/trace/jschal/nojs/	42 B 101 B	9ms 9ms	Image image/gif	2606:4700:3031::ac43:a7a4 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://paypal-user01protect.com/cdn-cgi/images/trace/jschal/nojs/transparent.gif?ray=7157b9e18cbb9296 Requested by Host: paypal-user01protect.com URL: https://paypal-user01protect.com/?apsignin&__cf_chl_rt_tk=6edw.QDgIZZgov.I3FENBmZp1Im171x6YhJCYh4aSGY-1654251940-0-gaNycGzNCGU Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3031::ac43:a7a4 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629 Security Headers Name Value X-Content-Type-Options nosniff X-Frame-Options DENY Request headers accept-language de-DE,de;q=0.9 Referer https://paypal-user01protect.com/?apsignin&__cf_chl_rt_tk=6edw.QDgIZZgov.I3FENBmZp1Im171x6YhJCYh4aSGY-1654251940-0-gaNycGzNCGU User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36 Response headers date Fri, 03 Jun 2022 10:25:40 GMT x-content-type-options nosniff last-modified Fri, 27 May 2022 19:21:52 GMT server cloudflare etag "629124d0-2a" x-frame-options DENY content-type image/gif cache-control max-age=7200, public accept-ranges bytes cf-ray 7157b9e1cd179296-FRA vary Accept-Encoding content-length 42 expires Fri, 03 Jun 2022 12:25:40 GMT
POST H3	200	006cde440bfd11b Show response paypal-user01protect.com/cdn-cgi/challenge-platform/h/g/flow/ov1/0.7266007238199303:1654250740:c0ca5094115090a7298a8b3e0bc8d769342bbfec930eaf4bb25255e711d07562/7157b9e18cbb9296/	104 KB 56 KB	91ms 91ms	XHR text/plain	2606:4700:3031::ac43:a7a4 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://paypal-user01protect.com/cdn-cgi/challenge-platform/h/g/flow/ov1/0.7266007238199303:1654250740:c0ca5094115090a7298a8b3e0bc8d769342bbfec930eaf4bb25255e711d07562/7157b9e18cbb9296/006cde440bfd11b Requested by Host: paypal-user01protect.com URL: https://paypal-user01protect.com/cdn-cgi/challenge-platform/h/g/orchestrate/jsch/v1?ray=7157b9e18cbb9296 Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3031::ac43:a7a4 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash efbecaff9dc9dc8e20a72b33bcd721f01344b1dd1b8d4768fd037955de539892 Request headers Referer https://paypal-user01protect.com/?apsignin accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36 CF-Challenge 006cde440bfd11b Content-type application/x-www-form-urlencoded Response headers date Fri, 03 Jun 2022 10:25:40 GMT content-encoding br cf_chl_gen SJmLQyU58axQRRhoi0wtmmDihlKEO30N+FpJPaRrBOPbXemXRd/U8lTqrMbQ6DomElrFbMp6ObfJu+zhuPDYgiQeU6VrksNmLawQfOPYMxXwzRNDceZzGTVC9S3UUzdB2IvDfSHG8HuhSEdolcBE14MLdiQw8cqzBRiP9Wn/eGnZ4YFrXuMCdQGXVKJH0/h4T3q9N/1/ktyq5BcFlwl31m4ZeIBppk62qGfMnafwzdCOAPLCRwfEym29HJjyiV+E2gHGbQvflHq6+2I7rnXhE5S7eUTZFUAp7cFhbFTXfnxTiiclMBP3VKhMK19GvHwEwQD03rbQyKzxDg9NqV6uAntT3w9An8R4zXxaUwaHTk3E5hh3GOEWvZh6GXsY7cqB$fwXs2M0jBMlOXEtdIGoSPA== nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MAHBt9lvAqzI%2BGafwvJ4oApXHnQv5D2PBRFY%2Fcyq9db3YzKFTzJw5SwspmL%2B2%2FYJDbgZw59gbWBMhgrS2q78jyj%2BuKmbDKja%2BEA1jQ6MUcsRZeGB03Z4lvwXqS7vHnS%2BW39CdzMf4ObxnUCv6elWX3B9Wnoi37g%3D"}],"group":"cf-nel","max_age":604800} content-type text/plain; charset=UTF-8 cf-ray 7157b9e2de7c90b5-FRA alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400
POST		probe tls-ech-experiment-c.cloudflareresearch.com/.well-known/	0 0
