r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 09a973de929ab7452edc342c780d3668
3f14f6e0a36f76863c0aea6fb561c266404a7ea3
e82ca5f310e37267fbf792427747e65c2bb35e684d3f629c0aa302f688bc4f80
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E82CA5F310E37267FBF792427747E65C2BB35E684D3F629C0AA302F688BC4F80"
Last-Modified: Fri, 23 Sep 2022 06:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17181
Expires: Sun, 25 Sep 2022 00:57:49 GMT
Date: Sat, 24 Sep 2022 20:11:28 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
200 OK 939 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/
IP
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 1b3053fa528e28810f8a2cc9284cc921
cca9eb471d941881a6b9a1793aecb6c281908f6a
a2427848ba35575dda8a82cf88f104978234c05389deebc3fc8279d9075eff45
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Alert, Content-Type, Backoff, Content-Length, Retry-After
Cache-Control: max-age=3600
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Sat, 24 Sep 2022 20:05:45 GMT
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 d96c6a517450b169095d23aff6d646a4.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: LHR3-C2
X-Amz-Cf-Id: -Z6-ifvj2lGtpDu2PQUL8_d2X39HSBSF0VQdekzP407Gp2TKUjUf2g==
Age: 343
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain
200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain
IP
File type PEM certificate\012- , ASCII text
Hash 6113f8408c59aebe188d6af273b90743
7398873bf00f99944eaa77ad3ebc0d43c23dba6b
b6e0cc9ad68306208a160f3835fb8da76acc5a82d8fde1da5a98e1de1c11a770
GET /chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: binary/octet-stream
content-length: 5348
last-modified: Sat, 10 Sep 2022 18:47:45 GMT
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
date: Sat, 24 Sep 2022 04:13:03 GMT
etag: "6113f8408c59aebe188d6af273b90743"
x-cache: Hit from cloudfront
via: 1.1 d6a4f7a34966a5e0069bb151bf9adb7a.cloudfront.net (CloudFront)
x-amz-cf-pop: LHR3-C2
x-amz-cf-id: mL_FiZgS640ovyLPOjh5pQ2Vn7-hrE0qgpsl44iP9m4Vwe8HA-K1GA==
age: 57505
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sat, 24 Sep 2022 20:11:28 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
200 OK 329 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Retry-After, Expires, Alert, Content-Length, ETag, Cache-Control, Content-Type, Backoff, Pragma, Last-Modified
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Cache-Control: max-age=3600, max-age=3600
Date: Sat, 24 Sep 2022 19:20:46 GMT
Expires: Sat, 24 Sep 2022 19:53:07 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 f5d0d7ef1ae798041bd732fc0f8e6dae.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: LHR3-C2
X-Amz-Cf-Id: hpwe_jFydpchytUSa_TUjAu5WCjsOn-80jBXz6GkQblAe1j2SND6gA==
Age: 3042
ocsp.digicert.com/
200 OK 471 B IP
Hash a7809de115ea73f8b61f3d20a9978493
01fc65a2b694d7aadd5204d21801e87b2b55b73e
72692486033feeb149424c59576c6c75b17228dfc89b4c369d2e17cc4bff3d52
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3034
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sat, 24 Sep 2022 20:11:28 GMT
Last-Modified: Sat, 24 Sep 2022 19:20:54 GMT
Server: ECS (ska/F70D)
X-Cache: HIT
Content-Length: 471
push.services.mozilla.com/
101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: cBloUBk/Sr0H/qoI9ammGQ==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: ntX0nTmZEC0Z7nPL8dg4t+tXr8w=
ocsp.digicert.com/
200 OK 471 B IP
Hash aa58ca16387e8f05dd9fbf268dd7a748
024b9be8676598e2eba669d56f152983f67eecb2
2cab1c2148538cff208d26e26bd8b761adc3591c3ed1dc7549836a1dc624c740
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5334
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sat, 24 Sep 2022 20:11:29 GMT
Last-Modified: Sat, 24 Sep 2022 18:42:35 GMT
Server: ECS (ska/F70D)
X-Cache: HIT
Content-Length: 471
ocsp.digicert.com/
200 OK 471 B IP
Hash aa58ca16387e8f05dd9fbf268dd7a748
024b9be8676598e2eba669d56f152983f67eecb2
2cab1c2148538cff208d26e26bd8b761adc3591c3ed1dc7549836a1dc624c740
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5334
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sat, 24 Sep 2022 20:11:29 GMT
Last-Modified: Sat, 24 Sep 2022 18:42:35 GMT
Server: ECS (ska/F70D)
X-Cache: HIT
Content-Length: 471
ocsp.digicert.com/
200 OK 471 B IP
Hash aa58ca16387e8f05dd9fbf268dd7a748
024b9be8676598e2eba669d56f152983f67eecb2
2cab1c2148538cff208d26e26bd8b761adc3591c3ed1dc7549836a1dc624c740
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6573
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sat, 24 Sep 2022 20:11:29 GMT
Last-Modified: Sat, 24 Sep 2022 18:21:56 GMT
Server: ECS (ska/F717)
X-Cache: HIT
Content-Length: 471
ocsp.digicert.com/
200 OK 471 B IP
Hash aa58ca16387e8f05dd9fbf268dd7a748
024b9be8676598e2eba669d56f152983f67eecb2
2cab1c2148538cff208d26e26bd8b761adc3591c3ed1dc7549836a1dc624c740
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4513
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sat, 24 Sep 2022 20:11:29 GMT
Last-Modified: Sat, 24 Sep 2022 18:56:16 GMT
Server: ECS (ska/F70F)
X-Cache: HIT
Content-Length: 471
www.paypalobjects.com/images/shared/glyph_alert_critical_big-2x.png
200 OK 1.7 kB URL HTTP/2 www.paypalobjects.com/images/shared/glyph_alert_critical_big-2x.png
IP
File type PNG image data, 224 x 200, 8-bit colormap, non-interlaced\012- data
Hash 01f70242c93a7a45b8fd6ee1a56aba6b
396950270473fe9149c24a251885f7ed7efd6134
4b16c98214d45bedb1513b7fd53a02ce204f6a2091a920c3122fb213168c3139
GET /images/shared/glyph_alert_critical_big-2x.png HTTP/1.1
Host: www.paypalobjects.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://secures-pal.on.fleek.co/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
cache-control: s-maxage=31536000, public,max-age=3600
content-type: image/png
dc: ccg11-origin-www-1.paypal.com
etag: "e3ulSVTzLS+1hMwG/oqsG+jIfAa7MoSaV806RZTn6+w"
fastly-io-info: ifsz=5828 idim=224x200 ifmt=png ofsz=1709 odim=224x200 ofmt=png
