{"report_id":"fbd88f00-ee06-42c6-b7f1-861635c08564","version":6,"status":"done","tags":["paypal","phishing","financial"],"date":"2026-03-25T15:24:07Z","url":{"schema":"http","addr":"paypal.com-authenticator.site","fqdn":"paypal.com-authenticator.site","domain":"com-authenticator.site","tld":"site"},"ip":{"addr":"103.183.75.145","port":0,"asn":136052,"as":"PT Cloud Hosting Indonesia","country":"Indonesia","country_code":"ID"},"final":{"url":{"schema":"http","addr":"paypal.com-authenticator.site/signin/","fqdn":"paypal.com-authenticator.site","domain":"com-authenticator.site","tld":"site"},"title":"Log in to your PayPal account","dom":{"size":39,"mime_type":"text/html; charset=utf-8","magic":"HTML document, ASCII text, with no line terminators","md5":"086707e4369f60afedcafb16050a7618","sha1":"8216b0cc6876cbd44f01c158e7dff3833ceccd41","sha256":"a7fe83ec64bb23eb28090598db3d166ed98e52e39d1afbbfd74c579553f93e4e","sha512":"aade21843813e2cab329b99185c6f61db7907a556ea974e0315dcf3ad967cab20fee66d4f10db0d0ec43a71e086ce6d700d5524103deaefa3ce5f6be74ba5737","ssdeep":"","tlshash":"6a9000fee0a2000efc303bc00cc2238a0c28c3a830028e002ac038b8c80822bcc032c8","dom_hash":"domhash1f07f384c75181c66badb60ab1ec770b","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"paypal.com-authenticator.site","fqdn":"paypal.com-authenticator.site","domain":"com-authenticator.site","tld":"site"},"ip":{"addr":"103.183.75.145","port":0,"asn":136052,"as":"PT Cloud Hosting Indonesia","country":"Indonesia","country_code":"ID"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-04-29T15:24:07Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":3,"urlquery":2,"analyzer":0}},"detection":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-03-25T15:23:50Z","timestamp":1774452230,"ip_dst":{"addr":"Client IP","port":59518,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"103.183.75.145","port":80,"asn":136052,"as":"PT Cloud Hosting Indonesia","country":"Indonesia","country_code":"ID"},"severity":"medium","alert":"ET PHISHING Possible Paypal Phishing Landing - Title over non SSL","source":"{\"timestamp\":\"2026-03-25T15:23:50.068799+0000\",\"flow_id\":1063150401046222,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"103.183.75.145\",\"src_port\":80,\"dest_ip\":\"172.18.0.2\",\"dest_port\":59518,\"proto\":\"TCP\",\"tx_id\":2,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2024391,\"rev\":5,\"signature\":\"ET PHISHING Possible Paypal Phishing Landing - Title over non SSL\",\"category\":\"Possible Social Engineering Attempted\",\"severity\":2,\"metadata\":{\"affected_product\":[\"Web_Browsers\"],\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"Medium\"],\"created_at\":[\"2017_06_16\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Minor\"],\"tag\":[\"Phishing\"],\"updated_at\":[\"2020_11_17\"]}},\"http\":{\"hostname\":\"paypal.com-authenticator.site\",\"url\":\"/signin/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":10078},\"files\":[{\"filename\":\"/signin/\",\"sid\":[],\"gaps\":false,\"state\":\"CLOSED\",\"stored\":false,\"size\":29495,\"tx_id\":2}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":15,\"pkts_toclient\":14,\"bytes_toserver\":2253,\"bytes_toclient\":11768,\"start\":\"2026-03-25T15:23:43.739022+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-03-25T15:23:51Z","timestamp":1774452231,"ip_dst":{"addr":"103.183.75.145","port":80,"asn":136052,"as":"PT Cloud Hosting Indonesia","country":"Indonesia","country_code":"ID"},"ip_src":{"addr":"Client IP","port":43346,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"high","alert":"ET PHISHING Successful Paypal Phish Oct 16 2017","source":"{\"timestamp\":\"2026-03-25T15:23:51.754825+0000\",\"flow_id\":1907523792033902,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.2\",\"src_port\":43346,\"dest_ip\":\"103.183.75.145\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.genericphish\"]},\"tx_id\":2,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2024846,\"rev\":4,\"signature\":\"ET PHISHING Successful Paypal Phish Oct 16 2017\",\"category\":\"Successful Credential Theft Detected\",\"severity\":1,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"Medium\"],\"created_at\":[\"2017_10_16\"],\"deployment\":[\"Perimeter\"],\"mitre_tactic_id\":[\"TA0001\"],\"mitre_tactic_name\":[\"Initial_Access\"],\"mitre_technique_id\":[\"T1566\"],\"mitre_technique_name\":[\"Phishing\"],\"signature_severity\":[\"Critical\"],\"tag\":[\"Phishing\"],\"updated_at\":[\"2020_08_24\"]}},\"http\":{\"hostname\":\"paypal.com-authenticator.site\",\"url\":\"/signin/challenge/sms\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_refer\":\"http://paypal.com-authenticator.site/signin/\",\"http_method\":\"POST\",\"protocol\":\"HTTP/1.1\",\"status\":302,\"redirect\":\"signin\",\"length\":9},\"files\":[{\"filename\":\"/signin/challenge/sms\",\"sid\":[],\"gaps\":false,\"state\":\"CLOSED\",\"stored\":false,\"size\":408,\"tx_id\":2}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":7,\"pkts_toclient\":7,\"bytes_toserver\":4034,\"bytes_toclient\":1055,\"start\":\"2026-03-25T15:23:50.022638+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-03-25T15:23:51Z","timestamp":1774452231,"ip_dst":{"addr":"103.183.75.145","port":80,"asn":136052,"as":"PT Cloud Hosting Indonesia","country":"Indonesia","country_code":"ID"},"ip_src":{"addr":"Client IP","port":43346,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"high","alert":"ETPRO PHISHING Successful Paypal Phish M1 Mar 07 2017","source":"{\"timestamp\":\"2026-03-25T15:23:51.754825+0000\",\"flow_id\":1907523792033902,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.2\",\"src_port\":43346,\"dest_ip\":\"103.183.75.145\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.genericphish\"]},\"tx_id\":2,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2825252,\"rev\":4,\"signature\":\"ETPRO PHISHING Successful Paypal Phish M1 Mar 07 2017\",\"category\":\"Successful Credential Theft Detected\",\"severity\":1,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"Medium\"],\"created_at\":[\"2017_03_07\"],\"deployment\":[\"Perimeter\"],\"mitre_tactic_id\":[\"TA0001\"],\"mitre_tactic_name\":[\"Initial_Access\"],\"mitre_technique_id\":[\"T1566\"],\"mitre_technique_name\":[\"Phishing\"],\"signature_severity\":[\"Critical\"],\"tag\":[\"Phishing\"],\"updated_at\":[\"2020_08_10\"]}},\"http\":{\"hostname\":\"paypal.com-authenticator.site\",\"url\":\"/signin/challenge/sms\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_refer\":\"http://paypal.com-authenticator.site/signin/\",\"http_method\":\"POST\",\"protocol\":\"HTTP/1.1\",\"status\":302,\"redirect\":\"signin\",\"length\":9},\"files\":[{\"filename\":\"/signin/challenge/sms\",\"sid\":[],\"gaps\":false,\"state\":\"CLOSED\",\"stored\":false,\"size\":408,\"tx_id\":2}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":7,\"pkts_toclient\":7,\"bytes_toserver\":4034,\"bytes_toclient\":1055,\"start\":\"2026-03-25T15:23:50.022638+0000\"}}"}],"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - PayPal","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with PayPal phishing","tags":["paypal","phishing","financial"],"meta":null},{"sensor_name":"urlquery","alert":"Phishing - PayPal","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with PayPal phishing","tags":["paypal","phishing","financial"],"meta":null}]},"summary":[{"fqdn":"www.paypalobjects.com","ip":{"addr":"172.64.153.163","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2005-05-12","domain_rank":19317,"first_seen":"2012-05-30T06:40:21Z","last_seen":"2026-03-18T17:02:10.364836Z","alert_count":0,"request_count":18,"received_data":1317515,"sent_data":8921,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"ddbm2.paypal.com","ip":{"addr":"3.167.2.80","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"domain_registered":"1999-07-15","domain_rank":103210,"first_seen":"2024-09-21T09:17:10Z","last_seen":"2026-03-24T02:47:07.275885Z","alert_count":0,"request_count":3,"received_data":134154,"sent_data":1548,"comment":"","tags":null,"fingerprints":[{"name":"DataDome","description":"DataDome is a cybersecurity platform that specialises in bot protection and mitigation, offering advanced solutions to safeguard websites and mobile applications against malicious bot traffic, credential stuffing, scraping, and other automated threats.","website":"https://datadome.co","common_platform_enumeration":"","icon":"DataDome.svg","categories":["Security"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Amazon S3","description":"Amazon S3 or Amazon Simple Storage Service is a service offered by Amazon Web Services (AWS) that provides object storage through a web service interface.","website":"https://aws.amazon.com/s3/","common_platform_enumeration":"","icon":"Amazon S3.svg","categories":["CDN"]}]},{"fqdn":"b.stats.paypal.com","ip":{"addr":"34.147.177.40","port":443,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"United Kingdom","country_code":"GB"},"domain_registered":"1999-07-15","domain_rank":39745,"first_seen":"2012-06-19T14:03:33Z","last_seen":"2026-03-25T13:25:56.366717Z","alert_count":0,"request_count":1,"received_data":518,"sent_data":602,"comment":"","tags":null,"fingerprints":[{"name":"Apache Traffic Server:1.0","description":"Apache Traffic Server is an open-source caching and proxying server that serves as an HTTP/1.1 and HTTP/2 reverse proxy with caching capabilities, load balancing, request routing, SSL termination, and support for advanced HTTP features.","website":"https://trafficserver.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:traffic_server:*:*:*:*:*:*:*:*","icon":"Apache Traffic Server.svg","categories":["Web servers"]}]},{"fqdn":"paypalobjects.com","ip":{"addr":"162.159.141.96","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2005-05-12","domain_rank":5147,"first_seen":"2012-05-25T12:02:34Z","last_seen":"2026-03-23T17:51:52.07326Z","alert_count":0,"request_count":1,"received_data":27208,"sent_data":455,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"browser-intake-us5-datadoghq.com","ip":{"addr":"34.149.66.154","port":443,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"United States","country_code":"US"},"domain_registered":"2021-09-06","domain_rank":9307,"first_seen":"2023-02-04T11:43:09Z","last_seen":"2026-03-20T20:07:12.655961Z","alert_count":0,"request_count":2,"received_data":840,"sent_data":1626,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"c6.paypal.com","ip":{"addr":"151.101.193.35","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"domain_registered":"1999-07-15","domain_rank":56317,"first_seen":"2015-06-30T10:55:45Z","last_seen":"2026-03-24T04:16:43.611283Z","alert_count":0,"request_count":1,"received_data":744,"sent_data":518,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Varnish","description":"Varnish is a reverse caching proxy.","website":"https://www.varnish-cache.org","common_platform_enumeration":"cpe:2.3:a:varnish-software:varnish_cache:*:*:*:*:*:*:*:*","icon":"Varnish.svg","categories":["Caching"]}]},{"fqdn":"d.paypal.com","ip":{"addr":"108.157.229.63","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"domain_registered":"1999-07-15","domain_rank":0,"first_seen":"2026-03-25T15:24:11.575387Z","last_seen":"2026-03-25T15:24:11.575387Z","alert_count":0,"request_count":10,"received_data":2855065,"sent_data":5826,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Amazon S3","description":"Amazon S3 or Amazon Simple Storage Service is a service offered by Amazon Web Services (AWS) that provides object storage through a web service interface.","website":"https://aws.amazon.com/s3/","common_platform_enumeration":"","icon":"Amazon S3.svg","categories":["CDN"]}]},{"fqdn":"c.paypal.com","ip":{"addr":"151.101.65.21","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"domain_registered":"1999-07-15","domain_rank":46477,"first_seen":"2014-10-07T12:10:39Z","last_seen":"2026-03-23T21:51:39.181648Z","alert_count":0,"request_count":4,"received_data":74022,"sent_data":6716,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Varnish","description":"Varnish is a reverse caching proxy.","website":"https://www.varnish-cache.org","common_platform_enumeration":"cpe:2.3:a:varnish-software:varnish_cache:*:*:*:*:*:*:*:*","icon":"Varnish.svg","categories":["Caching"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"lhr.stats.paypal.com","ip":{"addr":"34.147.177.40","port":443,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"United Kingdom","country_code":"GB"},"domain_registered":"1999-07-15","domain_rank":275269,"first_seen":"2024-01-24T06:54:39Z","last_seen":"2026-03-25T13:25:56.243821Z","alert_count":0,"request_count":1,"received_data":299,"sent_data":605,"comment":"","tags":null,"fingerprints":[{"name":"Apache Traffic Server:1.0","description":"Apache Traffic Server is an open-source caching and proxying server that serves as an HTTP/1.1 and HTTP/2 reverse proxy with caching capabilities, load balancing, request routing, SSL termination, and support for advanced HTTP features.","website":"https://trafficserver.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:traffic_server:*:*:*:*:*:*:*:*","icon":"Apache Traffic Server.svg","categories":["Web servers"]}]},{"fqdn":"paypal.com-authenticator.site","ip":{"addr":"103.183.75.145","port":80,"asn":136052,"as":"PT Cloud Hosting Indonesia","country":"Indonesia","country_code":"ID"},"domain_registered":"2026-03-25","domain_rank":0,"first_seen":"2026-03-25T15:24:11.564399Z","last_seen":"2026-03-25T15:24:11.564399Z","alert_count":50,"request_count":48,"received_data":37806,"sent_data":24887,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Bootstrap","description":"Bootstrap is a free and open-source CSS framework directed at responsive, mobile-first front-end web development. It contains CSS and JavaScript-based design templates for typography, forms, buttons, navigation, and other interface components.","website":"https://getbootstrap.com","common_platform_enumeration":"cpe:2.3:a:getbootstrap:bootstrap:*:*:*:*:*:*:*:*","icon":"Bootstrap.svg","categories":["UI frameworks"]},{"name":"PayPal","description":"PayPal is an online payments system that supports online money transfers and serves as an electronic alternative to traditional paper methods like checks and money orders.","website":"https://paypal.com","common_platform_enumeration":"cpe:2.3:a:paypal:paypal:*:*:*:*:*:*:*:*","icon":"PayPal.svg","categories":["Payment processors"]},{"name":"Modernizr","description":"Modernizr is a JavaScript library that detects the features available in a user's browser.","website":"https://modernizr.com","common_platform_enumeration":"","icon":"Modernizr.svg","categories":["JavaScript libraries"]}]},{"fqdn":"t.paypal.com","ip":{"addr":"172.64.152.85","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"1999-07-15","domain_rank":56312,"first_seen":"2012-06-27T13:49:38Z","last_seen":"2026-03-23T23:00:35.38386Z","alert_count":0,"request_count":2,"received_data":2711,"sent_data":2810,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - PayPal","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with PayPal phishing","tags":["paypal","phishing","financial"],"meta":null}]},"javascript":{"script":[{"url":{"schema":"https","addr":"paypalobjects.com/ae/0.16.0/atomic-events-dom/index.js","fqdn":"paypalobjects.com","domain":"paypalobjects.com","tld":"com"},"ip":{"addr":"162.159.141.96","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"0cfbf0dfa4fad9557df4e3b9493dbae0","sha1":"ec927e269619d74d48ed05831ccade5caa580a3c","sha256":"7f083991dcd0f426a91fef258e7a1ce9a3b58c1ad459fb3a9a5cec584a06b1c7","sha512":"fe32e67032b6f63149aa98b92405ba7029c69e611c8f4e2a3222fe3b2864e5eba4f03f349fdeda3de34a07d926645bf48dde2fe14a702be8494b712790e86f59","ssdeep":"768:itXrcGGWoQyfKjEjysmEtPtqJNR0pRIhX0AuQqC6dXBM6kpeSbWV18ktPw:MASmpOhEI","tlshash":"e1c2faccf751b0612ae752a1947b1213e2307fa9708f4051e4698daa3eb15cfe23bb5d","size":26972,"data":"","first_seen":"2024-12-03T09:01:11.359963Z","last_seen":"2026-06-03T08:38:58.306184Z","times_seen":259,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ddbm2.paypal.com/tags.js","fqdn":"ddbm2.paypal.com","domain":"paypal.com","tld":"com"},"ip":{"addr":"3.167.2.80","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"2dfc66f422003d5312c6bf109a5f52ab","sha1":"9685b9941ca964705c2394f467d2cabbafa537c7","sha256":"184facb81dfee591d7fa0c48551bd7bb27ae2d6031311f80926f4873bc01a6a7","sha512":"6bb69812a62eefb53a064ee52ac2454b675dae89abcf16f67638a6f3a75637519f21ec9e3b00f1f8d81d4112eaac6d3a96c5950cc2e329f1b18ae17060368f39","ssdeep":"3072:oLxJBf1UlgC4O9pBxv16geM9FAp1jst5+mL5kOus72YR:oLxJBfqeoBSM9FAp1jst5T72YR","tlshash":"6fd3e78237cdb83c06524972179f7743f027af31689c7271d9b0c7a72464a6e5a8fda8","size":132035,"data":"","first_seen":"2026-03-25T10:24:01.891912Z","last_seen":"2026-04-01T02:12:03.887187Z","times_seen":351,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.paypalobjects.com/pa/js/min/pa.js","fqdn":"www.paypalobjects.com","domain":"paypalobjects.com","tld":"com"},"ip":{"addr":"172.64.153.163","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"bb25b10981a6333f135c2278afb179a4","sha1":"6503cdbda2039e13cd55d4ff0dc61235c92d4563","sha256":"fae4b858a4efba7ef920a6fda59d4207224ec488e49e16c73ec013b8daf89370","sha512":"dea76e445e48ff1fdaa036b93033da83c49e3307079640c5b3f64edb456c0a51aafa30807ac1bd56e7de5f67684af0f0375663ced815bb58ae70b95116d81e01","ssdeep":"1536:SM/FcQ1vmwdRWDp40xUKvVCceu8TFgAjhD/+xXatu+RJW:SDxpNI+z+RM","tlshash":"3963299c72d1b03747ab1071416f120bb2363d65780bc4d0d62ae5d47db8a8f92abfad","size":71326,"data":"","first_seen":"2025-05-28T18:02:03.444624Z","last_seen":"2026-04-20T23:47:32.76872Z","times_seen":940,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.paypalobjects.com/webcaptcha/grcenterprise_v3_static.html","fqdn":"www.paypalobjects.com","domain":"paypalobjects.com","tld":"com"},"ip":{"addr":"172.64.153.163","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"29b123d1d89fefb7ff8070d3841041fd","sha1":"afff186e9ed35e371b4a955ee5ef37d6de50ff01","sha256":"88a70c64b9a59b3d350dc2ad55593c7af174ffd111a36f4863415463453134d9","sha512":"334015e648c947d7c2c0aa6e079237ddd52e17df7827c0f9804056923ca1e84dc427cba84941326c14fbcc102d696144aabafa6948df6fdb394c9a2a5808301d","ssdeep":"192:6atC/3tqt2mZh9rZT+HhbcGNBD7pc/sK7vOavMT:O/3otbZhJh0FesK7Y","tlshash":"5dd151ceff8c11178669120d662a34c9603ee07a6c16dcebfc7cae952360d7e522565c","size":6383,"data":"","first_seen":"2024-09-02T00:52:14Z","last_seen":"2026-05-01T14:56:46.438909Z","times_seen":242,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"d.paypal.com/cdn/ca/jquery-3.6.1.min.js","fqdn":"d.paypal.com","domain":"paypal.com","tld":"com"},"ip":{"addr":"108.157.229.63","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"94556f0a66040b01a796c1149ad80d8e","sha1":"a5b5e72cf6e1620f2fe4d0476a240c926b3cf53a","sha256":"3beb83466b571e5fd7f3792911a5b6b3b4809c468b0d12ac0af2a3fadd1598ef","sha512":"65a14e51f093d85de4aa833f5a48f9e2f0e9ed4a3205529612e2e2097e9adcc73128c46f765a1c56fa29b27e217b785969cba10c154526926d228425cc9436ae","ssdeep":"12288:GKCmV93pvQycHdwcqIod/0QugTYaKoFVC5+woHSDXo1FIzAMsrUcJDBXGCfwhqED:HVsWcq//XIaKojV7UBGVa","tlshash":"10d5b1d867d5e51b67cd0e43fe11affa017a966790c87207c3a8ba8d14f924bc5a8cc4","size":2829628,"data":"","first_seen":"2026-03-25T15:24:15.933478Z","last_seen":"2026-03-25T15:24:15.933478Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.paypalobjects.com/webcaptcha/grcenterprise_v3_static.js","fqdn":"www.paypalobjects.com","domain":"paypalobjects.com","tld":"com"},"ip":{"addr":"172.64.153.163","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"5e1ef31fca217880cb587a759e88e01c","sha1":"a35c2350f4787c2597a71d70f4f62f3bb31beee6","sha256":"f3628ea791958b87da4e82ac9a0f85295b784ea0b3da83c160d70d0375474e7f","sha512":"cda93772843216ff3f8da40aaba3ac21f2c5afef9d334437b308ff446b1e78524ac901eace2958fcd736da0264ab612c1b08e724646cf589c3da52906d20e761","ssdeep":"192:oHXo3pSWlyiuzvCyBoIQo/ZbTHvUMfItoa39SrWM8N6fG:QopqvCyR/ZbTHvUMfItoa39K8NMG","tlshash":"c8d1a35c3db320a580abe62d9beb55047077a11b284fcc10befc59847f24eb925a57ec","size":6252,"data":"","first_seen":"2025-06-17T21:57:42.551971Z","last_seen":"2026-06-03T08:29:10.202176Z","times_seen":182,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"paypal.com-authenticator.site/signin/","fqdn":"paypal.com-authenticator.site","domain":"com-authenticator.site","tld":"site"},"ip":{"addr":"103.183.75.145","port":80,"asn":136052,"as":"PT Cloud Hosting Indonesia","country":"Indonesia","country_code":"ID"},"introduction_type":"scriptElement","is_inline":true,"md5":"023a6f4572cb9601e6ff9ee8bd926a4e","sha1":"76c4faa66578574a26b6629860ecb650684f2d77","sha256":"e032e030d7e28061743223402f84a498325496ea8e1d1abfe57dc3ebf04cc981","sha512":"c30a55b3cea2a077cc7a0b82790129f5474281d86a455e7cf4ae27a5be87e020c2083e775f00609f65bbd5189af1933855edeebdb8257115989b9029193d4858","ssdeep":"","tlshash":"34e07dd2931c6232ce699701dfbeb2c5683de11569104573ec9a009ad15e52fe0c1cdd","size":327,"data":"","first_seen":"2026-03-25T15:24:15.934896Z","last_seen":"2026-04-01T01:54:21.337705Z","times_seen":6,"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-03-25T15:23:50Z","timestamp":1774452230,"ip_dst":{"addr":"172.18.0.2","port":59518,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"103.183.75.145","port":80,"asn":136052,"as":"PT Cloud Hosting Indonesia","country":"Indonesia","country_code":"ID"},"severity":"medium","alert":"ET PHISHING Possible Paypal Phishing Landing - Title over non SSL","source":"{\"timestamp\":\"2026-03-25T15:23:50.068799+0000\",\"flow_id\":1063150401046222,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"103.183.75.145\",\"src_port\":80,\"dest_ip\":\"172.18.0.2\",\"dest_port\":59518,\"proto\":\"TCP\",\"tx_id\":2,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2024391,\"rev\":5,\"signature\":\"ET PHISHING Possible Paypal Phishing Landing - Title over non SSL\",\"category\":\"Possible Social Engineering Attempted\",\"severity\":2,\"metadata\":{\"affected_product\":[\"Web_Browsers\"],\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"Medium\"],\"created_at\":[\"2017_06_16\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Minor\"],\"tag\":[\"Phishing\"],\"updated_at\":[\"2020_11_17\"]}},\"http\":{\"hostname\":\"paypal.com-authenticator.site\",\"url\":\"/signin/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":10078},\"files\":[{\"filename\":\"/signin/\",\"sid\":[],\"gaps\":false,\"state\":\"CLOSED\",\"stored\":false,\"size\":29495,\"tx_id\":2}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":15,\"pkts_toclient\":14,\"bytes_toserver\":2253,\"bytes_toclient\":11768,\"start\":\"2026-03-25T15:23:43.739022+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"paypal.com-authenticator.site/signin/","fqdn":"paypal.com-authenticator.site","domain":"com-authenticator.site","tld":"site"},"ip":{"addr":"103.183.75.145","port":80,"asn":136052,"as":"PT Cloud Hosting Indonesia","country":"Indonesia","country_code":"ID"},"introduction_type":"scriptElement","is_inline":true,"md5":"2f047c81e01c7b9e7300e24e759c2651","sha1":"1665103ea44701b65ce6a80041cfaa5db5f57dd7","sha256":"e4998840423a5a1702b5a5135affad7c5673a95d93a2d7df3232e5c48962b83f","sha512":"5691e8bb26d14418b0419639eeae6342bde0c2186d0efec0da2ad0fcdc419a09de44d2bf637803db31ac7a47f28622150c0c8d965560a61428e667669279d83c","ssdeep":"","tlshash":"31e0d8efb7c9303035d2283d063510f8243e5cb6689555f7bc49c0b41065ded43db968","size":371,"data":"","first_seen":"2026-03-25T15:24:15.936092Z","last_seen":"2026-04-01T01:54:21.338386Z","times_seen":6,"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-03-25T15:23:50Z","timestamp":1774452230,"ip_dst":{"addr":"172.18.0.2","port":59518,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"103.183.75.145","port":80,"asn":136052,"as":"PT Cloud Hosting Indonesia","country":"Indonesia","country_code":"ID"},"severity":"medium","alert":"ET PHISHING Possible Paypal Phishing Landing - Title over non SSL","source":"{\"timestamp\":\"2026-03-25T15:23:50.068799+0000\",\"flow_id\":1063150401046222,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"103.183.75.145\",\"src_port\":80,\"dest_ip\":\"172.18.0.2\",\"dest_port\":59518,\"proto\":\"TCP\",\"tx_id\":2,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2024391,\"rev\":5,\"signature\":\"ET PHISHING Possible Paypal Phishing Landing - Title over non SSL\",\"category\":\"Possible Social Engineering Attempted\",\"severity\":2,\"metadata\":{\"affected_product\":[\"Web_Browsers\"],\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"Medium\"],\"created_at\":[\"2017_06_16\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Minor\"],\"tag\":[\"Phishing\"],\"updated_at\":[\"2020_11_17\"]}},\"http\":{\"hostname\":\"paypal.com-authenticator.site\",\"url\":\"/signin/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":10078},\"files\":[{\"filename\":\"/signin/\",\"sid\":[],\"gaps\":false,\"state\":\"CLOSED\",\"stored\":false,\"size\":29495,\"tx_id\":2}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":15,\"pkts_toclient\":14,\"bytes_toserver\":2253,\"bytes_toclient\":11768,\"start\":\"2026-03-25T15:23:43.739022+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.paypalobjects.com/martech/tm/paypal/mktconf.js","fqdn":"www.paypalobjects.com","domain":"paypalobjects.com","tld":"com"},"ip":{"addr":"172.64.153.163","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"41fd361c3cd7936b117064656762915a","sha1":"48608a93e85772b898dafb502e5410dc20a33ddb","sha256":"aa704dc883bff8f01bb0f51b59e8b63381230c357cbc4d4d59d5f4d9c7f35ec2","sha512":"50fe09c2b4296a5ebc5d03e673f6367be77bc91a37fce781e65e2353ec83b3d93840f9653f04d0bbaaae3299c5d8cdd7ba997e1001f1d47271ed5280964c0baa","ssdeep":"3072:IEO3c0xDRI4Q1QGQRQDEpqFZZyT1Tp4iqukyV:ID1+z4qhkBp4iqunV","tlshash":"9b8493c8c8b45daf0d7fdf44ae5f9a2420242ba84b8a4811b7d47f7a07571db29ca7c4","size":392244,"data":"","first_seen":"2026-03-24T04:54:42.730646Z","last_seen":"2026-03-27T13:08:29.201473Z","times_seen":14,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"c.paypal.com/da/r/fb_fp.js","fqdn":"c.paypal.com","domain":"paypal.com","tld":"com"},"ip":{"addr":"151.101.65.21","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"83460ee68674e034c9745595fef3ee10","sha1":"4a13be73c117342bca2093cb9affbd330713818d","sha256":"d4450318a5b9f75b4a458ae427e3152216cb85e91720c320a6aa27fc38a692ab","sha512":"633601c276ee936ddb3ac65238a51396b5444c20c8dbead22394d866b8e6ddf041896431fb67a263c1a3ac2d8ea27e20195aa26503bc732c448f2c9c3b91fca7","ssdeep":"1536:8MUlVnIULG1Rz1kOv/Gqxsxi+kbQgVGWxqFf6kAE8uqzttHrPJF:8MUlVnIULGGClxV+kBVGKqq/ttHrPJF","tlshash":"436319cfb6087416067329eab42f5215b5366314a88ee458b16bf5913cace877323f7c","size":70593,"data":"","first_seen":"2025-12-02T12:04:51.110885Z","last_seen":"2026-03-25T15:24:15.925405Z","times_seen":52,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"d.paypal.com/cdn/ca/home-stat.js?a=9f89c84a559f573636a47ff8daed0d33","fqdn":"d.paypal.com","domain":"paypal.com","tld":"com"},"ip":{"addr":"108.157.229.63","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"e4452d5ac5771ef27e1425e541f7b1d3","sha1":"b38d9ffff1f6a671bb358c08fc1af17091f6b6c7","sha256":"5bb7cbd5e7b3f0fe6ecdbb2014d1547efdb841897a41b761fec472eec917ab1c","sha512":"1aff002a32684cff84fda4e59d7f3868ed8b23789d12f59b518096cc3842009e44267d1eda3e8c47f0e3bea7c0ed27e5fc7eceb3b0baf62aa0b82c4672ec8d66","ssdeep":"96:ZMktelJj+yoMtV6Y1kXpRAjrnf3GzRiJz30sU:6vJj+jMLNApujrnf3aW30sU","tlshash":"2fb1c2d46be5e11f2bdd0e93fd249ffa00ba966a61927307c36cf98d14a9247c1ac448","size":5246,"data":"","first_seen":"2026-03-25T15:24:15.906368Z","last_seen":"2026-06-03T08:38:58.356828Z","times_seen":16,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.paypalobjects.com/web/res/1ca/74b84302a7188814d86f420a45647/js/lib/datadog-rum.js","fqdn":"www.paypalobjects.com","domain":"paypalobjects.com","tld":"com"},"ip":{"addr":"172.64.153.163","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"4441739369b3c7e391d97a0c1ca55d63","sha1":"3d49967b45253d998a4a59ffb4a20df9b7fa8e3c","sha256":"ee4cd96d72ca2d21a8df21e2f76629df9ad636fc7ecd59d24825def20bc2ee0e","sha512":"72675bb94869dae4802d7e65eee1b23e339fc5ba157833e8f78a733b7864240b8b0c6cd5cacf935608570d10aaaa171d99bbd7bdf0dc60d7f1ef2cf6fff9bb41","ssdeep":"1536:4IOoR3MaQgFxamY7FMXiLh+vhXMLsjRXs8EEKMGjEWAkDxRJAiCQxjMmvD7sh8ui:s2M8FxzY/h2kfzEWxAkEF2B","tlshash":"0af3d5dcf286b07167933036407f120ab77a2954394b85a0e2b6d5d53db869fa233f6c","size":162691,"data":"","first_seen":"2024-07-29T21:09:05Z","last_seen":"2026-06-03T08:38:58.32448Z","times_seen":358,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.paypalobjects.com/martech/tm/paypal/mktgtagmanager.js","fqdn":"www.paypalobjects.com","domain":"paypalobjects.com","tld":"com"},"ip":{"addr":"172.64.153.163","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"830bbce0cf86d48e69d5638b4b8d9e36","sha1":"3516ff3722f95034a88f13eed044d7c7e89e4806","sha256":"21dac7841ff8ec6064185eed4ad7ccfb8396a393c7cf07cd2aea86962a4d43ae","sha512":"ce9d4f944417465d3bcb4d2f808d5e4ff5c447e9d1b644e29ded2e0fea312683f86cec6ff554c405bb9fbc02661329d16bc0f821b84b6228a9644579394bf991","ssdeep":"384:kcGfcUvUKvmwdGebFa7ACG0TXXIU1ebdlM/6y47WL0iJWh:xUJvmwd7bsvtGdlMQd","tlshash":"69722a4937d5f0b1877b10b542af260bb0393a65ac4ec4d0d586e8d03cb4a9f877be99","size":16011,"data":"","first_seen":"2025-06-10T03:28:52.766713Z","last_seen":"2026-06-07T20:24:04.997887Z","times_seen":1186,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"d.paypal.com/cdn/ca/lwsa.html","fqdn":"d.paypal.com","domain":"paypal.com","tld":"com"},"ip":{"addr":"108.157.229.63","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"0008388513f67d842c706478a0504329","sha1":"ed84471ff35bd73b71b413d6ecbbbd6948e0dabd","sha256":"1b040007a0198853fafad54820c9c55b08bb7b9fc8d4d7ddf091fafd3ed76a90","sha512":"df265f58e35384ab1c2992ee3a72e0c0040791ed621128f935fc44d632d5ffd4b3c1a0e6f3fe21c47211ba15967ebb0f96653b52304bd67524193770f21d124a","ssdeep":"","tlshash":"bb1191e07ad0d127baec0b17fd01eaf40076a95e71a03547836c7a8e15f1186c1a4445","size":931,"data":"","first_seen":"2026-01-13T11:56:27.328314Z","last_seen":"2026-06-06T21:48:34.971183Z","times_seen":162,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"paypal.com-authenticator.site/signin/","fqdn":"paypal.com-authenticator.site","domain":"com-authenticator.site","tld":"site"},"ip":{"addr":"103.183.75.145","port":80,"asn":136052,"as":"PT Cloud Hosting Indonesia","country":"Indonesia","country_code":"ID"},"introduction_type":"scriptElement","is_inline":true,"md5":"1086b243ca69a52e4fa746f880fb8615","sha1":"e8c4b50aaf8cfd5445370543126a442640e247ad","sha256":"0843fc13c1bf4a81539bfdb573594439ee6161633cd3c8f9440898df37efb986","sha512":"a0e910738a9884895200f2222e40d90fb5d6bd62c59c36606aa2f504a98ea00a8e49289233eb6574bdac400b41b1fd602d7e3b7809be47168d8ccb49c90ed586","ssdeep":"","tlshash":"c4f02b53958c3223448c9a64a5bf54c3153c9e4f5b2480fdf657ec5c004e771a4fd315","size":517,"data":"","first_seen":"2026-03-25T15:24:15.938937Z","last_seen":"2026-04-01T01:54:21.339017Z","times_seen":6,"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-03-25T15:23:50Z","timestamp":1774452230,"ip_dst":{"addr":"172.18.0.2","port":59518,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"103.183.75.145","port":80,"asn":136052,"as":"PT Cloud Hosting Indonesia","country":"Indonesia","country_code":"ID"},"severity":"medium","alert":"ET PHISHING Possible Paypal Phishing Landing - Title over non SSL","source":"{\"timestamp\":\"2026-03-25T15:23:50.068799+0000\",\"flow_id\":1063150401046222,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"103.183.75.145\",\"src_port\":80,\"dest_ip\":\"172.18.0.2\",\"dest_port\":59518,\"proto\":\"TCP\",\"tx_id\":2,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2024391,\"rev\":5,\"signature\":\"ET PHISHING Possible Paypal Phishing Landing - Title over non SSL\",\"category\":\"Possible Social Engineering Attempted\",\"severity\":2,\"metadata\":{\"affected_product\":[\"Web_Browsers\"],\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"Medium\"],\"created_at\":[\"2017_06_16\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Minor\"],\"tag\":[\"Phishing\"],\"updated_at\":[\"2020_11_17\"]}},\"http\":{\"hostname\":\"paypal.com-authenticator.site\",\"url\":\"/signin/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":10078},\"files\":[{\"filename\":\"/signin/\",\"sid\":[],\"gaps\":false,\"state\":\"CLOSED\",\"stored\":false,\"size\":29495,\"tx_id\":2}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":15,\"pkts_toclient\":14,\"bytes_toserver\":2253,\"bytes_toclient\":11768,\"start\":\"2026-03-25T15:23:43.739022+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.paypalobjects.com/rdaAssets/fraudnet/sync/fn-sync-telemetry-min.js","fqdn":"www.paypalobjects.com","domain":"paypalobjects.com","tld":"com"},"ip":{"addr":"172.64.153.163","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"5f8559416a76c08741a246936c58f437","sha1":"aaa7f64104332a0f35a9f56f516eaf15d999a082","sha256":"4f3802a3a58d849d9b0950c807ac3705131bf34d647be4f61d5679b93402ca2d","sha512":"9823656876c6817ab821b5925950123e348fb1235d805bf1c8d014a52624018c682e016624a2da56b27d94997c997d8624af8bf3a66295cbbf7225f7036dca5b","ssdeep":"192:k1+hF5ptVRl3tu4f40IelTPbk9eC4E8ZtRY4KI0tRzkqsYb:8+hF5ptVRlY4AGVAgCxsRY4PKRzkJYb","tlshash":"b4f1a5aa7385707514f326a7662f9305723a62057c8d9088e237ecc07dec98a9377fb5","size":7711,"data":"","first_seen":"2025-01-16T04:18:16.004746Z","last_seen":"2026-06-03T08:38:58.316732Z","times_seen":308,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"paypal.com-authenticator.site/signin/","fqdn":"paypal.com-authenticator.site","domain":"com-authenticator.site","tld":"site"},"ip":{"addr":"103.183.75.145","port":80,"asn":136052,"as":"PT Cloud Hosting Indonesia","country":"Indonesia","country_code":"ID"},"introduction_type":"scriptElement","is_inline":true,"md5":"692e4127ae5d9a6199cad3f87ab5e361","sha1":"5f73a37a7a5f7887bfde43b3dbbdaf2c9196fc9d","sha256":"1801b986dfc9558c180334105f08c5cd83f5ed1d6917dfad77d5462cdb1610eb","sha512":"f55bc2888294413bc12a6b9cd4e986c99166b3726db5b5f8c77a53aac73140f7c16a78baf6741c81e03f646017cfa786cb3c95b6df6565f67164144e824e479f","ssdeep":"","tlshash":"22f00255330e24501cc936d4953f4acda37d42598df3c1e5e0919b8861442af0095d17","size":629,"data":"","first_seen":"2026-03-25T15:24:15.940159Z","last_seen":"2026-04-01T01:54:21.339646Z","times_seen":6,"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-03-25T15:23:50Z","timestamp":1774452230,"ip_dst":{"addr":"172.18.0.2","port":59518,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"103.183.75.145","port":80,"asn":136052,"as":"PT Cloud Hosting Indonesia","country":"Indonesia","country_code":"ID"},"severity":"medium","alert":"ET PHISHING Possible Paypal Phishing Landing - Title over non SSL","source":"{\"timestamp\":\"2026-03-25T15:23:50.068799+0000\",\"flow_id\":1063150401046222,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"103.183.75.145\",\"src_port\":80,\"dest_ip\":\"172.18.0.2\",\"dest_port\":59518,\"proto\":\"TCP\",\"tx_id\":2,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2024391,\"rev\":5,\"signature\":\"ET PHISHING Possible Paypal Phishing Landing - Title over non SSL\",\"category\":\"Possible Social Engineering Attempted\",\"severity\":2,\"metadata\":{\"affected_product\":[\"Web_Browsers\"],\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"Medium\"],\"created_at\":[\"2017_06_16\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Minor\"],\"tag\":[\"Phishing\"],\"updated_at\":[\"2020_11_17\"]}},\"http\":{\"hostname\":\"paypal.com-authenticator.site\",\"url\":\"/signin/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":10078},\"files\":[{\"filename\":\"/signin/\",\"sid\":[],\"gaps\":false,\"state\":\"CLOSED\",\"stored\":false,\"size\":29495,\"tx_id\":2}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":15,\"pkts_toclient\":14,\"bytes_toserver\":2253,\"bytes_toclient\":11768,\"start\":\"2026-03-25T15:23:43.739022+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"paypal.com-authenticator.site/signin/","fqdn":"paypal.com-authenticator.site","domain":"com-authenticator.site","tld":"site"},"ip":{"addr":"103.183.75.145","port":80,"asn":136052,"as":"PT Cloud Hosting Indonesia","country":"Indonesia","country_code":"ID"},"introduction_type":"scriptElement","is_inline":true,"md5":"64378eeff747ebd731ee6de7eff64768","sha1":"38989aeb83a00c07836bc15724ee659776bbb6e9","sha256":"cba792b949656a1e160c1e295dbb947e050c03150e00d88b1025f9b360b9278e","sha512":"edcf6e301c0b3104eebf873d27f13f104c7c58982d6a5958d17aae6d0de85bafa61ab0c9bb2b2ec4b2af367fd695057bebb03c4d22fa49f2f2c3b3fa75e56d24","ssdeep":"","tlshash":"53d022e0220e769008ea7a9ccc7e108ba00c4800def8c8ffa394a11d184082a9c0cfb5","size":220,"data":"","first_seen":"2026-03-25T15:24:15.941381Z","last_seen":"2026-04-01T01:54:21.34238Z","times_seen":6,"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-03-25T15:23:50Z","timestamp":1774452230,"ip_dst":{"addr":"172.18.0.2","port":59518,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"103.183.75.145","port":80,"asn":136052,"as":"PT