POST		probe tls-ech-experiment.cloudflareresearch.com/.well-known/	0 0
GET DATA	200 OK	truncated /	68 B 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash 63ef318d96b5d0d0ceba6e04a4e622b1158335cdc67c49e27839132c6f655058 Request headers accept-language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36 Response headers Content-Type image/png
GET H3	200	dhUYllI_YmIrQQO paypal-user01protect.com/cdn-cgi/challenge-platform/h/g/img/7157b9e18cbb9296/1654251940317/	61 B 527 B	28ms 28ms	Image image/png	2606:4700:3031::ac43:a7a4 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://paypal-user01protect.com/cdn-cgi/challenge-platform/h/g/img/7157b9e18cbb9296/1654251940317/dhUYllI_YmIrQQO Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3031::ac43:a7a4 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 6d66711a1ae54dc6085f5feb693af149db33567e1d00bcb58afa15841982fc9b Request headers accept-language de-DE,de;q=0.9 Referer https://paypal-user01protect.com/?apsignin User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36 Response headers date Fri, 03 Jun 2022 10:25:40 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CO99IbW%2Bu8DsLPNlL9NifTrov0AisEqKIXy1Fwf%2BVDlpKchheMbNvyBCMsH1n2dsF73ErWt5KYh6n%2FNZuViu91EiiQ%2FjlWk0UqdBNNWVBVxSTONsZpqQHfDDn5fIhIp270kykAqq2G4lH3DWrqdojc3B60hty8s%3D"}],"group":"cf-nel","max_age":604800} content-type image/png cf-ray 7157b9e6ac4990b5-FRA alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400
GET BLOB	200 OK	ce80ba61-ef1b-4107-b7f8-423c2ca91c67 https://paypal-user01protect.com/	172 B 0		Other application/javascript
General Check archive.org Show headers Download Go to Full URL blob:https://paypal-user01protect.com/ce80ba61-ef1b-4107-b7f8-423c2ca91c67 Protocol BLOB Server -, , ASN (), Reverse DNS Software / Resource Hash ed3ba3bf2cbfc82fdae58f74571364f3722d12d9faf37fcedd89fc5b04412a0e Request headers accept-language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36 Response headers Content-Length 172 Content-Type application/javascript
POST H3	200	006cde440bfd11b Show response paypal-user01protect.com/cdn-cgi/challenge-platform/h/g/flow/ov1/0.7266007238199303:1654250740:c0ca5094115090a7298a8b3e0bc8d769342bbfec930eaf4bb25255e711d07562/7157b9e18cbb9296/	1 KB 2 KB	80ms 77ms	XHR text/html	2606:4700:3031::ac43:a7a4 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://paypal-user01protect.com/cdn-cgi/challenge-platform/h/g/flow/ov1/0.7266007238199303:1654250740:c0ca5094115090a7298a8b3e0bc8d769342bbfec930eaf4bb25255e711d07562/7157b9e18cbb9296/006cde440bfd11b Requested by Host: paypal-user01protect.com URL: https://paypal-user01protect.com/cdn-cgi/challenge-platform/h/g/orchestrate/jsch/v1?ray=7157b9e18cbb9296 Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3031::ac43:a7a4 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 6cec1106e77137eb267ceb592d20097aeec9927b15b4d2425f3d25d64dd0f77d Request headers Referer https://paypal-user01protect.com/?apsignin accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36 CF-Challenge 006cde440bfd11b Content-type application/x-www-form-urlencoded Response headers date Fri, 03 Jun 2022 10:25:41 GMT content-encoding br nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare cf_chl_out