fastly-stats: io=1
paypal-debug-id: b81b460757e6d
timing-allow-origin: https://www.paypal.com,https://www.sandbox.paypal.com
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Sat, 24 Sep 2022 20:11:29 GMT
x-served-by: cache-sjc10042-SJC, cache-bma1679-BMA
x-cache: HIT, HIT
x-cache-hits: 15581, 2819
x-timer: S1664050289.109389,VS0,VE0
x-content-type-options: nosniff
strict-transport-security: max-age=31557600
content-length: 1709
X-Firefox-Spdy: h2
www.paypalobjects.com/pa/js/min/pa.js
200 OK 22 kB URL HTTP/2 www.paypalobjects.com/pa/js/min/pa.js
IP
File type ASCII text, with very long lines (56537)
Hash 035c129f0b87fb076d4d70a5116d099e
f300cca8a79314d55c1fad7453acac84a58fca5e
40933a9189556d305d5cbf36fb47170229696a744860a4ee02eeadb4c4929bd9
GET /pa/js/min/pa.js HTTP/1.1
Host: www.paypalobjects.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://secures-pal.on.fleek.co/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
cache-control: s-maxage=31536000, public,max-age=3600
content-encoding: gzip
content-type: application/javascript
etag: W/"63225d02-dcf5"
last-modified: Wed, 14 Sep 2022 23:00:18 GMT
paypal-debug-id: 774657e948e05
timing-allow-origin: https://www.paypal.com,https://www.sandbox.paypal.com
traceparent: 00-0000000000000000000774657e948e05-328f6f9d29a43582-01
dc: ccg11-origin-www-1.paypal.com
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Sat, 24 Sep 2022 20:11:29 GMT
x-served-by: cache-sjc10078-SJC, cache-bma1679-BMA
x-cache: HIT, HIT
x-cache-hits: 1, 3873
x-timer: S1664050289.109133,VS0,VE0
vary: Accept-Encoding
x-content-type-options: nosniff
access-control-allow-origin: *
access-control-allow-methods: GET
access-control-allow-headers: x-csrf-token
strict-transport-security: max-age=31557600
content-length: 21560
X-Firefox-Spdy: h2
www.paypalobjects.com/images/shared/icon-PN-check.png
200 OK 1.2 kB URL HTTP/2 www.paypalobjects.com/images/shared/icon-PN-check.png
IP
File type PNG image data, 121 x 133, 8-bit colormap, non-interlaced\012- data
Hash 4014dbe27b6642b8539a8220a59a518f
193e344cf36dd9bd88b6b691e32089078b14a4e7
d2847bea03b68a100caf41aca4d972b58368b4ee956ab13dde15963d905d7c24
GET /images/shared/icon-PN-check.png HTTP/1.1
Host: www.paypalobjects.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://secures-pal.on.fleek.co/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
cache-control: public,max-age=3600
content-type: image/png
dc: ccg11-origin-www-1.paypal.com
etag: "49vz/MoiBvXh6ILc659PTN8gH45nwBXy23o3w9v7cpc"
fastly-io-info: ifsz=2236 idim=121x133 ifmt=png ofsz=1238 odim=121x133 ofmt=png
fastly-stats: io=1
paypal-debug-id: a62b3a2ce2f32
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Sat, 24 Sep 2022 20:11:29 GMT
x-served-by: cache-sjc10042-SJC, cache-bma1679-BMA
x-cache: HIT, HIT
x-cache-hits: 51783, 1
x-timer: S1664050289.109372,VS0,VE1
x-content-type-options: nosniff
strict-transport-security: max-age=31557600
content-length: 1238
X-Firefox-Spdy: h2
www.paypalobjects.com/web/res/064/b5db45519f3ee9cacb3b28ada1570/css/contextualLogin.css
200 OK 13 kB URL HTTP/2 www.paypalobjects.com/web/res/064/b5db45519f3ee9cacb3b28ada1570/css/contextualLogin.css
IP
File type ASCII text, with very long lines (65536), with no line terminators
Hash 78319337f7f3b3ecf69f2fb97fa4989d
e2ac1ed1d309eebbc910bca4674a33fe7cac7a11
8ee9e430f9b16ce3a5ee32b2acaaf8ff3c085417f05141ae740b216da92e6900
GET /web/res/064/b5db45519f3ee9cacb3b28ada1570/css/contextualLogin.css HTTP/1.1
Host: www.paypalobjects.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://secures-pal.on.fleek.co/
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-headers: x-csrf-token
content-encoding: gzip
content-type: text/css
etag: W/"5b2b5150-11ef4"
expires: Wed, 06 Sep 2023 10:02:03 GMT
last-modified: Thu, 21 Jun 2018 07:18:40 GMT
paypal-debug-id: acfca0e290405
timing-allow-origin: https://www.paypal.com,https://www.sandbox.paypal.com
traceparent: 00-0000000000000000000acfca0e290405-5ab71b847206242c-01
dc: ccg11-origin-www-1.paypal.com
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Sat, 24 Sep 2022 20:11:29 GMT
x-served-by: cache-sjc10067-SJC, cache-bma1679-BMA
x-cache: HIT, HIT
x-cache-hits: 1, 1
x-timer: S1664050289.114984,VS0,VE1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=31536000
access-control-allow-origin: *
access-control-allow-methods: GET
strict-transport-security: max-age=31557600
content-length: 13085
X-Firefox-Spdy: h2
www.paypalobjects.com/images/shared/paypal-logo-129x32.svg
200 OK 1.9 kB URL HTTP/2 www.paypalobjects.com/images/shared/paypal-logo-129x32.svg
IP
File type SVG Scalable Vector Graphics image\012- SVG XML document\012- XML 1.0 document text\012- SVG XML document\012- XML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with CRLF line terminators
Hash 796be015d691467b94dc2617ed1b009a
cfb268c516c0d6b3d05bdac25a3557eeab59c499
c442af9b78ab4ee99c8a248a98f4ee1cdac6bd841f5daa6950ce9677aac2a506
GET /images/shared/paypal-logo-129x32.svg HTTP/1.1
Host: www.paypalobjects.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.paypalobjects.com/web/res/064/b5db45519f3ee9cacb3b28ada1570/css/contextualLogin.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public,max-age=3600
content-encoding: gzip
content-type: image/svg+xml
etag: W/"544ad849-1351"
last-modified: Fri, 24 Oct 2014 22:52:57 GMT
paypal-debug-id: 1c098630023be
dc: phx-origin-www-2.paypal.com
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Sat, 24 Sep 2022 20:11:29 GMT
x-served-by: cache-sjc10031-SJC, cache-bma1679-BMA
x-cache: HIT, HIT
x-cache-hits: 24, 4
x-timer: S1664050289.172231,VS0,VE0
vary: Accept-Encoding
x-content-type-options: nosniff
access-control-allow-origin: *
strict-transport-security: max-age=31557600
content-length: 1932
X-Firefox-Spdy: h2
c.paypal.com/webstatic/r/fb/fb-all-prod.pp2.min.js