Cloud Hosting Indonesia","country":"Indonesia","country_code":"ID"},"severity":"medium","alert":"ET PHISHING Possible Paypal Phishing Landing - Title over non SSL","source":"{\"timestamp\":\"2026-03-25T15:23:50.068799+0000\",\"flow_id\":1063150401046222,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"103.183.75.145\",\"src_port\":80,\"dest_ip\":\"172.18.0.2\",\"dest_port\":59518,\"proto\":\"TCP\",\"tx_id\":2,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2024391,\"rev\":5,\"signature\":\"ET PHISHING Possible Paypal Phishing Landing - Title over non SSL\",\"category\":\"Possible Social Engineering Attempted\",\"severity\":2,\"metadata\":{\"affected_product\":[\"Web_Browsers\"],\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"Medium\"],\"created_at\":[\"2017_06_16\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Minor\"],\"tag\":[\"Phishing\"],\"updated_at\":[\"2020_11_17\"]}},\"http\":{\"hostname\":\"paypal.com-authenticator.site\",\"url\":\"/signin/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":10078},\"files\":[{\"filename\":\"/signin/\",\"sid\":[],\"gaps\":false,\"state\":\"CLOSED\",\"stored\":false,\"size\":29495,\"tx_id\":2}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":15,\"pkts_toclient\":14,\"bytes_toserver\":2253,\"bytes_toclient\":11768,\"start\":\"2026-03-25T15:23:43.739022+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"paypal.com-authenticator.site/signin/","fqdn":"paypal.com-authenticator.site","domain":"com-authenticator.site","tld":"site"},"ip":{"addr":"103.183.75.145","port":80,"asn":136052,"as":"PT Cloud Hosting Indonesia","country":"Indonesia","country_code":"ID"},"introduction_type":"scriptElement","is_inline":true,"md5":"13e29bd144e423909a548cf5f7bd4a6a","sha1":"c85d7d0ef695ee961d4d6a20e75f521a2205e202","sha256":"1e06df7b78b06b3c9bcd842a8a309b2706cbb6ba46169b0ffa9cfcbf85136817","sha512":"3fc561e77112c5e48c1d14d750e898cd9b7bb7991e77b7a216a99680d9684b109f776bf763638f5ecd572259762268c82a43adb02d74c8cd9fec4b0bb1c9c48d","ssdeep":"","tlshash":"92d05e02934c965b04860b2a08af84ca433c0188d8e285eafa03f81c01c1c799df9720","size":271,"data":"","first_seen":"2026-03-25T15:24:15.94264Z","last_seen":"2026-04-01T01:54:21.343067Z","times_seen":6,"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-03-25T15:23:50Z","timestamp":1774452230,"ip_dst":{"addr":"172.18.0.2","port":59518,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"103.183.75.145","port":80,"asn":136052,"as":"PT Cloud Hosting Indonesia","country":"Indonesia","country_code":"ID"},"severity":"medium","alert":"ET PHISHING Possible Paypal Phishing Landing - Title over non SSL","source":"{\"timestamp\":\"2026-03-25T15:23:50.068799+0000\",\"flow_id\":1063150401046222,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"103.183.75.145\",\"src_port\":80,\"dest_ip\":\"172.18.0.2\",\"dest_port\":59518,\"proto\":\"TCP\",\"tx_id\":2,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2024391,\"rev\":5,\"signature\":\"ET PHISHING Possible Paypal Phishing Landing - Title over non SSL\",\"category\":\"Possible Social Engineering Attempted\",\"severity\":2,\"metadata\":{\"affected_product\":[\"Web_Browsers\"],\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"Medium\"],\"created_at\":[\"2017_06_16\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Minor\"],\"tag\":[\"Phishing\"],\"updated_at\":[\"2020_11_17\"]}},\"http\":{\"hostname\":\"paypal.com-authenticator.site\",\"url\":\"/signin/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":10078},\"files\":[{\"filename\":\"/signin/\",\"sid\":[],\"gaps\":false,\"state\":\"CLOSED\",\"stored\":false,\"size\":29495,\"tx_id\":2}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":15,\"pkts_toclient\":14,\"bytes_toserver\":2253,\"bytes_toclient\":11768,\"start\":\"2026-03-25T15:23:43.739022+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"paypal.com-authenticator.site/signin/","fqdn":"paypal.com-authenticator.site","domain":"com-authenticator.site","tld":"site"},"ip":{"addr":"103.183.75.145","port":80,"asn":136052,"as":"PT Cloud Hosting Indonesia","country":"Indonesia","country_code":"ID"},"introduction_type":"scriptElement","is_inline":false,"md5":"b76f4d20581f24cb4edf805a36aa856a","sha1":"cc1db2c59ba19afffaf980bd00f2bee1194d1689","sha256":"71eb6021d8f5662543ba331234a5b03ac9e6f984f6b1c0662c13c53979907b51","sha512":"aadac40af2c2d873f569422d43a881d14f085930ca41de462d7544760908a14a0d44eadff0d0675a2d39489f8f6f679c623d095ae607a3c390d174166c031e49","ssdeep":"48:ryFMPTgsUtelt/j1cSIcVCjMt/dfHCiHNY052Dj2+dxplAtHdJpTLrH/35/IwKxB:riMktelJj+yoMtV6Y1kXpRAjrnf3GzQm","tlshash":"609148d87be5e00b3bdc0e93fe149ff601ba946ba1d6710bd36c79cd16a9206c1b8484","size":4494,"data":"","first_seen":"2026-03-25T15:24:15.943686Z","last_seen":"2026-04-01T01:54:21.341683Z","times_seen":6,"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-03-25T15:23:50Z","timestamp":1774452230,"ip_dst":{"addr":"172.18.0.2","port":59518,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"103.183.75.145","port":80,"asn":136052,"as":"PT Cloud Hosting Indonesia","country":"Indonesia","country_code":"ID"},"severity":"medium","alert":"ET PHISHING Possible Paypal Phishing Landing - Title over non SSL","source":"{\"timestamp\":\"2026-03-25T15:23:50.068799+0000\",\"flow_id\":1063150401046222,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"103.183.75.145\",\"src_port\":80,\"dest_ip\":\"172.18.0.2\",\"dest_port\":59518,\"proto\":\"TCP\",\"tx_id\":2,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2024391,\"rev\":5,\"signature\":\"ET PHISHING Possible Paypal Phishing Landing - Title over non SSL\",\"category\":\"Possible Social Engineering Attempted\",\"severity\":2,\"metadata\":{\"affected_product\":[\"Web_Browsers\"],\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"Medium\"],\"created_at\":[\"2017_06_16\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Minor\"],\"tag\":[\"Phishing\"],\"updated_at\":[\"2020_11_17\"]}},\"http\":{\"hostname\":\"paypal.com-authenticator.site\",\"url\":\"/signin/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":10078},\"files\":[{\"filename\":\"/signin/\",\"sid\":[],\"gaps\":false,\"state\":\"CLOSED\",\"stored\":false,\"size\":29495,\"tx_id\":2}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":15,\"pkts_toclient\":14,\"bytes_toserver\":2253,\"bytes_toclient\":11768,\"start\":\"2026-03-25T15:23:43.739022+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.paypalobjects.com/webcaptcha/ngrlCaptcha.min.js","fqdn":"www.paypalobjects.com","domain":"paypalobjects.com","tld":"com"},"ip":{"addr":"172.64.153.163","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"243eda4543153156c0ae9df9e8c5833d","sha1":"dfa372f408889fa3f4a6ca29847f4a379ed246a8","sha256":"d81bfefd8585b694222d3e94e9dee5d7935049c65355f9fd096800301d51545b","sha512":"bc2e170a94bb45624ed4392b2049fa017411c244dc765b5e862093e2264ec9580752a29a86e6739e2ecba2f16b6880fdbf9ab1ecb6647e739b391b46a5bf9aa9","ssdeep":"384:v0Ap5n5P9Nxf4hfWGwR+EkE+n4QnZ/X2NWKW4BCCMHxDkZbaXpweyGobcUWfgMcC:J5n51f4hfWGwR+Tnn4QnZ/b3J7yGQMUE","tlshash":"faa2c6d9378074b30bdb22ba712fa247f1b2459aac4dd050a614dcf12c7ceda8516fad","size":23125,"data":"","first_seen":"2024-06-05T17:44:09Z","last_seen":"2026-06-07T20:24:04.996399Z","times_seen":1160,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.paypalobjects.com/web/res/1ca/74b84302a7188814d86f420a45647/js/signin-split.js","fqdn":"www.paypalobjects.com","domain":"paypalobjects.com","tld":"com"},"ip":{"addr":"172.64.153.163","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"eb106522dd80f44dff43f72385eb7715","sha1":"f028fe659c2cfccd3d5e2b6fe281be161abdb3a0","sha256":"49881c38fe082798dd6fe1ec33ab5a481957d0816791cd0c9809510ae967cb04","sha512":"fd8684af446910f93959f931d8dda393e293b8cf242742233f435c05fb12b6938ff2ea1a636873c3b0af1f9c18db928588fc82e9cd8adf02826d11a251789e09","ssdeep":"6144:dbBr5V/w4xB2CR/I5Uadu0UsRmzQPKSKbu:dbBrn/oCdIAzQiS1","tlshash":"e954e7a631ad18792b5b667634e3038170385d99e405ce284f79943c7d68d8fb332f6e","size":303320,"data":"","first_seen":"2026-03-17T13:52:37.572876Z","last_seen":"2026-04-01T01:54:21.308653Z","times_seen":7,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.paypalobjects.com/web/res/1ca/74b84302a7188814d86f420a45647/js/lib/modernizr-2.6.1.js","fqdn":"www.paypalobjects.com","domain":"paypalobjects.com","tld":"com"},"ip":{"addr":"172.64.153.163","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"a635a55ddb6339a3d0d01c641f670753","sha1":"a6dee4a1df6c51b82ce2e67323514e7de4e165d4","sha256":"a6c3bff965978df8093c3a29f7071c21d7439a212af41e7b40ce70d94d6bcc44","sha512":"2562ca35be37bfe0b984ec288e23678bc97ba7a881764044e65914ea013742a5310a5c12839cb8a501a464791bc67868fe6a02ae149df9329e40562569eba42d","ssdeep":"","tlshash":"a77175c474e1f15e539b20bb107fa34ef2b85a65596a8510e0a8c4bdbcb0c64867bf2d","size":3807,"data":"","first_seen":"2023-03-07T01:03:30Z","last_seen":"2026-06-05T02:04:16.000751Z","times_seen":1048,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"paypal.com-authenticator.site/signin/","fqdn":"paypal.com-authenticator.site","domain":"com-authenticator.site","tld":"site"},"ip":{"addr":"103.183.75.145","port":80,"asn":136052,"as":"PT Cloud Hosting Indonesia","country":"Indonesia","country_code":"ID"},"introduction_type":"scriptElement","is_inline":true,"md5":"ee02c3cd889d3eda0da4e50d6d044598","sha1":"f782ceef63524c93d1a1cfc2c04082eff74474fe","sha256":"f89935d61df6f1af1ac5ccbf828045b956674d9045af124f3b9bbd6f3b61526c","sha512":"36ad1ec36851039bc2dfcf5c7d2eca6588517a88653308c1713483687fa88202966e2ce440260a30a18311ed794b8377a72deca14e245e7794c676fb30e2b479","ssdeep":"","tlshash":"f231b5ca361ea100953a8253185b645c21fcd30f68fdfe6dedf1c3608f881a9228f259","size":1596,"data":"","first_seen":"2026-03-25T15:24:15.944936Z","last_seen":"2026-04-01T01:54:21.344379Z","times_seen":6,"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-03-25T15:23:50Z","timestamp":1774452230,"ip_dst":{"addr":"172.18.0.2","port":59518,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"103.183.75.145","port":80,"asn":136052,"as":"PT Cloud Hosting Indonesia","country":"Indonesia","country_code":"ID"},"severity":"medium","alert":"ET PHISHING Possible Paypal Phishing Landing - Title over non SSL","source":"{\"timestamp\":\"2026-03-25T15:23:50.068799+0000\",\"flow_id\":1063150401046222,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"103.183.75.145\",\"src_port\":80,\"dest_ip\":\"172.18.0.2\",\"dest_port\":59518,\"proto\":\"TCP\",\"tx_id\":2,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2024391,\"rev\":5,\"signature\":\"ET PHISHING Possible Paypal Phishing Landing - Title over non SSL\",\"category\":\"Possible Social Engineering Attempted\",\"severity\":2,\"metadata\":{\"affected_product\":[\"Web_Browsers\"],\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"Medium\"],\"created_at\":[\"2017_06_16\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Minor\"],\"tag\":[\"Phishing\"],\"updated_at\":[\"2020_11_17\"]}},\"http\":{\"hostname\":\"paypal.com-authenticator.site\",\"url\":\"/signin/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":10078},\"files\":[{\"filename\":\"/signin/\",\"sid\":[],\"gaps\":false,\"state\":\"CLOSED\",\"stored\":false,\"size\":29495,\"tx_id\":2}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":15,\"pkts_toclient\":14,\"bytes_toserver\":2253,\"bytes_toclient\":11768,\"start\":\"2026-03-25T15:23:43.739022+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"paypal.com-authenticator.site/signin/","fqdn":"paypal.com-authenticator.site","domain":"com-authenticator.site","tld":"site"},"ip":{"addr":"103.183.75.145","port":80,"asn":136052,"as":"PT Cloud Hosting Indonesia","country":"Indonesia","country_code":"ID"},"introduction_type":"scriptElement","is_inline":true,"md5":"a64fae379944dd85217b64d50027ab69","sha1":"6ee63e66e2878066d09dbb4fa17c3c05f7db493c","sha256":"f31959ef488f0effb4be98bd0110ed7c5fa2f09af38164ee5d389607beddde0a","sha512":"9d4c78ceaa45f021d94a55061af49c9f4f2bcd92b8cf869ff1d2aaa24389806bc20baf9909b27cd37bb525ee74ab179484dee0bcd9189d3874168545291536cf","ssdeep":"","tlshash":"91f095c8c38e7575417510394f7eb2db15bdd0199ca51c66d57604d02b5c137205bd80","size":535,"data":"","first_seen":"2026-03-25T15:24:15.94601Z","last_seen":"2026-04-01T01:54:21.34552Z","times_seen":6,"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-03-25T15:23:50Z","timestamp":1774452230,"ip_dst":{"addr":"172.18.0.2","port":59518,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"103.183.75.145","port":80,"asn":136052,"as":"PT Cloud Hosting Indonesia","country":"Indonesia","country_code":"ID"},"severity":"medium","alert":"ET PHISHING Possible Paypal Phishing Landing - Title over non SSL","source":"{\"timestamp\":\"2026-03-25T15:23:50.068799+0000\",\"flow_id\":1063150401046222,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"103.183.75.145\",\"src_port\":80,\"dest_ip\":\"172.18.0.2\",\"dest_port\":59518,\"proto\":\"TCP\",\"tx_id\":2,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2024391,\"rev\":5,\"signature\":\"ET PHISHING Possible Paypal Phishing Landing - Title over non SSL\",\"category\":\"Possible Social Engineering Attempted\",\"severity\":2,\"metadata\":{\"affected_product\":[\"Web_Browsers\"],\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"Medium\"],\"created_at\":[\"2017_06_16\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Minor\"],\"tag\":[\"Phishing\"],\"updated_at\":[\"2020_11_17\"]}},\"http\":{\"hostname\":\"paypal.com-authenticator.site\",\"url\":\"/signin/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":10078},\"files\":[{\"filename\":\"/signin/\",\"sid\":[],\"gaps\":false,\"state\":\"CLOSED\",\"stored\":false,\"size\":29495,\"tx_id\":2}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":15,\"pkts_toclient\":14,\"bytes_toserver\":2253,\"bytes_toclient\":11768,\"start\":\"2026-03-25T15:23:43.739022+0000\"}}"}],"analyzer":null,"urlquery":null}}],"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"http","addr":"paypal.com-authenticator.site/signin/signin","fqdn":"paypal.com-authenticator.site","domain":"com-authenticator.site","tld":"site"},"ip":{"addr":"103.183.75.145","port":80,"asn":136052,"as":"PT Cloud Hosting Indonesia","country":"Indonesia","country_code":"ID"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"http://paypal.com-authenticator.site/signin/","date":"2026-03-25T15:23:58.678Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /signin/signin HTTP/1.1\r\nHost: paypal.com-authenticator.site\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nX-Requested-With: XMLHttpRequest\r\nReferer: http://paypal.com-authenticator.site/signin/\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: _dd_s=rum=1\u0026id=7c5f69ad-8f09-4022-97cc-7cc05a739318\u0026created=1774452229233\u0026expire=1774453129233\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 302 Found\r\nServer: nginx\r\nDate: Wed, 25 Mar 2026 15:23:58 GMT\r\nContent-Type: text/html; charset=UTF-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nlocation: signin\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-08T21:16:18.866443Z","times_seen":16250262,"resource_available":true,"data":null}},"time_used":482,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":482,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - PayPal","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with PayPal phishing","tags":["paypal","phishing","financial"],"meta":null}]}},{"url":{"schema":"http","addr":"paypal.com-authenticator.site/signin/signin","fqdn":"paypal.com-authenticator.site","domain":"com-authenticator.site","tld":"site"},"ip":{"addr":"103.183.75.145","port":80,"asn":136052,"as":"PT Cloud Hosting Indonesia","country":"Indonesia","country_code":"ID"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"http://paypal.com-authenticator.site/signin/","date":"2026-03-25T15:23:59.486Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /signin/signin HTTP/1.1\r\nHost: paypal.com-authenticator.site\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nX-Requested-With: XMLHttpRequest\r\nReferer: http://paypal.com-authenticator.site/signin/\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: _dd_s=rum=1\u0026id=7c5f69ad-8f09-4022-97cc-7cc05a739318\u0026created=1774452229233\u0026expire=1774453129233\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 302 Found\r\nServer: nginx\r\nDate: Wed, 25 Mar 2026 15:23:59 GMT\r\nContent-Type: text/html; charset=UTF-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nlocation: signin\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-08T21:16:18.866443Z","times_seen":16250262,"resource_available":true,"data":null}},"time_used":491,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":491,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - PayPal","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with PayPal phishing","tags":["paypal","phishing","financial"],"meta":null}]}},{"url":{"schema":"https","addr":"t.paypal.com/ts?v=1.10.0\u0026t=1774452229644\u0026g=0\u0026e=err\u0026page=main%3Aunifiedlogin%3A%3A%3Alogin%3A%3A%3A\u0026pgrp=main%3Aunifiedlogin%3A%3A%3Alogin\u0026comp=unifiedloginnodeweb\u0026erpg=Script%20error.\u0026error_type=WINDOW_ONERROR\u0026error_source=https%3A%2F%2Fwww.paypalobjects.com%2Fweb%2Fres%2F1ca%2F74b84302a7188814d86f420a45647%2Fjs%2Fsignin-split.js%200%3A0\u0026event_name=client_js_error_triggered\u00263p_vid=2789cb487125480e\u00263p_fpti=505560fd1ff0284","fqdn":"t.paypal.com","domain":"paypal.com","tld":"com"},"ip":{"addr":"172.64.152.85","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"http://paypal.com-authenticator.site/signin/","date":"2026-03-25T15:23:49.785Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"t.paypal.com","organization":"PayPal, Inc."},"issuer":{"commonName":"DigiCert EV RSA CA G2","organization":"DigiCert Inc"},"validity":{"start":"Fri, 20 Feb 2026 00:00:00 GMT","end":"Sun, 21 Mar 2027 23:59:59 GMT"},"fingerprint":{"sha1":"EA:B8:DE:7E:92:A5:33:3B:95:2F:D2:B0:E6:9F:48:71:A6:33:F5:E8","sha256":"71:55:5A:84:D8:C8:D0:44:77:28:BE:C1:5D:4D:DC:A6:EB:DB:AE:58:D9:B8:D6:F1:1E:EC:35:2A:EE:11:63:39"}}},"request":{"raw":"GET /ts?v=1.10.0\u0026t=1774452229644\u0026g=0\u0026e=err\u0026page=main%3Aunifiedlogin%3A%3A%3Alogin%3A%3A%3A\u0026pgrp=main%3Aunifiedlogin%3A%3A%3Alogin\u0026comp=unifiedloginnodeweb\u0026erpg=Script%20error.\u0026error_type=WINDOW_ONERROR\u0026error_source=https%3A%2F%2Fwww.paypalobjects.com%2Fweb%2Fres%2F1ca%2F74b84302a7188814d86f420a45647%2Fjs%2Fsignin-split.js%200%3A0\u0026event_name=client_js_error_triggered\u00263p_vid=2789cb487125480e\u00263p_fpti=505560fd1ff0284 HTTP/1.1\r\nHost: t.paypal.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://paypal.com-authenticator.site/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 25 Mar 2026 15:23:50 GMT\r\ncontent-type: image/gif\r\naccess-control-expose-headers: Server-Timing\r\ncorrelation-id: 904c2384de4de\r\ncache-control: max-age=0, no-cache, no-store, must-revalidate\r\nexpires: Wed, 25 Mar 2026 15:23:50 GMT\r\np3p: CP=\"CAO IND OUR SAM UNI STA COR COM\"\r\npaypal-debug-id: 904c2384de4de\r\npragma: no-cache\r\nserver-timing: traceparent;desc=\"00-0000000000000000000904c2384de4de-8972c871ade1eafb-01\", content-encoding;desc=\"\",x-cdn;desc=\"cloudflare\"\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nvary: Accept-Encoding\r\nset-cookie: ts=vreXpYrS%3D1805988230%26vteXpYrS%3D1774454030%26vr%3D505560fd1ff0284%26vt%3D2789cb487125480e;Expires=Thu, 25 Mar 2027 15:23:50 GMT;domain=.paypal.com;path=/;secure;HttpOnly;\nts_c=vr%3D505560fd1ff0284%26vt%3D2789cb487125480e;Expires=Thu, 25 Mar 2027 15:23:50 GMT;domain=.paypal.com;path=/;secure;\n__cf_bm=kGArq7j3T8SFaYuPXwNBbHV9LWE8rNzo1iiPFmXx0rY-1774452229.891405-1.0.1.1-hC0X3KFHAOvhjV1VyDlOQ.U6rXgBm_Pycjn0qYAMkPb8pRC7Xo7x9VVO0vBtZmhcrTUe6ooIvtOA20DPpZhJfvde9LQH1PEwEE2qZ12N8sLQaLkl9VdJOJAi2ZaK9QfE; HttpOnly; Secure; Path=/; Domain=t.paypal.com; Expires=Wed, 25 Mar 2026 15:53:50 GMT\r\ntiming-allow-origin: *\r\ncf-cache-status: BYPASS\r\nserver: cloudflare\r\ncf-ray: 9e1eeb44d92c0883-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":42,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 1 x 1","md5":"b4682377ddfbe4e7dabfddb2e543e842","sha1":"328e472721a93345801ed5533240eac2d1f8498c","sha256":"6d8ba81d1b60a18707722a1f2b62dad48a6acced95a1933f49a68b5016620b93","sha512":"202612457d9042fe853daab3ddcc1f0f960c5ffdbe8462fa435713e4d1d85ff0c3f197daf8dba15bda9f5266d7e1f9ecaeee045cbc156a4892d2f931fe6fa1bb","ssdeep":"","tlshash":"c2900023efc8c020c280c8380a2c0b0023baac200228030bc03c22e8ecaa3b38c22002","first_seen":"2023-04-06T23:21:37Z","last_seen":"2026-06-07T20:24:05.002349Z","times_seen":15840,"resource_available":true,"data":null}},"time_used":528,"timings":{"blocked":103,"dns":96,"connect":1,"send":0,"wait":311,"receive":0,"ssl":15},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"paypal.com-authenticator.site/signin/signin","fqdn":"paypal.com-authenticator.site","domain":"com-authenticator.site","tld":"site"},"ip":{"addr":"103.183.75.145","port":80,"asn":136052,"as":"PT Cloud Hosting Indonesia","country":"Indonesia","country_code":"ID"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"http://paypal.com-authenticator.site/signin/","date":"2026-03-25T15:23:53.098Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /signin/signin HTTP/1.1\r\nHost: paypal.com-authenticator.site\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nX-Requested-With: XMLHttpRequest\r\nReferer: http://paypal.com-authenticator.site/signin/\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: _dd_s=rum=1\u0026id=7c5f69ad-8f09-4022-97cc-7cc05a739318\u0026created=1774452229233\u0026expire=1774453129233\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 302 Found\r\nServer: nginx\r\nDate: Wed, 25 Mar 2026 15:23:53 GMT\r\nContent-Type: text/html; charset=UTF-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nlocation: signin\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-08T21:16:18.866443Z","times_seen":16250262,"resource_available":true,"data":null}},"time_used":546,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":546,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - PayPal","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with PayPal phishing","tags":["paypal","phishing","financial"],"meta":null}]}},{"url":{"schema":"http","addr":"paypal.com-authenticator.site/signin/","fqdn":"paypal.com-authenticator.site","domain":"com-authenticator.site","tld":"site"},"ip":{"addr":"103.183.75.145","port":80,"asn":136052,"as":"PT Cloud Hosting Indonesia","country":"Indonesia","country_code":"ID"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-03-25T15:23:46.840Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /signin/ HTTP/1.1\r\nHost: paypal.com-authenticator.site\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Wed, 25 Mar 2026 15:23:46 GMT\r\nContent-Type: text/html; charset=UTF-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Bootstrap","description":"Bootstrap is a free and open-source CSS framework directed at responsive, mobile-first front-end web development. It contains CSS and JavaScript-based design templates for typography, forms, buttons, navigation, and other interface components.","website":"https://getbootstrap.com","common_platform_enumeration":"cpe:2.3:a:getbootstrap:bootstrap:*:*:*:*:*:*:*:*","icon":"Bootstrap.svg","categories":["UI frameworks"]},{"name":"PayPal","description":"PayPal is an online payments system that supports online money transfers and serves as an electronic alternative to traditional paper methods like checks and money orders.","website":"https://paypal.com","common_platform_enumeration":"cpe:2.3:a:paypal:paypal:*:*:*:*:*:*:*:*","icon":"PayPal.svg","categories":["Payment processors"]},{"name":"Modernizr","description":"Modernizr is a JavaScript library that detects the features available in a user's browser.","website":"https://modernizr.com","common_platform_enumeration":"","icon":"Modernizr.svg","categories":["JavaScript libraries"]}],"data":{"size":29495,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (1564)","md5":"27719145918ad13c4c9ce09db9cf58c6","sha1":"e31bbbf1174754a6b5f90eadcdf0a1d973839ca9","sha256":"e7253bd53df476e15101c97d461a8389bb63c41054f4dae7fd7694189be94b17","sha512":"d78bc545c7d9f23f4bb61b1ad5523dc0357b7e7c35f2656ec6255bf7cb9da6ca66adf9db6447082704d86b5250661c67c3df24c1acfd76435b02fe4199240a84","ssdeep":"384:x56x/R1q77a33rwtVbgOe/5klBT1bI5RJDvO3PBeytQfNy8b9NEVOMU0vMHJsVmu:xcpdGHZM0sxdqojo8XkqDtFtK/","tlshash":"96d2e941218c6c3b560342ca707a7b8d707fde35cd71e8a6f9f382a81bd6ea2551b067","first_seen":"2026-03-25T15:24:15.881591Z","last_seen":"2026-03-25T15:24:15.881591Z","times_seen":1,"resource_available":false,"data":null}},"time_used":304,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":301,"receive":3,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-03-25T15:23:50Z","timestamp":1774452230,"ip_dst":{"addr":"172.18.0.2","port":59518,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"103.183.75.145","port":80,"asn":136052,"as":"PT Cloud Hosting Indonesia","country":"Indonesia","country_code":"ID"},"severity":"medium","alert":"ET PHISHING Possible Paypal Phishing Landing - Title over non SSL","source":"{\"timestamp\":\"2026-03-25T15:23:50.068799+0000\",\"flow_id\":1063150401046222,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"103.183.75.145\",\"src_port\":80,\"dest_ip\":\"172.18.0.2\",\"dest_port\":59518,\"proto\":\"TCP\",\"tx_id\":2,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2024391,\"rev\":5,\"signature\":\"ET PHISHING Possible Paypal Phishing Landing - Title over non SSL\",\"category\":\"Possible Social Engineering Attempted\",\"severity\":2,\"metadata\":{\"affected_product\":[\"Web_Browsers\"],\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"Medium\"],\"created_at\":[\"2017_06_16\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Minor\"],\"tag\":[\"Phishing\"],\"updated_at\":[\"2020_11_17\"]}},\"http\":{\"hostname\":\"paypal.com-authenticator.site\",\"url\":\"/signin/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":10078},\"files\":[{\"filename\":\"/signin/\",\"sid\":[],\"gaps\":false,\"state\":\"CLOSED\",\"stored\":false,\"size\":29495,\"tx_id\":2}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":15,\"pkts_toclient\":14,\"bytes_toserver\":2253,\"bytes_toclient\":11768,\"start\":\"2026-03-25T15:23:43.739022+0000\"}}"}],"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - PayPal","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with PayPal phishing","tags":["paypal","phishing","financial"],"meta":null}]}},{"url":{"schema":"https","addr":"www.paypalobjects.com/webstatic/icon/pp64.png","fqdn":"www.paypalobjects.com","domain":"paypalobjects.com","tld":"com"},"ip":{"addr":"172.64.153.163","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://paypal.com-authenticator.site/signin/","date":"2026-03-25T15:23:49.073Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.paypalobjects.com","organization":"PayPal, Inc."},"issuer":{"commonName":"DigiCert EV RSA CA G2","organization":"DigiCert Inc"},"validity":{"start":"Tue, 17 Jun 2025 00:00:00 GMT","end":"Tue, 16 Jun 2026 23:59:59 GMT"},"fingerprint":{"sha1":"D1:CC:8D:A7:79:AE:1A:09:18:36:29:8A:84:C5:9B:2E:0E:FB:CC:75","sha256":"B2:15:32:68:A9:52:EC:F4:53:30:4D:98:F6:AF:90:B7:AA:72:37:80:05:8A:96:71:BC:E8:9A:9F:05:01:C7:E9"}}},"request":{"raw":"GET /webstatic/icon/pp64.png HTTP/1.1\r\nHost: www.paypalobjects.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://paypal.com-authenticator.site/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 25 Mar 2026 15:23:49 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 985\r\ncf-ray: 9e1eeb3fb93bdfec-OSL\r\ncf-cache-status: HIT\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\nage: 4157256\r\ncache-control: s-maxage=31536000, public,max-age=3600\r\netag: \"cf2hoRrA3v185JX76RNdzZqLnTK1VnHOdKHxTvMGKADQ:53611ccb-11a6\"\r\nlast-modified: Wed, 30 Apr 2014 15:54:51 GMT\r\nserver: cloudflare\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nvary: Accept-Encoding, Accept-Encoding\r\nx-content-type-options: nosniff\r\ncf-resized: internal=ok/r q=0 n=224+1 c=0+1 v=2025.10.9 l=985 f=false c2=0\r\ncontent-security-policy: default-src 'none'; navigate-to 'none'; form-action 'none'; img-src data:;\r\npriority: u=4;i=?0,cf-chb=(173;u=4;i=?0)\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":985,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 64x64, components 3","md5":"023075bc4303c2be95c07a3d6cb8c611","sha1":"2feff3517280158d53e64cb9d0786133dfa800e2","sha256":"88308c4c9a6c7accd4d8541939b6c6ff7b6cd035ebd6c5f00055a1d761348d37","sha512":"69369575b8185447c80db03aeb4cb588418729da4c2e08a10dbf6913cf48f05a32ae8219323b97d99b76dd7bd95b3b6c1e15b46306d4dac5df0e4cf33c87b288","ssdeep":"","tlshash":"c111542ee2a6986be73d3d749730232167272a515308c7c98284d76521a04e76e286c3","first_seen":"2025-09-25T07:13:32.21734Z","last_seen":"2026-05-28T12:11:57.282827Z","times_seen":64,"resource_available":false,"data":null}},"time_used":33,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":32,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"paypal.com-authenticator.site/signin/signin","fqdn":"paypal.com-authenticator.site","domain":"com-authenticator.site","tld":"site"},"ip":{"addr":"103.183.75.145","port":80,"asn":136052,"as":"PT Cloud Hosting Indonesia","country":"Indonesia","country_code":"ID"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"http://paypal.com-authenticator.site/signin/","date":"2026-03-25T15:23:50.586Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /signin/signin HTTP/1.1\r\nHost: paypal.com-authenticator.site\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nX-Requested-With: XMLHttpRequest\r\nReferer: http://paypal.com-authenticator.site/signin/\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: _dd_s=rum=1\u0026id=7c5f69ad-8f09-4022-97cc-7cc05a739318\u0026created=1774452229233\u0026expire=1774453129233\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 302 Found\r\nServer: nginx\r\nDate: Wed, 25 Mar 2026 15:23:50 GMT\r\nContent-Type: text/html; charset=UTF-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nlocation: signin\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-08T21:16:18.866443Z","times_seen":16250262,"resource_available":true,"data":null}},"time_used":486,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":485,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - PayPal","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with PayPal phishing","tags":["paypal","phishing","financial"],"meta":null}]}},{"url":{"schema":"http","addr":"paypal.com-authenticator.site/signin/signin","fqdn":"paypal.com-authenticator.site","domain":"com-authenticator.site","tld":"site"},"ip":{"addr":"103.183.75.145","port":80,"asn":136052,"as":"PT Cloud Hosting Indonesia","country":"Indonesia","country_code":"ID"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"http://paypal.com-authenticator.site/signin/","date":"2026-03-25T15:24:00.159Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /signin/signin HTTP/1.1\r\nHost: paypal.com-authenticator.site\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nX-Requested-With: XMLHttpRequest\r\nReferer: http://paypal.com-authenticator.site/signin/\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: _dd_s=rum=1\u0026id=7c5f69ad-8f09-4022-97cc-7cc05a739318\u0026created=1774452229233\u0026expire=1774453129233\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 302 Found\r\nServer: nginx\r\nDate: Wed, 25 Mar 2026 15:24:00 GMT\r\nContent-Type: text/html; charset=UTF-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nlocation: signin\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-08T21:16:18.866443Z","times_seen":16250262,"resource_available":true,"data":null}},"time_used":500,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":500,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - PayPal","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with PayPal phishing","tags":["paypal","phishing","financial"],"meta":null}]}},{"url":{"schema":"https","addr":"www.paypalobjects.com/web/res/1ca/74b84302a7188814d86f420a45647/js/signin-split.js","fqdn":"www.paypalobjects.com","domain":"paypalobjects.com","tld":"com"},"ip":{"addr":"172.64.153.163","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://paypal.com-authenticator.site/signin/","date":"2026-03-25T15:23:47.258Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.paypalobjects.com","organization":"PayPal, Inc."},"issuer":{"commonName":"DigiCert EV RSA CA G2","organization":"DigiCert Inc"},"validity":{"start":"Tue, 17 Jun 2025 00:00:00 GMT","end":"Tue, 16 Jun 2026 23:59:59 GMT"},"fingerprint":{"sha1":"D1:CC:8D:A7:79:AE:1A:09:18:36:29:8A:84:C5:9B:2E:0E:FB:CC:75","sha256":"B2:15:32:68:A9:52:EC:F4:53:30:4D:98:F6:AF:90:B7:AA:72:37:80:05:8A:96:71:BC:E8:9A:9F:05:01:C7:E9"}}},"request":{"raw":"GET /web/res/1ca/74b84302a7188814d86f420a45647/js/signin-split.js HTTP/1.1\r\nHost: www.paypalobjects.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://paypal.com-authenticator.site/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 25 Mar 2026 15:23:49 GMT\r\ncontent-type: application/javascript\r\ncf-ray: 9e1eeb34af4ddfec-OSL\r\ncf-cache-status: HIT\r\naccess-control-allow-origin: *\r\ncache-control: max-age=31536000, s-maxage=31536000\r\ncontent-encoding: br\r\netag: W/\"69b3c297-4a0d8\"\r\nexpires: Tue, 16 Mar 2027 04:54:23 GMT\r\nlast-modified: Fri, 13 Mar 2026 07:53:59 GMT\r\nserver: cloudflare\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nvary: Accept-Encoding, Accept-Encoding\r\naccess-control-allow-headers: x-csrf-token\r\naccess-control-allow-methods: GET\r\ndc: ccg11-origin-www-1.paypal.com\r\npp-border: ccg13bdrf5-2.ccg13.slc.paypalinc.com\r\npaypal-debug-id: 422e238e5f5a0\r\ntiming-allow-origin: https://www.paypal.com,https://www.sandbox.paypal.com\r\nx-content-type-options: nosniff\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":303320,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"eb106522dd80f44dff43f72385eb7715","sha1":"f028fe659c2cfccd3d5e2b6fe281be161abdb3a0","sha256":"49881c38fe082798dd6fe1ec33ab5a481957d0816791cd0c9809510ae967cb04","sha512":"fd8684af446910f93959f931d8dda393e293b8cf242742233f435c05fb12b6938ff2ea1a636873c3b0af1f9c18db928588fc82e9cd8adf02826d11a251789e09","ssdeep":"6144:dbBr5V/w4xB2CR/I5Uadu0UsRmzQPKSKbu:dbBrn/oCdIAzQiS1","tlshash":"e954e7a631ad18792b5b667634e3038170385d99e405ce284f79943c7d68d8fb332f6e","first_seen":"2026-03-17T13:52:37.572876Z","last_seen":"2026-04-01T01:54:21.308653Z","times_seen":7,"resource_available":true,"data":null}},"time_used":1857,"timings":{"blocked":-1,"dns":21,"connect":3,"send":0,"wait":1800,"receive":0,"ssl":26},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.paypalobjects.com/ae/0.16.0/atomic-events-dom/index.js","fqdn":"www.paypalobjects.com","domain":"paypalobjects.com","tld":"com"},"ip":{"addr":"172.64.153.163","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://paypal.com-authenticator.site/signin/","date":"2026-03-25T15:23:47.275Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.paypalobjects.com","organization":"PayPal, Inc."},"issuer":{"commonName":"DigiCert EV RSA CA G2","organization":"DigiCert Inc"},"validity":{"start":"Tue, 17 Jun 2025 00:00:00 GMT","end":"Tue, 16 Jun 2026 23:59:59 GMT"},"fingerprint":{"sha1":"D1:CC:8D:A7:79:AE:1A:09:18:36:29:8A:84:C5:9B:2E:0E:FB:CC:75","sha256":"B2:15:32:68:A9:52:EC:F4:53:30:4D:98:F6:AF:90:B7:AA:72:37:80:05:8A:96:71:BC:E8:9A:9F:05:01:C7:E9"}}},"request":{"raw":"GET /ae/0.16.0/atomic-events-dom/index.js HTTP/1.1\r\nHost: www.paypalobjects.