d4swUfa6F4rNy2vEBPBVQIcSxsnkxjkkmzEobNx7wtkUbkY/A7eNhQYwTLskorxit38w4wn8+H5ncc5gkctNrA==$Qai22XTWffnQZw7DEZCXDA== expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=W9v2VjULTrboVMquqH%2BFWdCtkmmjKAn8dxDr4AGy5BhQHebdECfMlxoqEkCHxiBVXqQN2%2FRjWy8ha2uT9hmBRFUBL5OUDNZ9aZ9WvACCFJMZuSgOvzKhxi%2BmHTSd5qS1aDcVCXhxud%2FqPdi%2FGQ9%2BfoA1XKvSu5Y%3D"}],"group":"cf-nel","max_age":604800} content-type text/html; charset=UTF-8 cf_chl_out_s G0Y1VCytCRP2fmQCykkkta8am3IRDb+MWwwb6c2BrP2MLDE3RRvEkf9+CHCeGaYIEV4mjdPRJFL5GmDcMNXVNBU1dVkxalSoG2qqoamn0C1N+U1DRawcoIQ+aCLoHPVqb3l5659xQNPK27s/8QW+/dIWjKu9CAHlLIZ1Z+HJGF5YKLL7NWTST6vClH76yl6BFBsSmYiECjQfMFD8KHIXNAAx7qhKo6RULnP8sW3/9VeJbwdSRRVQFpBDQy2Tkk7G3Tn2nWuo4yH7VlebB/XKttihjdYxd825qzTSVy05xMQbuBJyCAIPjV2faWqwU238fXUgSOqLd7Kaht+RpCPGzi/JRhCuXGFdGeeZ8bWMn1wWAIGebaYmUk/a9AWv73wTwP9sTJgXtQy9UILKtP9Q0HdUt73hCRiRZqz+p9aDCF9aHTFmfLPsw/3rrwaAgSZv/KsTq+t3A5r4gb0G7PouHw==$xCnnMjowIRMkcmg64RZIww== cf-ray 7157b9ecac8c90b5-FRA alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400
GET H3	503	Primary Request / Show response paypal-user01protect.com/	10 KB 11 KB	31ms 30ms	Document text/html	2606:4700:3031::ac43:a7a4 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://paypal-user01protect.com/?apsignin Requested by Host: paypal-serviceauth01.com URL: http://paypal-serviceauth01.com/ Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3031::ac43:a7a4 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash c4c70be559912f900c1afab5b645204bbb361800016fd61f2c204c78dc22dcde Security Headers Name Value X-Frame-Options SAMEORIGIN Request headers Referer https://paypal-user01protect.com/?apsignin Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 cache-control private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0 cf-ray 7157b9f9bc6e90b5-FRA content-type text/html; charset=UTF-8 date Fri, 03 Jun 2022 10:25:43 GMT expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" expires Thu, 01 Jan 1970 00:00:01 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} permissions-policy accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=() report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GJA3AgMnDib9XYrY9tYCJQsPYj8IKaDYlysqqGncMA%2FRDiFxL5R4ZOeLoD1ZwM0RqAvqnT7ksviDSTN3UYYBFoRiiiXhQXUorVW70vyy6VbX%2FT5vhCGNeAyBdpUT5ZIcHi9UH4FjhZIRFHIwr3ckeTzOLhPLfuA%3D"}],"group":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding x-frame-options SAMEORIGIN
GET H3	200	v1 Show response paypal-user01protect.com/cdn-cgi/challenge-platform/h/g/orchestrate/jsch/	43 KB 16 KB	33ms 33ms	Script application/javascript	2606:4700:3031::ac43:a7a4 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://paypal-user01protect.com/cdn-cgi/challenge-platform/h/g/orchestrate/jsch/v1?ray=7157b9f9bc6e90b5 Requested by Host: paypal-user01protect.com URL: https://paypal-user01protect.com/?apsignin Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3031::ac43:a7a4 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash b037ac804a406c9ac4d28693fa8b75d95cc7c7e7d8fa8b5208e7189c007766a7 Request headers accept-language de-DE,de;q=0.9 Referer https://paypal-user01protect.com/?apsignin&__cf_chl_rt_tk=L2.22PHi7yynLMeFzdRJ4BbxpQfMJU816ee.FlqXw4A-1654251943-0-gaNycGzNBlE User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36 Response headers date Fri, 03 Jun 2022 10:25:44 GMT content-encoding br nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KqSW44Q4SsbgnzfTI7irwmQDEpvzM6wa44e%2BFn%2FcOkZAu%2FS2AlwxcyZ8Ud27AT4%2BvGUO%2F73y12Bzn6Avx0Hm7jxBL3tHsWEBClrZ%2B%2B0vYDhFGA%2Fipca%2B%2BJ9DdD2dzi5yPGh3YlksoVTe3Hv059e8A8ks5dWHV2c%3D"}],"group":"cf-nel","max_age":604800} content-type application/javascript; charset=UTF-8 cache-control max-age=0, must-revalidate cf-ray 7157b9f9fcbe90b5-FRA alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400