200 OK 18 kB URL HTTP/2 c.paypal.com/webstatic/r/fb/fb-all-prod.pp2.min.js
IP
File type Unicode text, UTF-8 text, with very long lines (59357), with no line terminators
Hash e3870285db9118682fbd3e896eb21166
63742f4e7be59e4bfb1a8a1167774f0cdac89e55
e4647a11dc43e079ad17b37c7cc699aa92414203a2e4313d752b2c6aefa9f530
GET /webstatic/r/fb/fb-all-prod.pp2.min.js HTTP/1.1
Host: c.paypal.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://secures-pal.on.fleek.co/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-encoding: gzip
accept-ranges: bytes
access-control-allow-origin: *
age: 502655
cache-control: max-age=86400
content-type: application/javascript
date: Sat, 24 Sep 2022 20:11:29 GMT
dc: ccg11-origin-www-1.paypal.com
etag: "60271d89-e7e3"
expires: Sun, 25 Sep 2022 20:11:29 GMT
last-modified: Sat, 13 Feb 2021 00:30:01 GMT
paypal-debug-id: bec3ca6a5bd71
server: ECAcc (ska/F6C6)
server-timing: content-encoding;desc="", x-cdn;desc="edgecast",edge;dur=5
strict-transport-security: max-age=63072000; includeSubDomains; preload
timing-allow-origin: *
traceparent: 00-0000000000000000000bec3ca6a5bd71-2354e28edcf63517-01
vary: Accept-Encoding
x-cache: HIT
x-content-type-options: nosniff
content-length: 18440
X-Firefox-Spdy: h2
c.paypal.com/v1/r/d/i?js_src=https://c.paypal.com/webstatic/r/fb/fb-all-prod.pp2.min.js
200 OK 160 B URL HTTP/2 c.paypal.com/v1/r/d/i?js_src=https://c.paypal.com/webstatic/r/fb/fb-all-prod.pp2.min.js
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash bc135a5423b58350fa523e2aff1ecd28
c72afd98524bd6a8fa8fa0b4399807852f454983
87c6f428c07094d0bfbe6802c0af870c885091557af659e7ce9c50bd34a1f421
GET /v1/r/d/i?js_src=https://c.paypal.com/webstatic/r/fb/fb-all-prod.pp2.min.js HTTP/1.1
Host: c.paypal.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://secures-pal.on.fleek.co/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-encoding: gzip
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Platform, Sec-CH-UA
accept-ranges: bytes
age: 41828
cache-control: max-age=0, no-cache, no-store, must-revalidate
content-security-policy-report-only: default-src 'self' https://*.paypal.com https://*.paypalobjects.com; script-src 'self' https://*.paypal.com https://*.paypalobjects.com https://*.paypalinc.com https://www.facebook.com 'unsafe-eval' 'unsafe-inline' blob:; connect-src 'self' https://*.paypal.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com data:; img-src 'self' https: data:; form-action 'self' https://*.paypal.com; base-uri 'self' https://*.paypal.com; object-src 'self' https://*.paypal.com https://*.paypalobjects.com; report-uri https://www.paypal.com/csplog/api/log/csp
content-type: text/html;charset=UTF-8
correlation-id: d360e945a7377
date: Sat, 24 Sep 2022 20:11:29 GMT
last-modified: Sat, 24 Sep 2022 08:34:21 GMT
paypal-debug-id: d360e945a7377
server: ECAcc (ska/F7A6)
server-timing: content-encoding;desc="", x-cdn;desc="edgecast",edge;dur=5
strict-transport-security: max-age=63072000; includeSubDomains; preload
timing-allow-origin: *
traceparent: 00-0000000000000000000d360e945a7377-9788f8e75b76ad9a-01
vary: Accept-Encoding
x-cache: HIT
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 160
X-Firefox-Spdy: h2
c.paypal.com/webstatic/r/fb/fb-all-prod.pp2.min.js
304 Not Modified 0 B URL HTTP/2 c.paypal.com/webstatic/r/fb/fb-all-prod.pp2.min.js
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /webstatic/r/fb/fb-all-prod.pp2.min.js HTTP/1.1
Host: c.paypal.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://c.paypal.com/v1/r/d/i?js_src=https://c.paypal.com/webstatic/r/fb/fb-all-prod.pp2.min.js
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
If-Modified-Since: Sat, 13 Feb 2021 00:30:01 GMT
If-None-Match: "60271d89-e7e3"
TE: trailers
HTTP/2 304 Not Modified
accept-ranges: bytes
access-control-allow-origin: *
age: 502655
cache-control: max-age=86400
date: Sat, 24 Sep 2022 20:11:29 GMT
dc: ccg11-origin-www-1.paypal.com
etag: "60271d89-e7e3"
expires: Sun, 25 Sep 2022 20:11:29 GMT
last-modified: Sat, 13 Feb 2021 00:30:01 GMT
paypal-debug-id: bec3ca6a5bd71
server: ECAcc (ska/F6C6)
server-timing: content-encoding;desc="", x-cdn;desc="edgecast",edge;dur=2
strict-transport-security: max-age=63072000; includeSubDomains; preload
timing-allow-origin: *
traceparent: 00-0000000000000000000bec3ca6a5bd71-2354e28edcf63517-01
vary: Accept-Encoding
x-cache: HIT
x-content-type-options: nosniff
X-Firefox-Spdy: h2
ocsp.digicert.com/
200 OK 471 B IP
Hash 49cf367c191bf33336307bb7195acfad
e4448937ed84dec9a64601393a5b9c1cd79fcd90
c4071c28cc93bff9c098e2e3ca125710fbbd3988950cd7185feb499e453cf7ec
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5290
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sat, 24 Sep 2022 20:11:29 GMT
Last-Modified: Sat, 24 Sep 2022 18:43:19 GMT
Server: ECS (ska/F70D)
X-Cache: HIT
Content-Length: 471
b.stats.paypal.com/v1/counter.cgi?r=cD1lMjc2NmRjZDhlMGQ0ZmI5OThmNDg5NmE4NDQ3OTdlNCZpPTc5LjEwNi4xMjYuMCZ0PTE1Mjk4NDcyMTcuNzgxJmE9MjEmcz1VTklGSUVEX0xPR0lOqozznX2w0G1T2SU2ax2ckzmaD_M
302 Found 0 B URL HTTP/1.1 b.stats.paypal.com/v1/counter.cgi?r=cD1lMjc2NmRjZDhlMGQ0ZmI5OThmNDg5NmE4NDQ3OTdlNCZpPTc5LjEwNi4xMjYuMCZ0PTE1Mjk4NDcyMTcuNzgxJmE9MjEmcz1VTklGSUVEX0xPR0lOqozznX2w0G1T2SU2ax2ckzmaD_M
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /v1/counter.cgi?r=cD1lMjc2NmRjZDhlMGQ0ZmI5OThmNDg5NmE4NDQ3OTdlNCZpPTc5LjEwNi4xMjYuMCZ0PTE1Mjk4NDcyMTcuNzgxJmE9MjEmcz1VTklGSUVEX0xPR0lOqozznX2w0G1T2SU2ax2ckzmaD_M HTTP/1.1
Host: b.stats.paypal.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://secures-pal.on.fleek.co/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
Connection: close
Server: PayPal-B.Stats/1.0
Location: https://dub.stats.paypal.com/v1/counter2.cgi?r=cD1lMjc2NmRjZDhlMGQ0ZmI5OThmNDg5NmE4NDQ3OTdlNCZpPTc5LjEwNi4xMjYuMCZ0PTE1Mjk4NDcyMTcuNzgxJmE9MjEmcz1VTklGSUVEX0xPR0lOqozznX2w0G1T2SU2ax2ckzmaD_M
Content-Length: 0