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: http://paypal.com-authenticator.site/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 25 Mar 2026 15:23:47 GMT\r\ncontent-type: application/javascript\r\ncf-ray: 9e1eeb349f1bdfec-OSL\r\ncf-cache-status: HIT\r\nage: 2464999\r\ncache-control: s-maxage=31536000, public,max-age=3600\r\ncontent-encoding: br\r\netag: \"67044f43-695c\"\r\nlast-modified: Mon, 07 Oct 2024 21:14:43 GMT\r\nserver: cloudflare\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nvary: Accept-Encoding, Accept-Encoding\r\ndc: ccg11-origin-www-1.paypal.com\r\npp-border: ccg14bdrf5-3.ccg14.slc.paypalinc.com\r\npaypal-debug-id: 31944cd4ed063\r\ntiming-allow-origin: https://www.paypal.com,https://www.sandbox.paypal.com\r\nx-content-type-options: nosniff\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":26972,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (26971)","md5":"0cfbf0dfa4fad9557df4e3b9493dbae0","sha1":"ec927e269619d74d48ed05831ccade5caa580a3c","sha256":"7f083991dcd0f426a91fef258e7a1ce9a3b58c1ad459fb3a9a5cec584a06b1c7","sha512":"fe32e67032b6f63149aa98b92405ba7029c69e611c8f4e2a3222fe3b2864e5eba4f03f349fdeda3de34a07d926645bf48dde2fe14a702be8494b712790e86f59","ssdeep":"768:itXrcGGWoQyfKjEjysmEtPtqJNR0pRIhX0AuQqC6dXBM6kpeSbWV18ktPw:MASmpOhEI","tlshash":"e1c2faccf751b0612ae752a1947b1213e2307fa9708f4051e4698daa3eb15cfe23bb5d","first_seen":"2024-12-03T09:01:11.359963Z","last_seen":"2026-06-03T08:38:58.306184Z","times_seen":259,"resource_available":true,"data":null}},"time_used":55,"timings":{"blocked":21,"dns":0,"connect":0,"send":0,"wait":34,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"paypal.com-authenticator.site/signin/signin","fqdn":"paypal.com-authenticator.site","domain":"com-authenticator.site","tld":"site"},"ip":{"addr":"103.183.75.145","port":80,"asn":136052,"as":"PT Cloud Hosting Indonesia","country":"Indonesia","country_code":"ID"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"http://paypal.com-authenticator.site/signin/","date":"2026-03-25T15:23:56.513Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /signin/signin HTTP/1.1\r\nHost: paypal.com-authenticator.site\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nX-Requested-With: XMLHttpRequest\r\nReferer: http://paypal.com-authenticator.site/signin/\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: _dd_s=rum=1\u0026id=7c5f69ad-8f09-4022-97cc-7cc05a739318\u0026created=1774452229233\u0026expire=1774453129233\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 302 Found\r\nServer: nginx\r\nDate: Wed, 25 Mar 2026 15:23:56 GMT\r\nContent-Type: text/html; charset=UTF-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nlocation: signin\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-08T21:16:18.866443Z","times_seen":16250262,"resource_available":true,"data":null}},"time_used":489,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":489,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - PayPal","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with PayPal phishing","tags":["paypal","phishing","financial"],"meta":null}]}},{"url":{"schema":"http","addr":"paypal.com-authenticator.site/signin/signin","fqdn":"paypal.com-authenticator.site","domain":"com-authenticator.site","tld":"site"},"ip":{"addr":"103.183.75.145","port":80,"asn":136052,"as":"PT Cloud Hosting Indonesia","country":"Indonesia","country_code":"ID"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"http://paypal.com-authenticator.site/signin/","date":"2026-03-25T15:23:58.985Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /signin/signin HTTP/1.1\r\nHost: paypal.com-authenticator.site\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nX-Requested-With: XMLHttpRequest\r\nReferer: http://paypal.com-authenticator.site/signin/\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: _dd_s=rum=1\u0026id=7c5f69ad-8f09-4022-97cc-7cc05a739318\u0026created=1774452229233\u0026expire=1774453129233\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 302 Found\r\nServer: nginx\r\nDate: Wed, 25 Mar 2026 15:23:58 GMT\r\nContent-Type: text/html; charset=UTF-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nlocation: signin\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-08T21:16:18.866443Z","times_seen":16250262,"resource_available":true,"data":null}},"time_used":497,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":497,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - PayPal","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with PayPal phishing","tags":["paypal","phishing","financial"],"meta":null}]}},{"url":{"schema":"https","addr":"c6.paypal.com/v1/r/d/b/p3?f=6b456f150e1440fc9b9489b69051b882\u0026s=UNIFIED_LOGIN_INPUT_PASSWORD_TRMT","fqdn":"c6.paypal.com","domain":"paypal.com","tld":"com"},"ip":{"addr":"151.101.193.35","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://paypal.com-authenticator.site/signin/","date":"2026-03-25T15:23:50.334Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.paypal.com","organization":"PayPal, Inc."},"issuer":{"commonName":"DigiCert EV RSA CA G2","organization":"DigiCert Inc"},"validity":{"start":"Tue, 05 Aug 2025 00:00:00 GMT","end":"Tue, 04 Aug 2026 23:59:59 GMT"},"fingerprint":{"sha1":"12:2E:F7:4B:EE:2D:15:15:4F:4E:DE:63:48:9F:DB:6C:A1:B4:A4:6D","sha256":"A6:C0:A2:30:F9:69:64:91:78:C1:B6:BD:F4:64:B7:8A:CF:17:D7:55:84:52:3F:43:97:56:68:51:CA:99:FD:6B"}}},"request":{"raw":"GET /v1/r/d/b/p3?f=6b456f150e1440fc9b9489b69051b882\u0026s=UNIFIED_LOGIN_INPUT_PASSWORD_TRMT HTTP/1.1\r\nHost: c6.paypal.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://paypal.com-authenticator.site/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncache-control: max-age=0, no-cache, no-store, must-revalidate\r\npaypal-debug-id: 825c5a58299f6\r\ncorrelation-id: 825c5a58299f6\r\nset-cookie: l7_az=dcg14.slc; Path=/; Domain=paypal.com; Expires=Wed, 25 Mar 2026 15:53:50 GMT; HttpOnly; Secure\r\naccept-ranges: bytes\r\nvia: 1.1 varnish, 1.1 varnish\r\ndate: Wed, 25 Mar 2026 15:23:50 GMT\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\nx-served-by: cache-fra-etou8220119-FRA, cache-fra-etou8220119-FRA, cache-hel1410024-HEL\r\nx-cache: MISS, MISS, MISS\r\nx-cache-hits: 0, 0, 0\r\nx-timer: S1774452231.500480,VS0,VE230\r\nvary: Accept-Encoding\r\nserver-timing: content-encoding;desc=\"\",x-cdn;desc=\"fastly\"\r\ntiming-allow-origin: *\r\ncontent-length: 0\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Varnish","description":"Varnish is a reverse caching proxy.","website":"https://www.varnish-cache.org","common_platform_enumeration":"cpe:2.3:a:varnish-software:varnish_cache:*:*:*:*:*:*:*:*","icon":"Varnish.svg","categories":["Caching"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-08T21:16:18.866443Z","times_seen":16250262,"resource_available":true,"data":null}},"time_used":548,"timings":{"blocked":144,"dns":85,"connect":26,"send":0,"wait":258,"receive":0,"ssl":30},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"paypal.com-authenticator.site/signin/signin","fqdn":"paypal.com-authenticator.site","domain":"com-authenticator.site","tld":"site"},"ip":{"addr":"103.183.75.145","port":80,"asn":136052,"as":"PT Cloud Hosting Indonesia","country":"Indonesia","country_code":"ID"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"http://paypal.com-authenticator.site/signin/","date":"2026-03-25T15:23:57.995Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /signin/signin HTTP/1.1\r\nHost: paypal.com-authenticator.site\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nX-Requested-With: XMLHttpRequest\r\nReferer: http://paypal.com-authenticator.site/signin/\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: _dd_s=rum=1\u0026id=7c5f69ad-8f09-4022-97cc-7cc05a739318\u0026created=1774452229233\u0026expire=1774453129233\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 302 Found\r\nServer: nginx\r\nDate: Wed, 25 Mar 2026 15:23:57 GMT\r\nContent-Type: text/html; charset=UTF-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nlocation: signin\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-08T21:16:18.866443Z","times_seen":16250262,"resource_available":true,"data":null}},"time_used":490,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":490,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - PayPal","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with PayPal phishing","tags":["paypal","phishing","financial"],"meta":null}]}},{"url":{"schema":"https","addr":"www.paypalobjects.com/paypal-ui/fonts/PayPalOpen-Medium.woff2","fqdn":"www.paypalobjects.com","domain":"paypalobjects.com","tld":"com"},"ip":{"addr":"172.64.153.163","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"font","requested_by":"http://paypal.com-authenticator.site/signin/","date":"2026-03-25T15:23:47.747Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.paypalobjects.com","organization":"PayPal, Inc."},"issuer":{"commonName":"DigiCert EV RSA CA G2","organization":"DigiCert Inc"},"validity":{"start":"Tue, 17 Jun 2025 00:00:00 GMT","end":"Tue, 16 Jun 2026 23:59:59 GMT"},"fingerprint":{"sha1":"D1:CC:8D:A7:79:AE:1A:09:18:36:29:8A:84:C5:9B:2E:0E:FB:CC:75","sha256":"B2:15:32:68:A9:52:EC:F4:53:30:4D:98:F6:AF:90:B7:AA:72:37:80:05:8A:96:71:BC:E8:9A:9F:05:01:C7:E9"}}},"request":{"raw":"GET /paypal-ui/fonts/PayPalOpen-Medium.woff2 HTTP/1.1\r\nHost: www.paypalobjects.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: http://paypal.com-authenticator.site\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.paypalobjects.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 25 Mar 2026 15:23:47 GMT\r\ncontent-type: application/font-woff2\r\ncf-ray: 9e1eeb3768c5dfec-OSL\r\ncf-cache-status: HIT\r\naccess-control-allow-origin: *\r\ncache-control: s-maxage=31536000, public,max-age=31536000\r\nx-content-type-options: nosniff\r\netag: W/\"65a04ab6-6bf1\"\r\nlast-modified: Thu, 11 Jan 2024 20:08:22 GMT\r\nserver: cloudflare\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nvary: Accept-Encoding, Accept-Encoding\r\naccess-control-allow-methods: GET\r\ndc: ccg11-origin-www-1.paypal.com\r\npp-border: ccg14bdrf5-5.ccg14.slc.paypalinc.com\r\npaypal-debug-id: 8b92d2c3995a5\r\ntiming-allow-origin: https://www.paypal.com,https://www.sandbox.paypal.com\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":27633,"size_decoded":0,"mime_type":"application/font-woff2","magic":"Web Open Font Format (Version 2), TrueType, length 27633, version 1.0","md5":"38178232099be6c278a39fdcfe2db243","sha1":"abf44e1e4a3cd12be295b8361dc488784259fb53","sha256":"8d0e74dfe39c809f2dde1119f404841405d107fa40165669ea74fca51722311b","sha512":"307cb0a013088bc87c392dbe0c084ada953beb01b902c988a97a46894bc85b81eb93bea0436186f09deccec7bcc58b9b63cad9d4c5783fe37d5968a90bdc94f3","ssdeep":"768:4qq1uwAN5VyeAAL7ddHIavOnPMpz6dmP6wfzVUsl4bDA:4q2BAN5HrLHaUpz66n4bk","tlshash":"f5c2e1ca04025970e53356ff439f28dfc0b1d2e3ae199c9dd49f59a8c4ff38512950a6","first_seen":"2024-07-23T00:03:56Z","last_seen":"2026-06-03T08:29:10.230097Z","times_seen":391,"resource_available":false,"data":null}},"time_used":119,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":119,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"paypal.com-authenticator.site/signin/signin","fqdn":"paypal.com-authenticator.site","domain":"com-authenticator.site","tld":"site"},"ip":{"addr":"103.183.75.145","port":80,"asn":136052,"as":"PT Cloud Hosting Indonesia","country":"Indonesia","country_code":"ID"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"http://paypal.com-authenticator.site/signin/","date":"2026-03-25T15:23:58.491Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /signin/signin HTTP/1.1\r\nHost: paypal.com-authenticator.site\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nX-Requested-With: XMLHttpRequest\r\nReferer: http://paypal.com-authenticator.site/signin/\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: _dd_s=rum=1\u0026id=7c5f69ad-8f09-4022-97cc-7cc05a739318\u0026created=1774452229233\u0026expire=1774453129233\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 302 Found\r\nServer: nginx\r\nDate: Wed, 25 Mar 2026 15:23:58 GMT\r\nContent-Type: text/html; charset=UTF-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nlocation: signin\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-08T21:16:18.866443Z","times_seen":16250262,"resource_available":true,"data":null}},"time_used":486,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":486,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - PayPal","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with PayPal phishing","tags":["paypal","phishing","financial"],"meta":null}]}},{"url":{"schema":"https","addr":"www.paypalobjects.com/paypal-ui/fonts/PayPalOpen-Regular.woff2","fqdn":"www.paypalobjects.com","domain":"paypalobjects.com","tld":"com"},"ip":{"addr":"172.64.153.163","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"font","requested_by":"http://paypal.com-authenticator.site/signin/","date":"2026-03-25T15:23:47.743Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.paypalobjects.com","organization":"PayPal, Inc."},"issuer":{"commonName":"DigiCert EV RSA CA G2","organization":"DigiCert Inc"},"validity":{"start":"Tue, 17 Jun 2025 00:00:00 GMT","end":"Tue, 16 Jun 2026 23:59:59 GMT"},"fingerprint":{"sha1":"D1:CC:8D:A7:79:AE:1A:09:18:36:29:8A:84:C5:9B:2E:0E:FB:CC:75","sha256":"B2:15:32:68:A9:52:EC:F4:53:30:4D:98:F6:AF:90:B7:AA:72:37:80:05:8A:96:71:BC:E8:9A:9F:05:01:C7:E9"}}},"request":{"raw":"GET /paypal-ui/fonts/PayPalOpen-Regular.woff2 HTTP/1.1\r\nHost: www.paypalobjects.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: http://paypal.com-authenticator.site\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.paypalobjects.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 25 Mar 2026 15:23:47 GMT\r\ncontent-type: application/font-woff2\r\ncf-ray: 9e1eeb37689cdfec-OSL\r\ncf-cache-status: HIT\r\naccess-control-allow-origin: *\r\ncache-control: s-maxage=31536000, public,max-age=31536000\r\nx-content-type-options: nosniff\r\netag: W/\"6298f2c0-6b41\"\r\nlast-modified: Thu, 02 Jun 2022 17:26:24 GMT\r\nserver: cloudflare\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nvary: Accept-Encoding, Accept-Encoding\r\naccess-control-allow-methods: GET\r\ndc: ccg11-origin-www-1.paypal.com\r\npp-border: ccg13bdrf5-5.ccg13.slc.paypalinc.com\r\npaypal-debug-id: 360386cbbf4f4\r\ntiming-allow-origin: https://www.paypal.com,https://www.sandbox.paypal.com\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":27457,"size_decoded":0,"mime_type":"application/font-woff2","magic":"Web Open Font Format (Version 2), TrueType, length 27457, version 1.0","md5":"49d49974386dc725656bc1a2bf32ed44","sha1":"26139d3425422f233dfccb09fca2edb36f01e390","sha256":"9ae7b95f034d76b21aaf8fcc0cdd39f4ba7ba59dd9751348a32c7e5cfdfdb6df","sha512":"440a101dc681e69275ab9c2bfa2e436b9d3500debfcf5c84f47b9796f6879e1021b4a6e797ea3c4b45052f68cb066c1bcc75b4a6ac204a40848cb4eb6731f94a","ssdeep":"768:rs41ijgVewvJ0P+BvnbXzmX07uu/pmawwzQ8Mv:rsaijVwP1bXzmX077zQzv","tlshash":"9dc2e0f975cfa310c31d315cbce08a7a010579a8ece47799c368999f195bc8ad1db13a","first_seen":"2023-04-11T21:56:01Z","last_seen":"2026-06-05T15:16:27.940858Z","times_seen":1349,"resource_available":false,"data":null}},"time_used":96,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":96,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.paypalobjects.com/martech/tm/paypal/mktconf.js","fqdn":"www.paypalobjects.com","domain":"paypalobjects.com","tld":"com"},"ip":{"addr":"172.64.153.163","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://paypal.com-authenticator.site/signin/","date":"2026-03-25T15:23:49.456Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.paypalobjects.com","organization":"PayPal, Inc."},"issuer":{"commonName":"DigiCert EV RSA CA G2","organization":"DigiCert Inc"},"validity":{"start":"Tue, 17 Jun 2025 00:00:00 GMT","end":"Tue, 16 Jun 2026 23:59:59 GMT"},"fingerprint":{"sha1":"D1:CC:8D:A7:79:AE:1A:09:18:36:29:8A:84:C5:9B:2E:0E:FB:CC:75","sha256":"B2:15:32:68:A9:52:EC:F4:53:30:4D:98:F6:AF:90:B7:AA:72:37:80:05:8A:96:71:BC:E8:9A:9F:05:01:C7:E9"}}},"request":{"raw":"GET /martech/tm/paypal/mktconf.js HTTP/1.1\r\nHost: www.paypalobjects.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: http://paypal.com-authenticator.site\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://paypal.com-authenticator.site/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 25 Mar 2026 15:23:49 GMT\r\ncontent-type: application/javascript\r\ncf-ray: 9e1eeb421ef4dfec-OSL\r\ncf-cache-status: HIT\r\naccess-control-allow-origin: *\r\ncache-control: s-maxage=31536000, public,max-age=3600\r\ncontent-encoding: br\r\netag: W/\"69c2093f-5fc34\"\r\nlast-modified: Tue, 24 Mar 2026 03:47:11 GMT\r\nserver: cloudflare\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nvary: Accept-Encoding, Accept-Encoding\r\naccess-control-allow-headers: x-csrf-token\r\naccess-control-allow-methods: GET\r\ndc: ccg11-origin-www-1.paypal.com\r\npp-border: ccg01bdrf5-12.ccg01.phx.paypalinc.com\r\npaypal-debug-id: 6fe2b38eefd22\r\ntiming-allow-origin: https://www.paypal.com,https://www.sandbox.paypal.com\r\nx-content-type-options: nosniff\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":392244,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65491)","md5":"41fd361c3cd7936b117064656762915a","sha1":"48608a93e85772b898dafb502e5410dc20a33ddb","sha256":"aa704dc883bff8f01bb0f51b59e8b63381230c357cbc4d4d59d5f4d9c7f35ec2","sha512":"50fe09c2b4296a5ebc5d03e673f6367be77bc91a37fce781e65e2353ec83b3d93840f9653f04d0bbaaae3299c5d8cdd7ba997e1001f1d47271ed5280964c0baa","ssdeep":"3072:IEO3c0xDRI4Q1QGQRQDEpqFZZyT1Tp4iqukyV:ID1+z4qhkBp4iqunV","tlshash":"9b8493c8c8b45daf0d7fdf44ae5f9a2420242ba84b8a4811b7d47f7a07571db29ca7c4","first_seen":"2026-03-24T04:54:42.730646Z","last_seen":"2026-03-27T13:08:29.201473Z","times_seen":14,"resource_available":true,"data":null}},"time_used":87,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":87,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"d.paypal.com/cdn/cd/gwf?v=latest","fqdn":"d.paypal.com","domain":"paypal.com","tld":"com"},"ip":{"addr":"108.157.229.63","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"http://paypal.com-authenticator.site/signin/","date":"2026-03-25T15:23:50.361Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"d.paypal.com","organization":"PayPal, Inc."},"issuer":{"commonName":"DigiCert Global G2 TLS RSA SHA256 2020 CA1","organization":"DigiCert Inc"},"validity":{"start":"Fri, 21 Nov 2025 00:00:00 GMT","end":"Thu, 21 May 2026 23:59:59 GMT"},"fingerprint":{"sha1":"81:95:B3:90:9B:31:9E:BC:57:35:3B:83:0F:11:A6:C1:B5:7B:AD:10","sha256":"D4:9C:0B:6F:12:3A:41:94:A5:60:6B:34:B5:61:2E:13:B0:A5:7C:15:B1:CE:68:6E:36:55:DB:32:79:6C:AF:BA"}}},"request":{"raw":"OPTIONS /cdn/cd/gwf?v=latest HTTP/1.1\r\nHost: d.paypal.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nAccess-Control-Request-Method: POST\r\nAccess-Control-Request-Headers: x-h-token\r\nReferer: http://paypal.com-authenticator.site/\r\nOrigin: http://paypal.com-authenticator.site\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"OPTIONS"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: text/plain; charset=UTF-8\r\ncontent-length: 3\r\ndate: Wed, 25 Mar 2026 15:23:50 GMT\r\nstrict-transport-security: max-age=31536000\r\nserver: nginx\r\npragma: no-cache\r\ncache-control: no-cache, pre-check=0, post-check=0, max-age=0, s-maxage=0, no-store, must-revalidate\r\nreferrer-policy: unsafe-url\r\nx-content-type-options: no-sniff\r\naccess-control-allow-origin: http://paypal.com-authenticator.site\r\naccess-control-allow-headers: x-h-token\r\naccess-control-allow-credentials: true\r\nx-permitted-cross-domain-policies: master-only\r\nx-cache: Miss from cloudfront\r\nvia: 1.1 283a3ebaefd33728d45267e54657c3e2.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: ARN56-P2\r\nx-amz-cf-id: lH1zKCePBiHshMFAw5zvJmncPq024_9CTzrXbZlgH1XyPev0LwWYIg==\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]}],"data":{"size":3,"size_decoded":0,"mime_type":"text/plain; charset=UTF-8","magic":"ASCII text, with no line terminators","md5":"202cb962ac59075b964b07152d234b70","sha1":"40bd001563085fc35165329ea1ff5c5ecbdbbeef","sha256":"a665a45920422f9d417e4867efdc4fb8a04a1f3fff1fa07e998e86f7f7a27ae3","sha512":"3c9909afec25354d551dae21590bb26e38d53f2173b8d3dc3eee4c047e7ab1c1eb8b85103e3be7ba613b31bb5c9c36214dc9f14a42fd7a2fdb84856bca5c44c2","ssdeep":"","tlshash":"c72000000c00000000000000c00000000000000000000000000000000000000000c000","first_seen":"2023-03-12T09:12:21Z","last_seen":"2026-06-08T16:39:12.348007Z","times_seen":433,"resource_available":true,"data":null}},"time_used":124,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":124,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"paypal.com-authenticator.site/signin/signin","fqdn":"paypal.com-authenticator.site","domain":"com-authenticator.site","tld":"site"},"ip":{"addr":"103.183.75.145","port":80,"asn":136052,"as":"PT Cloud Hosting Indonesia","country":"Indonesia","country_code":"ID"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"http://paypal.com-authenticator.site/signin/","date":"2026-03-25T15:23:52.031Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /signin/signin HTTP/1.1\r\nHost: paypal.com-authenticator.site\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nX-Requested-With: XMLHttpRequest\r\nReferer: http://paypal.com-authenticator.site/signin/\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: _dd_s=rum=1\u0026id=7c5f69ad-8f09-4022-97cc-7cc05a739318\u0026created=1774452229233\u0026expire=1774453129233\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 302 Found\r\nServer: nginx\r\nDate: Wed, 25 Mar 2026 15:23:52 GMT\r\nContent-Type: text/html; charset=UTF-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nlocation: signin\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-08T21:16:18.866443Z","times_seen":16250262,"resource_available":true,"data":null}},"time_used":521,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":521,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - PayPal","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with PayPal phishing","tags":["paypal","phishing","financial"],"meta":null}]}},{"url":{"schema":"http","addr":"paypal.com-authenticator.site/signin/signin","fqdn":"paypal.com-authenticator.site","domain":"com-authenticator.site","tld":"site"},"ip":{"addr":"103.183.75.145","port":80,"asn":136052,"as":"PT Cloud Hosting Indonesia","country":"Indonesia","country_code":"ID"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"http://paypal.com-authenticator.site/signin/","date":"2026-03-25T15:23:52.069Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /signin/signin HTTP/1.1\r\nHost: paypal.com-authenticator.site\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nX-Requested-With: XMLHttpRequest\r\nReferer: http://paypal.com-authenticator.site/signin/\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: _dd_s=rum=1\u0026id=7c5f69ad-8f09-4022-97cc-7cc05a739318\u0026created=1774452229233\u0026expire=1774453129233\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 302 Found\r\nServer: nginx\r\nDate: Wed, 25 Mar 2026 15:23:52 GMT\r\nContent-Type: text/html; charset=UTF-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nlocation: signin\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-08T21:16:18.866443Z","times_seen":16250262,"resource_available":true,"data":null}},"time_used":512,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":512,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - PayPal","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with PayPal phishing","tags":["paypal","phishing","financial"],"meta":null}]}},{"url":{"schema":"http","addr":"paypal.com-authenticator.site/signin/signin","fqdn":"paypal.com-authenticator.site","domain":"com-authenticator.site","tld":"site"},"ip":{"addr":"103.183.75.145","port":80,"asn":136052,"as":"PT Cloud Hosting Indonesia","country":"Indonesia","country_code":"ID"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"http://paypal.com-authenticator.site/signin/","date":"2026-03-25T15:23:56.190Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /signin/signin HTTP/1.1\r\nHost: paypal.com-authenticator.site\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nX-Requested-With: XMLHttpRequest\r\nReferer: http://paypal.com-authenticator.site/signin/\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: _dd_s=rum=1\u0026id=7c5f69ad-8f09-4022-97cc-7cc05a739318\u0026created=1774452229233\u0026expire=1774453129233\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 302 Found\r\nServer: nginx\r\nDate: Wed, 25 Mar 2026 15:23:56 GMT\r\nContent-Type: text/html; charset=UTF-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nlocation: signin\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-08T21:16:18.866443Z","times_seen":16250262,"resource_available":true,"data":null}},"time_used":486,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":486,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - PayPal","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with PayPal phishing","tags":["paypal","phishing","financial"],"meta":null}]}},{"url":{"schema":"https","addr":"www.paypalobjects.com/rdaAssets/fraudnet/sync/fn-sync-telemetry-min.js","fqdn":"www.paypalobjects.com","domain":"paypalobjects.com","tld":"com"},"ip":{"addr":"172.64.153.163","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://paypal.com-authenticator.site/signin/","date":"2026-03-25T15:23:47.257Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.paypalobjects.com","organization":"PayPal, Inc."},"issuer":{"commonName":"DigiCert EV RSA CA G2","organization":"DigiCert Inc"},"validity":{"start":"Tue, 17 Jun 2025 00:00:00 GMT","end":"Tue, 16 Jun 2026 23:59:59 GMT"},"fingerprint":{"sha1":"D1:CC:8D:A7:79:AE:1A:09:18:36:29:8A:84:C5:9B:2E:0E:FB:CC:75","sha256":"B2:15:32:68:A9:52:EC:F4:53:30:4D:98:F6:AF:90:B7:AA:72:37:80:05:8A:96:71:BC:E8:9A:9F:05:01:C7:E9"}}},"request":{"raw":"GET /rdaAssets/fraudnet/sync/fn-sync-telemetry-min.js HTTP/1.1\r\nHost: www.paypalobjects.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://paypal.com-authenticator.site/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 25 Mar 2026 15:23:47 GMT\r\ncontent-type: application/javascript\r\ncf-ray: 9e1eeb34af35dfec-OSL\r\ncf-cache-status: HIT\r\naccess-control-allow-origin: *\r\nage: 330\r\ncache-control: s-maxage=31536000, public,max-age=3600\r\ncontent-encoding: br\r\netag: W/\"6786ddcf-1e1f\"\r\nlast-modified: Tue, 14 Jan 2025 21:57:35 GMT\r\nserver: cloudflare\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nvary: Accept-Encoding, Accept-Encoding\r\naccess-control-allow-methods: GET\r\ndc: ccg11-origin-www-1.paypal.com\r\npp-border: ccg13bdrf5-6.ccg13.slc.paypalinc.com\r\npaypal-debug-id: 98a1369948877\r\ntiming-allow-origin: https://www.paypal.com,https://www.sandbox.paypal.com\r\nx-content-type-options: nosniff\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":7711,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (7710)","md5":"5f8559416a76c08741a246936c58f437","sha1":"aaa7f64104332a0f35a9f56f516eaf15d999a082","sha256":"4f3802a3a58d849d9b0950c807ac3705131bf34d647be4f61d5679b93402ca2d","sha512":"9823656876c6817ab821b5925950123e348fb1235d805bf1c8d014a52624018c682e016624a2da56b27d94997c997d8624af8bf3a66295cbbf7225f7036dca5b","ssdeep":"192:k1+hF5ptVRl3tu4f40IelTPbk9eC4E8ZtRY4KI0tRzkqsYb:8+hF5ptVRlY4AGVAgCxsRY4PKRzkJYb","tlshash":"b4f1a5aa7385707514f326a7662f9305723a62057c8d9088e237ecc07dec98a9377fb5","first_seen":"2025-01-16T04:18:16.004746Z","last_seen":"2026-06-03T08:38:58.316732Z","times_seen":308,"resource_available":true,"data":null}},"time_used":82,"timings":{"blocked":-1,"dns":22,"connect":3,"send":0,"wait":26,"receive":0,"ssl":21},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.paypalobjects.com/webcaptcha/grcenterprise_v3_static.js","fqdn":"www.paypalobjects.com","domain":"paypalobjects.com","tld":"com"},"ip":{"addr":"172.64.153.163","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://paypal.com-authenticator.site/signin/","date":"2026-03-25T15:23:47.262Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.paypalobjects.com","organization":"PayPal, Inc."},"issuer":{"commonName":"DigiCert EV RSA CA G2","organization":"DigiCert Inc"},"validity":{"start":"Tue, 17 Jun 2025 00:00:00 GMT","end":"Tue, 16 Jun 2026 23:59:59 GMT"},"fingerprint":{"sha1":"D1:CC:8D:A7:79:AE:1A:09:18:36:29:8A:84:C5:9B:2E:0E:FB:CC:75","sha256":"B2:15:32:68:A9:52:EC:F4:53:30:4D:98:F6:AF:90:B7:AA:72:37:80:05:8A:96:71:BC:E8:9A:9F:05:01:C7:E9"}}},"request":{"raw":"GET /webcaptcha/grcenterprise_v3_static.js HTTP/1.1\r\nHost: www.paypalobjects.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://paypal.com-authenticator.site/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 25 Mar 2026 15:23:47 GMT\r\ncontent-type: application/javascript\r\ncf-ray: 9e1eeb349f18dfec-OSL\r\ncf-cache-status: HIT\r\naccess-control-allow-origin: *\r\nage: 2892142\r\ncache-control: s-maxage=31536000, public,max-age=3600\r\ncontent-encoding: br\r\netag: \"68517ed9-186c\"\r\nlast-modified: Tue, 17 Jun 2025 14:42:33 GMT\r\nserver: cloudflare\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nvary: Accept-Encoding, Accept-Encoding\r\naccess-control-allow-headers: x-csrf-token\r\naccess-control-allow-methods: GET\r\ndc: ccg11-origin-www-1.paypal.com\r\npp-border: ccg14bdrf5-3.ccg14.slc.paypalinc.com\r\npaypal-debug-id: 8cbeb61a42979\r\ntiming-allow-origin: https://www.paypal.com,https://www.sandbox.paypal.com\r\nx-content-type-options: nosniff\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":6252,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text","md5":"5e1ef31fca217880cb587a759e88e01c","sha1":"a35c2350f4787c2597a71d70f4f62f3bb31beee6","sha256":"f3628ea791958b87da4e82ac9a0f85295b784ea0b3da83c160d70d0375474e7f","sha512":"cda93772843216ff3f8da40aaba3ac21f2c5afef9d334437b308ff446b1e78524ac901eace2958fcd736da0264ab612c1b08e724646cf589c3da52906d20e761","ssdeep":"192:oHXo3pSWlyiuzvCyBoIQo/ZbTHvUMfItoa39SrWM8N6fG:QopqvCyR/ZbTHvUMfItoa39K8NMG","tlshash":"c8d1a35c3db320a580abe62d9beb55047077a11b284fcc10befc59847f24eb925a57ec","first_seen":"2025-06-17T21:57:42.551971Z","last_seen":"2026-06-03T08:29:10.202176Z","times_seen":182,"resource_available":true,"data":null}},"time_used":408,"timings":{"blocked":34,"dns":0,"connect":0,"send":0,"wait":374,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"d.paypal.com/cdn/ca/jquery-3.6.1.min.js","fqdn":"d.paypal.com","domain":"paypal.com","tld":"com"},"ip":{"addr":"108.157.229.63","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://paypal.com-authenticator.site/signin/","date":"2026-03-25T15:23:49.215Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"d.paypal.com","organization":"PayPal, Inc."},"issuer":{"commonName":"DigiCert Global G2 TLS RSA SHA256 2020 CA1","organization":"DigiCert Inc"},"validity":{"start":"Fri, 21 Nov 2025 00:00:00 GMT","end":"Thu, 21 May 2026 23:59:59 GMT"},"fingerprint":{"sha1":"81:95:B3:90:9B:31:9E:BC:57:35:3B:83:0F:11:A6:C1:B5:7B:AD:10","sha256":"D4:9C:0B:6F:12:3A:41:94:A5:60:6B:34:B5:61:2E:13:B0:A5:7C:15:B1:CE:68:6E:36:55:DB:32:79:6C:AF:BA"}}},"request":{"raw":"GET /cdn/ca/jquery-3.6.1.min.js HTTP/1.1\r\nHost: d.paypal.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: http://paypal.com-authenticator.site/\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: _ec080eef91390fd025dd0bb85cfbf60e__sb=Renc7fpAtLgIfMUzkXJQWQOT6v5wgAa5G5RGD338BLIWZ7wZ2R\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: application/javascript; charset=utf-8\r\ndate: Wed, 25 Mar 2026 01:57:20 GMT\r\nlast-modified: Tue, 24 Mar 2026 09:21:51 GMT\r\ncontent-encoding: br\r\nserver: AmazonS3\r\netag: W/\"94556f0a66040b01a796c1149ad80d8e\"\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 283a3ebaefd33728d45267e54657c3e2.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: ARN56-P2\r\nx-amz-cf-id: SBPypLg2udUt6Q6sVQiCu8AAJVD3E_aFMXRTl_1bo83Olpm-_jGUCQ==\r\nage: 48390\r\nvary: Accept-Encoding, Origin\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon S3","description":"Amazon S3 or Amazon Simple Storage Service is a service offered by Amazon Web Services (AWS) that provides object storage through a web service interface.","website":"https://aws.amazon.com/s3/","common_platform_enumeration":"","icon":"Amazon S3.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]}],"data":{"size":2829628,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"e367af21b299f3047ca8678ffc15f746","sha1":"55f84445682cec3db72fc58030e94bb84a7c574b","sha256":"416b4b50d2e6fbab5d6c355ba83df85c5d34637bd97ff180d920e60bc108f6e9","sha512":"8432ee93900fc56c52cdb5dac2dc30d77b74a3af561c4c9306123fb08fc5aa3e716b266984235b6fb7e9904aeeabcfb752611523cb36a0f33486f04aaed4491b","ssdeep":"6144:GXaXFpamBx2A9DqwygdXdTV2RdSlLI/uCBbKiSl0uQycHdFvKcqIod/y:GKCmV93pvQycHdwcqIod/y","tlshash":"9225f2d876d1e11f6bdd0e43fe15aafa017a966790d97307836cba8d14e824bc27cc84","first_seen":"2026-03-25T15:24:15.902411Z","last_seen":"2026-05-01T14:56:46.372725Z","times_seen":13,"resource_available":false,"data":null}},"time_used":13,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":13,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"paypal.com-authenticator.site/signin/signin","fqdn":"paypal.com-authenticator.site","domain":"com-authenticator.site","tld":"site"},"ip":{"addr":"103.183.75.145","port":80,"asn":136052,"as":"PT Cloud Hosting Indonesia","country":"Indonesia","country_code":"ID"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"http://paypal.com-authenticator.site/signin/","date":"2026-03-25T15:23:51.460Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /signin/signin HTTP/1.1\r\nHost: paypal.com-authenticator.site\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nX-Requested-With: XMLHttpRequest\r\nReferer: http://paypal.com-authenticator.site/signin/\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: _dd_s=rum=1\u0026id=7c5f69ad-8f09-4022-97cc-7cc05a739318\u0026created=1774452229233\u0026expire=1774453129233\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 302 Found\r\nServer: nginx\r\nDate: Wed, 25 Mar 2026 15:23:51 GMT\r\nContent-Type: text/html; charset=UTF-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nlocation: signin\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-08T21:16:18.866443Z","times_seen":16250262,"resource_available":true,"data":null}},"time_used":567,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":567,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - PayPal","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with PayPal phishing","tags":["paypal","phishing","financial"],"meta":null}]}},{"url":{"schema":"http","addr":"paypal.com-authenticator.site/signin/signin","fqdn":"paypal.com-authenticator.site","domain":"com-authenticator.site","tld":"site"},"ip":{"addr":"103.183.75.145","port":80,"asn":136052,"as":"PT Cloud Hosting Indonesia","country":"Indonesia","country_code":"ID"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"http://paypal.com-authenticator.site/signin/","date":"2026-03-25T15:23:59.658Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /signin/signin HTTP/1.1\r\nHost: paypal.com-authenticator.site\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nX-Requested-With: XMLHttpRequest\r\nReferer: http://paypal.com-authenticator.site/signin/\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: _dd_s=rum=1\u0026id=7c5f69ad-8f09-4022-97cc-7cc05a739318\u0026created=1774452229233\u0026expire=1774453129233\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 302 Found\r\nServer: nginx\r\nDate: Wed, 25 Mar 2026 15:23:59 GMT\r\nContent-Type: text/html; charset=UTF-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nlocation: signin\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-08T21:16:18.866443Z","times_seen":16250262,"resource_available":true,"data":null}},"time_used":496,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":496,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - PayPal","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with PayPal phishing","tags":["paypal","phishing","financial"],"meta":null}]}},{"url":{"schema":"https","addr":"d.paypal.com/cdn/cd/199f4dcf55b9dafd6ad41cbcfb237f87/9f89c84a559f573636a47ff8daed0d33/icon.jpg","fqdn":"d.paypal.com","domain":"paypal.com","tld":"com"},"ip":{"addr":"108.157.229.63","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://paypal.com-authenticator.site/signin/","date":"2026-03-25T15:23:47.251Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"d.paypal.com","organization":"PayPal, Inc."},"issuer":{"commonName":"DigiCert Global G2 TLS RSA SHA256 2020 CA1","organization":"DigiCert Inc"},"validity":{"start":"Fri, 21 Nov 2025 00:00:00 GMT","end":"Thu, 21 May 2026 23:59:59 GMT"},"fingerprint":{"sha1":"81:95:B3:90:9B:31:9E:BC:57:35:3B:83:0F:11:A6:C1:B5:7B:AD:10","sha256":"D4:9C:0B:6F:12:3A:41:94:A5:60:6B:34:B5:61:2E:13:B0:A5:7C:15:B1:CE:68:6E:36:55:DB:32:79:6C:AF:BA"}}},"request":{"raw":"GET /cdn/cd/199f4dcf55b9dafd6ad41cbcfb237f87/9f89c84a559f573636a47ff8daed0d33/icon.jpg HTTP/1.1\r\nHost: d.paypal.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://paypal.com-authenticator.site/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: image/jpeg\r\ncontent-length: 0\r\ndate: Wed, 25 Mar 2026 15:23:47 GMT\r\nstrict-transport-security: max-age=31536000\r\nserver: nginx\r\npragma: no-cache\r\nset-cookie: _ec080eef91390fd025dd0bb85cfbf60e__sb=cfPQ6bjrVuNqTcTcsAYVVd2xLeoQayviNNyU6zt6aQbuOtpIiU; Max-Age=60; Expires=Wed, 25 Mar 2026 15:24:47 GMT; SameSite=None; Path=/; Secure\r\ncache-control: no-cache, pre-check=0, post-check=0, max-age=0, s-maxage=0, no-store, must-revalidate\r\nreferrer-policy: unsafe-url\r\ncontent-disposition: inline; filename=\"icon.jpg\"\r\nx-content-type-options: no-sniff\r\naccess-control-allow-credentials: true\r\nx-permitted-cross-domain-policies: master-only\r\nx-cache: Miss from cloudfront\r\nvia: 1.1 283a3ebaefd33728d45267e54657c3e2.