GET H3	200	transparent.gif paypal-user01protect.com/cdn-cgi/images/trace/jschal/js/	42 B 221 B	17ms 17ms	Image image/gif	2606:4700:3031::ac43:a7a4 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://paypal-user01protect.com/cdn-cgi/images/trace/jschal/js/transparent.gif?ray=7157b9f9bc6e90b5 Requested by Host: paypal-user01protect.com URL: https://paypal-user01protect.com/?apsignin&__cf_chl_rt_tk=L2.22PHi7yynLMeFzdRJ4BbxpQfMJU816ee.FlqXw4A-1654251943-0-gaNycGzNBlE Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3031::ac43:a7a4 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629 Security Headers Name Value X-Content-Type-Options nosniff X-Frame-Options DENY Request headers accept-language de-DE,de;q=0.9 Referer https://paypal-user01protect.com/?apsignin&__cf_chl_rt_tk=L2.22PHi7yynLMeFzdRJ4BbxpQfMJU816ee.FlqXw4A-1654251943-0-gaNycGzNBlE User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36 Response headers date Fri, 03 Jun 2022 10:25:43 GMT x-content-type-options nosniff last-modified Fri, 27 May 2022 19:21:52 GMT server cloudflare etag "629124d0-2a" x-frame-options DENY content-type image/gif cache-control max-age=7200, public accept-ranges bytes cf-ray 7157b9f9fcbf90b5-FRA vary Accept-Encoding content-length 42 expires Fri, 03 Jun 2022 12:25:43 GMT
GET H3	200	transparent.gif paypal-user01protect.com/cdn-cgi/images/trace/jschal/nojs/	42 B 221 B	17ms 17ms	Image image/gif	2606:4700:3031::ac43:a7a4 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://paypal-user01protect.com/cdn-cgi/images/trace/jschal/nojs/transparent.gif?ray=7157b9f9bc6e90b5 Requested by Host: paypal-user01protect.com URL: https://paypal-user01protect.com/?apsignin&__cf_chl_rt_tk=L2.22PHi7yynLMeFzdRJ4BbxpQfMJU816ee.FlqXw4A-1654251943-0-gaNycGzNBlE Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3031::ac43:a7a4 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629 Security Headers Name Value X-Content-Type-Options nosniff X-Frame-Options DENY Request headers accept-language de-DE,de;q=0.9 Referer https://paypal-user01protect.com/?apsignin&__cf_chl_rt_tk=L2.22PHi7yynLMeFzdRJ4BbxpQfMJU816ee.FlqXw4A-1654251943-0-gaNycGzNBlE User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36 Response headers date Fri, 03 Jun 2022 10:25:44 GMT x-content-type-options nosniff last-modified Fri, 27 May 2022 19:21:52 GMT server cloudflare etag "629124d0-2a" x-frame-options DENY content-type image/gif cache-control max-age=7200, public accept-ranges bytes cf-ray 7157b9f9fcc090b5-FRA vary Accept-Encoding content-length 42 expires Fri, 03 Jun 2022 12:25:43 GMT
POST		2c75680c5b1efa2 paypal-user01protect.com/cdn-cgi/challenge-platform/h/g/flow/ov1/0.3014636550615975:1654250746:b603b21067ea899da3d0c0e88f331bd65695f802eb024f9ee46aecb4b171e6d3/7157b9f9bc6e90b5/	0 0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain

tls-ech-experiment-c.cloudflareresearch.com

URL

https://tls-ech-experiment-c.cloudflareresearch.com/.well-known/probe

Domain

tls-ech-experiment.cloudflareresearch.com

URL

https://tls-ech-experiment.cloudflareresearch.com/.well-known/probe

Domain

paypal-user01protect.com

URL

https://paypal-user01protect.com/cdn-cgi/challenge-platform/h/g/flow/ov1/0.3014636550615975:1654250746:b603b21067ea899da3d0c0e88f331bd65695f802eb024f9ee46aecb4b171e6d3/7157b9f9bc6e90b5/2c75680c5b1efa2

18 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| oncontextlost object| oncontextrestored function| structuredClone object| launchQueue object| onbeforematch function| getScreenDetails object| navigation object| _cf_chl_opt function| _cf_chl_enter boolean| _cf_chl_done_ran function| _cf_chl_done function| SHA256 function| sendRequest function| _cf_atob object| _cf_chl_ctx object| _ number| bHhci string| prop

2 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			paypal-user01protect.com/	1970-01-20 03:30:55	Name: cf_chl_prog Value: F13
			paypal-user01protect.com/	1970-01-20 03:30:55	Name: cf_chl_rc_ni Value: 1

8 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
security	warning	Message: Error with Permissions-Policy header: Origin trial controlled feature not enabled: 'interest-cohort'.
network	error	URL: https://paypal-user01protect.com/?apsignin Message: Failed to load resource: the server responded with a status of 503 ()
javascript	error	URL: https://paypal-user01protect.com/?apsignin Message: Access to XMLHttpRequest at 'https://tls-ech-experiment.cloudflareresearch.com/.well-known/probe' from origin 'https://paypal-user01protect.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://tls-ech-experiment.cloudflareresearch.com/.well-known/probe Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: https://paypal-user01protect.com/?apsignin Message: Access to XMLHttpRequest at 'https://tls-ech-experiment-c.cloudflareresearch.com/.well-known/probe' from origin 'https://paypal-user01protect.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://tls-ech-experiment-c.cloudflareresearch.com/.well-known/probe Message: Failed to load resource: net::ERR_FAILED
security	warning	Message: Error with Permissions-Policy header: Origin trial controlled feature not enabled: 'interest-cohort'.
network	error	URL: https://paypal-user01protect.com/?apsignin Message: Failed to load resource: the server responded with a status of 503 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

paypal-serviceauth01.com
paypal-user01protect.com
tls-ech-experiment-c.cloudflareresearch.com
tls-ech-experiment.cloudflareresearch.com
paypal-user01protect.com
tls-ech-experiment-c.cloudflareresearch.com
tls-ech-experiment.cloudflareresearch.com
2606:4700:3031::ac43:a7a4
69.57.161.228
450df55f718b3abb570146d48202df19fac4aa43ce0ac2f31801fc14354b32b3
63ef318d96b5d0d0ceba6e04a4e622b1158335cdc67c49e27839132c6f655058
67a2f1d7e5bfaca5d929eb6cb3d57b61156cf3238fb770218e8d835266d8fcd3
6cec1106e77137eb267ceb592d20097aeec9927b15b4d2425f3d25d64dd0f77d
6d66711a1ae54dc6085f5feb693af149db33567e1d00bcb58afa15841982fc9b
b037ac804a406c9ac4d28693fa8b75d95cc7c7e7d8fa8b5208e7189c007766a7
c4c70be559912f900c1afab5b645204bbb361800016fd61f2c204c78dc22dcde
ed3ba3bf2cbfc82fdae58f74571364f3722d12d9faf37fcedd89fc5b04412a0e
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
efbecaff9dc9dc8e20a72b33bcd721f01344b1dd1b8d4768fd037955de539892