Set-Cookie: c=9ce14a35015563911a30; Domain=stats.paypal.com; expires=Fri, 19 Sep 2042 20:11:29 GMT; Path=/
Content-Type: application/octet-stream
Date: Sat, 24 Sep 2022 20:11:29 GMT
dub.stats.paypal.com/v1/counter2.cgi?r=cD1lMjc2NmRjZDhlMGQ0ZmI5OThmNDg5NmE4NDQ3OTdlNCZpPTc5LjEwNi4xMjYuMCZ0PTE1Mjk4NDcyMTcuNzgxJmE9MjEmcz1VTklGSUVEX0xPR0lOqozznX2w0G1T2SU2ax2ckzmaD_M
200 OK 42 B URL HTTP/1.1 dub.stats.paypal.com/v1/counter2.cgi?r=cD1lMjc2NmRjZDhlMGQ0ZmI5OThmNDg5NmE4NDQ3OTdlNCZpPTc5LjEwNi4xMjYuMCZ0PTE1Mjk4NDcyMTcuNzgxJmE9MjEmcz1VTklGSUVEX0xPR0lOqozznX2w0G1T2SU2ax2ckzmaD_M
IP
File type GIF image data, version 89a, 1 x 1\012- data
Hash accba0b69f352b4c9440f05891b015c5
9d01cc5dc8e042c0d4ad6cfb8b3ac38e84a5ef9f
47043e4823a6c21a8881de789b4185355330b5804629d23f6b43dd93f5265292
GET /v1/counter2.cgi?r=cD1lMjc2NmRjZDhlMGQ0ZmI5OThmNDg5NmE4NDQ3OTdlNCZpPTc5LjEwNi4xMjYuMCZ0PTE1Mjk4NDcyMTcuNzgxJmE9MjEmcz1VTklGSUVEX0xPR0lOqozznX2w0G1T2SU2ax2ckzmaD_M HTTP/1.1
Host: dub.stats.paypal.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://secures-pal.on.fleek.co/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Connection: close
Server: PayPal-B.Stats/1.0
Content-Type: image/jpeg
Content-Length: 42
Set-Cookie: c=1d1b25c385224b4b0616; Domain=stats.paypal.com; expires=Fri, 19 Sep 2042 20:11:29 GMT; Path=/
Date: Sat, 24 Sep 2022 20:11:29 GMT
c.paypal.com/v1/r/d/b/p1
200 OK 125 B IP
File type JSON data\012- , ASCII text, with no line terminators
Hash 40ab0103e5937a10bf271ab32c80db8f
571580d6888ee7d77dcc9631c8af0054510cfdf3
5a87c32896669733eb9666164cb6e11994de7478671791810c763497a69e7eb6
POST /v1/r/d/b/p1 HTTP/1.1
Host: c.paypal.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 920
Origin: https://c.paypal.com
Connection: keep-alive
Referer: https://c.paypal.com/v1/r/d/i?js_src=https://c.paypal.com/webstatic/r/fb/fb-all-prod.pp2.min.js
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: max-age=0, no-cache, no-store, must-revalidate
content-type: application/json
correlation-id: dc3ff74bf4c2c
date: Sat, 24 Sep 2022 20:11:28 GMT
p3p: policyref="/w3c/p3p.xml", CP="NON DSP COR ADM OUR IND COM"
paypal-debug-id: dc3ff74bf4c2c
server: ECAcc (frc/4CEE)
server-timing: content-encoding;desc="", x-cdn;desc="edgecast",edge;dur=281
set-cookie: sc_f=NPOOwXT6OuMGitU-N6riM4dmrGzGb_YyWIWhTH_ajYsHyBLxc7zSzTDgc_dBL_0C-051Trci9PO40aprJx-Ba-5OWw0cdjGiis6eym;Domain=c.paypal.com;Max-Age=157680000;Path=/;Secure;Version=1;Expires=Thu, 23-Sep-2027 13:11:29 GMT; HttpOnly
KHcl0EuY7AKSMgfvHl7J5E7hPtK=hWXnYAK_ebot8TvXGxGnMoxP8vOxr-GGWsL0WH8vE2BnrktPzwEjZucuY07wWt3xXOFdodd32O2B4B7q;Domain=.paypal.com;Max-Age=630720000;Path=/;Secure;Version=1;Expires=Fri, 19-Sep-2042 13:11:29 GMT; HttpOnly
l7_az=dcg02.phx; Path=/; Domain=paypal.com; Expires=Sat, 24 Sep 2022 20:41:29 GMT; HttpOnly; Secure
strict-transport-security: max-age=63072000; includeSubDomains; preload
timing-allow-origin: *
traceparent: 00-0000000000000000000dc3ff74bf4c2c-58ee44a4d4e27dc2-01
content-length: 125
X-Firefox-Spdy: h2
c6.paypal.com/v1/r/d/b/p3?f=e2766dcd8e0d4fb998f4896a844797e4&s=UNIFIED_LOGIN_INPUT_PASSWORD
200 OK 0 B URL HTTP/2 c6.paypal.com/v1/r/d/b/p3?f=e2766dcd8e0d4fb998f4896a844797e4&s=UNIFIED_LOGIN_INPUT_PASSWORD
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /v1/r/d/b/p3?f=e2766dcd8e0d4fb998f4896a844797e4&s=UNIFIED_LOGIN_INPUT_PASSWORD HTTP/1.1
Host: c6.paypal.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://c.paypal.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/2 200 OK
correlation-id: 801a71ab2f3c3
cache-control: max-age=0, no-cache, no-store, must-revalidate
paypal-debug-id: 801a71ab2f3c3
traceparent: 00-0000000000000000000801a71ab2f3c3-7ccf192f21c34177-01
accept-ranges: bytes
via: 1.1 varnish, 1.1 varnish
date: Sat, 24 Sep 2022 20:11:29 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-served-by: cache-hhn11556-HHN, cache-bma1669-BMA
x-cache: MISS, MISS
x-cache-hits: 0, 0
x-timer: S1664050290.520157,VS0,VE207
server-timing: content-encoding;desc="",x-cdn;desc="fastly"
timing-allow-origin: *
content-length: 0
X-Firefox-Spdy: h2
secures-pal.on.fleek.co/auth/createchallenge/1f7e67994640ab05/challenge.js
404 Not Found 205 B URL HTTP/2 secures-pal.on.fleek.co/auth/createchallenge/1f7e67994640ab05/challenge.js
IP
Hash 2eb0081af57e47bc8e2f68919f96473f
087c032983ceee003bc100918aa682daadcf93eb
bb33f576e5fab69d2e0ca740d76a12c82ffc5b3417ec30bf9b099b3a7db10103
Analyzer Verdict Alert openphish PayPal Inc.
GET /auth/createchallenge/1f7e67994640ab05/challenge.js HTTP/1.1
Host: secures-pal.on.fleek.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://secures-pal.on.fleek.co/
X-Requested-With: XMLHttpRequest
Connection: keep-alive
Cookie: __utma=155905004.1468018235.1653591318.1653591318.1653591318.1; __utmz=155905004.1653591318.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); intercom-id-k1pm16x3=4dd3663d-9110-458c-8b62-23c955bfa0e0
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
date: Sat, 24 Sep 2022 20:11:29 GMT
content-type: text/plain; charset=utf-8
cf-ray: 74fe2b63ada4b523-OSL
access-control-allow-origin: *
cache-control: max-age=10, stale-while-revalidate=600
expires: Sun, 25 Sep 2022 00:11:29 GMT
strict-transport-security: max-age=31536000; includeSubDomains
vary: Accept-Encoding
cf-cache-status: MISS
access-control-allow-methods: GET,HEAD,OPTIONS
access-control-max-age: 86400
content-security-policy: upgrade-insecure-requests
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
x-request-id: b6177636915e4312960ef664e448bb40
x-xss-protection: 0
server: cloudflare
content-encoding: gzip
X-Firefox-Spdy: h2
secures-pal.on.fleek.co/signin/client-log
404 Not Found 1.9 kB URL HTTP/2 secures-pal.on.fleek.co/signin/client-log
IP
Hash 196edb9fde4782037010d1fe0dbfecac
902382807e5730d014429450707055e03db56c3a
3be0424f97bd4aaa7637e5150af47b4a8bfa5dc500d979be5aeff8b87be790a3
Analyzer Verdict Alert openphish PayPal Inc.