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: ARN56-P2\r\nx-amz-cf-id: BT_o8iKGAh78DkJsaoDnPvt3lvCYbFjbiDdnD9zXpzXFmMkiM4JFvQ==\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/jpeg","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-08T21:16:18.866443Z","times_seen":16250262,"resource_available":true,"data":null}},"time_used":352,"timings":{"blocked":96,"dns":0,"connect":0,"send":0,"wait":256,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"paypal.com-authenticator.site/signin","fqdn":"paypal.com-authenticator.site","domain":"com-authenticator.site","tld":"site"},"ip":{"addr":"103.183.75.145","port":80,"asn":136052,"as":"PT Cloud Hosting Indonesia","country":"Indonesia","country_code":"ID"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-03-25T15:23:45.491Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /signin HTTP/1.1\r\nHost: paypal.com-authenticator.site\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 301 Moved Permanently\r\nServer: nginx\r\nDate: Wed, 25 Mar 2026 15:23:45 GMT\r\nContent-Type: text/html\r\nContent-Length: 162\r\nLocation: http://paypal.com-authenticator.site/signin/\r\nConnection: keep-alive\r\n\r\n","headers":null,"cookies":null,"status_code":"301","status_text":"Moved Permanently","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-08T21:16:18.866443Z","times_seen":16250262,"resource_available":true,"data":null}},"time_used":300,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":300,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - PayPal","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with PayPal phishing","tags":["paypal","phishing","financial"],"meta":null}]}},{"url":{"schema":"http","addr":"paypal.com-authenticator.site/signin/signin","fqdn":"paypal.com-authenticator.site","domain":"com-authenticator.site","tld":"site"},"ip":{"addr":"103.183.75.145","port":80,"asn":136052,"as":"PT Cloud Hosting Indonesia","country":"Indonesia","country_code":"ID"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"http://paypal.com-authenticator.site/signin/","date":"2026-03-25T15:23:57.178Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /signin/signin HTTP/1.1\r\nHost: paypal.com-authenticator.site\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nX-Requested-With: XMLHttpRequest\r\nReferer: http://paypal.com-authenticator.site/signin/\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: _dd_s=rum=1\u0026id=7c5f69ad-8f09-4022-97cc-7cc05a739318\u0026created=1774452229233\u0026expire=1774453129233\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 302 Found\r\nServer: nginx\r\nDate: Wed, 25 Mar 2026 15:23:57 GMT\r\nContent-Type: text/html; charset=UTF-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nlocation: signin\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-08T21:16:18.866443Z","times_seen":16250262,"resource_available":true,"data":null}},"time_used":497,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":497,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - PayPal","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with PayPal phishing","tags":["paypal","phishing","financial"],"meta":null}]}},{"url":{"schema":"http","addr":"paypal.com-authenticator.site/signin/signin","fqdn":"paypal.com-authenticator.site","domain":"com-authenticator.site","tld":"site"},"ip":{"addr":"103.183.75.145","port":80,"asn":136052,"as":"PT Cloud Hosting Indonesia","country":"Indonesia","country_code":"ID"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"http://paypal.com-authenticator.site/signin/","date":"2026-03-25T15:23:57.680Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /signin/signin HTTP/1.1\r\nHost: paypal.com-authenticator.site\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nX-Requested-With: XMLHttpRequest\r\nReferer: http://paypal.com-authenticator.site/signin/\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: _dd_s=rum=1\u0026id=7c5f69ad-8f09-4022-97cc-7cc05a739318\u0026created=1774452229233\u0026expire=1774453129233\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 302 Found\r\nServer: nginx\r\nDate: Wed, 25 Mar 2026 15:23:57 GMT\r\nContent-Type: text/html; charset=UTF-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nlocation: signin\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-08T21:16:18.866443Z","times_seen":16250262,"resource_available":true,"data":null}},"time_used":487,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":487,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - PayPal","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with PayPal phishing","tags":["paypal","phishing","financial"],"meta":null}]}},{"url":{"schema":"https","addr":"www.paypalobjects.com/images/shared/icon-PN-check.png","fqdn":"www.paypalobjects.com","domain":"paypalobjects.com","tld":"com"},"ip":{"addr":"172.64.153.163","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://paypal.com-authenticator.site/signin/","date":"2026-03-25T15:23:47.254Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.paypalobjects.com","organization":"PayPal, Inc."},"issuer":{"commonName":"DigiCert EV RSA CA G2","organization":"DigiCert Inc"},"validity":{"start":"Tue, 17 Jun 2025 00:00:00 GMT","end":"Tue, 16 Jun 2026 23:59:59 GMT"},"fingerprint":{"sha1":"D1:CC:8D:A7:79:AE:1A:09:18:36:29:8A:84:C5:9B:2E:0E:FB:CC:75","sha256":"B2:15:32:68:A9:52:EC:F4:53:30:4D:98:F6:AF:90:B7:AA:72:37:80:05:8A:96:71:BC:E8:9A:9F:05:01:C7:E9"}}},"request":{"raw":"GET /images/shared/icon-PN-check.png HTTP/1.1\r\nHost: www.paypalobjects.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://paypal.com-authenticator.site/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 25 Mar 2026 15:23:47 GMT\r\ncontent-type: image/png\r\ncontent-length: 1210\r\ncf-ray: 9e1eeb34af1edfec-OSL\r\ncf-cache-status: HIT\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncache-control: s-maxage=31536000, public,max-age=3600\r\netag: \"cfjXEEqizGto1bQMEOfVYTGhj-K1VnHOdKHxTvMGKADQ:60271b47-8bc\"\r\nlast-modified: Sat, 13 Feb 2021 00:20:23 GMT\r\nserver: cloudflare\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nvary: Accept-Encoding, Accept-Encoding\r\ncf-bgj: imgq:100,h2pri\r\nx-content-type-options: nosniff\r\ncf-resized: internal=ok/h q=0 n=55+4 c=0+4 v=2026.3.3 l=1210 f=false c2=0\r\ncontent-security-policy: default-src 'none'; navigate-to 'none'; form-action 'none'; img-src data:; style-src 'unsafe-inline';\r\npriority: u=4;i=?0,cf-chb=(136;u=5;i=?0)\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":1210,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 121 x 133, 8-bit colormap, non-interlaced","md5":"0a7715c708b8de63ec2c6700fde946b8","sha1":"5d4518c4698fbcaf85f7f5667d3e1bc905bef54d","sha256":"36279ef6fd28cd1da2b1e8be15f87c637ea4da9eda587e31f39c2536af6b8d14","sha512":"eefca1d1e685d809c4bbb562eee69a08c47c9f5d7ae4b0ac34f7a2dc8e80a1f6f01d183d4a2c950681d23919cd6c11cd07bd92273c46df083143658932fe1252","ssdeep":"","tlshash":"e721b7a3933fe04140be002fc1719dd56f0650b9c017ef053445559ac0a53dd5a9c3c3","first_seen":"2026-03-25T15:24:15.904208Z","last_seen":"2026-04-07T17:49:47.361339Z","times_seen":8,"resource_available":false,"data":null}},"time_used":78,"timings":{"blocked":44,"dns":0,"connect":0,"send":0,"wait":34,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.paypalobjects.com/pa/js/min/pa.js","fqdn":"www.paypalobjects.com","domain":"paypalobjects.com","tld":"com"},"ip":{"addr":"172.64.153.163","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://paypal.com-authenticator.site/signin/","date":"2026-03-25T15:23:47.259Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.paypalobjects.com","organization":"PayPal, Inc."},"issuer":{"commonName":"DigiCert EV RSA CA G2","organization":"DigiCert Inc"},"validity":{"start":"Tue, 17 Jun 2025 00:00:00 GMT","end":"Tue, 16 Jun 2026 23:59:59 GMT"},"fingerprint":{"sha1":"D1:CC:8D:A7:79:AE:1A:09:18:36:29:8A:84:C5:9B:2E:0E:FB:CC:75","sha256":"B2:15:32:68:A9:52:EC:F4:53:30:4D:98:F6:AF:90:B7:AA:72:37:80:05:8A:96:71:BC:E8:9A:9F:05:01:C7:E9"}}},"request":{"raw":"GET /pa/js/min/pa.js HTTP/1.1\r\nHost: www.paypalobjects.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://paypal.com-authenticator.site/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 25 Mar 2026 15:23:47 GMT\r\ncontent-type: application/javascript\r\ncf-ray: 9e1eeb34af54dfec-OSL\r\ncf-cache-status: HIT\r\naccess-control-allow-origin: *\r\nage: 37451\r\ncache-control: s-maxage=31536000, public,max-age=3600\r\ncontent-encoding: br\r\netag: W/\"698c0d52-1169e\"\r\nlast-modified: Wed, 11 Feb 2026 05:02:10 GMT\r\nserver: cloudflare\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nvary: Accept-Encoding, Accept-Encoding\r\naccess-control-allow-headers: x-csrf-token\r\naccess-control-allow-methods: GET\r\ndc: ccg11-origin-www-1.paypal.com\r\npp-border: ccg14bdrf5-6.ccg14.slc.paypalinc.com\r\npaypal-debug-id: 0cdf78906ce7b\r\ntiming-allow-origin: https://www.paypal.com,https://www.sandbox.paypal.com\r\nx-content-type-options: nosniff\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":71326,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65507)","md5":"bb25b10981a6333f135c2278afb179a4","sha1":"6503cdbda2039e13cd55d4ff0dc61235c92d4563","sha256":"fae4b858a4efba7ef920a6fda59d4207224ec488e49e16c73ec013b8daf89370","sha512":"dea76e445e48ff1fdaa036b93033da83c49e3307079640c5b3f64edb456c0a51aafa30807ac1bd56e7de5f67684af0f0375663ced815bb58ae70b95116d81e01","ssdeep":"1536:SM/FcQ1vmwdRWDp40xUKvVCceu8TFgAjhD/+xXatu+RJW:SDxpNI+z+RM","tlshash":"3963299c72d1b03747ab1071416f120bb2363d65780bc4d0d62ae5d47db8a8f92abfad","first_seen":"2025-05-28T18:02:03.444624Z","last_seen":"2026-04-20T23:47:32.76872Z","times_seen":940,"resource_available":true,"data":null}},"time_used":97,"timings":{"blocked":-1,"dns":21,"connect":3,"send":0,"wait":40,"receive":0,"ssl":31},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"d.paypal.com/cdn/ca/home-stat.js?a=9f89c84a559f573636a47ff8daed0d33","fqdn":"d.paypal.com","domain":"paypal.com","tld":"com"},"ip":{"addr":"108.157.229.63","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://paypal.com-authenticator.site/signin/","date":"2026-03-25T15:23:47.261Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"d.paypal.com","organization":"PayPal, Inc."},"issuer":{"commonName":"DigiCert Global G2 TLS RSA SHA256 2020 CA1","organization":"DigiCert Inc"},"validity":{"start":"Fri, 21 Nov 2025 00:00:00 GMT","end":"Thu, 21 May 2026 23:59:59 GMT"},"fingerprint":{"sha1":"81:95:B3:90:9B:31:9E:BC:57:35:3B:83:0F:11:A6:C1:B5:7B:AD:10","sha256":"D4:9C:0B:6F:12:3A:41:94:A5:60:6B:34:B5:61:2E:13:B0:A5:7C:15:B1:CE:68:6E:36:55:DB:32:79:6C:AF:BA"}}},"request":{"raw":"GET /cdn/ca/home-stat.js?a=9f89c84a559f573636a47ff8daed0d33 HTTP/1.1\r\nHost: d.paypal.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: http://paypal.com-authenticator.site/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: application/javascript; charset=UTF-8\r\ndate: Wed, 25 Mar 2026 10:53:29 GMT\r\nlast-modified: Tue, 17 Mar 2026 19:02:09 GMT\r\ncontent-encoding: br\r\nserver: AmazonS3\r\netag: W/\"e4452d5ac5771ef27e1425e541f7b1d3\"\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 283a3ebaefd33728d45267e54657c3e2.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: ARN56-P2\r\nx-amz-cf-id: ZZU_QI5nFfrC6Paw9xVJ5qh_4wKylsXYaK4QVCBO1QXGPxk3jwFe1w==\r\nage: 16219\r\nvary: Accept-Encoding, Origin\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon S3","description":"Amazon S3 or Amazon Simple Storage Service is a service offered by Amazon Web Services (AWS) that provides object storage through a web service interface.","website":"https://aws.amazon.com/s3/","common_platform_enumeration":"","icon":"Amazon S3.svg","categories":["CDN"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]}],"data":{"size":5246,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"JavaScript source, ASCII text, with very long lines (5246), with no line terminators","md5":"e4452d5ac5771ef27e1425e541f7b1d3","sha1":"b38d9ffff1f6a671bb358c08fc1af17091f6b6c7","sha256":"5bb7cbd5e7b3f0fe6ecdbb2014d1547efdb841897a41b761fec472eec917ab1c","sha512":"1aff002a32684cff84fda4e59d7f3868ed8b23789d12f59b518096cc3842009e44267d1eda3e8c47f0e3bea7c0ed27e5fc7eceb3b0baf62aa0b82c4672ec8d66","ssdeep":"96:ZMktelJj+yoMtV6Y1kXpRAjrnf3GzRiJz30sU:6vJj+jMLNApujrnf3aW30sU","tlshash":"2fb1c2d46be5e11f2bdd0e93fd249ffa00ba966a61927307c36cf98d14a9247c1ac448","first_seen":"2026-03-25T15:24:15.906368Z","last_seen":"2026-06-03T08:38:58.356828Z","times_seen":16,"resource_available":true,"data":null}},"time_used":196,"timings":{"blocked":86,"dns":72,"connect":8,"send":0,"wait":9,"receive":0,"ssl":16},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ddbm2.paypal.com/js/","fqdn":"ddbm2.paypal.com","domain":"paypal.com","tld":"com"},"ip":{"addr":"3.167.2.80","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"http://paypal.com-authenticator.site/signin/","date":"2026-03-25T15:23:50.056Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ddbm.paypal.com","organization":"PayPal, Inc."},"issuer":{"commonName":"DigiCert Global G2 TLS RSA SHA256 2020 CA1","organization":"DigiCert Inc"},"validity":{"start":"Mon, 14 Jul 2025 00:00:00 GMT","end":"Fri, 14 Aug 2026 23:59:59 GMT"},"fingerprint":{"sha1":"1A:DA:04:24:FE:17:8B:56:BB:A8:B4:0A:DC:19:88:FC:C3:FC:F0:2E","sha256":"45:33:A4:5E:E4:27:62:D5:85:64:5E:BC:9C:E0:51:FC:DC:E6:30:41:E6:F8:70:7F:06:63:95:6D:FC:3F:85:2B"}}},"request":{"raw":"POST /js/ HTTP/1.1\r\nHost: ddbm2.paypal.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-type: application/x-www-form-urlencoded\r\nX-Requested-With: XMLHttpRequest\r\nContent-Length: 5104\r\nOrigin: http://paypal.com-authenticator.site\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://paypal.com-authenticator.site/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":5104,"data":"jspl=8ybpAMSdaORgDuiaCuVWsiUH1ptPGWJIET1nMkrvGOlWXCVMBpB--va70D7JnqCsBUZm39s1OIrp5nTvHQQLAhu6Z76SudjLxfRN0jg5TrVJ0mbbnI2soBCHNQM1lWvZBRbwQQTi6pqr-bq0IptUe5XYLiEP59AwLh4avmVEHtWGXV-fM0n28E_jNbGL334fOfsxR5noSYTeaff3klfVIKkhoh8CU2whaRgu-4uqc7bBxLtPlD39_UrewXEW5XB3j8qD8h4Qgfa22kpS4RfO4V66IDCMIIDfFvNGemCnyPqfB0JoJ2ENmPi8wn-xHGsE8N456Y6qJZ1gcGS0udtJuY6mB8xk0PZGq-dHXGBmY-AS5MFIy3SnUfqpbk08QE5w5Bw8nu0ulfenpzs5M2cWow3owrukw9GM4dzoFbzkQdtSnk6iq6rBYvzT13shK_wD2oPYsHnVhTuN3jiDL-RLteVdr4jNMBqMqiIU5AqzWcKiDW0bgn_WngTD-kvKXVJQ9n3kXcj9H0qmxpPeEyB8dvdtgFC3cLLuvTZbioCJFb-3H2fYM5J8I-oGAvWTdsI6z5929l0_UkJhemq3KPWgmDFDw9r6eVHidfTnyr_7jfX1cGdBzdNH-PG6L7qj8_tiL7ZK4yOycRjWEY6fctbhRSeamD2-Wb5LxwHEtZU87dm0wuUt6JAb4Xo-1MXN8K3vZS55Db45UHzbFXe54_kCnJwYfTH-l5YTbjuMwB4oftBFuut2X2goK68ZeEI7-PVxFFFahtkzyGXx0YZNFq7HeGvvbEgxqVIhF0ByT0JlSy4G1YCR8vzY53h7ZKXiIsv4m7QIesK4S-nbS0lqr--_RU6t4zNCGj18dNYFK3kwqA4gmrwMgnv610uqHzzGrpm33F5kNd1k5DRtsrNVYuoFBKV-FImg3kEJHSlEMmJkIPEf_tA1LsrpWMrnhb1knUmBVEaCZNadWtqLzLVAFVF-NG4dYKZaBB1DoRRJI-f5OOfC3iAaAL_Ttom-0MGTswRwWmcBINb2NjOOhtYxYu316Yp97bokdRe0UlLWX3qoQ4KDkwZiTlpfkH0fWiS2_Dwqq-hK96Nie5SjlSe-ibVmsJCM115RrZN41f68H1YUrDO586y-YpXfS2K9J1q62IE0mQ92C_wxhL5G4qCnQumWG7Z785oLLUgjihLOaXAI-2vfKLWzL4BI0Vnhup7MbLO43sqq2GEJ8e9v3tzYrJmPKzM5FMl4wxXg6nm7koBtgqeukqj6Kibbv1bOvIpYJA7XHXx8NGnm60zCz88eTPRXf83EsxYaN4VVX0JRNkJkbY8EnA5F_QZEaQgdhUX00Y0nrYlMpAttpGePrewC__onVOy2SwunRdhIYVT-flEIkLFZUbqmEEELIFcRamllkfIGOmsogpsmT-k6uAEO-7sDDvPMzIpYSOxWQhwVEDxkwpc4bAKoxBZ5Ks5Kssbo4TUyPeTKydClgto5pPrDIagS-ZUNVn9fx0-WH5iPgynf7PbS0wOI5istuGOpYm5B0ZtN53qqhpAYI2aYxjQKqasvK0jQc4J0EXFQRt-gzNMNRCmg1ts16Hu7bNGnX76rfyhksKbF015Wsl2MuQyGKK8f4VeC3E0TQgTo4_vr3IGq0yVskYe5LfwX_ixyn5DfoX3lzh-LCY78pA9dT25U3nyuTBfgHY4v-INyzK6B7GX3WKFcpgaEVK_o4bxBkDyH8JWLZnqzulU5gz2Pb8UByG4u2jJAfSKutuH7Yez1eEKw2eLiOHrzIAxx0ajSapy8pmTHMN-ZkY3KjKF-4YfWlmrWpGL33pvyUOSUJ4KwqEQeuy2hsY0xUbdGPXVq79Gzx0ZZBQjD6KcUKw8c2XfKEOw1smus5FZwLJok1XPUIEbudCCGV_8d2PcKR2M0v-AhPbw_MFojFS9H93l38of4SW4IwwOirj3c2c6zA4FVAFJwHr_IgE5frLjsDzd_f-0HPktmGSRvMKsNY0b11mrdn9n3GMe5sZXtAtvSakXXeV-Wc3-3-abGIKiztr8x5aaRJLQLfMUVcZcIy9P1azUdHRAY_DgaP2HoH9X05dJACFZpMgMV9FKFLaWk5ds40QnOYE_AiFEpVcRxzSqQbWT6p9AYUwbThNwOpelUoLl3gbJ936SUIUOY7eGm7yMts_BF4Wlh3BFsAY-LHd77JyVp5vQ5yb8wLucF55RpprVBAXxr3wI4NxLCFCO2ENyzylkA2v9kBWE-zeUek77ED94kW3cLxA0IZQ5xhlDDn6TqZhawPf2fIXny9Lh9MnblAuXewh4LTU3mQpAX823qDyjal25UY6WgSRVxzzTC1PmsnsUTzDhsq93cnEL_nA9tWtr7HyxPNxcKg6erRZ0HcDzp5vW7lMfmxu1ABjilXcgnba2_nQYxbbTni_RxGYEZw1n34ZJV740dZ_utu_nBECKT961NmJNMnNvtxCVgZ_FlJpceTSd6ynehGQk7Xrd6YoM5l6MOQExFu311fq2wevQGcGHoccOh87YUmzwozutgAI8E7ZLQ08zC2FXLSC554WVnH2LPSIe4hjGVqD0FI9EELeGHJC-uuf4r2GUwv_MTbcguT5Vf29vq9YzpPMxXjFRTGt_lqHKukbbUDXd_LSZFdEgVgqfSnixCl0vw8pcZIuIOULvMCopJeDOwU24LmAi3s2L4TR4CnmydPClMFCMYDs_sUqjlDIa7eidYS9L6lLgAC8_BHFp2piaSS2iBzfSzfRn85av5ueMh4zHsRcRQY7Uhl3WqHXRL_VWasspmzWxcVJetgdum9Ci0cOw8wgqNiSIYTi00U0kKwOF8Omg4g-YLta7wEnQe-4pzwkU7QdtWvOyCbXZWOe571b7fRASpyftE6C6POghKs6HWPG0o5ldqkdI7rrctE79LCFCwB5C2C41DIHc8zZgq-5BGC8TM2JZ7JMfqGSM9rLCfFjcsb6Fj3ZZXjQJq4k1ZqyIaa4IsUKpWgW4TOEQxBC4QF9GOjMIPUgcuH2HPaBiBnZlzsJ-wa2yNXC79LoQgqk2O_FH0sAaCbC--ch6yx8ED3QvS1BPW6V3yLLYLMipgMjgimE5CHB_DLacU2LL6WovJ3O3SaUW4NKGpPdzcWxLuQdqHD6z6hAckPjAGGbrxHebGBV3C-kDmpij938iG0jP2gimeY7XQli3s10xzN8YFW8nXCJcM2PnbjHO3ykQJapYJLmz7gmaBLr3_VbD5B6GWgQjcpNSDsZLbkXRDDd85dHudh7IirOV3gu7HXUa9z3NcPatG-BgcpKQaN97bHJrmjlNLbNsop8DUj4WHAXYlFQpGyA5wELcaBb5SSQCGfYrjOTHDB90x9x2wLIj_P9s5Hc_i_566el0jGLcYk1WH7OoAvc-hqOV0PEeepNLZHoNew4SpVeJiFyxxmLWFg0s7HGZOMmqXPwg_aKjXEnB5zZ86RRBIhfMuWQldInnkRKjxXkrR-knQHCXeUv_tMlIV39vcs1dN9WeTkhoMOkYI05PKiAFB8BgDxVg9f0Z0NKEaSI_Vn-uSBg0nLpbZcqgXsYERW0yD8ozplt8NA7kYsmqwf-Fkl55l-Pn8pOjtm_YCmJwjVI88_-9TYCt4_Zg8ur6U3SKcX6HSslOJ42Qkeswasx2Fv0sCXVbpEj-vVzY57qF0kHd7eG-7medxRNZgBEo58_r4e-CMuDrpd1lyR8PBhE4gA_rboFchmJby0OqrhYdBjCCZE6XuSqfAL47ODxFMPUpqk5bXaAv6qMazHilfe7dS9H23fW4NTOi0e5cI_f0BwA0iQkjALb4emI-xgIjHOFMQxrYNS2oCvXub3_Ruj7oqHjL6GCpbSEC0u93ixb1OHS_Zu7bT4dhfHpQt0fcHFj2jlaOk_uPAiDAB22Sb4CRHeKJGtw1AICzr-Oi_D8RxTcudoTLgieth5qtLO6GdcAoQW0xKB8dTbTTP1Per8JAVZH6UPXC7ynopE6FeqjmUxxStkRUDZcF_6P9Kpw7pjYHAV56qr16caDfFMgvraQFMezxWwskSy6MbeWvajXkDZ2OX2u9M05mogrQOO7hzHk3d6HIlCA8I4JmzmEaZLxJt4zSlhJtyKZZILFVFA7ZnGMxDWulggPtb6fJ0EfV1h4ongPh8CO8UJDVKJ_-9SquQgsSgPM0qO2uNxFnMBUrRdrJa7fp5tUj_CUFnvEhE1nkBSOMrnTSesORoGPzFb2U0uoLbJPPNuQ19QiF6A14eg3eL3bn8O0jvTlpRZMCCOVQn6Wh7gk6yt6j86yqRonz4GaK_mk70wwfQnEshLFxBXd1u45Pch_O5BaaHpE0otO6nrPvEqepSKVAbqlALSNlZBR1-8rUsqk5v6IltO3Uw_wnqyi907Od5mzUQTaqdDWvAQXPwr-4SkGhguUwNFvYgaBR2HxCkKSdDp4adZnBFh1EzvQNW-Hiacj9mczzSHmg4js3PlM4Q35nsa8QZyzUl0Kr07k-D20EK8KEO0kyqNjKb2QutP3_jy8IciZN3E5w36mig0Z_E_eBqt8zP066qlDxpnYxhumHaQMFdnUasfeOS8fI2xK7vXd5Gv1OUwsCvWH41V1PgxXzKRQOPzw5jbzwwsr0GZcNX1WOPb_UDmwcABTXuO3x7ozEz8CDU56GqBTWjn5Sk0JqGqTvZ1ejnva_pJznEQvGwmpEy-TNf1TgGePCkTKtYoMyma532UnxMtbmWrpezrxpSqUwlIGa_X1HJUgtPJRpOxuBGsh5o-CNZRE9-UKwW03Qxn3xK019syy_246IANjceyTT5nLp38v9ojPUvobIxVOT5OULSBwm3GySV2aUYtGW0FIt8J8k0phddE6xtGyyMOiIzXTJQN9bcZPLVf03sJPT59fvqC_FtoCJSV9x\u0026eventCounters=%5B%5D\u0026jsType=ch\u0026cid=.keep\u0026ddk=C992DCAFEE25FA95C6492C61EB3328\u0026Referer=http%253A%252F%252Fpaypal.com-authenticator.site%252Fsignin%252F\u0026request=%252Fsignin%252F\u0026responsePage=origin\u0026ddv=5.5.1"}},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: application/json;charset=utf-8\r\ncontent-length: 242\r\ndate: Wed, 25 Mar 2026 15:23:50 GMT\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\nserver: DataDome\r\npragma: no-cache\r\ncache-control: no-cache, no-store, must-revalidate\r\nexpires: 0\r\nx-cache: Miss from cloudfront\r\nvia: 1.1 36817f2624d87ea26a28cf9e3afd2402.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P2\r\nx-amz-cf-id: e3BNDFc6QnYYe1VdwROfKNlj7gxOU6lcx-x21TZRtYRyaHdOOQnlrQ==\r\nx-content-type-options: nosniff\r\naccess-control-allow-origin: *\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"DataDome","description":"DataDome is a cybersecurity platform that specialises in bot protection and mitigation, offering advanced solutions to safeguard websites and mobile applications against malicious bot traffic, credential stuffing, scraping, and other automated threats.","website":"https://datadome.co","common_platform_enumeration":"","icon":"DataDome.svg","categories":["Security"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":242,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"ff32e8d921d50536fc79df48aff2d5ec","sha1":"27a9d64b074cae969a0fe5b3c4b8900f13dc739e","sha256":"0293ad03633ca187562b0828e6f058caf9251a582123bcf77fdf831055515981","sha512":"d94770cbf85564800574bf8907c192c9c1d2c62835892d859aeb2f41987a0eaa93d67ce7b44f6d9e94f9514468996dc6a2bc45d6e6f9d2315b4f7fd8982fc450","ssdeep":"","tlshash":"07d09534ef34443140102b34964051d14719a0c9c2c131c6453dbe646816850d138355","first_seen":"2026-03-25T15:24:15.907601Z","last_seen":"2026-03-25T15:24:15.907601Z","times_seen":1,"resource_available":false,"data":null}},"time_used":16,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":16,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"paypal.com-authenticator.site/signin/signin","fqdn":"paypal.com-authenticator.site","domain":"com-authenticator.site","tld":"site"},"ip":{"addr":"103.183.75.145","port":80,"asn":136052,"as":"PT Cloud Hosting Indonesia","country":"Indonesia","country_code":"ID"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"http://paypal.com-authenticator.site/signin/","date":"2026-03-25T15:23:54.179Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /signin/signin HTTP/1.1\r\nHost: paypal.com-authenticator.site\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nX-Requested-With: XMLHttpRequest\r\nReferer: http://paypal.com-authenticator.site/signin/\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: _dd_s=rum=1\u0026id=7c5f69ad-8f09-4022-97cc-7cc05a739318\u0026created=1774452229233\u0026expire=1774453129233\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 302 Found\r\nServer: nginx\r\nDate: Wed, 25 Mar 2026 15:23:54 GMT\r\nContent-Type: text/html; charset=UTF-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nlocation: signin\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-08T21:16:18.866443Z","times_seen":16250262,"resource_available":true,"data":null}},"time_used":507,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":507,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - PayPal","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with PayPal phishing","tags":["paypal","phishing","financial"],"meta":null}]}},{"url":{"schema":"http","addr":"paypal.com-authenticator.site/signin/signin","fqdn":"paypal.com-authenticator.site","domain":"com-authenticator.site","tld":"site"},"ip":{"addr":"103.183.75.145","port":80,"asn":136052,"as":"PT Cloud Hosting Indonesia","country":"Indonesia","country_code":"ID"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"http://paypal.com-authenticator.site/signin/","date":"2026-03-25T15:23:55.527Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /signin/signin HTTP/1.1\r\nHost: paypal.com-authenticator.site\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nX-Requested-With: XMLHttpRequest\r\nReferer: http://paypal.com-authenticator.site/signin/\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: _dd_s=rum=1\u0026id=7c5f69ad-8f09-4022-97cc-7cc05a739318\u0026created=1774452229233\u0026expire=1774453129233\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 302 Found\r\nServer: nginx\r\nDate: Wed, 25 Mar 2026 15:23:55 GMT\r\nContent-Type: text/html; charset=UTF-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nlocation: signin\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-08T21:16:18.866443Z","times_seen":16250262,"resource_available":true,"data":null}},"time_used":487,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":487,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - PayPal","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with PayPal phishing","tags":["paypal","phishing","financial"],"meta":null}]}},{"url":{"schema":"http","addr":"paypal.com-authenticator.site/signin/signin","fqdn":"paypal.com-authenticator.site","domain":"com-authenticator.site","tld":"site"},"ip":{"addr":"103.183.75.145","port":80,"asn":136052,"as":"PT Cloud Hosting Indonesia","country":"Indonesia","country_code":"ID"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"http://paypal.com-authenticator.site/signin/","date":"2026-03-25T15:23:55.198Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /signin/signin HTTP/1.1\r\nHost: paypal.com-authenticator.site\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nX-Requested-With: XMLHttpRequest\r\nReferer: http://paypal.com-authenticator.site/signin/\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: _dd_s=rum=1\u0026id=7c5f69ad-8f09-4022-97cc-7cc05a739318\u0026created=1774452229233\u0026expire=1774453129233\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 302 Found\r\nServer: nginx\r\nDate: Wed, 25 Mar 2026 15:23:55 GMT\r\nContent-Type: text/html; charset=UTF-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nlocation: signin\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-08T21:16:18.866443Z","times_seen":16250262,"resource_available":true,"data":null}},"time_used":502,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":502,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - PayPal","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with PayPal phishing","tags":["paypal","phishing","financial"],"meta":null}]}},{"url":{"schema":"http","addr":"paypal.com-authenticator.site/signin/signin","fqdn":"paypal.com-authenticator.site","domain":"com-authenticator.site","tld":"site"},"ip":{"addr":"103.183.75.145","port":80,"asn":136052,"as":"PT Cloud Hosting Indonesia","country":"Indonesia","country_code":"ID"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"http://paypal.com-authenticator.site/signin/","date":"2026-03-25T15:24:00.663Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /signin/signin HTTP/1.1\r\nHost: paypal.com-authenticator.site\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nX-Requested-With: XMLHttpRequest\r\nReferer: http://paypal.com-authenticator.site/signin/\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: _dd_s=rum=1\u0026id=7c5f69ad-8f09-4022-97cc-7cc05a739318\u0026created=1774452229233\u0026expire=1774453129233\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 302 Found\r\nServer: nginx\r\nDate: Wed, 25 Mar 2026 15:24:00 GMT\r\nContent-Type: text/html; charset=UTF-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nlocation: signin\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-08T21:16:18.866443Z","times_seen":16250262,"resource_available":true,"data":null}},"time_used":470,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":470,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - PayPal","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with PayPal phishing","tags":["paypal","phishing","financial"],"meta":null}]}},{"url":{"schema":"https","addr":"paypal.com-authenticator.site/signin/","fqdn":"paypal.com-authenticator.site","domain":"com-authenticator.site","tld":"site"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-03-25T15:23:45.796Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /signin/ HTTP/1.1\r\nHost: paypal.com-authenticator.site\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-08T21:16:18.866443Z","times_seen":16250262,"resource_available":true,"data":null}},"time_used":617,"timings":{"blocked":617,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-03-25T15:23:50Z","timestamp":1774452230,"ip_dst":{"addr":"172.18.0.2","port":59518,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"103.183.75.145","port":80,"asn":136052,"as":"PT Cloud Hosting Indonesia","country":"Indonesia","country_code":"ID"},"severity":"medium","alert":"ET PHISHING Possible Paypal Phishing Landing - Title over non SSL","source":"{\"timestamp\":\"2026-03-25T15:23:50.068799+0000\",\"flow_id\":1063150401046222,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"103.183.75.145\",\"src_port\":80,\"dest_ip\":\"172.18.0.2\",\"dest_port\":59518,\"proto\":\"TCP\",\"tx_id\":2,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2024391,\"rev\":5,\"signature\":\"ET PHISHING Possible Paypal Phishing Landing - Title over non SSL\",\"category\":\"Possible Social Engineering Attempted\",\"severity\":2,\"metadata\":{\"affected_product\":[\"Web_Browsers\"],\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"Medium\"],\"created_at\":[\"2017_06_16\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Minor\"],\"tag\":[\"Phishing\"],\"updated_at\":[\"2020_11_17\"]}},\"http\":{\"hostname\":\"paypal.com-authenticator.site\",\"url\":\"/signin/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":10078},\"files\":[{\"filename\":\"/signin/\",\"sid\":[],\"gaps\":false,\"state\":\"CLOSED\",\"stored\":false,\"size\":29495,\"tx_id\":2}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":15,\"pkts_toclient\":14,\"bytes_toserver\":2253,\"bytes_toclient\":11768,\"start\":\"2026-03-25T15:23:43.739022+0000\"}}"}],"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - PayPal","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with PayPal phishing","tags":["paypal","phishing","financial"],"meta":null}]}},{"url":{"schema":"https","addr":"www.paypalobjects.com/webcaptcha/grcenterprise_v3_static.html","fqdn":"www.paypalobjects.com","domain":"paypalobjects.com","tld":"com"},"ip":{"addr":"172.64.153.163","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"subdocument","requested_by":"http://paypal.com-authenticator.site/signin/","date":"2026-03-25T15:23:49.220Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.paypalobjects.com","organization":"PayPal, Inc."},"issuer":{"commonName":"DigiCert EV RSA CA G2","organization":"DigiCert Inc"},"validity":{"start":"Tue, 17 Jun 2025 00:00:00 GMT","end":"Tue, 16 Jun 2026 23:59:59 GMT"},"fingerprint":{"sha1":"D1:CC:8D:A7:79:AE:1A:09:18:36:29:8A:84:C5:9B:2E:0E:FB:CC:75","sha256":"B2:15:32:68:A9:52:EC:F4:53:30:4D:98:F6:AF:90:B7:AA:72:37:80:05:8A:96:71:BC:E8:9A:9F:05:01:C7:E9"}}},"request":{"raw":"GET /webcaptcha/grcenterprise_v3_static.html HTTP/1.1\r\nHost: www.paypalobjects.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://paypal.com-authenticator.site/\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: iframe\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 25 Mar 2026 15:23:49 GMT\r\ncontent-type: text/html\r\ncf-ray: 9e1eeb40ae9fdfec-OSL\r\ncf-cache-status: HIT\r\naccess-control-allow-origin: *\r\nage: 2533432\r\ncache-control: s-maxage=31536000, public,max-age=3600\r\nlast-modified: Thu, 02 May 2024 12:39:39 GMT\r\nserver: cloudflare\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nvary: Accept-Encoding, Accept-Encoding\r\naccess-control-allow-headers: x-csrf-token\r\naccess-control-allow-methods: GET\r\ndc: ccg11-origin-www-1.paypal.com\r\npp-border: ccg14bdrf5-5.ccg14.slc.paypalinc.com\r\npaypal-debug-id: 74b8b39b02b19\r\ntiming-allow-origin: https://www.paypal.com,https://www.sandbox.paypal.com\r\nx-content-type-options: nosniff\r\ncontent-encoding: br\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":6589,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text","md5":"fd7f53b9355d66c97bdf09e80309c704","sha1":"17bd574b480d827e047fedbfbe71103a9808ac71","sha256":"1de7dce113e00547082b160c7e6e08e329e081d6afc572ee8cce1105b05f2645","sha512":"010a2167e3651f463b6631fd8b269aabb0f655cdacef5a31a1ba3529f5b41d43ce83ebea70b717454416bf0c1d535cd7603c6bfc0bf2214ffb210006727ba279","ssdeep":"192:hyatC/3tqt2mZh9rZT+HhbcGNBD7pc/sK7vOavMj:k/3otbZhJh0FesK7A","tlshash":"7fd162ceff8c11178669120d662a34c9603ee07aac17ecdbfc7cae952750d7e422569c","first_seen":"2024-05-08T02:50:30Z","last_seen":"2026-05-01T14:56:46.283265Z","times_seen":270,"resource_available":false,"data":null}},"time_used":24,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":24,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"d.paypal.com/cdn/cd/l?v=latest","fqdn":"d.paypal.com","domain":"paypal.com","tld":"com"},"ip":{"addr":"108.157.229.63","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"http://paypal.com-authenticator.site/signin/","date":"2026-03-25T15:23:51.124Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"d.paypal.com","organization":"PayPal, Inc."},"issuer":{"commonName":"DigiCert Global G2 TLS RSA SHA256 2020 CA1","organization":"DigiCert Inc"},"validity":{"start":"Fri, 21 Nov 2025 00:00:00 GMT","end":"Thu, 21 May 2026 23:59:59 GMT"},"fingerprint":{"sha1":"81:95:B3:90:9B:31:9E:BC:57:35:3B:83:0F:11:A6:C1:B5:7B:AD:10","sha256":"D4:9C:0B:6F:12:3A:41:94:A5:60:6B:34:B5:61:2E:13:B0:A5:7C:15:B1:CE:68:6E:36:55:DB:32:79:6C:AF:BA"}}},"request":{"raw":"POST /cdn/cd/l?v=latest HTTP/1.1\r\nHost: d.paypal.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: http://paypal.com-authenticator.site/\r\ncontent-type: application/x-www-form-urlencoded\r\nx-h-token: ufttoTuvRWnvFC0DwYJhE3pAdXIJXWRLHC62mRiQ1tk=\r\nContent-Length: 626\r\nOrigin: http://paypal.com-authenticator.site\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: _ec080eef91390fd025dd0bb85cfbf60e__sb=Renc7fpAtLgIfMUzkXJQWQOT6v5wgAa5G5RGD338BLIWZ7wZ2R\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":626,"data":"o=ZWMwODBlZWY5MTM5MGZkMDI1ZGQwYmI4NWNmYmY2MGU%3D\u0026m=X1nXBq4ym8Cftku74x6K1c%2BPPAey61N9GBhs8dDy3hEuXeNeIVoyyrMFRvWsjnUoDd9eigMF7FQI7vE1b9p01DEg8Hxn3Y3RvWoINAl3C8LDkyBWEPqIF5iEbg2NrXQY3CzUTuDeBSe%2B8CAAoKxw84Q0WcJsYGlGyEvlhWhMTs53il1xFOal6PXQ7fPvyD%2BJzlaAUcxrsjnpZohEOS97zpl43jpz5e7vb30s6SebLRnVIwu1yU%2Blkjs%2FhbAy2Ec%2FJqaOyocZLVAqWhmsmgS%2FTT%2Fcc8NeGLUzNpbfQ7rTobM4k0WTTFPm2jImhya9TPjYWo2AYkkq6nFH8T7DAkdj0Tdn7vU3NtUSQQpRpuGn3BY98G%2FYu73DyzOLVZKLKD1ONzw%2BVtwH71wT%2FrTSTXlbsR0yguYOzZ8cD7m0BM7Qz006J68bKis2Yr9mdT%2FK%2B55r\u0026s=9FGe%2FZ8ClZ7pT3AgP%2Bw1qD%2BMrBYLcoY5NEf6VTyjA%2Fo%3D\u0026a=9f89c84a559f573636a47ff8daed0d33\u0026v=latest"}},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: text/plain; charset=UTF-8\r\ncontent-length: 88\r\ndate: Wed, 25 Mar 2026 15:23:51 GMT\r\nstrict-transport-security: max-age=31536000\r\nserver: nginx\r\npragma: no-cache\r\ncache-control: no-cache, pre-check=0, post-check=0, max-age=0, s-maxage=0, no-store, must-revalidate\r\nreferrer-policy: unsafe-url\r\nx-content-type-options: no-sniff\r\naccess-control-allow-origin: http://paypal.com-authenticator.site\r\naccess-control-allow-credentials: true\r\nx-permitted-cross-domain-policies: master-only\r\nx-cache: Miss from cloudfront\r\nvia: 1.1 283a3ebaefd33728d45267e54657c3e2.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: ARN56-P2\r\nx-amz-cf-id: ex7Zt2jo9IAHzOUg5W36PaFblwhEbbTIGJckePHHPdzxwJ1W1Seitg==\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":88,"size_decoded":0,"mime_type":"text/plain; charset=UTF-8","magic":"ASCII text, with no line terminators","md5":"30bc28f8e92cc77c2b3f958096805026","sha1":"15c2f8e47b6fe7d472cb1fee4b2f6e26dabfb2d2","sha256":"108e6c39686859c21647ac5cee0e529a981ca2b962b473eb58c846a09df2d204","sha512":"f918e6353ce7bdd96a70ccc4aaccc1ca0d1a00ec93eb5b6308b2a100fe2cb422a1aa875110b9b9e47d1679ecc54c7bc52af4230d06fd7e38ecf52e152ce28913","ssdeep":"","tlshash":"60b012044197b33c4091d13451d041b2a10670b5a214100900f9414b20df0c50d00d8e","first_seen":"2026-03-25T15:24:15.910909Z","last_seen":"2026-03-25T15:24:15.910909Z","times_seen":1,"resource_available":false,"data":null}},"time_used":310,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":310,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.paypalobjects.com/images/shared/glyph_alert_critical_big-2x.png","fqdn":"www.paypalobjects.com","domain":"paypalobjects.com","tld":"com"},"ip":{"addr":"172.64.153.163","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://paypal.com-authenticator.site/signin/","date":"2026-03-25T15:23:47.255Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.paypalobjects.com","organization":"PayPal, Inc."},"issuer":{"commonName":"DigiCert EV RSA CA G2","organization":"DigiCert Inc"},"validity":{"start":"Tue, 17 Jun 2025 00:00:00 GMT","end":"Tue, 16 Jun 2026 23:59:59 GMT"},"fingerprint":{"sha1":"D1:CC:8D:A7:79:AE:1A:09:18:36:29:8A:84:C5:9B:2E:0E:FB:CC:75","sha256":"B2:15:32:68:A9:52:EC:F4:53:30:4D:98:F6:AF:90:B7:AA:72:37:80:05:8A:96:71:BC:E8:9A:9F:05:01:C7:E9"}}},"request":{"raw":"GET /images/shared/glyph_alert_critical_big-2x.png HTTP/1.1\r\nHost: www.paypalobjects.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://paypal.com-authenticator.site/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 25 Mar 2026 15:23:47 GMT\r\ncontent-type: image/png\r\ncontent-length: 1435\r\ncf-ray: 9e1eeb34af29dfec-OSL\r\ncf-cache-status: HIT\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncache-control: s-maxage=31536000, public,max-age=3600\r\netag: \"cfego64KpYkzZCbcS4_hxL29eBK1VnHOdKHxTvMGKADQ:54130c54-16c4\"\r\nlast-modified: Fri, 12 Sep 2014 15:08:04 GMT\r\nserver: cloudflare\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nvary: Accept-Encoding, Accept-Encoding\r\ncf-bgj: imgq:0,h2pri\r\nx-content-type-options: nosniff\r\ncf-resized: internal=ok/h q=0 n=19+3 c=0+2 v=2026.3.3 l=1435 f=false c2=0\r\ncontent-security-policy: default-src 'none'; navigate-to 'none'; form-action 'none'; img-src data:; style-src 'unsafe-inline';\r\npriority: u=4;i=?0,cf-chb=(37;u=2;i=?0 193;u=5;i=?0)\r\nwarning: cf-images 299 \"original is 263B smaller\"\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":1435,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 224 x 200, 8-bit colormap, non-interlaced","md5":"adb9b5199940d38b40c0cc91d780f6c6","sha1":"24aeeca14b1f78a193b181aab53d8405a999fb7b","sha256":"178af3c98c442c64fd3d14edd509ab96644228c649cd0be6728c56a5faf2a27e","sha512":"c7f49bde953a0f6c4f987c0b824c876e436a2c5f245c4369d55d95270478dd24c209744dc0b8ddc5e5220e9fa95cde18ce64dfd229eca33ad46272846515c25e","ssdeep":"","tlshash":"4221b6a2726e72a3241d1aafb7360c1245f14fe72386244329c50871af2dda88e721a3","first_seen":"2025-03-04T12:48:27.644665Z","last_seen":"2026-05-09T11:05:51.013125Z","times_seen":231,"resource_available":false,"data":null}},"time_used":77,"timings":{"blocked":44,"dns":0,"connect":0,"send":0,"wait":33,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"paypal.com-authenticator.site/signin/client-log","fqdn":"paypal.com-authenticator.site","domain":"com-authenticator.site","tld":"site"},"ip":{"addr":"103.183.75.145","port":80,"asn":136052,"as":"PT Cloud Hosting Indonesia","country":"Indonesia","country_code":"ID"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"http://paypal.com-authenticator.site/signin/","date":"2026-03-25T15:23:49.785Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"POST /signin/client-log HTTP/1.1\r\nHost: paypal.com-authenticator.site\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nX-Requested-With: XMLHttpRequest\r\nContent-type: application/x-www-form-urlencoded\r\nContent-Length: 655\r\nOrigin: http://paypal.com-authenticator.site\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://paypal.com-authenticator.site/signin/\r\nCookie: _dd_s=rum=1\u0026id=7c5f69ad-8f09-4022-97cc-7cc05a739318\u0026created=1774452229233\u0026expire=1774453129233\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":655,"data":"_csrf=acSpvh36coEL4FdLjIbUKlhvXpr2sI%2FbdMVKo%3D\u0026currentUrl=http%3A%2F%2Fpaypal.com-authenticator.site%2Fsignin%2F\u0026logRecords=%5B%7B%22evt%22%3A%22INFO%22%2C%22data%22%3A%22CUSTOMCPLMETRICS%22%2C%22calPayload%22%3A%22%7B%5C%22t12%5C%22%3A2371%2C%5C%22fetchStart%5C%22%3A0%2C%5C%22domComplete%5C%22%3A2800%2C%5C%22redirectStart%5C%22%3A0%2C%5C%22unloadEventEnd%5C%22%3A0%2C%5C%22domContentLoadedEventEnd%5C%22%3A2389%2C%5C%22loadEventStart%5C%22%3A2817%7D%22%2C%22calEvent%22%3Atrue%2C%22timestamp%22%3A1774452229650%7D%2C%7B%22evt%22%3A%22context_correlation_id%22%2C%22data%22%3A%22f3485341e6b9f%22%2C%22instrument%22%3Atrue%7D%5D\u0026intent=\u0026_sessionID=null"}},"response":{"raw":"HTTP/1.1 302 Found\r\nServer: nginx\r\nDate: Wed, 25 Mar 2026 15:23:50 GMT\r\nContent-Type: text/html; charset=UTF-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nlocation: signin\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-08T21:16:18.866443Z","times_seen":16250262,"resource_available":true,"data":null}},"time_used":1139,"timings":{"blocked":-1,"dns":1,"connect":596,"send":0,"wait":542,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - PayPal","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with PayPal phishing","tags":["paypal","phishing","financial"],"meta":null}]}},{"url":{"schema":"https","addr":"c.paypal.com/v1/r/d/b/p2?{%22appId%22:%22UNIFIED_LOGIN_INPUT_PASSWORD_TRMT%22,%22correlationId%22:%226b456f150e1440fc9b9489b69051b882%22,%22payload%22:{%22URL%22:%22http://paypal.com-authenticator.site/signin/%22,%22tnt%22:%22PP%22,%22data%22:{%22plugins%22:[{%22mT%22:[{%22t%22:%22application/pdf%22,%22s%22:%22pdf%22},{%22t%22:%22text/pdf%22,%22s%22:%22pdf%22}],%22n%22:%22Chrome%20PDF%20Viewer%22,%22v%22:%22%22,%22fn%22:%22internal-pdf-viewer%22,%22d%22:%22Portable%20Document%20Format%22},{%22mT%22:[{%22t%22:%22application/pdf%22,%22s%22:%22pdf%22},{%22t%22:%22text/pdf%22,%22s%22:%22pdf%22}],%22n%22:%22Chromium%20PDF%20Viewer%22,%22v%22:%22%22,%22fn%22:%22internal-pdf-viewer%22,%22d%22:%22Portable%20Document%20Format%22},{%22mT%22:[{%22t%22:%22application/pdf%22,%22s%22:%22pdf%22},{%22t%22:%22text/pdf%22,%22s%22:%22pdf%22}],%22n%22:%22Microsoft%20Edge%20PDF%20Viewer%22,%22v%22:%22%22,%22fn%22:%22internal-pdf-viewer%22,%22d%22:%22Portable%20Document%20Format%22},{%22mT%22:[{%22t%22:%22application/pdf%22,%22s%22:%22pdf%22},{%22t%22:%22text/pdf%22,%22s%22:%22pdf%22}],%22n%22:%22PDF%20Viewer%22,%22v%22:%22%22,%22fn%22:%22internal-pdf-viewer%22,%22d%22:%22Portable%20Document%20Format%22},{%22mT%22:[{%22t%22:%22application/pdf%22,%22s%22:%22pdf%22},{%22t%22:%22text/pdf%22,%22s%22:%22pdf%22}],%22n%22:%22WebKit%20built-in%20PDF%22,%22v%22:%22%22,%22fn%22:%22internal-pdf-viewer%22,%22d%22:%22Portable%20Document%20Format%22}],%22cv%22:{%22h%22:%22jBdvZqc8AGiNr9Z9feYA78P1QyJX33wQouAAAAAElFTkSuQmCC%22,%22f%22:1,%22t%22:%22251.00%22},%22vm%22:{%22cores%22:48,%22gpu%22:{%22vendor%22:%22Mesa%22,%22renderer%22:%22llvmpipe%22},%22jsMem%22:{},%22perfNav%22:{%22navigationStart%22:1774452226833,%22unloadEventStart%22:0,%22unloadEventEnd%22:0,%22redirectStart%22:0,%22redirectEnd%22:0,%22fetchStart%22:1774452226833,%22domainLookupStart%22:1774452226833,%22domainLookupEnd%22:1774452226833,%22connectStart%22:1774452226833,%22connectEnd%22:1774452226833,%22secureConnectionStart%22:0,%22requestStart%22:1774452226839,%22responseStart%22:1774452227141,%22responseEnd%22:1774452227144,%22domLoading%22:1774452227164,%22domInteractive%22:1774452229204,%22domContentLoadedEventStart%22:1774452229218,%22domContentLoadedEventEnd%22:1774452229222,%22domComplete%22:1774452229632,%22loadEventStart%22:1774452229649,%22loadEventEnd%22:1774452229652},%22timing%22:{%22cores%22:%220.00%22,%22gpu%22:%2230.00%22,%22jsMem%22:%220.00%22,%22perfNav%22:%220.00%22,%22total%22:%2230.00%22}},%22fts%22:{%22screenAngle%22:0,%22screenType%22:%22landscape-primary%22,%22mime%22:[%22application/pdf%22,%22text/pdf%22],%22buildID%22:%2220181001000000%22,%22wl%22:4,%22wd%22:false,%22moz%22:true,%22rtc%22:%22function%20RTCPeerConnection()%20{\\n%20%20%20%20[native%20code]\\n}%22,%22err%22:%22can%27t%20access%20property%200%20of%20null%22,%22screenOrder%22:%2222066.00%22,%22screenOver%22:%22%22,%22navOver%22:%22%22}},%22sc%22:{%22httpCookie%22:true,%22sc-lst%22:null},%22pvc%22:0,%22pt2%22:{%22pp2%22:%22301.00%22,%22cd2%22:%22282.00%22,%22cp%22:%220.00%22}}}","fqdn":"c.paypal.com","domain":"paypal.com","tld":"com"},"ip":{"addr":"151.101.65.21","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://paypal.com-authenticator.site/signin/","date":"2026-03-25T15:23:50.333Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.paypal.com","organization":"PayPal, Inc."},"issuer":{"commonName":"DigiCert EV RSA CA G2","organization":"DigiCert Inc"},"validity":{"start":"Tue, 05 Aug 2025 00:00:00 GMT","end":"Tue, 04 Aug 2026 23:59:59 GMT"},"fingerprint":{"sha1":"12:2E:F7:4B:EE:2D:15:15:4F:4E:DE:63:48:9F:DB:6C:A1:B4:A4:6D","sha256":"A6:C0:A2:30:F9:69:64:91:78:C1:B6:BD:F4:64:B7:8A:CF:17:D7:55:84:52:3F:43:97:56:68:51:CA:99:FD:6B"}}},"request":{"raw":"GET /v1/r/d/b/p2?{%22appId%22:%22UNIFIED_LOGIN_INPUT_PASSWORD_TRMT%22,%22correlationId%22:%226b456f150e1440fc9b9489b69051b882%22,%22payload%22:{%22URL%22:%22http://paypal.com-authenticator.site/signin/%22,%22tnt%22:%22PP%22,%22data%22:{%22plugins%22:[{%22mT%22:[{%22t%22:%22application/pdf%22,%22s%22:%22pdf%22},{%22t%22:%22text/pdf%22,%22s%22:%22pdf%22}],%22n%22:%22Chrome%20PDF%20Viewer%22,%22v%22:%22%22,%22fn%22:%22internal-pdf-viewer%22,%22d%22:%22Portable%20Document%20Format%22},{%22mT%22:[{%22t%22:%22application/pdf%22,%22s%22:%22pdf%22},{%22t%22:%22text/pdf%22,%22s%22:%22pdf%22}],%22n%22:%22Chromium%20PDF%20Viewer%22,%22v%22:%22%22,%22fn%22:%22internal-pdf-viewer%22,%22d%22:%22Portable%20Document%20Format%22},{%22mT%22:[{%22t%22:%22application/pdf%22,%22s%22:%22pdf%22},{%22t%22:%22text/pdf%22,%22s%22:%22pdf%22}],%22n%22:%22Microsoft%20Edge%20PDF%20Viewer%22,%22v%22:%22%22,%22fn%22:%22internal-pdf-viewer%22,%22d%22:%22Portable%20Document%20Format%22},{%22mT%22:[{%22t%22:%22application/pdf%22,%22s%22:%22pdf%22},{%22t%22:%22text/pdf%22,%22s%22:%22pdf%22}],%22n%22:%22PDF%20Viewer%22,%22v%22:%22%22,%22fn%22:%22internal-pdf-viewer%22,%22d%22:%22Portable%20Document%20Format%22},{%22mT%22:[{%22t%22:%22application/pdf%22,%22s%22:%22pdf%22},{%22t%22:%22text/pdf%22,%22s%22:%22pdf%22}],%22n%22:%22WebKit%20built-in%20PDF%22,%22v%22:%22%22,%22fn%22:%22internal-pdf-viewer%22,%22d%22:%22Portable%20Document%20Format%22}],%22cv%22:{%22h%22:%22jBdvZqc8AGiNr9Z9feYA78P1QyJX33wQouAAAAAElFTkSuQmCC%22,%22f%22:1,%22t%22:%22251.00%22},%22vm%22:{%22cores%22:48,%22gpu%22:{%22vendor%22:%22Mesa%22,%22renderer%22:%22llvmpipe%22},%22jsMem%22:{},%22perfNav%22:{%22navigationStart%22:1774452226833,%22unloadEventStart%22:0,%22unloadEventEnd%22:0,%22redirectStart%22:0,%22redirectEnd%22:0,%22fetchStart%22:1774452226833,%22domainLookupStart%22:1774452226833,%22domainLookupEnd%22:1774452226833,%22connectStart%22:1774452226833,%22connectEnd%22:1774452226833,%22secureConnectionStart%22:0,%22requestStart%22:1774452226839,%22responseStart%22:1774452227141,%22responseEnd%22:1774452227144,%22domLoading%22:1774452227164,%22domInteractive%22:1774452229204,%22domContentLoadedEventStart%22:1774452229218,%22domContentLoadedEventEnd%22:1774452229222,%22domComplete%22:1774452229632,%22loadEventStart%22:1774452229649,%22loadEventEnd%22:1774452229652},%22timing%22:{%22cores%22:%220.00%22,%22gpu%22:%2230.00%22,%22jsMem%22:%220.00%22,%22perfNav%22:%220.00%22,%22total%22:%2230.00%22}},%22fts%22:{%22screenAngle%22:0,%22screenType%22:%22landscape-primary%22,%22mime%22:[%22application/pdf%22,%22text/pdf%22],%22buildID%22:%2220181001000000%22,%22wl%22:4,%22wd%22:false,%22moz%22:true,%22rtc%22:%22function%20RTCPeerConnection()%20{\\n%20%20%20%20[native%20code]\\n}%22,%22err%22:%22can%27t%20access%20property%200%20of%20null%22,%22screenOrder%22:%2222066.00%22,%22screenOver%22:%22%22,%22navOver%22:%22%22}},%22sc%22:{%22httpCookie%22:true,%22sc-lst%22:null},%22pvc%22:0,%22pt2%22:{%22pp2%22:%22301.00%22,%22cd2%22:%22282.00%22,%22cp%22:%220.00%22}}} HTTP/1.1\r\nHost: c.paypal.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://paypal.com-authenticator.site/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 400 Bad Request\r\ncache-control: max-age=0, no-cache, no-store, must-revalidate\r\ncontent-language: en\r\ncontent-type: text/html;charset=utf-8\r\npaypal-debug-id: 93220721388f4\r\nset-cookie: l7_az=dcg04.phx; Path=/; Domain=paypal.com; Expires=Wed, 25 Mar 2026 15:53:50 GMT; HttpOnly; Secure\r\naccept-ranges: bytes\r\nvia: 1.1 varnish, 1.1 varnish\r\ndate: Wed, 25 Mar 2026 15:23:50 GMT\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\nx-served-by: cache-fra-etou8220022-FRA, cache-fra-etou8220022-FRA, cache-hel1410031-HEL\r\nx-cache: MISS, MISS, MISS\r\nx-cache-hits: 0, 0, 0\r\nx-timer: S1774452230.354035,VS0,VE259\r\nvary: Accept-Encoding\r\nserver-timing: content-encoding;desc=\"\",x-cdn;desc=\"fastly\"\r\ntiming-allow-origin: *\r\ncontent-length: 435\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"400","status_text":"Bad Request","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Varnish","description":"Varnish is a reverse caching proxy.","website":"https://www.varnish-cache.org","common_platform_enumeration":"cpe:2.3:a:varnish-software:varnish_cache:*:*:*:*:*:*:*:*","icon":"Varnish.svg","categories":["Caching"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-08T21:16:18.866443Z","times_seen":16250262,"resource_available":true,"data":null}},"time_used":287,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":286,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"paypal.com-authenticator.site/signin/signin","fqdn":"paypal.com-authenticator.site","domain":"com-authenticator.site","tld":"site"},"ip":{"addr":"103.183.75.145","port":80,"asn":136052,"as":"PT Cloud Hosting Indonesia","country":"Indonesia","country_code":"ID"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"http://paypal.com-authenticator.site/signin/","date":"2026-03-25T15:23:59.164Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /signin/signin HTTP/1.1\r\nHost: paypal.com-authenticator.site\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nX-Requested-With: XMLHttpRequest\r\nReferer: http://paypal.com-authenticator.site/signin/\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: _dd_s=rum=1\u0026id=7c5f69ad-8f09-4022-97cc-7cc05a739318\u0026created=1774452229233\u0026expire=1774453129233\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 302 Found\r\nServer: nginx\r\nDate: Wed, 25 Mar 2026 15:23:59 GMT\r\nContent-Type: text/html; charset=UTF-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nlocation: signin\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-08T21:16:18.866443Z","times_seen":16250262,"resource_available":true,"data":null}},"time_used":489,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":489,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - PayPal","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with PayPal phishing","tags":["paypal","phishing","financial"],"meta":null}]}},{"url":{"schema":"https","addr":"ddbm2.paypal.com/tags.js","fqdn":"ddbm2.paypal.com","domain":"paypal.com","tld":"com"},"ip":{"addr":"3.167.2.80","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://paypal.com-authenticator.site/signin/","date":"2026-03-25T15:23:47.247Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ddbm.paypal.com","organization":"PayPal, Inc."},"issuer":{"commonName":"DigiCert Global G2 TLS RSA SHA256 2020 CA1","organization":"DigiCert Inc"},"validity":{"start":"Mon, 14 Jul 2025 00:00:00 GMT","end":"Fri, 14 Aug 2026 23:59:59 GMT"},"fingerprint":{"sha1":"1A:DA:04:24:FE:17:8B:56:BB:A8:B4:0A:DC:19:88:FC:C3:FC:F0:2E","sha256":"45:33:A4:5E:E4:27:62:D5:85:64:5E:BC:9C:E0:51:FC:DC:E6:30:41:E6:F8:70:7F:06:63:95:6D:FC:3F:85:2B"}}},"request":{"raw":"GET /tags.js HTTP/1.1\r\nHost: ddbm2.paypal.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://paypal.com-authenticator.site/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: text/javascript\r\nlast-modified: Wed, 25 Mar 2026 09:42:55 GMT\r\nserver: AmazonS3\r\nx-amz-server-side-encryption: AES256\r\nx-amz-version-id: nzvG6nTKGg3GzK0lkq9tymDEDFNmjuUL\r\ncontent-encoding: br\r\ndate: Wed, 25 Mar 2026 14:42:04 GMT\r\ncache-control: max-age=3600, public\r\netag: W/\"2dfc66f422003d5312c6bf109a5f52ab\"\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 53019ee090f087ca6c6fa860098bcd80.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P2\r\nx-amz-cf-id: 3yN7dGRGhiRMXIIL5OojWJgdGjrEsWt8tYk5AdsBKg9EwhmMEpR15A==\r\nage: 2504\r\nx-content-type-options: nosniff\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\nvary: accept-encoding, Origin\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Amazon S3","description":"Amazon S3 or Amazon Simple Storage Service is a service offered by Amazon Web Services (AWS) that provides object storage through a web service interface.","website":"https://aws.amazon.com/s3/","common_platform_enumeration":"","icon":"Amazon S3.svg","categories":["CDN"]}],"data":{"size":132035,"size_decoded":0,"mime_type":"text/javascript","magic":"JavaScript source, ASCII text, with very long lines (65435)","md5":"2dfc66f422003d5312c6bf109a5f52ab","sha1":"9685b9941ca964705c2394f467d2cabbafa537c7","sha256":"184facb81dfee591d7fa0c48551bd7bb27ae2d6031311f80926f4873bc01a6a7","sha512":"6bb69812a62eefb53a064ee52ac2454b675dae89abcf16f67638a6f3a75637519f21ec9e3b00f1f8d81d4112eaac6d3a96c5950cc2e329f1b18ae17060368f39","ssdeep":"3072:oLxJBf1UlgC4O9pBxv16geM9FAp1jst5+mL5kOus72YR:oLxJBfqeoBSM9FAp1jst5T72YR","tlshash":"6fd3e78237cdb83c06524972179f7743f027af31689c7271d9b0c7a72464a6e5a8fda8","first_seen":"2026-03-25T10:24:01.891912Z","last_seen":"2026-04-01T02:12:03.887187Z","times_seen":351,"resource_available":true,"data":null}},"time_used":212,"timings":{"blocked":100,"dns":100,"connect":1,"send":0,"wait":1,"receive":0,"ssl":8},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"paypal.com-authenticator.site/signin/signin","fqdn":"paypal.com-authenticator.site","domain":"com-authenticator.site","tld":"site"},"ip":{"addr":"103.183.75.145","port":80,"asn":136052,"as":"PT Cloud Hosting Indonesia","country":"Indonesia","country_code":"ID"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"http://paypal.com-authenticator.site/signin/","date":"2026-03-25T15:23:55.036Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /signin/signin HTTP/1.1\r\nHost: paypal.com-authenticator.site\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nX-Requested-With: XMLHttpRequest\r\nReferer: http://paypal.com-authenticator.site/signin/\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: _dd_s=rum=1\u0026id=7c5f69ad-8f09-4022-97cc-7cc05a739318\u0026created=1774452229233\u0026expire=1774453129233\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 302 Found\r\nServer: nginx\r\nDate: Wed, 25 Mar 2026 15:23:54 GMT\r\nContent-Type: text/html; charset=UTF-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nlocation: signin\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-08T21:16:18.866443Z","times_seen":16250262,"resource_available":true,"data":null}},"time_used":487,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":487,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - PayPal","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with PayPal phishing","tags":["paypal","phishing","financial"],"meta":null}]}},{"url":{"schema":"https","addr":"c.paypal.com/v1/r/d/b/p1?{%22appId%22:%22UNIFIED_LOGIN_INPUT_PASSWORD_TRMT%22,%22correlationId%22:%226b456f150e1440fc9b9489b69051b882%22,%22payload%22:{%22trt%22:false,%22navigator%22:{%22appName%22:%22Netscape%22,%22appVersion%22:%225.0%20(X11)%22,%22buildID%22:%2220181001000000%22,%22cookieEnabled%22:true,%22language%22:%22en-US%22,%22onLine%22:true,%22oscpu%22:%22Linux%20x86_64%22,%22platform%22:%22Win32%22,%22product%22:%22Gecko%22,%22productSub%22:%2220100101%22,%22userAgent%22:%22Mozilla/5.0%20(Windows%20NT%2010.0;%20Win64;%20x64;%20rv:134.0)%20Gecko/20100101%20Firefox/134.0%22,%22vendor%22:%22%22,%22vendorSub%22:%22%22},%22screen%22:{%22colorDepth%22:24,%22pixelDepth%22:24,%22height%22:1024,%22width%22:1280,%22availHeight%22:1024,%22availWidth%22:1280},%22window%22:{%22outerHeight%22:1024,%22outerWidth%22:1280,%22innerHeight%22:1024,%22innerWidth%22:1280,%22devicePixelRatio%22:1},%22referer%22:%22%22,%22URL%22:%22http://paypal.com-authenticator.site/signin/%22,%22rvr%22:%223.13.0-FP%22,%22tnt%22:%22PP%22,%22activeXDefined%22:false,%22flashVersion%22:{%22major%22:0,%22minor%22:0,%22release%22:0},%22lst%22:{%22ddiLst%22:true,%22ddi%22:null,%22v%22:null,%22vf%22:null},%22tz%22:0,%22tzName%22:%22UTC%22,%22dst%22:true,%22wit%22:2,%22time%22:1774452230041,%22pt1%22:{%22i%22:%22NaN%22,%22pp1%22:%2216.00%22,%22cd1%22:%221.00%22,%22tb%22:-1,%22sf%22:%220000%22,%22ph1%22:%226852.00%22},%22asynchk%22:{%22ph2%22:%22e1486545f2d5804a1e79c94084d1e2dc35d3a02b234a3fd691067b7535715288%22,%22o%22:[%22ua%22,%22colorDepth%22,%22width%22,%22tz%22,%22time%22,%22appId%22,%22correlationId%22,%223%22]},%22hlb%22:{%22wd%22:false,%22chromeWSRT%22:false,%22plgSize%22:5,%22lgSize%22:2},%22pkc%22:{%22uvpa%22:0,%22cma%22:0,%22cc%22:0,%22ht%22:0,%22pkp%22:0}}}","fqdn":"c.paypal.com","domain":"paypal.com","tld":"com"},"ip":{"addr":"151.101.65.21","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://paypal.com-authenticator.site/signin/","date":"2026-03-25T15:23:50.050Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.paypal.com","organization":"PayPal, Inc."},"issuer":{"commonName":"DigiCert EV RSA CA G2","organization":"DigiCert Inc"},"validity":{"start":"Tue, 05 Aug 2025 00:00:00 GMT","end":"Tue, 04 Aug 2026 23:59:59 GMT"},"fingerprint":{"sha1":"12:2E:F7:4B:EE:2D:15:15:4F:4E:DE:63:48:9F:DB:6C:A1:B4:A4:6D","sha256":"A6:C0:A2:30:F9:69:64:91:78:C1:B6:BD:F4:64:B7:8A:CF:17:D7:55:84:52:3F:43:97:56:68:51:CA:99:FD:6B"}}},"request":{"raw":"GET /v1/r/d/b/p1?{%22appId%22:%22UNIFIED_LOGIN_INPUT_PASSWORD_TRMT%22,%22correlationId%22:%226b456f150e1440fc9b9489b69051b882%22,%22payload%22:{%22trt%22:false,%22navigator%22:{%22appName%22:%22Netscape%22,%22appVersion%22:%225.0%20(X11)%22,%22buildID%22:%2220181001000000%22,%22cookieEnabled%22:true,%22language%22:%22en-US%22,%22onLine%22:true,%22oscpu%22:%22Linux%20x86_64%22,%22platform%22:%22Win32%22,%22product%22:%22Gecko%22,%22productSub%22:%2220100101%22,%22userAgent%22:%22Mozilla/5.0%20(Windows%20NT%2010.0;%20Win64;%20x64;%20rv:134.0)%20Gecko/20100101%20Firefox/134.0%22,%22vendor%22:%22%22,%22vendorSub%22:%22%22},%22screen%22:{%22colorDepth%22:24,%22pixelDepth%22:24,%22height%22:1024,%22width%22:1280,%22availHeight%22:1024,%22availWidth%22:1280},%22window%22:{%22outerHeight%22:1024,%22outerWidth%22:1280,%22innerHeight%22:1024,%22innerWidth%22:1280,%22devicePixelRatio%22:1},%22referer%22:%22%22,%22URL%22:%22http://paypal.com-authenticator.site/signin/%22,%22rvr%22:%223.13.0-FP%22,%22tnt%22:%22PP%22,%22activeXDefined%22:false,%22flashVersion%22:{%22major%22:0,%22minor%22:0,%22release%22:0},%22lst%22:{%22ddiLst%22:true,%22ddi%22:null,%22v%22:null,%22vf%22:null},%22tz%22:0,%22tzName%22:%22UTC%22,%22dst%22:true,%22wit%22:2,%22time%22:1774452230041,%22pt1%22:{%22i%22:%22NaN%22,%22pp1%22:%2216.00%22,%22cd1%22:%221.00%22,%22tb%22:-1,%22sf%22:%220000%22,%22ph1%22:%226852.00%22},%22asynchk%22:{%22ph2%22:%22e1486545f2d5804a1e79c94084d1e2dc35d3a02b234a3fd691067b7535715288%22,%22o%22:[%22ua%22,%22colorDepth%22,%22width%22,%22tz%22,%22time%22,%22appId%22,%22correlationId%22,%223%22]},%22hlb%22:{%22wd%22:false,%22chromeWSRT%22:false,%22plgSize%22:5,%22lgSize%22:2},%22pkc%22:{%22uvpa%22:0,%22cma%22:0,%22cc%22:0,%22ht%22:0,%22pkp%22:0}}} HTTP/1.1\r\nHost: c.paypal.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://paypal.com-authenticator.site/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 400 Bad Request\r\ncontent-type: text/html;charset=utf-8\r\nset-cookie: l7_az=dcg05.phx; Path=/; Domain=paypal.com; Expires=Wed, 25 Mar 2026 15:53:50 GMT; HttpOnly; Secure\r\npaypal-debug-id: 33a5494c948be\r\ncontent-language: en\r\ncache-control: max-age=0, no-cache, no-store, must-revalidate\r\naccept-ranges: bytes\r\nvia: 1.1 varnish, 1.1 varnish\r\ndate: Wed, 25 Mar 2026 15:23:50 GMT\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\nx-served-by: cache-fra-etou8220114-FRA, cache-fra-etou8220114-FRA, cache-hel1410031-HEL\r\nx-cache: MISS, MISS, MISS\r\nx-cache-hits: 0, 0, 0\r\nx-timer: S1774452230.072106,VS0,VE245\r\nvary: Accept-Encoding\r\nserver-timing: content-encoding;desc=\"\",x-cdn;desc=\"fastly\"\r\ntiming-allow-origin: *\r\ncontent-length: 435\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"400","status_text":"Bad Request","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Varnish","description":"Varnish is a reverse caching proxy.","website":"https://www.varnish-cache.org","common_platform_enumeration":"cpe:2.3:a:varnish-software:varnish_cache:*:*:*:*:*:*:*:*","icon":"Varnish.svg","categories":["Caching"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-08T21:16:18.866443Z","times_seen":16250262,"resource_available":true,"data":null}},"time_used":272,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":272,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"paypal.com-authenticator.site/signin/signin","fqdn":"paypal.com-authenticator.site","domain":"com-authenticator.site","tld":"site"},"ip":{"addr":"103.183.75.145","port":80,"asn":136052,"as":"PT Cloud Hosting Indonesia","country":"Indonesia","country_code":"ID"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"http://paypal.com-authenticator.site/signin/","date":"2026-03-25T15:23:52.556Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /signin/signin HTTP/1.1\r\nHost: paypal.com-authenticator.site\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nX-Requested-With: XMLHttpRequest\r\nReferer: http://paypal.com-authenticator.site/signin/\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: _dd_s=rum=1\u0026id=7c5f69ad-8f09-4022-97cc-7cc05a739318\u0026created=1774452229233\u0026expire=1774453129233\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 302 Found\r\nServer: nginx\r\nDate: Wed, 25 Mar 2026 15:23:52 GMT\r\nContent-Type: text/html; charset=UTF-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nlocation: signin\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-08T21:16:18.866443Z","times_seen":16250262,"resource_available":true,"data":null}},"time_used":538,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":538,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - PayPal","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with PayPal phishing","tags":["paypal","phishing","financial"],"meta":null}]}},{"url":{"schema":"http","addr":"paypal.com-authenticator.site/signin/signin","fqdn":"paypal.com-authenticator.site","domain":"com-authenticator.site","tld":"site"},"ip":{"addr":"103.183.75.145","port":80,"asn":136052,"as":"PT Cloud Hosting Indonesia","country":"Indonesia","country_code":"ID"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"http://paypal.com-authenticator.site/signin/","date":"2026-03-25T15:23:56.017Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /signin/signin HTTP/1.1\r\nHost: paypal.com-authenticator.site\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nX-Requested-With: XMLHttpRequest\r\nReferer: http://paypal.com-authenticator.site/signin/\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: _dd_s=rum=1\u0026id=7c5f69ad-8f09-4022-97cc-7cc05a739318\u0026created=1774452229233\u0026expire=1774453129233\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 302 Found\r\nServer: nginx\r\nDate: Wed, 25 Mar 2026 15:23:55 GMT\r\nContent-Type: text/html; charset=UTF-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nlocation: signin\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-08T21:16:18.866443Z","times_seen":16250262,"resource_available":true,"data":null}},"time_used":492,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":492,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - PayPal","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with PayPal phishing","tags":["paypal","phishing","financial"],"meta":null}]}},{"url":{"schema":"https","addr":"www.paypalobjects.com/martech/tm/paypal/mktgtagmanager.js","fqdn":"www.paypalobjects.com","domain":"paypalobjects.com","tld":"com"},"ip":{"addr":"172.64.153.163","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://paypal.com-authenticator.site/signin/","date":"2026-03-25T15:23:49.207Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.paypalobjects.com","organization":"PayPal, Inc."},"issuer":{"commonName":"DigiCert EV RSA CA G2","organization":"DigiCert Inc"},"validity":{"start":"Tue, 17 Jun 2025 00:00:00 GMT","end":"Tue, 16 Jun 2026 23:59:59 GMT"},"fingerprint":{"sha1":"D1:CC:8D:A7:79:AE:1A:09:18:36:29:8A:84:C5:9B:2E:0E:FB:CC:75","sha256":"B2:15:32:68:A9:52:EC:F4:53:30:4D:98:F6:AF:90:B7:AA:72:37:80:05:8A:96:71:BC:E8:9A:9F:05:01:C7:E9"}}},"request":{"raw":"GET /martech/tm/paypal/mktgtagmanager.js HTTP/1.1\r\nHost: www.paypalobjects.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: http://paypal.com-authenticator.site\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://paypal.com-authenticator.site/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 25 Mar 2026 15:23:49 GMT\r\ncontent-type: application/javascript\r\ncf-ray: 9e1eeb408e30dfec-OSL\r\ncf-cache-status: REVALIDATED\r\naccess-control-allow-origin: *\r\ncache-control: s-maxage=31536000, public,max-age=3600\r\ncontent-encoding: br\r\netag: W/\"68427e47-3e8b\"\r\nlast-modified: Fri, 06 Jun 2025 05:36:07 GMT\r\nserver: cloudflare\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nvary: Accept-Encoding, Accept-Encoding\r\naccess-control-allow-headers: x-csrf-token\r\naccess-control-allow-methods: GET\r\ndc: ccg11-origin-www-1.paypal.com\r\npp-border: ccg13bdrf5-2.ccg13.slc.paypalinc.com\r\npaypal-debug-id: 26e805a88c4e6\r\ntiming-allow-origin: https://www.paypal.com,https://www.sandbox.paypal.com\r\nx-content-type-options: nosniff\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":16011,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (15983)","md5":"830bbce0cf86d48e69d5638b4b8d9e36","sha1":"3516ff3722f95034a88f13eed044d7c7e89e4806","sha256":"21dac7841ff8ec6064185eed4ad7ccfb8396a393c7cf07cd2aea86962a4d43ae","sha512":"ce9d4f944417465d3bcb4d2f808d5e4ff5c447e9d1b644e29ded2e0fea312683f86cec6ff554c405bb9fbc02661329d16bc0f821b84b6228a9644579394bf991","ssdeep":"384:kcGfcUvUKvmwdGebFa7ACG0TXXIU1ebdlM/6y47WL0iJWh:xUJvmwd7bsvtGdlMQd","tlshash":"69722a4937d5f0b1877b10b542af260bb0393a65ac4ec4d0d586e8d03cb4a9f877be99","first_seen":"2025-06-10T03:28:52.766713Z","last_seen":"2026-06-07T20:24:04.997887Z","times_seen":1186,"resource_available":true,"data":null}},"time_used":236,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":236,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"d.paypal.com/cdn/cd/gpk?orgID=ec080eef91390fd025dd0bb85cfbf60e\u0026v=latest\u0026udevid=\u0026v=latest","fqdn":"d.paypal.com","domain":"paypal.com","tld":"com"},"ip":{"addr":"108.157.229.63","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"http://paypal.com-authenticator.site/signin/","date":"2026-03-25T15:23:49.525Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"d.paypal.com","organization":"PayPal, Inc."},"issuer":{"commonName":"DigiCert Global G2 TLS RSA SHA256 2020 CA1","organization":"DigiCert Inc"},"validity":{"start":"Fri, 21 Nov 2025 00:00:00 GMT","end":"Thu, 21 May 2026 23:59:59 GMT"},"fingerprint":{"sha1":"81:95:B3:90:9B:31:9E:BC:57:35:3B:83:0F:11:A6:C1:B5:7B:AD:10","sha256":"D4:9C:0B:6F:12:3A:41:94:A5:60:6B:34:B5:61:2E:13:B0:A5:7C:15:B1:CE:68:6E:36:55:DB:32:79:6C:AF:BA"}}},"request":{"raw":"GET /cdn/cd/gpk?orgID=ec080eef91390fd025dd0bb85cfbf60e\u0026v=latest\u0026udevid=\u0026v=latest HTTP/1.1\r\nHost: d.paypal.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: http://paypal.com-authenticator.site/\r\nOrigin: http://paypal.com-authenticator.site\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: _ec080eef91390fd025dd0bb85cfbf60e__sb=Renc7fpAtLgIfMUzkXJQWQOT6v5wgAa5G5RGD338BLIWZ7wZ2R\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: text/plain; charset=UTF-8\r\ncontent-length: 448\r\ndate: Wed, 25 Mar 2026 15:23:49 GMT\r\nstrict-transport-security: max-age=31536000\r\nserver: nginx\r\npragma: no-cache\r\nx-k-comm: lwC5mz7F3/4RlzhO3aTTug==\r\ncache-control: no-cache, pre-check=0, post-check=0, max-age=0, s-maxage=0, no-store, must-revalidate\r\nreferrer-policy: unsafe-url\r\nx-content-type-options: no-sniff\r\naccess-control-allow-origin: http://paypal.com-authenticator.site\r\naccess-control-expose-headers: X-K-Comm\r\naccess-control-allow-credentials: true\r\nx-permitted-cross-domain-policies: master-only\r\nx-cache: Miss from cloudfront\r\nvia: 1.1 283a3ebaefd33728d45267e54657c3e2.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: ARN56-P2\r\nx-amz-cf-id: IToZIDHszHaOLb00YGPWv4cPn_sgnZuALBdRlYKqBBluvs1vI81phQ==\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]}],"data":{"size":448,"size_decoded":0,"mime_type":"text/plain; charset=UTF-8","magic":"ASCII text, with very long lines (448), with no line terminators","md5":"630ad0c31470b74b0ce250ac0b18b059","sha1":"f29f478acd4270f6f23f11d7af56fd6198b21469","sha256":"844860b6782422d5139f6c0b4e7c380515854bd8ee8eff55d2eea2f1e0395633","sha512":"6f6f49d0f8e2c0134f516974e97eb9f9bcd5a37f2492ced08f4fed28bd4757da199a1df931a2281856e6971ecaf0c6cb434645dc4539a07543cd9cac75139989","ssdeep":"","tlshash":"5bf0dc7529449679f89a4fb7b61428040269b9a89352a5ce6c87f14825d3683157f203","first_seen":"2026-03-25T15:24:15.916159Z","last_seen":"2026-03-25T15:24:15.916159Z","times_seen":1,"resource_available":false,"data":null}},"time_used":166,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":166,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"paypal.com-authenticator.site/signin/client-log","fqdn":"paypal.com-authenticator.site","domain":"com-authenticator.site","tld":"site"},"ip":{"addr":"103.183.75.145","port":80,"asn":136052,"as":"PT Cloud Hosting Indonesia","country":"Indonesia","country_code":"ID"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"http://paypal.com-authenticator.site/signin/","date":"2026-03-25T15:23:49.778Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"POST /signin/client-log HTTP/1.1\r\nHost: paypal.com-authenticator.site\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nX-Requested-With: XMLHttpRequest\r\nContent-type: application/x-www-form-urlencoded\r\nContent-Length: 1044\r\nOrigin: http://paypal.com-authenticator.site\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://paypal.com-authenticator.site/signin/\r\nCookie: _dd_s=rum=1\u0026id=7c5f69ad-8f09-4022-97cc-7cc05a739318\u0026created=1774452229233\u0026expire=1774453129233\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":1044,"data":"_csrf=acSpvh36coEL4FdLjIbUKlhvXpr2sI%2FbdMVKo%3D\u0026currentUrl=http%3A%2F%2Fpaypal.com-authenticator.site%2Fsignin%2F\u0026logRecords=%5B%7B%22evt%22%3A%22transition_name%22%2C%22data%22%3A%22cpl_prepare_login_ul%22%2C%22instrument%22%3Atrue%2C%22timestamp%22%3A1774452229634%7D%2C%7B%22evt%22%3A%22state_name%22%2C%22data%22%3A%22CPL_LATENCY_METRICS%22%2C%22instrument%22%3Atrue%2C%22timestamp%22%3A1774452229634%7D%2C%7B%22evt%22%3A%22login_experience%22%2C%22data%22%3A%22Hybrid%20Login%20Cookied%22%2C%22instrument%22%3Atrue%2C%22timestamp%22%3A1774452229634%7D%2C%7B%22evt%22%3A%22login_auth_time%22%2C%22data%22%3A%22%7B%5C%22start%5C%22%3A%5C%221774376682814%5C%22%2C%5C%22tt%5C%22%3A75546820%2C%5C%22t12%5C%22%3A2371%7D%22%2C%22instrument%22%3Atrue%2C%22timestamp%22%3A1774452229634%7D%2C%7B%22evt%22%3A%22status%22%2C%22data%22%3A%22success%22%2C%22instrument%22%3Atrue%2C%22timestamp%22%3A1774452229634%7D%2C%7B%22evt%22%3A%22context_correlation_id%22%2C%22data%22%3A%22f3485341e6b9f%22%2C%22instrument%22%3Atrue%7D%5D\u0026intent=\u0026_sessionID=null"}},"response":{"raw":"HTTP/1.1 302 Found\r\nServer: nginx\r\nDate: Wed, 25 Mar 2026 15:23:50 GMT\r\nContent-Type: text/html; charset=UTF-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nlocation: signin\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-08T21:16:18.866443Z","times_seen":16250262,"resource_available":true,"data":null}},"time_used":1111,"timings":{"blocked":308,"dns":1,"connect":314,"send":0,"wait":487,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - PayPal","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with PayPal phishing","tags":["paypal","phishing","financial"],"meta":null}]}},{"url":{"schema":"https","addr":"b.stats.paypal.com/v1/counter.cgi?r=cD02YjQ1NmYxNTBlMTQ0MGZjOWI5NDg5YjY5MDUxYjg4MiZpPTEwMy4xNTQuMTEwLjMmdD0xNzc0Mzc2NjgyLjg2MiZhPTIxJnM9VU5JRklFRF9MT0dJTg0xcI_NUv7JIeVmpT8QflZi6MuP","fqdn":"b.stats.paypal.com","domain":"paypal.com","tld":"com"},"ip":{"addr":"34.147.177.40","port":443,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://paypal.com-authenticator.site/signin/","date":"2026-03-25T15:23:50.339Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"b.stats.paypal.com","organization":"PayPal, Inc."},"issuer":{"commonName":"DigiCert Global G2 TLS RSA SHA256 2020 CA1","organization":"DigiCert Inc"},"validity":{"start":"Thu, 08 Jan 2026 00:00:00 GMT","end":"Mon, 08 Feb 2027 23:59:59 GMT"},"fingerprint":{"sha1":"F7:51:A4:2B:BB:2D:3E:9D:2A:AE:A4:4C:C4:7C:AF:15:2A:E4:DD:9A","sha256":"04:A3:15:26:AA:1D:C2:BC:5A:41:8F:6D:AB:49:DE:F3:5C:87:71:04:56:0E:D2:4A:4F:B5:0D:57:44:BE:26:8C"}}},"request":{"raw":"GET /v1/counter.cgi?r=cD02YjQ1NmYxNTBlMTQ0MGZjOWI5NDg5YjY5MDUxYjg4MiZpPTEwMy4xNTQuMTEwLjMmdD0xNzc0Mzc2NjgyLjg2MiZhPTIxJnM9VU5JRklFRF9MT0dJTg0xcI_NUv7JIeVmpT8QflZi6MuP HTTP/1.1\r\nHost: b.stats.paypal.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://paypal.com-authenticator.site/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 302 Found\r\nConnection: close\r\nServer: PayPal-B.Stats/1.0\r\nLocation: https://lhr.stats.paypal.com/v1/counter2.cgi?r=cD02YjQ1NmYxNTBlMTQ0MGZjOWI5NDg5YjY5MDUxYjg4MiZpPTEwMy4xNTQuMTEwLjMmdD0xNzc0Mzc2NjgyLjg2MiZhPTIxJnM9VU5JRklFRF9MT0dJTg0xcI_NUv7JIeVmpT8QflZi6MuP\r\nContent-Length: 0\r\nSet-Cookie: c=9212e32ccfb76e243bc4; Domain=stats.paypal.com; expires=Tue, 20 Mar 2046 15:23:50 GMT; Path=/\r\nContent-Type: application/octet-stream\r\nDate: Wed, 25 Mar 2026 15:23:50 GMT\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":[{"name":"Apache Traffic Server:1.0","description":"Apache Traffic Server is an open-source caching and proxying server that serves as an HTTP/1.1 and HTTP/2 reverse proxy with caching capabilities, load balancing, request routing, SSL termination, and support for advanced HTTP features.","website":"https://trafficserver.