POST /signin/client-log HTTP/1.1
Host: secures-pal.on.fleek.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://secures-pal.on.fleek.co/
X-Requested-With: XMLHttpRequest
Content-type: application/x-www-form-urlencoded
Content-Length: 561
Origin: https://secures-pal.on.fleek.co
Connection: keep-alive
Cookie: __utma=155905004.1468018235.1653591318.1653591318.1653591318.1; __utmz=155905004.1653591318.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); intercom-id-k1pm16x3=4dd3663d-9110-458c-8b62-23c955bfa0e0
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
date: Sat, 24 Sep 2022 20:11:29 GMT
content-type: text/plain; charset=utf-8
cf-ray: 74fe2b633d08b523-OSL
access-control-allow-origin: *
cache-control: max-age=10, stale-while-revalidate=600
expires: Sun, 25 Sep 2022 00:11:29 GMT
strict-transport-security: max-age=31536000; includeSubDomains
vary: Accept-Encoding
cf-cache-status: MISS
access-control-allow-methods: GET,HEAD,OPTIONS
access-control-max-age: 86400
content-security-policy: upgrade-insecure-requests
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
x-request-id: d09b210369f0128c2065e9c29f249c7a
x-xss-protection: 0
server: cloudflare
content-encoding: gzip
X-Firefox-Spdy: h2
secures-pal.on.fleek.co/signin/client-log
404 Not Found 1.6 kB URL HTTP/2 secures-pal.on.fleek.co/signin/client-log
IP
Hash 74029c0fc2b54594352d9acf87335eaf
2d1821ac258ae6ba7b8351b33133789cda2545af
6b517cd6a5291c3caa5a55c4994331f9324e2e17a086dbd72383e2021d1ac52d
Analyzer Verdict Alert openphish PayPal Inc.
POST /signin/client-log HTTP/1.1
Host: secures-pal.on.fleek.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://secures-pal.on.fleek.co/
X-Requested-With: XMLHttpRequest
Content-type: application/x-www-form-urlencoded
Content-Length: 931
Origin: https://secures-pal.on.fleek.co
Connection: keep-alive
Cookie: __utma=155905004.1468018235.1653591318.1653591318.1653591318.1; __utmz=155905004.1653591318.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); intercom-id-k1pm16x3=4dd3663d-9110-458c-8b62-23c955bfa0e0
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
date: Sat, 24 Sep 2022 20:11:29 GMT
content-type: text/plain; charset=utf-8
cf-ray: 74fe2b63adb8b523-OSL
access-control-allow-origin: *
age: 0
cache-control: max-age=10, stale-while-revalidate=600
expires: Sun, 25 Sep 2022 00:11:29 GMT
strict-transport-security: max-age=31536000; includeSubDomains
vary: Accept-Encoding
cf-cache-status: HIT
access-control-allow-methods: GET,HEAD,OPTIONS
access-control-max-age: 86400
content-security-policy: upgrade-insecure-requests
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
x-request-id: d09b210369f0128c2065e9c29f249c7a
x-xss-protection: 0
server: cloudflare
content-encoding: gzip
X-Firefox-Spdy: h2
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 7038cca95198779d8bb479045eb56652
e9dcf9451e849f4d55b0909b33a51bd0b1a35296
0fc47dba3f2789b7c509a4916b1fe3c7b6b30c6778e5354742256125730310f3
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0FC47DBA3F2789B7C509A4916B1FE3C7B6B30C6778E5354742256125730310F3"
Last-Modified: Fri, 23 Sep 2022 10:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6287
Expires: Sat, 24 Sep 2022 21:56:17 GMT
Date: Sat, 24 Sep 2022 20:11:30 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 7038cca95198779d8bb479045eb56652
e9dcf9451e849f4d55b0909b33a51bd0b1a35296
0fc47dba3f2789b7c509a4916b1fe3c7b6b30c6778e5354742256125730310f3
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0FC47DBA3F2789B7C509A4916B1FE3C7B6B30C6778E5354742256125730310F3"
Last-Modified: Fri, 23 Sep 2022 10:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6287
Expires: Sat, 24 Sep 2022 21:56:17 GMT
Date: Sat, 24 Sep 2022 20:11:30 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 7038cca95198779d8bb479045eb56652
e9dcf9451e849f4d55b0909b33a51bd0b1a35296
0fc47dba3f2789b7c509a4916b1fe3c7b6b30c6778e5354742256125730310f3
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0FC47DBA3F2789B7C509A4916B1FE3C7B6B30C6778E5354742256125730310F3"
Last-Modified: Fri, 23 Sep 2022 10:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6287
Expires: Sat, 24 Sep 2022 21:56:17 GMT
Date: Sat, 24 Sep 2022 20:11:30 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 7038cca95198779d8bb479045eb56652
e9dcf9451e849f4d55b0909b33a51bd0b1a35296
0fc47dba3f2789b7c509a4916b1fe3c7b6b30c6778e5354742256125730310f3
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0FC47DBA3F2789B7C509A4916B1FE3C7B6B30C6778E5354742256125730310F3"
Last-Modified: Fri, 23 Sep 2022 10:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6287
Expires: Sat, 24 Sep 2022 21:56:17 GMT
Date: Sat, 24 Sep 2022 20:11:30 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F76fa20bb-9883-4867-b55e-fc56c8f8fc57.jpeg
200 OK 6.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F76fa20bb-9883-4867-b55e-fc56c8f8fc57.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash d8d9af95acfc8b9b431eb1e020157f6d
f6f926be6e265a597aaede424f05fcd7c76fcc20
0b61d6cb0e0908cb8d303b9e951e2854166bd232e0291b5d698a6b757c064e88
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F76fa20bb-9883-4867-b55e-fc56c8f8fc57.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6386
x-amzn-requestid: 4380489e-d0ba-4f67-ac4f-67619ba34422
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Y7shGHryIAMF6zg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-632e27a0-005f9c783c7722f16c178026;Sampled=0
x-amzn-remapped-date: Fri, 23 Sep 2022 21:39:44 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: RuUOjTDRTkcaGFf_hTWrHZ89edOajgGUdl5PjbaUV7CUppat6IYsRg==
via: 1.1 49b94a8674d6e86a841d6523f7dbaf14.cloudfront.net (CloudFront), 1.1 e80693c02cfdfd081110512210d57840.cloudfront.net (CloudFront), 1.1 google
date: Fri, 23 Sep 2022 21:52:36 GMT
age: 80334
etag: "f6f926be6e265a597aaede424f05fcd7c76fcc20"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F85d1d130-04e1-43f4-81d7-b15e9286f813.jpeg
200 OK 8.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F85d1d130-04e1-43f4-81d7-b15e9286f813.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash e1087dcce202bbbc8c84196bd2050662
670d89082f8da643e1196b11fb64bf71707f0e8d
f6a7b6e07177431d7845e2f2b7b1b3b76088671db32aeef580a72e9bd3ddae00
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F85d1d130-04e1-43f4-81d7-b15e9286f813.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8354
x-amzn-requestid: 3ec3470c-2268-4102-af88-27dcfed76bfc
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Y7sPCGOcoAMF2xQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-632e272c-481aa98b413690636fc3a2f0;Sampled=0
x-amzn-remapped-date: Fri, 23 Sep 2022 21:37:48 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: dXqPCGTGK8gW86McTltPuNYKXQgUuSqcL_XbyRQitinH5LsUscmU2w==
via: 1.1 e291f351a18746d40754b367095a2872.cloudfront.net (CloudFront), 1.1 1481cc55c02c3a782ad420b6bac2cb32.cloudfront.net (CloudFront), 1.1 google
date: Fri, 23 Sep 2022 21:47:49 GMT
age: 80621
etag: "670d89082f8da643e1196b11fb64bf71707f0e8d"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd719f7db-20e1-4834-9525-3117f1824f36.webp
200 OK 10 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd719f7db-20e1-4834-9525-3117f1824f36.webp
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash aa150280eb113504d61a25935c0f0127
ed04f74fbb4c77b21e2babc51a82857f5e23d169
07df17fffb391aa82efb09e30d97e88fa4dbe6df00e37bb90304f69179f4848e
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd719f7db-20e1-4834-9525-3117f1824f36.webp HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10032
x-amzn-requestid: 521c4012-9834-4100-a7ed-30093502f1a9
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Y7sPBHGYoAMFh-Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-632e272c-77b03c321240d76a572d603a;Sampled=0
x-amzn-remapped-date: Fri, 23 Sep 2022 21:37:48 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: lAQOV9_fZ2RFvhRKMtDOeRTWJc-Jo1u-DrtJshcQuCSOUXVbNMjhaw==
via: 1.1 470e3fe246a660ba6ace67a79f78d246.cloudfront.net (CloudFront), 1.1 ee8246c5442dace7525c74f6a799bb46.cloudfront.net (CloudFront), 1.1 google
date: Fri, 23 Sep 2022 21:56:56 GMT
age: 80074
etag: "ed04f74fbb4c77b21e2babc51a82857f5e23d169"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb77ad616-c829-40b4-8b70-2be46252d64c.jpeg
200 OK 10 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb77ad616-c829-40b4-8b70-2be46252d64c.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 8ea5f06ad31f0cedd2cb5c6df82f35f4
60a83a1618ffae06e49ca3002bac1db9980dcfe8
5f6a4cb92c016ef0f229b11d727e9680a15b10782b5bfe9e66ad9d100b458d8d
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb77ad616-c829-40b4-8b70-2be46252d64c.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10279
x-amzn-requestid: 0f361c26-1f12-421a-9752-7d4fcdf839ac
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Y4V65GTXIAMF9-Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-632cd045-25677a637307879044de8242;Sampled=0
x-amzn-remapped-date: Thu, 22 Sep 2022 21:14:45 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: NcnEyVD-vG10pOpPCBMjKGqVw-rstkPIt-oqkIc5urAGE934fxL0VQ==
via: 1.1 0aebf3fe433ff96e68d785fad4ea4c0e.cloudfront.net (CloudFront), 1.1 476c2ba6d9f6cd69dbcedbd65688cbc0.cloudfront.net (CloudFront), 1.1 google
date: Sat, 24 Sep 2022 04:12:38 GMT
age: 57532
etag: "60a83a1618ffae06e49ca3002bac1db9980dcfe8"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffccf6ade-04f7-4d15-943c-bde343725d94.jpeg
200 OK 8.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffccf6ade-04f7-4d15-943c-bde343725d94.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 02a682b4703bb9d6381c762726c05531
1d7f7b4cfdd7425213a21afdd1d5a5d8d11d0e54
fb672de67420a239fe5d7e2588f640150ed29883fe2a46ded160385e3265004c
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffccf6ade-04f7-4d15-943c-bde343725d94.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8029
x-amzn-requestid: 2fc5c63d-5cef-42f4-a6d2-b55f51c57af6
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Y4Y0tHjGoAMFcFw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-632cd4ea-73f2f78a2d1ca8fc666d2571;Sampled=0
x-amzn-remapped-date: Thu, 22 Sep 2022 21:34:34 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: 7DX67a-HmEh76IorINvRU61AKtSiimdPnHFnYeR2OJezZJ1_mJq0MA==
via: 1.1 0aebf3fe433ff96e68d785fad4ea4c0e.cloudfront.net (CloudFront), 1.1 35575576af8067e30cfb17c6b9fde8e2.cloudfront.net (CloudFront), 1.1 google
date: Fri, 23 Sep 2022 21:59:08 GMT
age: 79942
etag: "1d7f7b4cfdd7425213a21afdd1d5a5d8d11d0e54"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd5039669-74cb-4d54-9208-94257c765b35.jpeg
200 OK 9.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd5039669-74cb-4d54-9208-94257c765b35.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 55d224ac83a417772c98bc5080fb6689
a30f9044330824e70dde0dcc785890d981e6fdf5
b2ea4dea200109019a65834b98e31e8fac718a199513810a2819858be2b4470a
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd5039669-74cb-4d54-9208-94257c765b35.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9935
x-amzn-requestid: 9eb8463d-172a-40a2-8eed-3c97b1260afe
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Y7sQ5FARoAMFXQQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-632e2738-3709a2f22ecc033532223b26;Sampled=0
x-amzn-remapped-date: Fri, 23 Sep 2022 21:38:00 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: e5eETCL5yFnoG4HPx0Qv8hjGnlXx5vOL4syMx9uato8nuIHkSvMezg==