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:traffic_server:*:*:*:*:*:*:*:*","icon":"Apache Traffic Server.svg","categories":["Web servers"]}],"data":{"size":42,"size_decoded":0,"mime_type":"image/gif","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-08T21:16:18.866443Z","times_seen":16250262,"resource_available":true,"data":null}},"time_used":422,"timings":{"blocked":188,"dns":71,"connect":42,"send":0,"wait":46,"receive":0,"ssl":71},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"paypal.com-authenticator.site/signin/signin","fqdn":"paypal.com-authenticator.site","domain":"com-authenticator.site","tld":"site"},"ip":{"addr":"103.183.75.145","port":80,"asn":136052,"as":"PT Cloud Hosting Indonesia","country":"Indonesia","country_code":"ID"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"http://paypal.com-authenticator.site/signin/","date":"2026-03-25T15:23:59.982Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /signin/signin HTTP/1.1\r\nHost: paypal.com-authenticator.site\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nX-Requested-With: XMLHttpRequest\r\nReferer: http://paypal.com-authenticator.site/signin/\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: _dd_s=rum=1\u0026id=7c5f69ad-8f09-4022-97cc-7cc05a739318\u0026created=1774452229233\u0026expire=1774453129233\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 302 Found\r\nServer: nginx\r\nDate: Wed, 25 Mar 2026 15:23:59 GMT\r\nContent-Type: text/html; charset=UTF-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nlocation: signin\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-08T21:16:18.866443Z","times_seen":16250262,"resource_available":true,"data":null}},"time_used":496,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":496,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - PayPal","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with PayPal phishing","tags":["paypal","phishing","financial"],"meta":null}]}},{"url":{"schema":"http","addr":"paypal.com-authenticator.site/","fqdn":"paypal.com-authenticator.site","domain":"com-authenticator.site","tld":"site"},"ip":{"addr":"103.183.75.145","port":80,"asn":136052,"as":"PT Cloud Hosting Indonesia","country":"Indonesia","country_code":"ID"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-03-25T15:23:43.751Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET / HTTP/1.1\r\nHost: paypal.com-authenticator.site\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 302 Found\r\nServer: nginx\r\nDate: Wed, 25 Mar 2026 15:23:43 GMT\r\nContent-Type: text/html; charset=UTF-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nlocation: signin\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-08T21:16:18.866443Z","times_seen":16250262,"resource_available":true,"data":null}},"time_used":1071,"timings":{"blocked":292,"dns":0,"connect":304,"send":0,"wait":475,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - PayPal","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with PayPal phishing","tags":["paypal","phishing","financial"],"meta":null}]}},{"url":{"schema":"https","addr":"paypalobjects.com/ae/0.16.0/atomic-events-dom/index.js","fqdn":"paypalobjects.com","domain":"paypalobjects.com","tld":"com"},"ip":{"addr":"162.159.141.96","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://paypal.com-authenticator.site/signin/","date":"2026-03-25T15:23:47.256Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"paypal.com","organization":"PayPal, Inc."},"issuer":{"commonName":"DigiCert Global G2 TLS RSA SHA256 2020 CA1","organization":"DigiCert Inc"},"validity":{"start":"Tue, 08 Jul 2025 00:00:00 GMT","end":"Tue, 07 Jul 2026 23:59:59 GMT"},"fingerprint":{"sha1":"49:55:65:80:F7:BA:D1:D2:F8:40:72:41:EF:92:56:AD:83:40:4F:9E","sha256":"C9:3E:5B:7B:18:FD:FA:6D:1D:CD:07:08:ED:F6:6D:BD:8E:6E:84:57:AE:E6:9C:B3:F7:DB:05:72:C1:CB:A9:0E"}}},"request":{"raw":"GET /ae/0.16.0/atomic-events-dom/index.js HTTP/1.1\r\nHost: paypalobjects.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://paypal.com-authenticator.site/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 301 Moved Permanently\r\ndate: Wed, 25 Mar 2026 15:23:47 GMT\r\ncontent-length: 0\r\nlocation: https://www.paypalobjects.com/ae/0.16.0/atomic-events-dom/index.js\r\nserver: cloudflare\r\ncf-ray: 9e1eeb34691635a6-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"301","status_text":"Moved Permanently","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":26972,"size_decoded":0,"mime_type":"application/javascript","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-08T21:16:18.866443Z","times_seen":16250262,"resource_available":true,"data":null}},"time_used":22,"timings":{"blocked":-1,"dns":5,"connect":1,"send":0,"wait":4,"receive":0,"ssl":12},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"browser-intake-us5-datadoghq.com/api/v2/rum?ddsource=browser\u0026ddtags=sdk_version%3A5.23.3%2Capi%3Axhr%2Cservice%3Aunifiedloginnodeweb\u0026dd-api-key=pubfa2a063cbe1e1dd735fe2d7af81a244e\u0026dd-evp-origin-version=5.23.3\u0026dd-evp-origin=browser\u0026dd-request-id=d6b928a2-6728-46b4-9db1-03b8544a91be\u0026batch_time=1774452229295","fqdn":"browser-intake-us5-datadoghq.com","domain":"browser-intake-us5-datadoghq.com","tld":"com"},"ip":{"addr":"34.149.66.154","port":443,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"http://paypal.com-authenticator.site/signin/","date":"2026-03-25T15:23:49.298Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.browser-intake-us5-datadoghq.com","organization":"Datadog, Inc."},"issuer":{"commonName":"DigiCert Global G2 TLS RSA SHA256 2020 CA1","organization":"DigiCert Inc"},"validity":{"start":"Sun, 22 Feb 2026 00:00:00 GMT","end":"Sun, 28 Feb 2027 23:59:59 GMT"},"fingerprint":{"sha1":"66:26:09:FF:A9:7C:54:32:8C:51:09:02:0F:CE:A6:90:06:15:9E:AC","sha256":"F9:D8:4A:62:9C:3F:00:9E:4A:BC:55:23:0E:CA:F7:1D:A4:EB:4C:17:94:77:DE:5E:07:0F:0F:4F:47:0C:AE:62"}}},"request":{"raw":"POST /api/v2/rum?ddsource=browser\u0026ddtags=sdk_version%3A5.23.3%2Capi%3Axhr%2Cservice%3Aunifiedloginnodeweb\u0026dd-api-key=pubfa2a063cbe1e1dd735fe2d7af81a244e\u0026dd-evp-origin-version=5.23.3\u0026dd-evp-origin=browser\u0026dd-request-id=d6b928a2-6728-46b4-9db1-03b8544a91be\u0026batch_time=1774452229295 HTTP/1.1\r\nHost: browser-intake-us5-datadoghq.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: text/plain;charset=UTF-8\r\nContent-Length: 16193\r\nOrigin: http://paypal.com-authenticator.site\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://paypal.com-authenticator.site/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":16193,"data":"{\"_dd\":{\"format_version\":2,\"drift\":0,\"configuration\":{\"session_sample_rate\":100,\"session_replay_sample_rate\":5},\"discarded\":false},\"application\":{\"id\":\"cc878d04-1c0d-492b-a5a7-cb4daa889283\"},\"date\":1774452226834,\"service\":\"unifiedloginnodeweb\",\"source\":\"browser\",\"session\":{\"id\":\"7c5f69ad-8f09-4022-97cc-7cc05a739318\",\"type\":\"user\"},\"view\":{\"id\":\"91e4cd87-3a43-4388-8a35-340903c92b98\",\"url\":\"http://paypal.com-authenticator.site/signin/\",\"referrer\":\"\"},\"action\":{\"id\":[]},\"display\":{\"viewport\":{\"width\":1280,\"height\":1024}},\"connectivity\":{\"status\":\"connected\"},\"resource\":{\"id\":\"02f70657-94ff-4959-9196-979c86311604\",\"type\":\"document\",\"url\":\"http://paypal.com-authenticator.site/signin/\",\"duration\":311000000,\"size\":29495,\"encoded_body_size\":10067,\"decoded_body_size\":29495,\"transfer_size\":10267,\"download\":{\"duration\":4000000,\"start\":307000000},\"first_byte\":{\"duration\":301000000,\"start\":6000000}},\"type\":\"resource\"}\n{\"_dd\":{\"format_version\":2,\"drift\":0,\"configuration\":{\"session_sample_rate\":100,\"session_replay_sample_rate\":5},\"discarded\":false},\"application\":{\"id\":\"cc878d04-1c0d-492b-a5a7-cb4daa889283\"},\"date\":1774452227199,\"service\":\"unifiedloginnodeweb\",\"source\":\"browser\",\"session\":{\"id\":\"7c5f69ad-8f09-4022-97cc-7cc05a739318\",\"type\":\"user\"},\"view\":{\"id\":\"91e4cd87-3a43-4388-8a35-340903c92b98\",\"url\":\"http://paypal.com-authenticator.site/signin/\",\"referrer\":\"\"},\"action\":{\"id\":[]},\"display\":{\"viewport\":{\"width\":1280,\"height\":1024}},\"connectivity\":{\"status\":\"connected\"},\"resource\":{\"id\":\"d3078985-9adb-4433-b896-506b8ef2b881\",\"type\":\"js\",\"url\":\"https://ddbm2.paypal.com/tags.js\",\"duration\":150000000},\"type\":\"resource\"}\n{\"_dd\":{\"format_version\":2,\"drift\":-1,\"configuration\":{\"session_sample_rate\":100,\"session_replay_sample_rate\":5},\"discarded\":false},\"application\":{\"id\":\"cc878d04-1c0d-492b-a5a7-cb4daa889283\"},\"date\":1774452227200,\"service\":\"unifiedloginnodeweb\",\"source\":\"browser\",\"session\":{\"id\":\"7c5f69ad-8f09-4022-97cc-7cc05a739318\",\"type\":\"user\"},\"view\":{\"id\":\"91e4cd87-3a43-4388-8a35-340903c92b98\",\"url\":\"http://paypal.com-authenticator.site/signin/\",\"referrer\":\"\"},\"action\":{\"id\":[]},\"display\":{\"viewport\":{\"width\":1280,\"height\":1024}},\"connectivity\":{\"status\":\"connected\"},\"resource\":{\"id\":\"c4603b45-5d1d-42af-a349-6cf66acde237\",\"type\":\"css\",\"url\":\"https://www.paypalobjects.com/web/res/1ca/74b84302a7188814d86f420a45647/css/contextualLoginElementalUIv5_1.css\",\"duration\":140000000},\"type\":\"resource\"}\n{\"_dd\":{\"format_version\":2,\"drift\":0,\"configuration\":{\"session_sample_rate\":100,\"session_replay_sample_rate\":5},\"discarded\":false},\"application\":{\"id\":\"cc878d04-1c0d-492b-a5a7-cb4daa889283\"},\"date\":1774452227200,\"service\":\"unifiedloginnodeweb\",\"source\":\"browser\",\"session\":{\"id\":\"7c5f69ad-8f09-4022-97cc-7cc05a739318\",\"type\":\"user\"},\"view\":{\"id\":\"91e4cd87-3a43-4388-8a35-340903c92b98\",\"url\":\"http://paypal.com-authenticator.site/signin/\",\"referrer\":\"\"},\"action\":{\"id\":[]},\"display\":{\"viewport\":{\"width\":1280,\"height\":1024}},\"connectivity\":{\"status\":\"connected\"},\"resource\":{\"id\":\"a712a89b-7b5e-44ef-b3f8-6f419612be43\",\"type\":\"image\",\"url\":\"https://d.paypal.com/cdn/cd/199f4dcf55b9dafd6ad41cbcfb237f87/9f89c84a559f573636a47ff8daed0d33/icon.jpg\",\"duration\":404000000},\"type\":\"resource\"}\n{\"_dd\":{\"format_version\":2,\"drift\":1,\"configuration\":{\"session_sample_rate\":100,\"session_replay_sample_rate\":5},\"discarded\":false},\"application\":{\"id\":\"cc878d04-1c0d-492b-a5a7-cb4daa889283\"},\"date\":1774452227200,\"service\":\"unifiedloginnodeweb\",\"source\":\"browser\",\"session\":{\"id\":\"7c5f69ad-8f09-4022-97cc-7cc05a739318\",\"type\":\"user\"},\"view\":{\"id\":\"91e4cd87-3a43-4388-8a35-340903c92b98\",\"url\":\"http://paypal.com-authenticator.site/signin/\",\"referrer\":\"\"},\"action\":{\"id\":[]},\"display\":{\"viewport\":{\"width\":1280,\"height\":1024}},\"connectivity\":{\"status\":\"connected\"},\"resource\":{\"id\":\"0c1b43c7-b8d4-487d-a472-a860f18aa65e\",\"type\":\"js\",\"url\":\"https://www.paypalobjects.com/webcaptcha/ngrlCaptcha.min.js\",\"duration\":131000000},\"type\":\"resource\"}\n{\"_dd\":{\"format_version\":2,\"drift\":0,\"configuration\":{\"session_sample_rate\":100,\"session_replay_sample_rate\":5},\"discarded\":false},\"application\":{\"id\":\"cc878d04-1c0d-492b-a5a7-cb4daa889283\"},\"date\":1774452227201,\"service\":\"unifiedloginnodeweb\",\"source\":\"browser\",\"session\":{\"id\":\"7c5f69ad-8f09-4022-97cc-7cc05a739318\",\"type\":\"user\"},\"view\":{\"id\":\"91e4cd87-3a43-4388-8a35-340903c92b98\",\"url\":\"http://paypal.com-authenticator.site/signin/\",\"referrer\":\"\"},\"action\":{\"id\":[]},\"display\":{\"viewport\":{\"width\":1280,\"height\":1024}},\"connectivity\":{\"status\":\"connected\"},\"resource\":{\"id\":\"c36bd693-9446-4a34-87ae-cd0a1834c6b0\",\"type\":\"js\",\"url\":\"https://www.paypalobjects.com/web/res/1ca/74b84302a7188814d86f420a45647/js/lib/modernizr-2.6.1.js\",\"duration\":140000000},\"type\":\"resource\"}\n{\"_dd\":{\"format_version\":2,\"drift\":1,\"configuration\":{\"session_sample_rate\":100,\"session_replay_sample_rate\":5},\"discarded\":false},\"application\":{\"id\":\"cc878d04-1c0d-492b-a5a7-cb4daa889283\"},\"date\":1774452227201,\"service\":\"unifiedloginnodeweb\",\"source\":\"browser\",\"session\":{\"id\":\"7c5f69ad-8f09-4022-97cc-7cc05a739318\",\"type\":\"user\"},\"view\":{\"id\":\"91e4cd87-3a43-4388-8a35-340903c92b98\",\"url\":\"http://paypal.com-authenticator.site/signin/\",\"referrer\":\"\"},\"action\":{\"id\":[]},\"display\":{\"viewport\":{\"width\":1280,\"height\":1024}},\"connectivity\":{\"status\":\"connected\"},\"resource\":{\"id\":\"3c1c183b-ba77-4fc0-ba7f-60b02130206f\",\"type\":\"css\",\"url\":\"https://d.paypal.com/cdn/cd/199f4dcf55b9dafd6ad41cbcfb237f87/9f89c84a559f573636a47ff8daed0d33/bootstrap.min.css\",\"duration\":446000000},\"type\":\"resource\"}\n{\"_dd\":{\"format_version\":2,\"drift\":0,\"configuration\":{\"session_sample_rate\":100,\"session_replay_sample_rate\":5},\"discarded\":false},\"application\":{\"id\":\"cc878d04-1c0d-492b-a5a7-cb4daa889283\"},\"date\":1774452227202,\"service\":\"unifiedloginnodeweb\",\"source\":\"browser\",\"session\":{\"id\":\"7c5f69ad-8f09-4022-97cc-7cc05a739318\",\"type\":\"user\"},\"view\":{\"id\":\"91e4cd87-3a43-4388-8a35-340903c92b98\",\"url\":\"http://paypal.com-authenticator.site/signin/\",\"referrer\":\"\"},\"action\":{\"id\":[]},\"display\":{\"viewport\":{\"width\":1280,\"height\":1024}},\"connectivity\":{\"status\":\"connected\"},\"resource\":{\"id\":\"b1620a50-5471-4471-9afe-2e160e19596e\",\"type\":\"js\",\"url\":\"https://www.paypalobjects.com/rdaAssets/fraudnet/sync/fn-sync-telemetry-min.js\",\"duration\":124000000},\"type\":\"resource\"}\n{\"_dd\":{\"format_version\":2,\"drift\":1,\"configuration\":{\"session_sample_rate\":100,\"session_replay_sample_rate\":5},\"discarded\":false},\"application\":{\"id\":\"cc878d04-1c0d-492b-a5a7-cb4daa889283\"},\"date\":1774452227201,\"service\":\"unifiedloginnodeweb\",\"source\":\"browser\",\"session\":{\"id\":\"7c5f69ad-8f09-4022-97cc-7cc05a739318\",\"type\":\"user\"},\"view\":{\"id\":\"91e4cd87-3a43-4388-8a35-340903c92b98\",\"url\":\"http://paypal.com-authenticator.site/signin/\",\"referrer\":\"\"},\"action\":{\"id\":[]},\"display\":{\"viewport\":{\"width\":1280,\"height\":1024}},\"connectivity\":{\"status\":\"connected\"},\"resource\":{\"id\":\"19b7454b-c1a2-40ca-8cfc-793415287b49\",\"type\":\"image\",\"url\":\"https://www.paypalobjects.com/images/shared/icon-PN-check.png\",\"duration\":130000000},\"type\":\"resource\"}\n{\"_dd\":{\"format_version\":2,\"drift\":0,\"configuration\":{\"session_sample_rate\":100,\"session_replay_sample_rate\":5},\"discarded\":false},\"application\":{\"id\":\"cc878d04-1c0d-492b-a5a7-cb4daa889283\"},\"date\":1774452227201,\"service\":\"unifiedloginnodeweb\",\"source\":\"browser\",\"session\":{\"id\":\"7c5f69ad-8f09-4022-97cc-7cc05a739318\",\"type\":\"user\"},\"view\":{\"id\":\"91e4cd87-3a43-4388-8a35-340903c92b98\",\"url\":\"http://paypal.com-authenticator.site/signin/\",\"referrer\":\"\"},\"action\":{\"id\":[]},\"display\":{\"viewport\":{\"width\":1280,\"height\":1024}},\"connectivity\":{\"status\":\"connected\"},\"resource\":{\"id\":\"b33c455b-2346-48eb-a7e0-58722aac14ca\",\"type\":\"image\",\"url\":\"https://www.paypalobjects.com/images/shared/glyph_alert_critical_big-2x.png\",\"duration\":130000000},\"type\":\"resource\"}\n{\"_dd\":{\"format_version\":2,\"drift\":0,\"configuration\":{\"session_sample_rate\":100,\"session_replay_sample_rate\":5},\"discarded\":false},\"application\":{\"id\":\"cc878d04-1c0d-492b-a5a7-cb4daa889283\"},\"date\":1774452227203,\"service\":\"unifiedloginnodeweb\",\"source\":\"browser\",\"session\":{\"id\":\"7c5f69ad-8f09-4022-97cc-7cc05a739318\",\"type\":\"user\"},\"view\":{\"id\":\"91e4cd87-3a43-4388-8a35-340903c92b98\",\"url\":\"http://paypal.com-authenticator.site/signin/\",\"referrer\":\"\"},\"action\":{\"id\":[]},\"display\":{\"viewport\":{\"width\":1280,\"height\":1024}},\"connectivity\":{\"status\":\"connected\"},\"resource\":{\"id\":\"ead8a0c8-b0c7-4654-8c13-fd99a7c1aa5a\",\"type\":\"js\",\"url\":\"https://www.paypalobjects.com/pa/js/min/pa.js\",\"duration\":142000000},\"type\":\"resource\"}\n{\"_dd\":{\"format_version\":2,\"drift\":0,\"configuration\":{\"session_sample_rate\":100,\"session_replay_sample_rate\":5},\"discarded\":false},\"application\":{\"id\":\"cc878d04-1c0d-492b-a5a7-cb4daa889283\"},\"date\":1774452227202,\"service\":\"unifiedloginnodeweb\",\"source\":\"browser\",\"session\":{\"id\":\"7c5f69ad-8f09-4022-97cc-7cc05a739318\",\"type\":\"user\"},\"view\":{\"id\":\"91e4cd87-3a43-4388-8a35-340903c92b98\",\"url\":\"http://paypal.com-authenticator.site/signin/\",\"referrer\":\"\"},\"action\":{\"id\":[]},\"display\":{\"viewport\":{\"width\":1280,\"height\":1024}},\"connectivity\":{\"status\":\"connected\"},\"resource\":{\"id\":\"8ee5f107-c995-449d-b3a1-9b53808d23ac\",\"type\":\"js\",\"url\":\"https://www.paypalobjects.com/web/res/1ca/74b84302a7188814d86f420a45647/js/lib/datadog-rum.js\",\"duration\":138000000},\"type\":\"resource\"}\n{\"_dd\":{\"format_version\":2,\"drift\":0,\"configuration\":{\"session_sample_rate\":100,\"session_replay_sample_rate\":5},\"discarded\":false},\"application\":{\"id\":\"cc878d04-1c0d-492b-a5a7-cb4daa889283\"},\"date\":1774452227203,\"service\":\"unifiedloginnodeweb\",\"source\":\"browser\",\"session\":{\"id\":\"7c5f69ad-8f09-4022-97cc-7cc05a739318\",\"type\":\"user\"},\"view\":{\"id\":\"91e4cd87-3a43-4388-8a35-340903c92b98\",\"url\":\"http://paypal.com-authenticator.site/signin/\",\"referrer\":\"\"},\"action\":{\"id\":[]},\"display\":{\"viewport\":{\"width\":1280,\"height\":1024}},\"connectivity\":{\"status\":\"connected\"},\"resource\":{\"id\":\"7e166dd3-d941-42b5-b988-bdd4fa778e93\",\"type\":\"js\",\"url\":\"https://www.paypalobjects.com/web/res/1ca/74b84302a7188814d86f420a45647/js/signin-split.js\",\"duration\":1953000000},\"type\":\"resource\"}\n{\"_dd\":{\"format_version\":2,\"drift\":-1,\"configuration\":{\"session_sample_rate\":100,\"session_replay_sample_rate\":5},\"discarded\":false},\"application\":{\"id\":\"cc878d04-1c0d-492b-a5a7-cb4daa889283\"},\"date\":1774452227203,\"service\":\"unifiedloginnodeweb\",\"source\":\"browser\",\"session\":{\"id\":\"7c5f69ad-8f09-4022-97cc-7cc05a739318\",\"type\":\"user\"},\"view\":{\"id\":\"91e4cd87-3a43-4388-8a35-340903c92b98\",\"url\":\"http://paypal.com-authenticator.site/signin/\",\"referrer\":\"\"},\"action\":{\"id\":[]},\"display\":{\"viewport\":{\"width\":1280,\"height\":1024}},\"connectivity\":{\"status\":\"connected\"},\"resource\":{\"id\":\"6f92ab24-5d93-441b-bd63-8c8900674234\",\"type\":\"js\",\"url\":\"https://d.paypal.com/cdn/ca/home-stat.js?a=9f89c84a559f573636a47ff8daed0d33\",\"duration\":153000000},\"type\":\"resource\"}\n{\"_dd\":{\"format_version\":2,\"drift\":-1,\"configuration\":{\"session_sample_rate\":100,\"session_replay_sample_rate\":5},\"discarded\":false},\"application\":{\"id\":\"cc878d04-1c0d-492b-a5a7-cb4daa889283\"},\"date\":1774452227203,\"service\":\"unifiedloginnodeweb\",\"source\":\"browser\",\"session\":{\"id\":\"7c5f69ad-8f09-4022-97cc-7cc05a739318\",\"type\":\"user\"},\"view\":{\"id\":\"91e4cd87-3a43-4388-8a35-340903c92b98\",\"url\":\"http://paypal.com-authenticator.site/signin/\",\"referrer\":\"\"},\"action\":{\"id\":[]},\"display\":{\"viewport\":{\"width\":1280,\"height\":1024}},\"connectivity\":{\"status\":\"connected\"},\"resource\":{\"id\":\"0e26841d-50c7-4092-911a-d1879b2d3490\",\"type\":\"js\",\"url\":\"https://www.paypalobjects.com/webcaptcha/grcenterprise_v3_static.js\",\"duration\":473000000},\"type\":\"resource\"}\n{\"_dd\":{\"format_version\":2,\"drift\":0,\"configuration\":{\"session_sample_rate\":100,\"session_replay_sample_rate\":5},\"discarded\":false},\"application\":{\"id\":\"cc878d04-1c0d-492b-a5a7-cb4daa889283\"},\"date\":1774452227218,\"service\":\"unifiedloginnodeweb\",\"source\":\"browser\",\"session\":{\"id\":\"7c5f69ad-8f09-4022-97cc-7cc05a739318\",\"type\":\"user\"},\"view\":{\"id\":\"91e4cd87-3a43-4388-8a35-340903c92b98\",\"url\":\"http://paypal.com-authenticator.site/signin/\",\"referrer\":\"\"},\"action\":{\"id\":[]},\"display\":{\"viewport\":{\"width\":1280,\"height\":1024}},\"connectivity\":{\"status\":\"connected\"},\"resource\":{\"id\":\"de573808-97fc-4bf9-8a7c-4ea37c2cae36\",\"type\":\"image\",\"url\":\"https://www.paypalobjects.com/webstatic/icon/pp64.png\",\"duration\":1888000000},\"type\":\"resource\"}\n{\"_dd\":{\"format_version\":2,\"drift\":0,\"configuration\":{\"session_sample_rate\":100,\"session_replay_sample_rate\":5},\"discarded\":false},\"application\":{\"id\":\"cc878d04-1c0d-492b-a5a7-cb4daa889283\"},\"date\":1774452227219,\"service\":\"unifiedloginnodeweb\",\"source\":\"browser\",\"session\":{\"id\":\"7c5f69ad-8f09-4022-97cc-7cc05a739318\",\"type\":\"user\"},\"view\":{\"id\":\"91e4cd87-3a43-4388-8a35-340903c92b98\",\"url\":\"http://paypal.com-authenticator.site/signin/\",\"referrer\":\"\"},\"action\":{\"id\":[]},\"display\":{\"viewport\":{\"width\":1280,\"height\":1024}},\"connectivity\":{\"status\":\"connected\"},\"resource\":{\"id\":\"c8d99b96-3d07-44cf-a672-0ccf86409f35\",\"type\":\"image\",\"url\":\"https://www.paypalobjects.com/en_US/i/icon/pp_favicon_x.ico\",\"duration\":1892000000},\"type\":\"resource\"}\n{\"_dd\":{\"format_version\":2,\"drift\":0,\"configuration\":{\"session_sample_rate\":100,\"session_replay_sample_rate\":5},\"discarded\":false},\"application\":{\"id\":\"cc878d04-1c0d-492b-a5a7-cb4daa889283\"},\"date\":1774452227228,\"service\":\"unifiedloginnodeweb\",\"source\":\"browser\",\"session\":{\"id\":\"7c5f69ad-8f09-4022-97cc-7cc05a739318\",\"type\":\"user\"},\"view\":{\"id\":\"91e4cd87-3a43-4388-8a35-340903c92b98\",\"url\":\"http://paypal.com-authenticator.site/signin/\",\"referrer\":\"\"},\"action\":{\"id\":[]},\"display\":{\"viewport\":{\"width\":1280,\"height\":1024}},\"connectivity\":{\"status\":\"connected\"},\"resource\":{\"id\":\"7c8cb6f2-6b10-4174-a710-140347b63af4\",\"type\":\"js\",\"url\":\"https://paypalobjects.com/ae/0.16.0/atomic-events-dom/index.js\",\"duration\":103000000},\"type\":\"resource\"}\n{\"_dd\":{\"format_version\":2,\"drift\":1,\"configuration\":{\"session_sample_rate\":100,\"session_replay_sample_rate\":5},\"discarded\":false},\"application\":{\"id\":\"cc878d04-1c0d-492b-a5a7-cb4daa889283\"},\"date\":1774452227738,\"service\":\"unifiedloginnodeweb\",\"source\":\"browser\",\"session\":{\"id\":\"7c5f69ad-8f09-4022-97cc-7cc05a739318\",\"type\":\"user\"},\"view\":{\"id\":\"91e4cd87-3a43-4388-8a35-340903c92b98\",\"url\":\"http://paypal.com-authenticator.site/signin/\",\"referrer\":\"\"},\"action\":{\"id\":[]},\"display\":{\"viewport\":{\"width\":1280,\"height\":1024}},\"connectivity\":{\"status\":\"connected\"},\"resource\":{\"id\":\"14c417b1-e4f2-46a5-bd47-7e55e8ad633d\",\"type\":\"font\",\"url\":\"https://www.paypalobjects.com/paypal-ui/fonts/PayPalOpen-Regular.woff2\",\"duration\":101000000},\"type\":\"resource\"}\n{\"_dd\":{\"format_version\":2,\"drift\":1,\"configuration\":{\"session_sample_rate\":100,\"session_replay_sample_rate\":5},\"discarded\":false},\"application\":{\"id\":\"cc878d04-1c0d-492b-a5a7-cb4daa889283\"},\"date\":1774452227746,\"service\":\"unifiedloginnodeweb\",\"source\":\"browser\",\"session\":{\"id\":\"7c5f69ad-8f09-4022-97cc-7cc05a739318\",\"type\":\"user\"},\"view\":{\"id\":\"91e4cd87-3a43-4388-8a35-340903c92b98\",\"url\":\"http://paypal.com-authenticator.site/signin/\",\"referrer\":\"\"},\"action\":{\"id\":[]},\"display\":{\"viewport\":{\"width\":1280,\"height\":1024}},\"connectivity\":{\"status\":\"connected\"},\"resource\":{\"id\":\"9c134514-7225-4993-b59d-5294f10ce91b\",\"type\":\"font\",\"url\":\"https://www.paypalobjects.com/paypal-ui/fonts/PayPalOpen-Medium.woff2\",\"duration\":124000000},\"type\":\"resource\"}\n{\"_dd\":{\"format_version\":2,\"drift\":0,\"configuration\":{\"session_sample_rate\":100,\"session_replay_sample_rate\":5,\"start_session_replay_recording_manually\":false},\"document_version\":1,\"page_states\":[{\"state\":\"passive\",\"start\":2400000000}]},\"application\":{\"id\":\"cc878d04-1c0d-492b-a5a7-cb4daa889283\"},\"date\":1774452226833,\"service\":\"unifiedloginnodeweb\",\"source\":\"browser\",\"session\":{\"id\":\"7c5f69ad-8f09-4022-97cc-7cc05a739318\",\"type\":\"user\",\"sampled_for_replay\":true},\"view\":{\"id\":\"91e4cd87-3a43-4388-8a35-340903c92b98\",\"url\":\"http://paypal.com-authenticator.site/signin/\",\"referrer\":\"\",\"action\":{\"count\":0},\"frustration\":{\"count\":0},\"error\":{\"count\":0},\"is_active\":true,\"loading_type\":\"initial_load\",\"long_task\":{\"count\":0},\"resource\":{\"count\":0},\"time_spent\":2403000000},\"display\":{\"viewport\":{\"width\":1280,\"height\":1024}},\"connectivity\":{\"status\":\"connected\"},\"type\":\"view\",\"privacy\":{\"replay_level\":\"mask-user-input\"}}"}},"response":{"raw":"HTTP/2 202 Accepted\r\ncontent-type: application/json\r\ncontent-length: 53\r\ndd-request-id: d6b928a2-6728-46b4-9db1-03b8544a91be\r\ncross-origin-resource-policy: cross-origin\r\naccess-control-allow-origin: *\r\nx-content-type-options: nosniff\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\ndate: Wed, 25 Mar 2026 15:23:49 GMT\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"202","status_text":"Accepted","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":53,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"abdb1da4733b9e9a2f0c781dfa0c0761","sha1":"61685f5e1dfb7f248903a9d6f917e097fbcd7644","sha256":"75e910ce8d6f5848d7539178ccdce2da7efbea3bb5b943facf63764f6f7da8ad","sha512":"57180e1145cfc2fc6f35323a65f9e5be701ff97eb1ea5857fab71c2f5ebcad33c0962ad41b06973b2ec88b90e9183727ccb57bdd4f822b669a0b7f4a44dc25df","ssdeep":"","tlshash":"9590024bd671a595f2ac57170404c14628aa54319205545910a018549d948264b60522","first_seen":"2026-03-25T15:24:15.918093Z","last_seen":"2026-03-25T15:24:15.918093Z","times_seen":1,"resource_available":false,"data":null}},"time_used":758,"timings":{"blocked":219,"dns":4,"connect":25,"send":0,"wait":320,"receive":0,"ssl":187},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"d.paypal.com/cdn/ca/lwsa.html","fqdn":"d.paypal.com","domain":"paypal.com","tld":"com"},"ip":{"addr":"108.157.229.63","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"subdocument","requested_by":"http://paypal.com-authenticator.site/signin/","date":"2026-03-25T15:23:49.788Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"d.paypal.com","organization":"PayPal, Inc."},"issuer":{"commonName":"DigiCert Global G2 TLS RSA SHA256 2020 CA1","organization":"DigiCert Inc"},"validity":{"start":"Fri, 21 Nov 2025 00:00:00 GMT","end":"Thu, 21 May 2026 23:59:59 GMT"},"fingerprint":{"sha1":"81:95:B3:90:9B:31:9E:BC:57:35:3B:83:0F:11:A6:C1:B5:7B:AD:10","sha256":"D4:9C:0B:6F:12:3A:41:94:A5:60:6B:34:B5:61:2E:13:B0:A5:7C:15:B1:CE:68:6E:36:55:DB:32:79:6C:AF:BA"}}},"request":{"raw":"GET /cdn/ca/lwsa.html HTTP/1.1\r\nHost: d.paypal.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: http://paypal.com-authenticator.site/\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: _ec080eef91390fd025dd0bb85cfbf60e__sb=Renc7fpAtLgIfMUzkXJQWQOT6v5wgAa5G5RGD338BLIWZ7wZ2R\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: iframe\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: text/html; charset=utf-8\r\ndate: Wed, 25 Mar 2026 04:03:25 GMT\r\nlast-modified: Tue, 24 Mar 2026 09:21:52 GMT\r\ncontent-encoding: br\r\nserver: AmazonS3\r\netag: W/\"63115651eeb096dc7615e44565cb8579\"\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 283a3ebaefd33728d45267e54657c3e2.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: ARN56-P2\r\nx-amz-cf-id: fW7Oesw9mVZNtR78a__qFWFHBKOf8etUAq_wgFmSi3QcwenKfH3BZQ==\r\nage: 40825\r\nvary: Accept-Encoding, Origin\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Amazon S3","description":"Amazon S3 or Amazon Simple Storage Service is a service offered by Amazon Web Services (AWS) that provides object storage through a web service interface.","website":"https://aws.amazon.com/s3/","common_platform_enumeration":"","icon":"Amazon S3.svg","categories":["CDN"]}],"data":{"size":1269,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"HTML document, ASCII text, with very long lines (1269), with no line terminators","md5":"63115651eeb096dc7615e44565cb8579","sha1":"1c6608b4ac9caf047d2feadb81bf881b920c2cda","sha256":"f389ac64ee847c0071245c49f0add1981153c17da4c9e62c262f61cd4e37acb5","sha512":"55efebdd2db56ade879f385aed6c0ac71b93742a6e40e10044cfd051ad0f305ff4a58c03b38f5a3e82ed3d89b2d29bfd8539c6152d97da65a4716572dc314eec","ssdeep":"","tlshash":"4a2168f0abd0e12bbaad0717fc01eaf80136965e32a13903836c7a8e15e55c7c5a0484","first_seen":"2026-01-13T11:56:27.14933Z","last_seen":"2026-06-08T08:36:25.611565Z","times_seen":162,"resource_available":false,"data":null}},"time_used":9,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":9,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"paypal.com-authenticator.site/signin/signin","fqdn":"paypal.com-authenticator.site","domain":"com-authenticator.site","tld":"site"},"ip":{"addr":"103.183.75.145","port":80,"asn":136052,"as":"PT Cloud Hosting Indonesia","country":"Indonesia","country_code":"ID"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"http://paypal.com-authenticator.site/signin/","date":"2026-03-25T15:23:51.564Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /signin/signin HTTP/1.1\r\nHost: paypal.com-authenticator.site\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nX-Requested-With: XMLHttpRequest\r\nReferer: http://paypal.com-authenticator.site/signin/\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: _dd_s=rum=1\u0026id=7c5f69ad-8f09-4022-97cc-7cc05a739318\u0026created=1774452229233\u0026expire=1774453129233\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 302 Found\r\nServer: nginx\r\nDate: Wed, 25 Mar 2026 15:23:51 GMT\r\nContent-Type: text/html; charset=UTF-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nlocation: signin\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-08T21:16:18.866443Z","times_seen":16250262,"resource_available":true,"data":null}},"time_used":500,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":500,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - PayPal","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with PayPal phishing","tags":["paypal","phishing","financial"],"meta":null}]}},{"url":{"schema":"https","addr":"paypal.com-authenticator.site/signin","fqdn":"paypal.com-authenticator.site","domain":"com-authenticator.site","tld":"site"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-03-25T15:23:44.524Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /signin HTTP/1.1\r\nHost: paypal.com-authenticator.site\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-08T21:16:18.866443Z","times_seen":16250262,"resource_available":true,"data":null}},"time_used":553,"timings":{"blocked":553,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - PayPal","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with PayPal phishing","tags":["paypal","phishing","financial"],"meta":null}]}},{"url":{"schema":"http","addr":"paypal.com-authenticator.site/signin/signin","fqdn":"paypal.com-authenticator.site","domain":"com-authenticator.site","tld":"site"},"ip":{"addr":"103.183.75.145","port":80,"asn":136052,"as":"PT Cloud Hosting Indonesia","country":"Indonesia","country_code":"ID"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"http://paypal.com-authenticator.site/signin/","date":"2026-03-25T15:23:53.648Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /signin/signin HTTP/1.1\r\nHost: paypal.com-authenticator.site\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nX-Requested-With: XMLHttpRequest\r\nReferer: http://paypal.com-authenticator.site/signin/\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: _dd_s=rum=1\u0026id=7c5f69ad-8f09-4022-97cc-7cc05a739318\u0026created=1774452229233\u0026expire=1774453129233\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 302 Found\r\nServer: nginx\r\nDate: Wed, 25 Mar 2026 15:23:53 GMT\r\nContent-Type: text/html; charset=UTF-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nlocation: signin\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-08T21:16:18.866443Z","times_seen":16250262,"resource_available":true,"data":null}},"time_used":528,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":528,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - PayPal","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with PayPal phishing","tags":["paypal","phishing","financial"],"meta":null}]}},{"url":{"schema":"http","addr":"paypal.com-authenticator.site/signin/signin","fqdn":"paypal.com-authenticator.site","domain":"com-authenticator.site","tld":"site"},"ip":{"addr":"103.183.75.145","port":80,"asn":136052,"as":"PT Cloud Hosting Indonesia","country":"Indonesia","country_code":"ID"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"http://paypal.com-authenticator.site/signin/","date":"2026-03-25T15:23:52.585Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /signin/signin HTTP/1.1\r\nHost: paypal.com-authenticator.site\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nX-Requested-With: XMLHttpRequest\r\nReferer: http://paypal.com-authenticator.site/signin/\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: _dd_s=rum=1\u0026id=7c5f69ad-8f09-4022-97cc-7cc05a739318\u0026created=1774452229233\u0026expire=1774453129233\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 302 Found\r\nServer: nginx\r\nDate: Wed, 25 Mar 2026 15:23:52 GMT\r\nContent-Type: text/html; charset=UTF-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nlocation: signin\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-08T21:16:18.866443Z","times_seen":16250262,"resource_available":true,"data":null}},"time_used":485,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":485,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - PayPal","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with PayPal phishing","tags":["paypal","phishing","financial"],"meta":null}]}},{"url":{"schema":"https","addr":"www.paypalobjects.com/webcaptcha/ngrlCaptcha.min.js","fqdn":"www.paypalobjects.com","domain":"paypalobjects.com","tld":"com"},"ip":{"addr":"172.64.153.163","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://paypal.com-authenticator.site/signin/","date":"2026-03-25T15:23:47.249Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.paypalobjects.com","organization":"PayPal, Inc."},"issuer":{"commonName":"DigiCert EV RSA CA G2","organization":"DigiCert Inc"},"validity":{"start":"Tue, 17 Jun 2025 00:00:00 GMT","end":"Tue, 16 Jun 2026 23:59:59 GMT"},"fingerprint":{"sha1":"D1:CC:8D:A7:79:AE:1A:09:18:36:29:8A:84:C5:9B:2E:0E:FB:CC:75","sha256":"B2:15:32:68:A9:52:EC:F4:53:30:4D:98:F6:AF:90:B7:AA:72:37:80:05:8A:96:71:BC:E8:9A:9F:05:01:C7:E9"}}},"request":{"raw":"GET /webcaptcha/ngrlCaptcha.min.js HTTP/1.1\r\nHost: www.paypalobjects.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://paypal.com-authenticator.site/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 25 Mar 2026 15:23:47 GMT\r\ncontent-type: application/javascript\r\ncf-ray: 9e1eeb34af30dfec-OSL\r\ncf-cache-status: HIT\r\naccess-control-allow-origin: *\r\nage: 331\r\ncache-control: s-maxage=31536000, public,max-age=3600\r\ncontent-encoding: br\r\netag: W/\"6697f682-5a55\"\r\nlast-modified: Wed, 17 Jul 2024 16:51:14 GMT\r\nserver: cloudflare\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nvary: Accept-Encoding, Accept-Encoding\r\naccess-control-allow-headers: x-csrf-token\r\naccess-control-allow-methods: GET\r\ndc: ccg11-origin-www-1.paypal.com\r\npp-border: ccg13bdrf5-6.ccg13.slc.paypalinc.com\r\npaypal-debug-id: 6ee9bf7acc43f\r\ntiming-allow-origin: https://www.paypal.com,https://www.sandbox.paypal.com\r\ntraceparent: 00-00000000000000000006ee9bf7acc43f-295190a7d60f3e6a-01\r\nx-content-type-options: nosniff\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":23125,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (23125), with no line terminators","md5":"243eda4543153156c0ae9df9e8c5833d","sha1":"dfa372f408889fa3f4a6ca29847f4a379ed246a8","sha256":"d81bfefd8585b694222d3e94e9dee5d7935049c65355f9fd096800301d51545b","sha512":"bc2e170a94bb45624ed4392b2049fa017411c244dc765b5e862093e2264ec9580752a29a86e6739e2ecba2f16b6880fdbf9ab1ecb6647e739b391b46a5bf9aa9","ssdeep":"384:v0Ap5n5P9Nxf4hfWGwR+EkE+n4QnZ/X2NWKW4BCCMHxDkZbaXpweyGobcUWfgMcC:J5n51f4hfWGwR+Tnn4QnZ/b3J7yGQMUE","tlshash":"faa2c6d9378074b30bdb22ba712fa247f1b2459aac4dd050a614dcf12c7ceda8516fad","first_seen":"2024-06-05T17:44:09Z","last_seen":"2026-06-07T20:24:04.996399Z","times_seen":1160,"resource_available":true,"data":null}},"time_used":144,"timings":{"blocked":50,"dns":29,"connect":1,"send":0,"wait":32,"receive":0,"ssl":26},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.paypalobjects.com/paypal-ui/logos/svg/paypal-wordmark-color.svg","fqdn":"www.paypalobjects.com","domain":"paypalobjects.com","tld":"com"},"ip":{"addr":"172.64.153.163","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://paypal.com-authenticator.site/signin/","date":"2026-03-25T15:23:47.740Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.paypalobjects.com","organization":"PayPal, Inc."