via: 1.1 8f22423015641505b8c857a37450d6c0.cloudfront.net (CloudFront), 1.1 35575576af8067e30cfb17c6b9fde8e2.cloudfront.net (CloudFront), 1.1 google
date: Fri, 23 Sep 2022 21:53:50 GMT
age: 80260
etag: "a30f9044330824e70dde0dcc785890d981e6fdf5"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
c.paypal.com/v1/r/d/b/p2
200 OK 15 B IP
File type JSON data\012- , ASCII text, with no line terminators
Hash ba5b6723e9df7319a90175587a04bc4e
beaee247c79d096b01998af4f35eefaa512750c6
d44c1f2a6531d774fda6e6eba865f1ba8aed10f372fe97f395895a8a1e1fa2a5
POST /v1/r/d/b/p2 HTTP/1.1
Host: c.paypal.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 291
Origin: https://c.paypal.com
Connection: keep-alive
Referer: https://c.paypal.com/v1/r/d/i?js_src=https://c.paypal.com/webstatic/r/fb/fb-all-prod.pp2.min.js
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: max-age=0, no-cache, no-store, must-revalidate
content-type: application/json
correlation-id: 8f727b9499d20
date: Sat, 24 Sep 2022 20:11:29 GMT
p3p: policyref="/w3c/p3p.xml", CP="NON DSP COR ADM OUR IND COM"
paypal-debug-id: 8f727b9499d20
server: ECAcc (frc/4CD8)
server-timing: content-encoding;desc="", x-cdn;desc="edgecast",edge;dur=1185
strict-transport-security: max-age=63072000; includeSubDomains; preload
timing-allow-origin: *
traceparent: 00-00000000000000000008f727b9499d20-a14b2bae78ec3f3d-01
content-length: 15
X-Firefox-Spdy: h2
t.paypal.com/ts?v=1.7.1&t=1664050289422&g=0&pgrp=main%3Aunifiedlogin%3A%3A%3Alogin&page=main%3Aunifiedlogin%3A%3A%3Alogin%3A%3A%3A&tmpl=%2F%2Fc.paypal.&pgst=1529847217718&calc=24a8af95a8e6a&rsta=en_US&pgtf=Nodejs&env=live&s=ci&csci=e2766dcd8e0d4fb998f4896a844797e4&comp=unifiedloginnodeweb&tsrce=authnodeweb&transition_name=ss_prepare_pwd&xe=2322%2C3182%2C3966%2C2977%2C3862%2C3465&xt=5566%2C7594%2C9474%2C7132%2C9227%2C8254&ctx_login_ot_content=1&obex=signin&landing_page=login&state_name=begin_pwd&ctx_login_ctxid_fetch=ctxid-not-exist&ctx_login_content_fetch=success&ctx_login_lang_footer=shown&ctx_login_signup_btn=shown%7Cdefault&ctx_login_intent=signin&ctx_login_flow=Signin&ctx_login_state_transition=login_loaded&post_login_redirect=default&ret_url=%2F&event_name=c_paypal_cpl&t1=4&t1c=0&t1d=0&t1s=0&t2=12&t3=0&tt=16&protocol=h2&cdn=edgecast&view=%7B%22t10%22%3A4%2C%22t11%22%3A16%2C%22nt%22%3A%22res%22%7D&e=pf&3p_vid=38b29b2b70eb49bc&3p_fpti=1043ad1f1c1ac7e7
200 OK 42 B URL HTTP/2 t.paypal.com/ts?v=1.7.1&t=1664050289422&g=0&pgrp=main%3Aunifiedlogin%3A%3A%3Alogin&page=main%3Aunifiedlogin%3A%3A%3Alogin%3A%3A%3A&tmpl=%2F%2Fc.paypal.&pgst=1529847217718&calc=24a8af95a8e6a&rsta=en_US&pgtf=Nodejs&env=live&s=ci&csci=e2766dcd8e0d4fb998f4896a844797e4&comp=unifiedloginnodeweb&tsrce=authnodeweb&transition_name=ss_prepare_pwd&xe=2322%2C3182%2C3966%2C2977%2C3862%2C3465&xt=5566%2C7594%2C9474%2C7132%2C9227%2C8254&ctx_login_ot_content=1&obex=signin&landing_page=login&state_name=begin_pwd&ctx_login_ctxid_fetch=ctxid-not-exist&ctx_login_content_fetch=success&ctx_login_lang_footer=shown&ctx_login_signup_btn=shown%7Cdefault&ctx_login_intent=signin&ctx_login_flow=Signin&ctx_login_state_transition=login_loaded&post_login_redirect=default&ret_url=%2F&event_name=c_paypal_cpl&t1=4&t1c=0&t1d=0&t1s=0&t2=12&t3=0&tt=16&protocol=h2&cdn=edgecast&view=%7B%22t10%22%3A4%2C%22t11%22%3A16%2C%22nt%22%3A%22res%22%7D&e=pf&3p_vid=38b29b2b70eb49bc&3p_fpti=1043ad1f1c1ac7e7
IP
File type GIF image data, version 89a, 1 x 1\012- data
Hash b4682377ddfbe4e7dabfddb2e543e842
328e472721a93345801ed5533240eac2d1f8498c
6d8ba81d1b60a18707722a1f2b62dad48a6acced95a1933f49a68b5016620b93
GET /ts?v=1.7.1&t=1664050289422&g=0&pgrp=main%3Aunifiedlogin%3A%3A%3Alogin&page=main%3Aunifiedlogin%3A%3A%3Alogin%3A%3A%3A&tmpl=%2F%2Fc.paypal.&pgst=1529847217718&calc=24a8af95a8e6a&rsta=en_US&pgtf=Nodejs&env=live&s=ci&csci=e2766dcd8e0d4fb998f4896a844797e4&comp=unifiedloginnodeweb&tsrce=authnodeweb&transition_name=ss_prepare_pwd&xe=2322%2C3182%2C3966%2C2977%2C3862%2C3465&xt=5566%2C7594%2C9474%2C7132%2C9227%2C8254&ctx_login_ot_content=1&obex=signin&landing_page=login&state_name=begin_pwd&ctx_login_ctxid_fetch=ctxid-not-exist&ctx_login_content_fetch=success&ctx_login_lang_footer=shown&ctx_login_signup_btn=shown%7Cdefault&ctx_login_intent=signin&ctx_login_flow=Signin&ctx_login_state_transition=login_loaded&post_login_redirect=default&ret_url=%2F&event_name=c_paypal_cpl&t1=4&t1c=0&t1d=0&t1s=0&t2=12&t3=0&tt=16&protocol=h2&cdn=edgecast&view=%7B%22t10%22%3A4%2C%22t11%22%3A16%2C%22nt%22%3A%22res%22%7D&e=pf&3p_vid=38b29b2b70eb49bc&3p_fpti=1043ad1f1c1ac7e7 HTTP/1.1
Host: t.paypal.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://secures-pal.on.fleek.co/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
cache-control: max-age=0, no-cache, no-store, must-revalidate
content-type: image/gif
date: Sat, 24 Sep 2022 20:11:30 GMT
expires: Sat, 24 Sep 2022 20:11:30 GMT
p3p: policyref="https://t.paypal.com/w3c/p3p.xml",CP="CAO IND OUR SAM UNI STA COR COM"
paypal-debug-id: a094d75b1aa06
pragma: no-cache
server: ECAcc (frc/4C9D)
server-timing: content-encoding;desc="", x-cdn;desc="edgecast",edge;dur=186
set-cookie: ts=vreXpYrS%3D1758744690%26vteXpYrS%3D1664052090%26vr%3D1043ad1f1c1ac7e7%26vt%3D38b29b2b70eb49bc; Expires=Wed, 24 Sep 2025 20:11:30 GMT; Domain=.paypal.com; Path=/; Secure; HttpOnly
ts_c=vr%3D1043ad1f1c1ac7e7%26vt%3D38b29b2b70eb49bc; Expires=Wed, 24 Sep 2025 20:11:30 GMT; Domain=.paypal.com; Path=/; Secure
strict-transport-security: max-age=63072000; includeSubDomains; preload
timing-allow-origin: *
traceparent: 00-0000000000000000000a094d75b1aa06-187e89dc12bcf446-01
content-length: 42
X-Firefox-Spdy: h2