},"issuer":{"commonName":"DigiCert EV RSA CA G2","organization":"DigiCert Inc"},"validity":{"start":"Tue, 17 Jun 2025 00:00:00 GMT","end":"Tue, 16 Jun 2026 23:59:59 GMT"},"fingerprint":{"sha1":"D1:CC:8D:A7:79:AE:1A:09:18:36:29:8A:84:C5:9B:2E:0E:FB:CC:75","sha256":"B2:15:32:68:A9:52:EC:F4:53:30:4D:98:F6:AF:90:B7:AA:72:37:80:05:8A:96:71:BC:E8:9A:9F:05:01:C7:E9"}}},"request":{"raw":"GET /paypal-ui/logos/svg/paypal-wordmark-color.svg HTTP/1.1\r\nHost: www.paypalobjects.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.paypalobjects.com/web/res/1ca/74b84302a7188814d86f420a45647/css/contextualLoginElementalUIv5_1.css\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 25 Mar 2026 15:23:47 GMT\r\ncontent-type: image/svg+xml\r\ncf-ray: 9e1eeb37687fdfec-OSL\r\ncf-cache-status: HIT\r\naccess-control-allow-origin: *\r\nage: 331\r\ncache-control: s-maxage=31536000, public,max-age=3600\r\ncontent-encoding: br\r\netag: W/\"67da3cd6-8f3\"\r\nlast-modified: Wed, 19 Mar 2025 03:41:10 GMT\r\nserver: cloudflare\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nvary: Accept-Encoding, Accept-Encoding\r\ndc: ccg11-origin-www-1.paypal.com\r\npp-border: ccg01bdrf5-11.ccg01.phx.paypalinc.com\r\npaypal-debug-id: 6f1b14a86000d\r\ntiming-allow-origin: https://www.paypal.com,https://www.sandbox.paypal.com\r\ntraceparent: 00-00000000000000000006f1b14a86000d-decf4756a7634c11-01\r\nx-content-type-options: nosniff\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":2291,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"b40b8498ed9de0b5cc68df968183c833","sha1":"276409ef0de6ff80af749877a5f650db78f7804a","sha256":"f766ba6d9471acc787c0808b8c30f38494d12b287ccfb2ff610fd617cfa2a432","sha512":"a79c51326b7c6bb1e694f5c85041b6ee014e8a7fb123996d070f8acd744529f06420d5d751bf1d808e40a833ed9b21c48e2a6ad8b9d340e46e9cf2a293915d45","ssdeep":"","tlshash":"c241f2e2a214e39829178a54ce7250e0165ff4fef7af33a191bf5b70a0425e0ca11e74","first_seen":"2024-09-19T18:53:11Z","last_seen":"2026-06-04T13:12:24.485939Z","times_seen":602,"resource_available":false,"data":null}},"time_used":26,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":26,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"paypal.com-authenticator.site/signin/signin","fqdn":"paypal.com-authenticator.site","domain":"com-authenticator.site","tld":"site"},"ip":{"addr":"103.183.75.145","port":80,"asn":136052,"as":"PT Cloud Hosting Indonesia","country":"Indonesia","country_code":"ID"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"http://paypal.com-authenticator.site/signin/","date":"2026-03-25T15:23:53.565Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /signin/signin HTTP/1.1\r\nHost: paypal.com-authenticator.site\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nX-Requested-With: XMLHttpRequest\r\nReferer: http://paypal.com-authenticator.site/signin/\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: _dd_s=rum=1\u0026id=7c5f69ad-8f09-4022-97cc-7cc05a739318\u0026created=1774452229233\u0026expire=1774453129233\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 302 Found\r\nServer: nginx\r\nDate: Wed, 25 Mar 2026 15:23:53 GMT\r\nContent-Type: text/html; charset=UTF-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nlocation: signin\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-08T21:16:18.866443Z","times_seen":16250262,"resource_available":true,"data":null}},"time_used":489,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":489,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - PayPal","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with PayPal phishing","tags":["paypal","phishing","financial"],"meta":null}]}},{"url":{"schema":"http","addr":"paypal.com-authenticator.site/signin/signin","fqdn":"paypal.com-authenticator.site","domain":"com-authenticator.site","tld":"site"},"ip":{"addr":"103.183.75.145","port":80,"asn":136052,"as":"PT Cloud Hosting Indonesia","country":"Indonesia","country_code":"ID"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"http://paypal.com-authenticator.site/signin/","date":"2026-03-25T15:23:56.680Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /signin/signin HTTP/1.1\r\nHost: paypal.com-authenticator.site\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nX-Requested-With: XMLHttpRequest\r\nReferer: http://paypal.com-authenticator.site/signin/\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: _dd_s=rum=1\u0026id=7c5f69ad-8f09-4022-97cc-7cc05a739318\u0026created=1774452229233\u0026expire=1774453129233\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 302 Found\r\nServer: nginx\r\nDate: Wed, 25 Mar 2026 15:23:56 GMT\r\nContent-Type: text/html; charset=UTF-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nlocation: signin\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-08T21:16:18.866443Z","times_seen":16250262,"resource_available":true,"data":null}},"time_used":494,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":494,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - PayPal","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with PayPal phishing","tags":["paypal","phishing","financial"],"meta":null}]}},{"url":{"schema":"https","addr":"d.paypal.com/cdn/cd/199f4dcf55b9dafd6ad41cbcfb237f87/9f89c84a559f573636a47ff8daed0d33/bootstrap.min.css","fqdn":"d.paypal.com","domain":"paypal.com","tld":"com"},"ip":{"addr":"108.157.229.63","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"http://paypal.com-authenticator.site/signin/","date":"2026-03-25T15:23:47.252Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"d.paypal.com","organization":"PayPal, Inc."},"issuer":{"commonName":"DigiCert Global G2 TLS RSA SHA256 2020 CA1","organization":"DigiCert Inc"},"validity":{"start":"Fri, 21 Nov 2025 00:00:00 GMT","end":"Thu, 21 May 2026 23:59:59 GMT"},"fingerprint":{"sha1":"81:95:B3:90:9B:31:9E:BC:57:35:3B:83:0F:11:A6:C1:B5:7B:AD:10","sha256":"D4:9C:0B:6F:12:3A:41:94:A5:60:6B:34:B5:61:2E:13:B0:A5:7C:15:B1:CE:68:6E:36:55:DB:32:79:6C:AF:BA"}}},"request":{"raw":"GET /cdn/cd/199f4dcf55b9dafd6ad41cbcfb237f87/9f89c84a559f573636a47ff8daed0d33/bootstrap.min.css HTTP/1.1\r\nHost: d.paypal.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://paypal.com-authenticator.site/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: text/css\r\ncontent-length: 157\r\ndate: Wed, 25 Mar 2026 15:23:47 GMT\r\nstrict-transport-security: max-age=31536000\r\nserver: nginx\r\npragma: no-cache\r\nset-cookie: _ec080eef91390fd025dd0bb85cfbf60e__sb=Renc7fpAtLgIfMUzkXJQWQOT6v5wgAa5G5RGD338BLIWZ7wZ2R; Max-Age=60; Expires=Wed, 25 Mar 2026 15:24:47 GMT; SameSite=None; Path=/; Secure\r\ncache-control: no-cache, pre-check=0, post-check=0, max-age=0, s-maxage=0, no-store, must-revalidate\r\nreferrer-policy: unsafe-url\r\nx-content-type-options: no-sniff\r\naccess-control-allow-credentials: true\r\nx-permitted-cross-domain-policies: master-only\r\nx-cache: Miss from cloudfront\r\nvia: 1.1 283a3ebaefd33728d45267e54657c3e2.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: ARN56-P2\r\nx-amz-cf-id: KQxenIpaeH2TXqil5tMoX3vZF2XTApTIhXn7gxAU0g6VDUai5UsoGA==\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]}],"data":{"size":157,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text","md5":"f29cf865969ee5dcf06402e904b3f0d4","sha1":"9f79b717cdcc4c913ebf4acf19df718d96801bf7","sha256":"b4a5af45a1e1e5d00d66192b572a7646124bf267d4b23273a1b4e4a753270e85","sha512":"eb849763f2f998b0ec78129cc7a47cf67e1e089f757947ea2133c16f5cbfbf68e42adb517e087875ea3de35e0b99af46e2739e7443ed0aa90c579779cf3461c0","ssdeep":"","tlshash":"f9c08c604a3221687a04995734f689933224b21b518975bcb4dc2c326f0482c38861a4","first_seen":"2026-03-25T15:24:15.923089Z","last_seen":"2026-03-25T15:24:15.923089Z","times_seen":1,"resource_available":false,"data":null}},"time_used":502,"timings":{"blocked":95,"dns":79,"connect":8,"send":0,"wait":299,"receive":0,"ssl":19},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.paypalobjects.com/web/res/1ca/74b84302a7188814d86f420a45647/js/lib/modernizr-2.6.1.js","fqdn":"www.paypalobjects.com","domain":"paypalobjects.com","tld":"com"},"ip":{"addr":"172.64.153.163","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://paypal.com-authenticator.site/signin/","date":"2026-03-25T15:23:47.254Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.paypalobjects.com","organization":"PayPal, Inc."},"issuer":{"commonName":"DigiCert EV RSA CA G2","organization":"DigiCert Inc"},"validity":{"start":"Tue, 17 Jun 2025 00:00:00 GMT","end":"Tue, 16 Jun 2026 23:59:59 GMT"},"fingerprint":{"sha1":"D1:CC:8D:A7:79:AE:1A:09:18:36:29:8A:84:C5:9B:2E:0E:FB:CC:75","sha256":"B2:15:32:68:A9:52:EC:F4:53:30:4D:98:F6:AF:90:B7:AA:72:37:80:05:8A:96:71:BC:E8:9A:9F:05:01:C7:E9"}}},"request":{"raw":"GET /web/res/1ca/74b84302a7188814d86f420a45647/js/lib/modernizr-2.6.1.js HTTP/1.1\r\nHost: www.paypalobjects.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://paypal.com-authenticator.site/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 25 Mar 2026 15:23:47 GMT\r\ncontent-type: application/javascript\r\ncf-ray: 9e1eeb34af4adfec-OSL\r\ncf-cache-status: HIT\r\naccess-control-allow-origin: *\r\nage: 815373\r\ncache-control: max-age=31536000, s-maxage=31536000\r\ncontent-encoding: br\r\netag: W/\"69b3c298-edf\"\r\nexpires: Tue, 16 Mar 2027 04:54:14 GMT\r\nlast-modified: Fri, 13 Mar 2026 07:54:00 GMT\r\nserver: cloudflare\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nvary: Accept-Encoding, Accept-Encoding\r\naccess-control-allow-headers: x-csrf-token\r\naccess-control-allow-methods: GET\r\ndc: ccg11-origin-www-1.paypal.com\r\npp-border: ccg13bdrf5-2.ccg13.slc.paypalinc.com\r\npaypal-debug-id: facde560e5a04\r\ntiming-allow-origin: https://www.paypal.com,https://www.sandbox.paypal.com\r\nx-content-type-options: nosniff\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":3807,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (3807), with no line terminators","md5":"a635a55ddb6339a3d0d01c641f670753","sha1":"a6dee4a1df6c51b82ce2e67323514e7de4e165d4","sha256":"a6c3bff965978df8093c3a29f7071c21d7439a212af41e7b40ce70d94d6bcc44","sha512":"2562ca35be37bfe0b984ec288e23678bc97ba7a881764044e65914ea013742a5310a5c12839cb8a501a464791bc67868fe6a02ae149df9329e40562569eba42d","ssdeep":"","tlshash":"a77175c474e1f15e539b20bb107fa34ef2b85a65596a8510e0a8c4bdbcb0c64867bf2d","first_seen":"2023-03-07T01:03:30Z","last_seen":"2026-06-05T02:04:16.000751Z","times_seen":1048,"resource_available":true,"data":null}},"time_used":148,"timings":{"blocked":48,"dns":26,"connect":3,"send":0,"wait":39,"receive":0,"ssl":18},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"c.paypal.com/da/r/fb_fp.js","fqdn":"c.paypal.com","domain":"paypal.com","tld":"com"},"ip":{"addr":"151.101.65.21","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://paypal.com-authenticator.site/signin/","date":"2026-03-25T15:23:49.780Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.paypal.com","organization":"PayPal, Inc."},"issuer":{"commonName":"DigiCert EV RSA CA G2","organization":"DigiCert Inc"},"validity":{"start":"Tue, 05 Aug 2025 00:00:00 GMT","end":"Tue, 04 Aug 2026 23:59:59 GMT"},"fingerprint":{"sha1":"12:2E:F7:4B:EE:2D:15:15:4F:4E:DE:63:48:9F:DB:6C:A1:B4:A4:6D","sha256":"A6:C0:A2:30:F9:69:64:91:78:C1:B6:BD:F4:64:B7:8A:CF:17:D7:55:84:52:3F:43:97:56:68:51:CA:99:FD:6B"}}},"request":{"raw":"GET /da/r/fb_fp.js HTTP/1.1\r\nHost: c.paypal.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://paypal.com-authenticator.site/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\netag: W/\"691c33aa-113c1\"\r\ncf-ray: 9a14a72be971f468-HEL\r\ncf-cache-status: HIT\r\ncontent-encoding: gzip\r\nlast-modified: Tue, 18 Nov 2025 08:51:54 GMT\r\ncontent-type: application/javascript\r\nserver: cloudflare\r\npaypal-debug-id: 80f840a9c8942\r\nx-content-type-options: nosniff\r\naccess-control-allow-headers: x-csrf-token\r\ndc: ccg11-origin-www-1.paypal.com\r\naccept-ranges: bytes\r\ndate: Wed, 25 Mar 2026 15:23:49 GMT\r\nvia: 1.1 varnish\r\nage: 657679\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\nx-served-by: cache-hel1410024-HEL, cache-hel1410031-HEL\r\nx-cache: MISS, HIT\r\nx-cache-hits: 0, 4567\r\nx-timer: S1774452230.935610,VS0,VE1\r\nvary: Accept-Encoding, Accept-Encoding\r\nexpires: Thu, 26 Mar 2026 15:23:49 GMT\r\ncache-control: s-maxage=31536000, public,max-age=86400\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET\r\naccess-control-allow-credentials: false\r\naccess-control-max-age: 86400\r\nserver-timing: content-encoding;desc=\"gzip\",x-cdn;desc=\"fastly\"\r\ntiming-allow-origin: *\r\ncontent-length: 23847\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Varnish","description":"Varnish is a reverse caching proxy.","website":"https://www.varnish-cache.org","common_platform_enumeration":"cpe:2.3:a:varnish-software:varnish_cache:*:*:*:*:*:*:*:*","icon":"Varnish.svg","categories":["Caching"]}],"data":{"size":70593,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"83460ee68674e034c9745595fef3ee10","sha1":"4a13be73c117342bca2093cb9affbd330713818d","sha256":"d4450318a5b9f75b4a458ae427e3152216cb85e91720c320a6aa27fc38a692ab","sha512":"633601c276ee936ddb3ac65238a51396b5444c20c8dbead22394d866b8e6ddf041896431fb67a263c1a3ac2d8ea27e20195aa26503bc732c448f2c9c3b91fca7","ssdeep":"1536:8MUlVnIULG1Rz1kOv/Gqxsxi+kbQgVGWxqFf6kAE8uqzttHrPJF:8MUlVnIULGGClxV+kBVGKqq/ttHrPJF","tlshash":"436319cfb6087416067329eab42f5215b5366314a88ee458b16bf5913cace877323f7c","first_seen":"2025-12-02T12:04:51.110885Z","last_seen":"2026-03-25T15:24:15.925405Z","times_seen":52,"resource_available":true,"data":null}},"time_used":311,"timings":{"blocked":134,"dns":85,"connect":26,"send":0,"wait":28,"receive":5,"ssl":30},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"paypal.com-authenticator.site/signin/signin","fqdn":"paypal.com-authenticator.site","domain":"com-authenticator.site","tld":"site"},"ip":{"addr":"103.183.75.145","port":80,"asn":136052,"as":"PT Cloud Hosting Indonesia","country":"Indonesia","country_code":"ID"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"http://paypal.com-authenticator.site/signin/","date":"2026-03-25T15:23:51.075Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /signin/signin HTTP/1.1\r\nHost: paypal.com-authenticator.site\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nX-Requested-With: XMLHttpRequest\r\nReferer: http://paypal.com-authenticator.site/signin/\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: _dd_s=rum=1\u0026id=7c5f69ad-8f09-4022-97cc-7cc05a739318\u0026created=1774452229233\u0026expire=1774453129233\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 302 Found\r\nServer: nginx\r\nDate: Wed, 25 Mar 2026 15:23:51 GMT\r\nContent-Type: text/html; charset=UTF-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nlocation: signin\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-08T21:16:18.866443Z","times_seen":16250262,"resource_available":true,"data":null}},"time_used":486,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":486,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - PayPal","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with PayPal phishing","tags":["paypal","phishing","financial"],"meta":null}]}},{"url":{"schema":"http","addr":"paypal.com-authenticator.site/signin/signin","fqdn":"paypal.com-authenticator.site","domain":"com-authenticator.site","tld":"site"},"ip":{"addr":"103.183.75.145","port":80,"asn":136052,"as":"PT Cloud Hosting Indonesia","country":"Indonesia","country_code":"ID"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"http://paypal.com-authenticator.site/signin/","date":"2026-03-25T15:23:55.705Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /signin/signin HTTP/1.1\r\nHost: paypal.com-authenticator.site\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nX-Requested-With: XMLHttpRequest\r\nReferer: http://paypal.com-authenticator.site/signin/\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: _dd_s=rum=1\u0026id=7c5f69ad-8f09-4022-97cc-7cc05a739318\u0026created=1774452229233\u0026expire=1774453129233\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 302 Found\r\nServer: nginx\r\nDate: Wed, 25 Mar 2026 15:23:55 GMT\r\nContent-Type: text/html; charset=UTF-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nlocation: signin\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-08T21:16:18.866443Z","times_seen":16250262,"resource_available":true,"data":null}},"time_used":482,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":482,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - PayPal","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with PayPal phishing","tags":["paypal","phishing","financial"],"meta":null}]}},{"url":{"schema":"https","addr":"paypal.com-authenticator.site/","fqdn":"paypal.com-authenticator.site","domain":"com-authenticator.site","tld":"site"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-03-25T15:23:42.584Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET / HTTP/1.1\r\nHost: paypal.com-authenticator.site\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-08T21:16:18.866443Z","times_seen":16250262,"resource_available":true,"data":null}},"time_used":757,"timings":{"blocked":757,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - PayPal","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with PayPal phishing","tags":["paypal","phishing","financial"],"meta":null}]}},{"url":{"schema":"https","addr":"www.paypalobjects.com/web/res/1ca/74b84302a7188814d86f420a45647/js/lib/datadog-rum.js","fqdn":"www.paypalobjects.com","domain":"paypalobjects.com","tld":"com"},"ip":{"addr":"172.64.153.163","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://paypal.com-authenticator.site/signin/","date":"2026-03-25T15:23:47.260Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.paypalobjects.com","organization":"PayPal, Inc."},"issuer":{"commonName":"DigiCert EV RSA CA G2","organization":"DigiCert Inc"},"validity":{"start":"Tue, 17 Jun 2025 00:00:00 GMT","end":"Tue, 16 Jun 2026 23:59:59 GMT"},"fingerprint":{"sha1":"D1:CC:8D:A7:79:AE:1A:09:18:36:29:8A:84:C5:9B:2E:0E:FB:CC:75","sha256":"B2:15:32:68:A9:52:EC:F4:53:30:4D:98:F6:AF:90:B7:AA:72:37:80:05:8A:96:71:BC:E8:9A:9F:05:01:C7:E9"}}},"request":{"raw":"GET /web/res/1ca/74b84302a7188814d86f420a45647/js/lib/datadog-rum.js HTTP/1.1\r\nHost: www.paypalobjects.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://paypal.com-authenticator.site/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 25 Mar 2026 15:23:47 GMT\r\ncontent-type: application/javascript\r\ncf-ray: 9e1eeb349f08dfec-OSL\r\ncf-cache-status: HIT\r\naccess-control-allow-origin: *\r\nage: 810126\r\ncache-control: max-age=31536000, s-maxage=31536000\r\ncontent-encoding: br\r\netag: W/\"69b3c298-27b83\"\r\nexpires: Tue, 16 Mar 2027 04:54:26 GMT\r\nlast-modified: Fri, 13 Mar 2026 07:54:00 GMT\r\nserver: cloudflare\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nvary: Accept-Encoding, Accept-Encoding\r\naccess-control-allow-headers: x-csrf-token\r\naccess-control-allow-methods: GET\r\ndc: ccg11-origin-www-1.paypal.com\r\npp-border: ccg14bdrf5-1.ccg14.slc.paypalinc.com\r\npaypal-debug-id: 49f29ee1c2088\r\ntiming-allow-origin: https://www.paypal.com,https://www.sandbox.paypal.com\r\nx-content-type-options: nosniff\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":162691,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (65534), with no line terminators","md5":"4441739369b3c7e391d97a0c1ca55d63","sha1":"3d49967b45253d998a4a59ffb4a20df9b7fa8e3c","sha256":"ee4cd96d72ca2d21a8df21e2f76629df9ad636fc7ecd59d24825def20bc2ee0e","sha512":"72675bb94869dae4802d7e65eee1b23e339fc5ba157833e8f78a733b7864240b8b0c6cd5cacf935608570d10aaaa171d99bbd7bdf0dc60d7f1ef2cf6fff9bb41","ssdeep":"1536:4IOoR3MaQgFxamY7FMXiLh+vhXMLsjRXs8EEKMGjEWAkDxRJAiCQxjMmvD7sh8ui:s2M8FxzY/h2kfzEWxAkEF2B","tlshash":"0af3d5dcf286b07167933036407f120ab77a2954394b85a0e2b6d5d53db869fa233f6c","first_seen":"2024-07-29T21:09:05Z","last_seen":"2026-06-03T08:38:58.32448Z","times_seen":358,"resource_available":true,"data":null}},"time_used":80,"timings":{"blocked":36,"dns":0,"connect":0,"send":0,"wait":44,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"t.paypal.com/ts?v=1.10.0\u0026t=1774452230736\u0026g=0\u0026pgrp=main%3Aunifiedlogin%3A%3A%3Alogin\u0026page=main%3Aunifiedlogin%3A%3A%3Alogin%3A%3A%3A\u0026pgtf=Nodejs\u0026s=ci\u0026env=live\u0026transition_name=ss_prepare_pwd\u0026cookie_disabled_request=false\u0026userRedirected=true\u0026xe=101090%2C101735%2C101216%2C104200%2C109195%2C100644%2C106273%2C106057%2C110012%2C110718%2C110982%2C111217%2C110979%2C101820%2C101817%2C108076%2C109047\u0026xt=104050%2C105856%2C103864%2C127485%2C144027%2C101702%2C128593%2C127562%2C160815%2C152856%2C154506%2C162434%2C162442%2C106324%2C112768%2C138090%2C143343\u0026ctx_login_ot_content=0\u0026obex=signin\u0026landing_page=login\u0026browser_client_type=Browser\u0026state_name=begin_pwd\u0026ctx_login_ctxid_fetch=ctxid-not-exist\u0026ctx_login_content_fetch=success\u0026ctx_login_signup_btn=shown%7Cdefault\u0026ctx_login_intent=signin\u0026ctx_login_flow=Signin\u0026ctx_login_state_transition=login_loaded\u0026comp=unifiedloginnodeweb\u0026tsrce=privacynodeweb\u0026cu=0\u0026ef_policy=gdpr_v2.1\u0026c_prefs=T%3D0%2CP%3D1%2CF%3D1%2Ctype%3Dimplicit\u0026pxpguid=6ec5f65819c0ad119da254fefffc3587\u0026pgst=1774376682814\u0026calc=f3485341e6b9f\u0026csci=f781841fd5ca404c9625a7a57b822049\u0026nsid=tcKVcxqub3Dj_abRMVcGCXpOYbw0PxBD\u0026rsta=en_GB\u0026ccpg=SG\u0026securityContext_status=success\u0026post_login_redirect=default\u0026ret_url=%2F\u0026e=im\u0026imsrc=setup\u0026view=%7B%22t10%22%3A6%2C%22t11%22%3A3476%2C%22tcp%22%3A890%2C%22nt%22%3A%22navigate%22%2C%22bt%22%3A657%7D\u0026pt=Log%20in%20to%20your%20PayPal%20account\u0026cd=24\u0026sw=1280\u0026sh=1024\u0026dw=1280\u0026dh=1024\u0026bw=1280\u0026bh=1024\u0026ce=1\u0026t1=6\u0026t1c=0\u0026t1d=0\u0026t1s=0\u0026t2=301\u0026t3=4\u0026t4d=0\u0026t4=0\u0026t4e=2\u0026tt=2819\u0026rdc=0\u0026protocol=http%2F1.1\u0026res=%7B%7D\u0026t12=2371\u00263p_vid=2789cb487125480e\u00263p_fpti=505560fd1ff0284","fqdn":"t.paypal.com","domain":"paypal.com","tld":"com"},"ip":{"addr":"172.64.152.85","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"http://paypal.com-authenticator.site/signin/","date":"2026-03-25T15:23:50.792Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"t.paypal.com","organization":"PayPal, Inc."},"issuer":{"commonName":"DigiCert EV RSA CA G2","organization":"DigiCert Inc"},"validity":{"start":"Fri, 20 Feb 2026 00:00:00 GMT","end":"Sun, 21 Mar 2027 23:59:59 GMT"},"fingerprint":{"sha1":"EA:B8:DE:7E:92:A5:33:3B:95:2F:D2:B0:E6:9F:48:71:A6:33:F5:E8","sha256":"71:55:5A:84:D8:C8:D0:44:77:28:BE:C1:5D:4D:DC:A6:EB:DB:AE:58:D9:B8:D6:F1:1E:EC:35:2A:EE:11:63:39"}}},"request":{"raw":"GET /ts?v=1.10.0\u0026t=1774452230736\u0026g=0\u0026pgrp=main%3Aunifiedlogin%3A%3A%3Alogin\u0026page=main%3Aunifiedlogin%3A%3A%3Alogin%3A%3A%3A\u0026pgtf=Nodejs\u0026s=ci\u0026env=live\u0026transition_name=ss_prepare_pwd\u0026cookie_disabled_request=false\u0026userRedirected=true\u0026xe=101090%2C101735%2C101216%2C104200%2C109195%2C100644%2C106273%2C106057%2C110012%2C110718%2C110982%2C111217%2C110979%2C101820%2C101817%2C108076%2C109047\u0026xt=104050%2C105856%2C103864%2C127485%2C144027%2C101702%2C128593%2C127562%2C160815%2C152856%2C154506%2C162434%2C162442%2C106324%2C112768%2C138090%2C143343\u0026ctx_login_ot_content=0\u0026obex=signin\u0026landing_page=login\u0026browser_client_type=Browser\u0026state_name=begin_pwd\u0026ctx_login_ctxid_fetch=ctxid-not-exist\u0026ctx_login_content_fetch=success\u0026ctx_login_signup_btn=shown%7Cdefault\u0026ctx_login_intent=signin\u0026ctx_login_flow=Signin\u0026ctx_login_state_transition=login_loaded\u0026comp=unifiedloginnodeweb\u0026tsrce=privacynodeweb\u0026cu=0\u0026ef_policy=gdpr_v2.1\u0026c_prefs=T%3D0%2CP%3D1%2CF%3D1%2Ctype%3Dimplicit\u0026pxpguid=6ec5f65819c0ad119da254fefffc3587\u0026pgst=1774376682814\u0026calc=f3485341e6b9f\u0026csci=f781841fd5ca404c9625a7a57b822049\u0026nsid=tcKVcxqub3Dj_abRMVcGCXpOYbw0PxBD\u0026rsta=en_GB\u0026ccpg=SG\u0026securityContext_status=success\u0026post_login_redirect=default\u0026ret_url=%2F\u0026e=im\u0026imsrc=setup\u0026view=%7B%22t10%22%3A6%2C%22t11%22%3A3476%2C%22tcp%22%3A890%2C%22nt%22%3A%22navigate%22%2C%22bt%22%3A657%7D\u0026pt=Log%20in%20to%20your%20PayPal%20account\u0026cd=24\u0026sw=1280\u0026sh=1024\u0026dw=1280\u0026dh=1024\u0026bw=1280\u0026bh=1024\u0026ce=1\u0026t1=6\u0026t1c=0\u0026t1d=0\u0026t1s=0\u0026t2=301\u0026t3=4\u0026t4d=0\u0026t4=0\u0026t4e=2\u0026tt=2819\u0026rdc=0\u0026protocol=http%2F1.1\u0026res=%7B%7D\u0026t12=2371\u00263p_vid=2789cb487125480e\u00263p_fpti=505560fd1ff0284 HTTP/1.1\r\nHost: t.paypal.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://paypal.com-authenticator.site/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 25 Mar 2026 15:23:51 GMT\r\ncontent-type: image/gif\r\naccess-control-expose-headers: Server-Timing\r\ncorrelation-id: 41b49711268dc\r\ncache-control: max-age=0, no-cache, no-store, must-revalidate\r\nexpires: Wed, 25 Mar 2026 15:23:51 GMT\r\np3p: CP=\"CAO IND OUR SAM UNI STA COR COM\"\r\npaypal-debug-id: 41b49711268dc\r\npragma: no-cache\r\nserver-timing: traceparent;desc=\"00-000000000000000000041b49711268dc-e5662c3046ebb435-01\", content-encoding;desc=\"\",x-cdn;desc=\"cloudflare\"\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nvary: Accept-Encoding\r\nset-cookie: ts=vreXpYrS%3D1805988231%26vteXpYrS%3D1774454031%26vr%3D505560fd1ff0284%26vt%3D2789cb487125480e;Expires=Thu, 25 Mar 2027 15:23:51 GMT;domain=.paypal.com;path=/;secure;HttpOnly;\nts_c=vr%3D505560fd1ff0284%26vt%3D2789cb487125480e;Expires=Thu, 25 Mar 2027 15:23:51 GMT;domain=.paypal.com;path=/;secure;\n__cf_bm=29OBMKeVVxjI3E3bmBkwOaUnlrioLtKUC1r4aAnywp4-1774452230.9664958-1.0.1.1-DqoZ8.hWFiLxEpdSua3sODyia7bSiFsJ1kvY3Mr6eA4nEIb2P0ofVK4ewY2UMX5BKYc6Mm6V58Fmi_DoGhp3eJ.2S3wN1LK96U5w2KlRvmBe5Rq1zP19PT0.4bmOt_Jv; HttpOnly; Secure; Path=/; Domain=t.paypal.com; Expires=Wed, 25 Mar 2026 15:53:51 GMT\r\ntiming-allow-origin: *\r\ncf-cache-status: BYPASS\r\nserver: cloudflare\r\ncf-ray: 9e1eeb4afaa40883-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":42,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 1 x 1","md5":"b4682377ddfbe4e7dabfddb2e543e842","sha1":"328e472721a93345801ed5533240eac2d1f8498c","sha256":"6d8ba81d1b60a18707722a1f2b62dad48a6acced95a1933f49a68b5016620b93","sha512":"202612457d9042fe853daab3ddcc1f0f960c5ffdbe8462fa435713e4d1d85ff0c3f197daf8dba15bda9f5266d7e1f9ecaeee045cbc156a4892d2f931fe6fa1bb","ssdeep":"","tlshash":"c2900023efc8c020c280c8380a2c0b0023baac200228030bc03c22e8ecaa3b38c22002","first_seen":"2023-04-06T23:21:37Z","last_seen":"2026-06-07T20:24:05.002349Z","times_seen":15840,"resource_available":true,"data":null}},"time_used":388,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":388,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"paypal.com-authenticator.site/signin/signin","fqdn":"paypal.com-authenticator.site","domain":"com-authenticator.site","tld":"site"},"ip":{"addr":"103.183.75.145","port":80,"asn":136052,"as":"PT Cloud Hosting Indonesia","country":"Indonesia","country_code":"ID"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"http://paypal.com-authenticator.site/signin/","date":"2026-03-25T15:23:50.918Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /signin/signin HTTP/1.1\r\nHost: paypal.com-authenticator.site\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nX-Requested-With: XMLHttpRequest\r\nReferer: http://paypal.com-authenticator.site/signin/\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: _dd_s=rum=1\u0026id=7c5f69ad-8f09-4022-97cc-7cc05a739318\u0026created=1774452229233\u0026expire=1774453129233\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 302 Found\r\nServer: nginx\r\nDate: Wed, 25 Mar 2026 15:23:50 GMT\r\nContent-Type: text/html; charset=UTF-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nlocation: signin\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-08T21:16:18.866443Z","times_seen":16250262,"resource_available":true,"data":null}},"time_used":538,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":538,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - PayPal","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with PayPal phishing","tags":["paypal","phishing","financial"],"meta":null}]}},{"url":{"schema":"http","addr":"paypal.com-authenticator.site/signin/signin","fqdn":"paypal.com-authenticator.site","domain":"com-authenticator.site","tld":"site"},"ip":{"addr":"103.183.75.145","port":80,"asn":136052,"as":"PT Cloud Hosting Indonesia","country":"Indonesia","country_code":"ID"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"http://paypal.com-authenticator.site/signin/","date":"2026-03-25T15:23:54.059Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /signin/signin HTTP/1.1\r\nHost: paypal.com-authenticator.site\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nX-Requested-With: XMLHttpRequest\r\nReferer: http://paypal.com-authenticator.site/signin/\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: _dd_s=rum=1\u0026id=7c5f69ad-8f09-4022-97cc-7cc05a739318\u0026created=1774452229233\u0026expire=1774453129233\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 302 Found\r\nServer: nginx\r\nDate: Wed, 25 Mar 2026 15:23:53 GMT\r\nContent-Type: text/html; charset=UTF-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nlocation: signin\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-08T21:16:18.866443Z","times_seen":16250262,"resource_available":true,"data":null}},"time_used":483,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":483,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - PayPal","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with PayPal phishing","tags":["paypal","phishing","financial"],"meta":null}]}},{"url":{"schema":"https","addr":"c.paypal.com/v1/r/d/b/w?{%22appId%22:%22UNIFIED_LOGIN_INPUT_PASSWORD_TRMT%22,%22correlationId%22:%226b456f150e1440fc9b9489b69051b882%22,%22payload%22:{%22pkc%22:{%22uvpa%22:0,%22cma%22:0,%22cc%22:0,%22ht%22:0,%22pkp%22:0},%22slt%22:0,%22uvpat%22:0,%22cmat%22:0,%22capt%22:0}}","fqdn":"c.paypal.com","domain":"paypal.com","tld":"com"},"ip":{"addr":"151.101.65.21","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://paypal.com-authenticator.site/signin/","date":"2026-03-25T15:23:50.037Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.paypal.com","organization":"PayPal, Inc."},"issuer":{"commonName":"DigiCert EV RSA CA G2","organization":"DigiCert Inc"},"validity":{"start":"Tue, 05 Aug 2025 00:00:00 GMT","end":"Tue, 04 Aug 2026 23:59:59 GMT"},"fingerprint":{"sha1":"12:2E:F7:4B:EE:2D:15:15:4F:4E:DE:63:48:9F:DB:6C:A1:B4:A4:6D","sha256":"A6:C0:A2:30:F9:69:64:91:78:C1:B6:BD:F4:64:B7:8A:CF:17:D7:55:84:52:3F:43:97:56:68:51:CA:99:FD:6B"}}},"request":{"raw":"GET /v1/r/d/b/w?{%22appId%22:%22UNIFIED_LOGIN_INPUT_PASSWORD_TRMT%22,%22correlationId%22:%226b456f150e1440fc9b9489b69051b882%22,%22payload%22:{%22pkc%22:{%22uvpa%22:0,%22cma%22:0,%22cc%22:0,%22ht%22:0,%22pkp%22:0},%22slt%22:0,%22uvpat%22:0,%22cmat%22:0,%22capt%22:0}} HTTP/1.1\r\nHost: c.paypal.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://paypal.com-authenticator.site/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 400 Bad Request\r\nset-cookie: l7_az=dcg15.slc; Path=/; Domain=paypal.com; Expires=Wed, 25 Mar 2026 15:53:50 GMT; HttpOnly; Secure\r\npaypal-debug-id: 6c41a774e7372\r\ncache-control: max-age=0, no-cache, no-store, must-revalidate\r\ncontent-language: en\r\ncontent-type: text/html;charset=utf-8\r\naccept-ranges: bytes\r\nvia: 1.1 varnish, 1.1 varnish\r\ndate: Wed, 25 Mar 2026 15:23:50 GMT\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\nx-served-by: cache-fra-eddf8230097-FRA, cache-fra-eddf8230097-FRA, cache-hel1410031-HEL\r\nx-cache: MISS, MISS, MISS\r\nx-cache-hits: 0, 0, 0\r\nx-timer: S1774452230.058082,VS0,VE220\r\nvary: Accept-Encoding\r\nserver-timing: content-encoding;desc=\"\",x-cdn;desc=\"fastly\"\r\ntiming-allow-origin: *\r\ncontent-length: 435\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"400","status_text":"Bad Request","fingerprints":[{"name":"Varnish","description":"Varnish is a reverse caching proxy.","website":"https://www.varnish-cache.org","common_platform_enumeration":"cpe:2.3:a:varnish-software:varnish_cache:*:*:*:*:*:*:*:*","icon":"Varnish.svg","categories":["Caching"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-08T21:16:18.866443Z","times_seen":16250262,"resource_available":true,"data":null}},"time_used":249,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":248,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"d.paypal.com/cdn/cd/gwf?v=latest","fqdn":"d.paypal.com","domain":"paypal.com","tld":"com"},"ip":{"addr":"108.157.229.63","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"http://paypal.com-authenticator.site/signin/","date":"2026-03-25T15:23:50.487Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"d.paypal.com","organization":"PayPal, Inc."},"issuer":{"commonName":"DigiCert Global G2 TLS RSA SHA256 2020 CA1","organization":"DigiCert Inc"},"validity":{"start":"Fri, 21 Nov 2025 00:00:00 GMT","end":"Thu, 21 May 2026 23:59:59 GMT"},"fingerprint":{"sha1":"81:95:B3:90:9B:31:9E:BC:57:35:3B:83:0F:11:A6:C1:B5:7B:AD:10","sha256":"D4:9C:0B:6F:12:3A:41:94:A5:60:6B:34:B5:61:2E:13:B0:A5:7C:15:B1:CE:68:6E:36:55:DB:32:79:6C:AF:BA"}}},"request":{"raw":"POST /cdn/cd/gwf?v=latest HTTP/1.1\r\nHost: d.paypal.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: http://paypal.com-authenticator.site/\r\ncontent-type: application/x-www-form-urlencoded\r\nx-h-token: ufttoTuvRWnvFC0DwYJhE3pAdXIJXWRLHC62mRiQ1tk=\r\nContent-Length: 884\r\nOrigin: http://paypal.com-authenticator.site\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: _ec080eef91390fd025dd0bb85cfbf60e__sb=Renc7fpAtLgIfMUzkXJQWQOT6v5wgAa5G5RGD338BLIWZ7wZ2R\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":884,"data":"o=ZWMwODBlZWY5MTM5MGZkMDI1ZGQwYmI4NWNmYmY2MGU%3D\u0026m=jToroaofujQIMh4ch5uwaPN1YBvF23e%2B9iXA1Bz0OqqAn115zLbBD%2Bi9iXJXyY3vAYp9DTIEQIzzS61ADtpdioT%2B0ZeOsM1nTW65z2AYz3DrKRzvLbeA4hR%2FA1XfFUVrrvJO3E%2BXW45kA2GghI4ZckfZNnS%2Fht7BQGD8v%2Bozl0Y1V8RKeL4Wf%2FG0hXOlJxtloKJoGIe545HPDJ%2B3lXGVXWcI0n%2FNlED1I2C1c%2BdbHJZzoikrSAkAiK1iAeSdCXG6qO0M3NvsP0%2FGVohdIysr63HR32bpU0nzu0jNi9OamWRo6F6FA6%2BVPG2sv4ERJoRCHTKC5g7NnxwPubQEztDPTWfJPOMfeb53OU%2F8741qg1BFCNbKmafQXMJxoZ3xck4Plpby9EQAQPVY7Eh41Ib%2FuPCcZH0BlmPP7QhSCoOP8DWIF4gXVkpf4WuWDl7cbXnp%2B3zzCVY6C%2FjeAyr1ClmWD0ysxQGadxjxgY49STNb5B0dQTaVBhWwZ9C6DvYyOh0N3koizAWGXJVfMk4s8toMddv1rMqhgDIo%2BrFe5t2pC6f4Lk6O%2FzTYh%2FOvnMqCvz8zg3j8yFGxGyvy20O9mz%2Fv3yAPEcTJaabLhrJ0vI0bIWlBSdb21d21dU%2FU05i%2BzsuwQi5%2Fmx7gRH3I04CZFs%2BTePGqBEHWVOPTuH0gHUL%2BVm4%3D\u0026s=KpYAYNa0VFhtUOp7YvcUmGGmfNKhYg%2F6cF4oLb0TTcE%3D\u0026a=9f89c84a559f573636a47ff8daed0d33\u0026v=latest"}},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: text/plain; charset=UTF-8\r\ndate: Wed, 25 Mar 2026 15:23:50 GMT\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nserver: nginx\r\npragma: no-cache\r\ncache-control: no-cache, pre-check=0, post-check=0, max-age=0, s-maxage=0, no-store, must-revalidate\r\nreferrer-policy: unsafe-url\r\nx-content-type-options: no-sniff\r\naccess-control-allow-origin: http://paypal.com-authenticator.site\r\naccess-control-allow-credentials: true\r\nx-permitted-cross-domain-policies: master-only\r\nx-cache: Miss from cloudfront\r\nvia: 1.1 283a3ebaefd33728d45267e54657c3e2.