t.paypal.com/ts?v=1.7.1&t=1664050289420&g=0&pgrp=main%3Aunifiedlogin%3A%3A%3Alogin&page=main%3Aunifiedlogin%3A%3A%3Alogin%3A%3A%3A&tmpl=%2F%2Ft.paypal.&pgst=1529847217718&calc=24a8af95a8e6a&rsta=en_US&pgtf=Nodejs&env=live&s=ci&csci=e2766dcd8e0d4fb998f4896a844797e4&comp=unifiedloginnodeweb&tsrce=authnodeweb&transition_name=ss_prepare_pwd&xe=2322%2C3182%2C3966%2C2977%2C3862%2C3465&xt=5566%2C7594%2C9474%2C7132%2C9227%2C8254&ctx_login_ot_content=1&obex=signin&landing_page=login&state_name=begin_pwd&ctx_login_ctxid_fetch=ctxid-not-exist&ctx_login_content_fetch=success&ctx_login_lang_footer=shown&ctx_login_signup_btn=shown%7Cdefault&ctx_login_intent=signin&ctx_login_flow=Signin&ctx_login_state_transition=login_loaded&post_login_redirect=default&ret_url=%2F&event_name=t_paypal_cpl&t1=43&t1c=0&t1d=0&t1s=0&t2=188&t3=1&tt=232&protocol=h2&cdn=edgecast&view=%7B%22t10%22%3A43%2C%22t11%22%3A232%2C%22nt%22%3A%22res%22%7D&e=pf&3p_vid=38b29b2b70eb49bc&3p_fpti=1043ad1f1c1ac7e7
200 OK 42 B URL HTTP/2 t.paypal.com/ts?v=1.7.1&t=1664050289420&g=0&pgrp=main%3Aunifiedlogin%3A%3A%3Alogin&page=main%3Aunifiedlogin%3A%3A%3Alogin%3A%3A%3A&tmpl=%2F%2Ft.paypal.&pgst=1529847217718&calc=24a8af95a8e6a&rsta=en_US&pgtf=Nodejs&env=live&s=ci&csci=e2766dcd8e0d4fb998f4896a844797e4&comp=unifiedloginnodeweb&tsrce=authnodeweb&transition_name=ss_prepare_pwd&xe=2322%2C3182%2C3966%2C2977%2C3862%2C3465&xt=5566%2C7594%2C9474%2C7132%2C9227%2C8254&ctx_login_ot_content=1&obex=signin&landing_page=login&state_name=begin_pwd&ctx_login_ctxid_fetch=ctxid-not-exist&ctx_login_content_fetch=success&ctx_login_lang_footer=shown&ctx_login_signup_btn=shown%7Cdefault&ctx_login_intent=signin&ctx_login_flow=Signin&ctx_login_state_transition=login_loaded&post_login_redirect=default&ret_url=%2F&event_name=t_paypal_cpl&t1=43&t1c=0&t1d=0&t1s=0&t2=188&t3=1&tt=232&protocol=h2&cdn=edgecast&view=%7B%22t10%22%3A43%2C%22t11%22%3A232%2C%22nt%22%3A%22res%22%7D&e=pf&3p_vid=38b29b2b70eb49bc&3p_fpti=1043ad1f1c1ac7e7
IP
File type GIF image data, version 89a, 1 x 1\012- data
Hash b4682377ddfbe4e7dabfddb2e543e842
328e472721a93345801ed5533240eac2d1f8498c
6d8ba81d1b60a18707722a1f2b62dad48a6acced95a1933f49a68b5016620b93
GET /ts?v=1.7.1&t=1664050289420&g=0&pgrp=main%3Aunifiedlogin%3A%3A%3Alogin&page=main%3Aunifiedlogin%3A%3A%3Alogin%3A%3A%3A&tmpl=%2F%2Ft.paypal.&pgst=1529847217718&calc=24a8af95a8e6a&rsta=en_US&pgtf=Nodejs&env=live&s=ci&csci=e2766dcd8e0d4fb998f4896a844797e4&comp=unifiedloginnodeweb&tsrce=authnodeweb&transition_name=ss_prepare_pwd&xe=2322%2C3182%2C3966%2C2977%2C3862%2C3465&xt=5566%2C7594%2C9474%2C7132%2C9227%2C8254&ctx_login_ot_content=1&obex=signin&landing_page=login&state_name=begin_pwd&ctx_login_ctxid_fetch=ctxid-not-exist&ctx_login_content_fetch=success&ctx_login_lang_footer=shown&ctx_login_signup_btn=shown%7Cdefault&ctx_login_intent=signin&ctx_login_flow=Signin&ctx_login_state_transition=login_loaded&post_login_redirect=default&ret_url=%2F&event_name=t_paypal_cpl&t1=43&t1c=0&t1d=0&t1s=0&t2=188&t3=1&tt=232&protocol=h2&cdn=edgecast&view=%7B%22t10%22%3A43%2C%22t11%22%3A232%2C%22nt%22%3A%22res%22%7D&e=pf&3p_vid=38b29b2b70eb49bc&3p_fpti=1043ad1f1c1ac7e7 HTTP/1.1
Host: t.paypal.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://secures-pal.on.fleek.co/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
cache-control: max-age=0, no-cache, no-store, must-revalidate
content-type: image/gif
date: Sat, 24 Sep 2022 20:11:30 GMT
expires: Sat, 24 Sep 2022 20:11:30 GMT
p3p: policyref="https://t.paypal.com/w3c/p3p.xml",CP="CAO IND OUR SAM UNI STA COR COM"
paypal-debug-id: e61b2f34c89d4
pragma: no-cache
server: ECAcc (frc/4CC7)
server-timing: content-encoding;desc="", x-cdn;desc="edgecast",edge;dur=190
set-cookie: ts=vreXpYrS%3D1758744690%26vteXpYrS%3D1664052090%26vr%3D1043ad1f1c1ac7e7%26vt%3D38b29b2b70eb49bc; Expires=Wed, 24 Sep 2025 20:11:30 GMT; Domain=.paypal.com; Path=/; Secure; HttpOnly
ts_c=vr%3D1043ad1f1c1ac7e7%26vt%3D38b29b2b70eb49bc; Expires=Wed, 24 Sep 2025 20:11:30 GMT; Domain=.paypal.com; Path=/; Secure
strict-transport-security: max-age=63072000; includeSubDomains; preload
timing-allow-origin: *
traceparent: 00-0000000000000000000e61b2f34c89d4-a399aacbf2586a6f-01
content-length: 42
X-Firefox-Spdy: h2
secures-pal.on.fleek.co/
200 OK 0 B IP
Analyzer Verdict Alert openphish PayPal Inc.
GET / HTTP/1.1
Host: secures-pal.on.fleek.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Cookie: __utma=155905004.1468018235.1653591318.1653591318.1653591318.1; __utmz=155905004.1653591318.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); intercom-id-k1pm16x3=4dd3663d-9110-458c-8b62-23c955bfa0e0
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 200 OK
date: Sat, 24 Sep 2022 20:11:28 GMT
content-type: text/html
cf-ray: 74fe2b5cbb50b523-OSL
access-control-allow-origin: *
age: 8687
cache-control: max-age=10, stale-while-revalidate=600
expires: Sun, 25 Sep 2022 00:11:28 GMT
last-modified: Sat, 24 Sep 2022 09:43:57 GMT
strict-transport-security: max-age=31536000; includeSubDomains
vary: Accept-Encoding
cf-cache-status: HIT
access-control-allow-headers: Content-Type, Range, User-Agent, X-Requested-With
access-control-allow-methods: GET,HEAD,OPTIONS
access-control-expose-headers: Content-Range, X-Chunked-Output, X-Stream-Output
access-control-max-age: 86400
content-security-policy: upgrade-insecure-requests
referrer-policy: strict-origin-when-cross-origin
x-cache-status: HIT
x-content-type-options: nosniff
x-ipfs-path: /ipfs/bafybeibtr374hxhhixnvtzcgny4fcmi2lfjwni6dmjfkmmmooe6llakl6q/
x-request-id: a117bea50388efb0b33a45df7a8961f0
x-xss-protection: 0
server: cloudflare
content-encoding: gzip
X-Firefox-Spdy: h2
104.18.7.145
34.117.237.239
151.101.85.35
104.18.6.145
93.184.220.29
23.36.76.226