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: ARN56-P2\r\nx-amz-cf-id: CHeqjKtzfSlc7FoBucKCLSqPSoD59d-i17aSjDzuJJG-ty1_q7tV1Q==\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":11224,"size_decoded":0,"mime_type":"text/plain; charset=UTF-8","magic":"ASCII text, with very long lines (11224), with no line terminators","md5":"ac5d8fab31f24a6e0510a9b07c0727f1","sha1":"2ac39808caa2f1737ee452bb878cc2c71c017e2c","sha256":"240a510d86cd319e84a0ecf61e71e0d0d56cd0d8e92040398660209dbd758dce","sha512":"b5304ffd7d8eedb4d030f18b94a1b31f2d134e6dc79025fd2dfff5ab978909675df1a16875236eeba4f9993e7b9c690cb14eb65bf3736e522a6425c2cf5294cf","ssdeep":"192:D7aPC1pGdUiT9dxUXNQsW1N6DcD84RkV08TvC2x6ovzhUhC1f:D7aesxUXOsWfavNVzvPXvzihIf","tlshash":"b632cfabfd8a58af34a4a63bfbc03d378f534e9c3b262752132484528d50d1452c99e2","first_seen":"2026-03-25T15:24:15.926838Z","last_seen":"2026-03-25T15:24:15.926838Z","times_seen":1,"resource_available":false,"data":null}},"time_used":499,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":499,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"lhr.stats.paypal.com/v1/counter2.cgi?r=cD02YjQ1NmYxNTBlMTQ0MGZjOWI5NDg5YjY5MDUxYjg4MiZpPTEwMy4xNTQuMTEwLjMmdD0xNzc0Mzc2NjgyLjg2MiZhPTIxJnM9VU5JRklFRF9MT0dJTg0xcI_NUv7JIeVmpT8QflZi6MuP","fqdn":"lhr.stats.paypal.com","domain":"paypal.com","tld":"com"},"ip":{"addr":"34.147.177.40","port":443,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://paypal.com-authenticator.site/signin/","date":"2026-03-25T15:23:50.585Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"b.stats.paypal.com","organization":"PayPal, Inc."},"issuer":{"commonName":"DigiCert Global G2 TLS RSA SHA256 2020 CA1","organization":"DigiCert Inc"},"validity":{"start":"Thu, 08 Jan 2026 00:00:00 GMT","end":"Mon, 08 Feb 2027 23:59:59 GMT"},"fingerprint":{"sha1":"F7:51:A4:2B:BB:2D:3E:9D:2A:AE:A4:4C:C4:7C:AF:15:2A:E4:DD:9A","sha256":"04:A3:15:26:AA:1D:C2:BC:5A:41:8F:6D:AB:49:DE:F3:5C:87:71:04:56:0E:D2:4A:4F:B5:0D:57:44:BE:26:8C"}}},"request":{"raw":"GET /v1/counter2.cgi?r=cD02YjQ1NmYxNTBlMTQ0MGZjOWI5NDg5YjY5MDUxYjg4MiZpPTEwMy4xNTQuMTEwLjMmdD0xNzc0Mzc2NjgyLjg2MiZhPTIxJnM9VU5JRklFRF9MT0dJTg0xcI_NUv7JIeVmpT8QflZi6MuP HTTP/1.1\r\nHost: lhr.stats.paypal.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: http://paypal.com-authenticator.site/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nConnection: close\r\nServer: PayPal-B.Stats/1.0\r\nContent-Type: image/jpeg\r\nContent-Length: 42\r\nSet-Cookie: c=a138473bd66a1391dfb7; Domain=stats.paypal.com; expires=Tue, 20 Mar 2046 15:23:50 GMT; Path=/\r\nDate: Wed, 25 Mar 2026 15:23:50 GMT\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Apache Traffic Server:1.0","description":"Apache Traffic Server is an open-source caching and proxying server that serves as an HTTP/1.1 and HTTP/2 reverse proxy with caching capabilities, load balancing, request routing, SSL termination, and support for advanced HTTP features.","website":"https://trafficserver.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:traffic_server:*:*:*:*:*:*:*:*","icon":"Apache Traffic Server.svg","categories":["Web servers"]}],"data":{"size":42,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 1 x 1","md5":"accba0b69f352b4c9440f05891b015c5","sha1":"9d01cc5dc8e042c0d4ad6cfb8b3ac38e84a5ef9f","sha256":"47043e4823a6c21a8881de789b4185355330b5804629d23f6b43dd93f5265292","sha512":"d3c4a5427bf645cc226106b0e8c28a76b0b91f50fa6d77e962a3b59b85be2a0cfdb94ec0f40742f10c18025573d8fbfadecddf60f4652bae671f6031c02a7cb5","ssdeep":"","tlshash":"a0900023fa828000c3a8c2300b0b23822b8c80a00aa8032380ae208cec3a3aa2c03020","first_seen":"2023-04-05T16:42:42Z","last_seen":"2026-06-08T19:02:29.013127Z","times_seen":6274,"resource_available":true,"data":null}},"time_used":262,"timings":{"blocked":106,"dns":19,"connect":42,"send":0,"wait":49,"receive":0,"ssl":44},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"paypal.com-authenticator.site/signin/signin","fqdn":"paypal.com-authenticator.site","domain":"com-authenticator.site","tld":"site"},"ip":{"addr":"103.183.75.145","port":80,"asn":136052,"as":"PT Cloud Hosting Indonesia","country":"Indonesia","country_code":"ID"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"http://paypal.com-authenticator.site/signin/","date":"2026-03-25T15:23:58.172Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /signin/signin HTTP/1.1\r\nHost: paypal.com-authenticator.site\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nX-Requested-With: XMLHttpRequest\r\nReferer: http://paypal.com-authenticator.site/signin/\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: _dd_s=rum=1\u0026id=7c5f69ad-8f09-4022-97cc-7cc05a739318\u0026created=1774452229233\u0026expire=1774453129233\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 302 Found\r\nServer: nginx\r\nDate: Wed, 25 Mar 2026 15:23:58 GMT\r\nContent-Type: text/html; charset=UTF-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nlocation: signin\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-08T21:16:18.866443Z","times_seen":16250262,"resource_available":true,"data":null}},"time_used":499,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":499,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - PayPal","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with PayPal phishing","tags":["paypal","phishing","financial"],"meta":null}]}},{"url":{"schema":"https","addr":"d.paypal.com/cdn/cd/l?v=latest","fqdn":"d.paypal.com","domain":"paypal.com","tld":"com"},"ip":{"addr":"108.157.229.63","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"http://paypal.com-authenticator.site/signin/","date":"2026-03-25T15:23:51.001Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"d.paypal.com","organization":"PayPal, Inc."},"issuer":{"commonName":"DigiCert Global G2 TLS RSA SHA256 2020 CA1","organization":"DigiCert Inc"},"validity":{"start":"Fri, 21 Nov 2025 00:00:00 GMT","end":"Thu, 21 May 2026 23:59:59 GMT"},"fingerprint":{"sha1":"81:95:B3:90:9B:31:9E:BC:57:35:3B:83:0F:11:A6:C1:B5:7B:AD:10","sha256":"D4:9C:0B:6F:12:3A:41:94:A5:60:6B:34:B5:61:2E:13:B0:A5:7C:15:B1:CE:68:6E:36:55:DB:32:79:6C:AF:BA"}}},"request":{"raw":"OPTIONS /cdn/cd/l?v=latest HTTP/1.1\r\nHost: d.paypal.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nAccess-Control-Request-Method: POST\r\nAccess-Control-Request-Headers: x-h-token\r\nReferer: http://paypal.com-authenticator.site/\r\nOrigin: http://paypal.com-authenticator.site\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"OPTIONS"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: text/plain; charset=UTF-8\r\ncontent-length: 3\r\ndate: Wed, 25 Mar 2026 15:23:51 GMT\r\nstrict-transport-security: max-age=31536000\r\nserver: nginx\r\npragma: no-cache\r\ncache-control: no-cache, pre-check=0, post-check=0, max-age=0, s-maxage=0, no-store, must-revalidate\r\nreferrer-policy: unsafe-url\r\nx-content-type-options: no-sniff\r\naccess-control-allow-origin: http://paypal.com-authenticator.site\r\naccess-control-allow-headers: x-h-token\r\naccess-control-allow-credentials: true\r\nx-permitted-cross-domain-policies: master-only\r\nx-cache: Miss from cloudfront\r\nvia: 1.1 283a3ebaefd33728d45267e54657c3e2.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: ARN56-P2\r\nx-amz-cf-id: RqDHyFBw4FBPZMa06byBMNhMeCW9TYSrepaUPYzMoqQmRd6qxiImig==\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":3,"size_decoded":0,"mime_type":"text/plain; charset=UTF-8","magic":"ASCII text, with no line terminators","md5":"202cb962ac59075b964b07152d234b70","sha1":"40bd001563085fc35165329ea1ff5c5ecbdbbeef","sha256":"a665a45920422f9d417e4867efdc4fb8a04a1f3fff1fa07e998e86f7f7a27ae3","sha512":"3c9909afec25354d551dae21590bb26e38d53f2173b8d3dc3eee4c047e7ab1c1eb8b85103e3be7ba613b31bb5c9c36214dc9f14a42fd7a2fdb84856bca5c44c2","ssdeep":"","tlshash":"c72000000c00000000000000c00000000000000000000000000000000000000000c000","first_seen":"2023-03-12T09:12:21Z","last_seen":"2026-06-08T16:39:12.348007Z","times_seen":433,"resource_available":true,"data":null}},"time_used":121,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":121,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"paypal.com-authenticator.site/signin/signin","fqdn":"paypal.com-authenticator.site","domain":"com-authenticator.site","tld":"site"},"ip":{"addr":"103.183.75.145","port":80,"asn":136052,"as":"PT Cloud Hosting Indonesia","country":"Indonesia","country_code":"ID"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"http://paypal.com-authenticator.site/signin/","date":"2026-03-25T15:23:57.006Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /signin/signin HTTP/1.1\r\nHost: paypal.com-authenticator.site\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nX-Requested-With: XMLHttpRequest\r\nReferer: http://paypal.com-authenticator.site/signin/\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: _dd_s=rum=1\u0026id=7c5f69ad-8f09-4022-97cc-7cc05a739318\u0026created=1774452229233\u0026expire=1774453129233\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 302 Found\r\nServer: nginx\r\nDate: Wed, 25 Mar 2026 15:23:56 GMT\r\nContent-Type: text/html; charset=UTF-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nlocation: signin\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-08T21:16:18.866443Z","times_seen":16250262,"resource_available":true,"data":null}},"time_used":484,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":484,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - PayPal","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with PayPal phishing","tags":["paypal","phishing","financial"],"meta":null}]}},{"url":{"schema":"https","addr":"ddbm2.paypal.com/js/","fqdn":"ddbm2.paypal.com","domain":"paypal.com","tld":"com"},"ip":{"addr":"3.167.2.80","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"http://paypal.com-authenticator.site/signin/","date":"2026-03-25T15:23:50.032Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ddbm.paypal.com","organization":"PayPal, Inc."},"issuer":{"commonName":"DigiCert Global G2 TLS RSA SHA256 2020 CA1","organization":"DigiCert Inc"},"validity":{"start":"Mon, 14 Jul 2025 00:00:00 GMT","end":"Fri, 14 Aug 2026 23:59:59 GMT"},"fingerprint":{"sha1":"1A:DA:04:24:FE:17:8B:56:BB:A8:B4:0A:DC:19:88:FC:C3:FC:F0:2E","sha256":"45:33:A4:5E:E4:27:62:D5:85:64:5E:BC:9C:E0:51:FC:DC:E6:30:41:E6:F8:70:7F:06:63:95:6D:FC:3F:85:2B"}}},"request":{"raw":"OPTIONS /js/ HTTP/1.1\r\nHost: ddbm2.paypal.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nAccess-Control-Request-Method: POST\r\nAccess-Control-Request-Headers: x-requested-with\r\nReferer: http://paypal.com-authenticator.site/\r\nOrigin: http://paypal.com-authenticator.site\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"OPTIONS"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-length: 0\r\ndate: Wed, 25 Mar 2026 15:23:50 GMT\r\nx-cache: Miss from cloudfront\r\nvia: 1.1 36817f2624d87ea26a28cf9e3afd2402.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P2\r\nx-amz-cf-id: 462P9W72B3mneJSU9htb_QrFWnroceI5-FcABCVkf5Pz8SNwaBMf9A==\r\nx-content-type-options: nosniff\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: POST\r\nvary: Access-Control-Request-Method, Access-Control-Request-Headers\r\naccess-control-max-age: 600\r\naccess-control-allow-headers: *\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-08T21:16:18.866443Z","times_seen":16250262,"resource_available":true,"data":null}},"time_used":36,"timings":{"blocked":9,"dns":1,"connect":1,"send":0,"wait":13,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"paypal.com-authenticator.site/signin/signin","fqdn":"paypal.com-authenticator.site","domain":"com-authenticator.site","tld":"site"},"ip":{"addr":"103.183.75.145","port":80,"asn":136052,"as":"PT Cloud Hosting Indonesia","country":"Indonesia","country_code":"ID"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"http://paypal.com-authenticator.site/signin/","date":"2026-03-25T15:23:53.074Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /signin/signin HTTP/1.1\r\nHost: paypal.com-authenticator.site\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nX-Requested-With: XMLHttpRequest\r\nReferer: http://paypal.com-authenticator.site/signin/\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: _dd_s=rum=1\u0026id=7c5f69ad-8f09-4022-97cc-7cc05a739318\u0026created=1774452229233\u0026expire=1774453129233\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 302 Found\r\nServer: nginx\r\nDate: Wed, 25 Mar 2026 15:23:53 GMT\r\nContent-Type: text/html; charset=UTF-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nlocation: signin\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-08T21:16:18.866443Z","times_seen":16250262,"resource_available":true,"data":null}},"time_used":488,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":487,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - PayPal","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with PayPal phishing","tags":["paypal","phishing","financial"],"meta":null}]}},{"url":{"schema":"http","addr":"paypal.com-authenticator.site/signin/signin","fqdn":"paypal.com-authenticator.site","domain":"com-authenticator.site","tld":"site"},"ip":{"addr":"103.183.75.145","port":80,"asn":136052,"as":"PT Cloud Hosting Indonesia","country":"Indonesia","country_code":"ID"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"http://paypal.com-authenticator.site/signin/","date":"2026-03-25T15:23:54.547Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /signin/signin HTTP/1.1\r\nHost: paypal.com-authenticator.site\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nX-Requested-With: XMLHttpRequest\r\nReferer: http://paypal.com-authenticator.site/signin/\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: _dd_s=rum=1\u0026id=7c5f69ad-8f09-4022-97cc-7cc05a739318\u0026created=1774452229233\u0026expire=1774453129233\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 302 Found\r\nServer: nginx\r\nDate: Wed, 25 Mar 2026 15:23:54 GMT\r\nContent-Type: text/html; charset=UTF-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nlocation: signin\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-08T21:16:18.866443Z","times_seen":16250262,"resource_available":true,"data":null}},"time_used":485,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":485,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - PayPal","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with PayPal phishing","tags":["paypal","phishing","financial"],"meta":null}]}},{"url":{"schema":"http","addr":"paypal.com-authenticator.site/signin/signin","fqdn":"paypal.com-authenticator.site","domain":"com-authenticator.site","tld":"site"},"ip":{"addr":"103.183.75.145","port":80,"asn":136052,"as":"PT Cloud Hosting Indonesia","country":"Indonesia","country_code":"ID"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"http://paypal.com-authenticator.site/signin/","date":"2026-03-25T15:23:54.691Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /signin/signin HTTP/1.1\r\nHost: paypal.com-authenticator.site\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nX-Requested-With: XMLHttpRequest\r\nReferer: http://paypal.com-authenticator.site/signin/\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: _dd_s=rum=1\u0026id=7c5f69ad-8f09-4022-97cc-7cc05a739318\u0026created=1774452229233\u0026expire=1774453129233\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 302 Found\r\nServer: nginx\r\nDate: Wed, 25 Mar 2026 15:23:54 GMT\r\nContent-Type: text/html; charset=UTF-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nlocation: signin\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-08T21:16:18.866443Z","times_seen":16250262,"resource_available":true,"data":null}},"time_used":504,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":504,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - PayPal","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with PayPal phishing","tags":["paypal","phishing","financial"],"meta":null}]}},{"url":{"schema":"http","addr":"paypal.com-authenticator.site/signin/signin","fqdn":"paypal.com-authenticator.site","domain":"com-authenticator.site","tld":"site"},"ip":{"addr":"103.183.75.145","port":80,"asn":136052,"as":"PT Cloud Hosting Indonesia","country":"Indonesia","country_code":"ID"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"http://paypal.com-authenticator.site/signin/","date":"2026-03-25T15:23:57.500Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /signin/signin HTTP/1.1\r\nHost: paypal.com-authenticator.site\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nX-Requested-With: XMLHttpRequest\r\nReferer: http://paypal.com-authenticator.site/signin/\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: _dd_s=rum=1\u0026id=7c5f69ad-8f09-4022-97cc-7cc05a739318\u0026created=1774452229233\u0026expire=1774453129233\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 302 Found\r\nServer: nginx\r\nDate: Wed, 25 Mar 2026 15:23:57 GMT\r\nContent-Type: text/html; charset=UTF-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nlocation: signin\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-08T21:16:18.866443Z","times_seen":16250262,"resource_available":true,"data":null}},"time_used":489,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":489,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - PayPal","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with PayPal phishing","tags":["paypal","phishing","financial"],"meta":null}]}},{"url":{"schema":"https","addr":"www.paypalobjects.com/web/res/1ca/74b84302a7188814d86f420a45647/css/contextualLoginElementalUIv5_1.css","fqdn":"www.paypalobjects.com","domain":"paypalobjects.com","tld":"com"},"ip":{"addr":"172.64.153.163","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"http://paypal.com-authenticator.site/signin/","date":"2026-03-25T15:23:47.250Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.paypalobjects.com","organization":"PayPal, Inc."},"issuer":{"commonName":"DigiCert EV RSA CA G2","organization":"DigiCert Inc"},"validity":{"start":"Tue, 17 Jun 2025 00:00:00 GMT","end":"Tue, 16 Jun 2026 23:59:59 GMT"},"fingerprint":{"sha1":"D1:CC:8D:A7:79:AE:1A:09:18:36:29:8A:84:C5:9B:2E:0E:FB:CC:75","sha256":"B2:15:32:68:A9:52:EC:F4:53:30:4D:98:F6:AF:90:B7:AA:72:37:80:05:8A:96:71:BC:E8:9A:9F:05:01:C7:E9"}}},"request":{"raw":"GET /web/res/1ca/74b84302a7188814d86f420a45647/css/contextualLoginElementalUIv5_1.css HTTP/1.1\r\nHost: www.paypalobjects.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://paypal.com-authenticator.site/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 25 Mar 2026 15:23:47 GMT\r\ncontent-type: text/css\r\ncf-ray: 9e1eeb349ef8dfec-OSL\r\ncf-cache-status: HIT\r\naccess-control-allow-origin: *\r\nage: 810126\r\ncache-control: max-age=31536000, s-maxage=31536000\r\ncontent-encoding: br\r\netag: W/\"69b3c294-3640f\"\r\nexpires: Tue, 16 Mar 2027 04:54:14 GMT\r\nlast-modified: Fri, 13 Mar 2026 07:53:56 GMT\r\nserver: cloudflare\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nvary: Accept-Encoding, Accept-Encoding\r\naccess-control-allow-headers: x-csrf-token\r\naccess-control-allow-methods: GET\r\ndc: ccg11-origin-www-1.paypal.com\r\npp-border: ccg14bdrf5-1.ccg14.slc.paypalinc.com\r\npaypal-debug-id: 41551203d5779\r\ntiming-allow-origin: https://www.paypal.com,https://www.sandbox.paypal.com\r\nx-content-type-options: nosniff\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":222223,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (586)","md5":"42308300e02e988e45fffa0f80f23353","sha1":"4ffac6b7c4a5ac67686a373c4e4b35dd1b0975be","sha256":"953991355b69addb144b9a875c630c89eae165d89f6d43dbd36ac51b8e360354","sha512":"4add505e6bfee521b79dee0bfac9acd57e8e10ef4e8e17dfc387cb2a458c0011ba1d84156f0cb63ec5e9dd4ac83d33718acfaaa26792bf007eb703def7bdafcd","ssdeep":"6144:gMI6E4hKNeI6E/I6EtI6EAI6EJI6EELQdb6HrImfha6I6ExI6EEI6Ea6I6EXI6EG:gMI6E4hKNeI6E/I6EtI6EAI6EJI6EELc","tlshash":"c524a3ea9ae40501b91bc56475667b90a32d8003c94fdcbdbbe5306cefc92d992b334d","first_seen":"2026-03-17T13:52:37.577289Z","last_seen":"2026-05-18T15:03:40.954112Z","times_seen":16,"resource_available":false,"data":null}},"time_used":144,"timings":{"blocked":44,"dns":28,"connect":3,"send":0,"wait":44,"receive":0,"ssl":22},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"browser-intake-us5-datadoghq.com/api/v2/rum?ddsource=browser\u0026ddtags=sdk_version%3A5.23.3%2Capi%3Axhr%2Cservice%3Aunifiedloginnodeweb\u0026dd-api-key=pubfa2a063cbe1e1dd735fe2d7af81a244e\u0026dd-evp-origin-version=5.23.3\u0026dd-evp-origin=browser\u0026dd-request-id=efab3474-f830-4497-b914-6ac3d71f7738\u0026batch_time=1774452231183","fqdn":"browser-intake-us5-datadoghq.com","domain":"browser-intake-us5-datadoghq.com","tld":"com"},"ip":{"addr":"34.149.66.154","port":443,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"http://paypal.com-authenticator.site/signin/","date":"2026-03-25T15:23:51.186Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.browser-intake-us5-datadoghq.com","organization":"Datadog, Inc."},"issuer":{"commonName":"DigiCert Global G2 TLS RSA SHA256 2020 CA1","organization":"DigiCert Inc"},"validity":{"start":"Sun, 22 Feb 2026 00:00:00 GMT","end":"Sun, 28 Feb 2027 23:59:59 GMT"},"fingerprint":{"sha1":"66:26:09:FF:A9:7C:54:32:8C:51:09:02:0F:CE:A6:90:06:15:9E:AC","sha256":"F9:D8:4A:62:9C:3F:00:9E:4A:BC:55:23:0E:CA:F7:1D:A4:EB:4C:17:94:77:DE:5E:07:0F:0F:4F:47:0C:AE:62"}}},"request":{"raw":"POST /api/v2/rum?ddsource=browser\u0026ddtags=sdk_version%3A5.23.3%2Capi%3Axhr%2Cservice%3Aunifiedloginnodeweb\u0026dd-api-key=pubfa2a063cbe1e1dd735fe2d7af81a244e\u0026dd-evp-origin-version=5.23.3\u0026dd-evp-origin=browser\u0026dd-request-id=efab3474-f830-4497-b914-6ac3d71f7738\u0026batch_time=1774452231183 HTTP/1.1\r\nHost: browser-intake-us5-datadoghq.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: text/plain;charset=UTF-8\r\nContent-Length: 15512\r\nOrigin: http://paypal.com-authenticator.site\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://paypal.com-authenticator.site/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":15512,"data":"{\"_dd\":{\"format_version\":2,\"drift\":1,\"configuration\":{\"session_sample_rate\":100,\"session_replay_sample_rate\":5},\"discarded\":false},\"application\":{\"id\":\"cc878d04-1c0d-492b-a5a7-cb4daa889283\"},\"date\":1774452229212,\"service\":\"unifiedloginnodeweb\",\"source\":\"browser\",\"session\":{\"id\":\"7c5f69ad-8f09-4022-97cc-7cc05a739318\",\"type\":\"user\"},\"view\":{\"id\":\"91e4cd87-3a43-4388-8a35-340903c92b98\",\"url\":\"http://paypal.com-authenticator.site/signin/\",\"referrer\":\"\"},\"action\":{\"id\":[]},\"display\":{\"viewport\":{\"width\":1280,\"height\":1024}},\"connectivity\":{\"status\":\"connected\"},\"resource\":{\"id\":\"dd27775a-4f1a-4bdd-99e6-4eaf08f49e9e\",\"type\":\"js\",\"url\":\"https://d.paypal.com/cdn/ca/jquery-3.6.1.min.js\",\"duration\":50000000},\"type\":\"resource\"}\n{\"_dd\":{\"format_version\":2,\"drift\":0,\"configuration\":{\"session_sample_rate\":100,\"session_replay_sample_rate\":5},\"discarded\":false},\"application\":{\"id\":\"cc878d04-1c0d-492b-a5a7-cb4daa889283\"},\"date\":1774452229219,\"service\":\"unifiedloginnodeweb\",\"source\":\"browser\",\"session\":{\"id\":\"7c5f69ad-8f09-4022-97cc-7cc05a739318\",\"type\":\"user\"},\"view\":{\"id\":\"91e4cd87-3a43-4388-8a35-340903c92b98\",\"url\":\"http://paypal.com-authenticator.site/signin/\",\"referrer\":\"\"},\"action\":{\"id\":[]},\"display\":{\"viewport\":{\"width\":1280,\"height\":1024}},\"connectivity\":{\"status\":\"connected\"},\"resource\":{\"id\":\"fe58bd95-fc0a-4e24-8a9e-4deef11769cd\",\"type\":\"other\",\"url\":\"https://www.paypalobjects.com/webcaptcha/grcenterprise_v3_static.html\",\"duration\":26000000},\"type\":\"resource\"}\n{\"_dd\":{\"format_version\":2,\"drift\":0,\"configuration\":{\"session_sample_rate\":100,\"session_replay_sample_rate\":5},\"discarded\":false},\"application\":{\"id\":\"cc878d04-1c0d-492b-a5a7-cb4daa889283\"},\"date\":1774452229202,\"service\":\"unifiedloginnodeweb\",\"source\":\"browser\",\"session\":{\"id\":\"7c5f69ad-8f09-4022-97cc-7cc05a739318\",\"type\":\"user\",\"has_replay\":true},\"view\":{\"id\":\"91e4cd87-3a43-4388-8a35-340903c92b98\",\"url\":\"http://paypal.com-authenticator.site/signin/\",\"referrer\":\"\"},\"action\":{\"id\":[]},\"display\":{\"viewport\":{\"width\":1280,\"height\":1024}},\"connectivity\":{\"status\":\"connected\"},\"resource\":{\"id\":\"05c74c1a-0c83-4a4e-832f-9b89802838ff\",\"type\":\"js\",\"url\":\"https://www.paypalobjects.com/martech/tm/paypal/mktgtagmanager.js\",\"duration\":243000000},\"type\":\"resource\"}\n{\"_dd\":{\"format_version\":2,\"drift\":0,\"configuration\":{\"session_sample_rate\":100,\"session_replay_sample_rate\":5},\"discarded\":false},\"application\":{\"id\":\"cc878d04-1c0d-492b-a5a7-cb4daa889283\"},\"date\":1774452229451,\"service\":\"unifiedloginnodeweb\",\"source\":\"browser\",\"session\":{\"id\":\"7c5f69ad-8f09-4022-97cc-7cc05a739318\",\"type\":\"user\",\"has_replay\":true},\"view\":{\"id\":\"91e4cd87-3a43-4388-8a35-340903c92b98\",\"url\":\"http://paypal.com-authenticator.site/signin/\",\"referrer\":\"\"},\"action\":{\"id\":[]},\"display\":{\"viewport\":{\"width\":1280,\"height\":1024}},\"connectivity\":{\"status\":\"connected\"},\"resource\":{\"id\":\"b1362599-6347-4cde-9b77-13c79cfe3b93\",\"type\":\"js\",\"url\":\"https://www.paypalobjects.com/martech/tm/paypal/mktconf.js\",\"duration\":93000000},\"type\":\"resource\"}\n{\"_dd\":{\"format_version\":2,\"drift\":-1,\"configuration\":{\"session_sample_rate\":100,\"session_replay_sample_rate\":5}},\"application\":{\"id\":\"cc878d04-1c0d-492b-a5a7-cb4daa889283\"},\"date\":1774452229643,\"service\":\"unifiedloginnodeweb\",\"source\":\"browser\",\"session\":{\"id\":\"7c5f69ad-8f09-4022-97cc-7cc05a739318\",\"type\":\"user\",\"has_replay\":true},\"view\":{\"id\":\"91e4cd87-3a43-4388-8a35-340903c92b98\",\"url\":\"http://paypal.com-authenticator.site/signin/\",\"referrer\":\"\",\"in_foreground\":false},\"action\":{\"id\":[]},\"display\":{\"viewport\":{\"width\":1280,\"height\":1024}},\"connectivity\":{\"status\":\"connected\"},\"error\":{\"id\":\"bb2a51f4-38e0-489c-9b2a-f62123002f30\",\"message\":\"Uncaught \\\"Script error.\\\"\",\"source\":\"source\",\"stack\":\"Error: Script error.\\n  at undefined @ https://www.paypalobjects.com/web/res/1ca/74b84302a7188814d86f420a45647/js/signin-split.js\",\"handling\":\"unhandled\",\"source_type\":\"browser\"},\"type\":\"error\"}\n{\"_dd\":{\"format_version\":2,\"drift\":0,\"configuration\":{\"session_sample_rate\":100,\"session_replay_sample_rate\":5},\"discarded\":false},\"application\":{\"id\":\"cc878d04-1c0d-492b-a5a7-cb4daa889283\"},\"date\":1774452229756,\"service\":\"unifiedloginnodeweb\",\"source\":\"browser\",\"session\":{\"id\":\"7c5f69ad-8f09-4022-97cc-7cc05a739318\",\"type\":\"user\",\"has_replay\":true},\"view\":{\"id\":\"91e4cd87-3a43-4388-8a35-340903c92b98\",\"url\":\"http://paypal.com-authenticator.site/signin/\",\"referrer\":\"\"},\"action\":{\"id\":[]},\"display\":{\"viewport\":{\"width\":1280,\"height\":1024}},\"connectivity\":{\"status\":\"connected\"},\"resource\":{\"id\":\"3d497c12-c889-4c9e-8280-5eb3cbb297c1\",\"type\":\"other\",\"url\":\"https://d.paypal.com/cdn/ca/lwsa.html\",\"duration\":29000000},\"type\":\"resource\"}\n{\"_dd\":{\"format_version\":2,\"drift\":0,\"configuration\":{\"session_sample_rate\":100,\"session_replay_sample_rate\":5},\"discarded\":false},\"application\":{\"id\":\"cc878d04-1c0d-492b-a5a7-cb4daa889283\"},\"date\":1774452229636,\"service\":\"unifiedloginnodeweb\",\"source\":\"browser\",\"session\":{\"id\":\"7c5f69ad-8f09-4022-97cc-7cc05a739318\",\"type\":\"user\",\"has_replay\":true},\"view\":{\"id\":\"91e4cd87-3a43-4388-8a35-340903c92b98\",\"url\":\"http://paypal.com-authenticator.site/signin/\",\"referrer\":\"\"},\"action\":{\"id\":[]},\"display\":{\"viewport\":{\"width\":1280,\"height\":1024}},\"connectivity\":{\"status\":\"connected\"},\"resource\":{\"id\":\"43497b58-b201-470a-9d67-b0211dd2aafa\",\"type\":\"js\",\"url\":\"https://c.paypal.com/da/r/fb_fp.js\",\"duration\":311000000,\"size\":70593,\"encoded_body_size\":23847,\"decoded_body_size\":70593,\"transfer_size\":24918,\"download\":{\"duration\":5000000,\"start\":306000000},\"first_byte\":{\"duration\":28000000,\"start\":278000000},\"connect\":{\"duration\":59000000,\"start\":219000000},\"ssl\":{\"duration\":30000000,\"start\":248000000},\"dns\":{\"duration\":85000000,\"start\":134000000}},\"type\":\"resource\"}\n{\"_dd\":{\"format_version\":2,\"drift\":0,\"configuration\":{\"session_sample_rate\":100,\"session_replay_sample_rate\":5},\"discarded\":false},\"application\":{\"id\":\"cc878d04-1c0d-492b-a5a7-cb4daa889283\"},\"date\":1774452230026,\"service\":\"unifiedloginnodeweb\",\"source\":\"browser\",\"session\":{\"id\":\"7c5f69ad-8f09-4022-97cc-7cc05a739318\",\"type\":\"user\",\"has_replay\":true},\"view\":{\"id\":\"91e4cd87-3a43-4388-8a35-340903c92b98\",\"url\":\"http://paypal.com-authenticator.site/signin/\",\"referrer\":\"\"},\"action\":{\"id\":[]},\"display\":{\"viewport\":{\"width\":1280,\"height\":1024}},\"connectivity\":{\"status\":\"connected\"},\"resource\":{\"id\":\"20122793-3cc7-4886-bb5e-3c39df669cc2\",\"type\":\"other\",\"url\":\"https://c.paypal.com/v1/r/d/b/w?{%22appId%22:%22UNIFIED_LOGIN_INPUT_PASSWORD_TRMT%22,%22correlationId%22:%226b456f150e1440fc9b9489b69051b882%22,%22payload%22:{%22pkc%22:{%22uvpa%22:0,%22cma%22:0,%22cc%22:0,%22ht%22:0,%22pkp%22:0},%22slt%22:0,%22uvpat%22:0,%22cmat%22:0,%22capt%22:0}}\",\"duration\":258000000},\"type\":\"resource\"}\n{\"_dd\":{\"format_version\":2,\"drift\":0,\"configuration\":{\"session_sample_rate\":100,\"session_replay_sample_rate\":5},\"discarded\":false},\"application\":{\"id\":\"cc878d04-1c0d-492b-a5a7-cb4daa889283\"},\"date\":1774452230044,\"service\":\"unifiedloginnodeweb\",\"source\":\"browser\",\"session\":{\"id\":\"7c5f69ad-8f09-4022-97cc-7cc05a739318\",\"type\":\"user\",\"has_replay\":true},\"view\":{\"id\":\"91e4cd87-3a43-4388-8a35-340903c92b98\",\"url\":\"http://paypal.com-authenticator.site/signin/\",\"referrer\":\"\"},\"action\":{\"id\":[]},\"display\":{\"viewport\":{\"width\":1280,\"height\":1024}},\"connectivity\":{\"status\":\"connected\"},\"resource\":{\"id\":\"865d9ff5-26e2-4f58-998f-09a0db7a1691\",\"type\":\"other\",\"url\":\"https://c.paypal.com/v1/r/d/b/p1?{%22appId%22:%22UNIFIED_LOGIN_INPUT_PASSWORD_TRMT%22,%22correlationId%22:%226b456f150e1440fc9b9489b69051b882%22,%22payload%22:{%22trt%22:false,%22navigator%22:{%22appName%22:%22Netscape%22,%22appVersion%22:%225.0%20(X11)%22,%22buildID%22:%2220181001000000%22,%22cookieEnabled%22:true,%22language%22:%22en-US%22,%22onLine%22:true,%22oscpu%22:%22Linux%20x86_64%22,%22platform%22:%22Win32%22,%22product%22:%22Gecko%22,%22productSub%22:%2220100101%22,%22userAgent%22:%22Mozilla/5.0%20(Windows%20NT%2010.0;%20Win64;%20x64;%20rv:134.0)%20Gecko/20100101%20Firefox/134.0%22,%22vendor%22:%22%22,%22vendorSub%22:%22%22},%22screen%22:{%22colorDepth%22:24,%22pixelDepth%22:24,%22height%22:1024,%22width%22:1280,%22availHeight%22:1024,%22availWidth%22:1280},%22window%22:{%22outerHeight%22:1024,%22outerWidth%22:1280,%22innerHeight%22:1024,%22innerWidth%22:1280,%22devicePixelRatio%22:1},%22referer%22:%22%22,%22URL%22:%22http://paypal.com-authenticator.site/signin/%22,%22rvr%22:%223.13.0-FP%22,%22tnt%22:%22PP%22,%22activeXDefined%22:false,%22flashVersion%22:{%22major%22:0,%22minor%22:0,%22release%22:0},%22lst%22:{%22ddiLst%22:true,%22ddi%22:null,%22v%22:null,%22vf%22:null},%22tz%22:0,%22tzName%22:%22UTC%22,%22dst%22:true,%22wit%22:2,%22time%22:1774452230041,%22pt1%22:{%22i%22:%22NaN%22,%22pp1%22:%2216.00%22,%22cd1%22:%221.00%22,%22tb%22:-1,%22sf%22:%220000%22,%22ph1%22:%226852.00%22},%22asynchk%22:{%22ph2%22:%22e1486545f2d5804a1e79c94084d1e2dc35d3a02b234a3fd691067b7535715288%22,%22o%22:[%22ua%22,%22colorDepth%22,%22width%22,%22tz%22,%22time%22,%22appId%22,%22correlationId%22,%223%22]},%22hlb%22:{%22wd%22:false,%22chromeWSRT%22:false,%22plgSize%22:5,%22lgSize%22:2},%22pkc%22:{%22uvpa%22:0,%22cma%22:0,%22cc%22:0,%22ht%22:0,%22pkp%22:0}}}\",\"duration\":280000000},\"type\":\"resource\"}\n{\"_dd\":{\"format_version\":2,\"drift\":0,\"configuration\":{\"session_sample_rate\":100,\"session_replay_sample_rate\":5},\"discarded\":false},\"application\":{\"id\":\"cc878d04-1c0d-492b-a5a7-cb4daa889283\"},\"date\":1774452229649,\"service\":\"unifiedloginnodeweb\",\"source\":\"browser\",\"session\":{\"id\":\"7c5f69ad-8f09-4022-97cc-7cc05a739318\",\"type\":\"user\",\"has_replay\":true},\"view\":{\"id\":\"91e4cd87-3a43-4388-8a35-340903c92b98\",\"url\":\"http://paypal.com-authenticator.site/signin/\",\"referrer\":\"\"},\"action\":{\"id\":[]},\"display\":{\"viewport\":{\"width\":1280,\"height\":1024}},\"connectivity\":{\"status\":\"connected\"},\"resource\":{\"id\":\"4d491e93-4c52-48a9-927f-52bd98e8fd51\",\"type\":\"fetch\",\"duration\":564000000,\"method\":\"GET\",\"status_code\":0,\"url\":\"https://t.paypal.com/ts?v=1.10.0\u0026t=1774452229644\u0026g=0\u0026e=err\u0026page=main%3Aunifiedlogin%3A%3A%3Alogin%3A%3A%3A\u0026pgrp=main%3Aunifiedlogin%3A%3A%3Alogin\u0026comp=unifiedloginnodeweb\u0026erpg=Script%20error.\u0026error_type=WINDOW_ONERROR\u0026error_source=https%3A%2F%2Fwww.paypalobjects.com%2Fweb%2Fres%2F1ca%2F74b84302a7188814d86f420a45647%2Fjs%2Fsignin-split.js%200%3A0\u0026event_name=client_js_error_triggered\u00263p_vid=2789cb487125480e\u00263p_fpti=505560fd1ff0284\",\"size\":42,\"encoded_body_size\":42,\"decoded_body_size\":42,\"transfer_size\":1393,\"download\":{\"duration\":14000000,\"start\":550000000},\"first_byte\":{\"duration\":311000000,\"start\":239000000},\"connect\":{\"duration\":18000000,\"start\":221000000},\"ssl\":{\"duration\":15000000,\"start\":224000000},\"dns\":{\"duration\":96000000,\"start\":125000000}},\"type\":\"resource\"}\n{\"_dd\":{\"format_version\":2,\"drift\":1,\"configuration\":{\"session_sample_rate\":100,\"session_replay_sample_rate\":5},\"discarded\":false},\"application\":{\"id\":\"cc878d04-1c0d-492b-a5a7-cb4daa889283\"},\"date\":1774452230327,\"service\":\"unifiedloginnodeweb\",\"source\":\"browser\",\"session\":{\"id\":\"7c5f69ad-8f09-4022-97cc-7cc05a739318\",\"type\":\"user\",\"has_replay\":true},\"view\":{\"id\":\"91e4cd87-3a43-4388-8a35-340903c92b98\",\"url\":\"http://paypal.com-authenticator.site/signin/\",\"referrer\":\"\"},\"action\":{\"id\":[]},\"display\":{\"viewport\":{\"width\":1280,\"height\":1024}},\"connectivity\":{\"status\":\"connected\"},\"resource\":{\"id\":\"c855ad69-58bb-4fe3-aa7f-d7397d922ba5\",\"type\":\"other\",\"url\":\"https://c.paypal.com/v1/r/d/b/p2?{%22appId%22:%22UNIFIED_LOGIN_INPUT_PASSWORD_TRMT%22,%22correlationId%22:%226b456f150e1440fc9b9489b69051b882%22,%22payload%22:{%22URL%22:%22http://paypal.com-authenticator.site/signin/%22,%22tnt%22:%22PP%22,%22data%22:{%22plugins%22:[{%22mT%22:[{%22t%22:%22application/pdf%22,%22s%22:%22pdf%22},{%22t%22:%22text/pdf%22,%22s%22:%22pdf%22}],%22n%22:%22Chrome%20PDF%20Viewer%22,%22v%22:%22%22,%22fn%22:%22internal-pdf-viewer%22,%22d%22:%22Portable%20Document%20Format%22},{%22mT%22:[{%22t%22:%22application/pdf%22,%22s%22:%22pdf%22},{%22t%22:%22text/pdf%22,%22s%22:%22pdf%22}],%22n%22:%22Chromium%20PDF%20Viewer%22,%22v%22:%22%22,%22fn%22:%22internal-pdf-viewer%22,%22d%22:%22Portable%20Document%20Format%22},{%22mT%22:[{%22t%22:%22application/pdf%22,%22s%22:%22pdf%22},{%22t%22:%22text/pdf%22,%22s%22:%22pdf%22}],%22n%22:%22Microsoft%20Edge%20PDF%20Viewer%22,%22v%22:%22%22,%22fn%22:%22internal-pdf-viewer%22,%22d%22:%22Portable%20Document%20Format%22},{%22mT%22:[{%22t%22:%22application/pdf%22,%22s%22:%22pdf%22},{%22t%22:%22text/pdf%22,%22s%22:%22pdf%22}],%22n%22:%22PDF%20Viewer%22,%22v%22:%22%22,%22fn%22:%22internal-pdf-viewer%22,%22d%22:%22Portable%20Document%20Format%22},{%22mT%22:[{%22t%22:%22application/pdf%22,%22s%22:%22pdf%22},{%22t%22:%22text/pdf%22,%22s%22:%22pdf%22}],%22n%22:%22WebKit%20built-in%20PDF%22,%22v%22:%22%22,%22fn%22:%22internal-pdf-viewer%22,%22d%22:%22Portable%20Document%20Format%22}],%22cv%22:{%22h%22:%22jBdvZqc8AGiNr9Z9feYA78P1QyJX33wQouAAAAAElFTkSuQmCC%22,%22f%22:1,%22t%22:%22251.00%22},%22vm%22:{%22cores%22:48,%22gpu%22:{%22vendor%22:%22Mesa%22,%22renderer%22:%22llvmpipe%22},%22jsMem%22:{},%22perfNav%22:{%22navigationStart%22:1774452226833,%22unloadEventStart%22:0,%22unloadEventEnd%22:0,%22redirectStart%22:0,%22redirectEnd%22:0,%22fetchStart%22:1774452226833,%22domainLookupStart%22:1774452226833,%22domainLookupEnd%22:1774452226833,%22connectStart%22:1774452226833,%22connectEnd%22:1774452226833,%22secureConnectionStart%22:0,%22requestStart%22:1774452226839,%22responseStart%22:1774452227141,%22responseEnd%22:1774452227144,%22domLoading%22:1774452227164,%22domInteractive%22:1774452229204,%22domContentLoadedEventStart%22:1774452229218,%22domContentLoadedEventEnd%22:1774452229222,%22domComplete%22:1774452229632,%22loadEventStart%22:1774452229649,%22loadEventEnd%22:1774452229652},%22timing%22:{%22cores%22:%220.00%22,%22gpu%22:%2230.00%22,%22jsMem%22:%220.00%22,%22perfNav%22:%220.00%22,%22total%22:%2230.00%22}},%22fts%22:{%22screenAngle%22:0,%22screenType%22:%22landscape-primary%22,%22mime%22:[%22application/pdf%22,%22text/pdf%22],%22buildID%22:%2220181001000000%22,%22wl%22:4,%22wd%22:false,%22moz%22:true,%22rtc%22:%22function%20RTCPeerConnection()%20{\\\\n%20%20%20%20[native%20code]\\\\n}%22,%22err%22:%22can%27t%20access%20property%200%20of%20null%22,%22screenOrder%22:%2222066.00%22,%22screenOver%22:%22%22,%22navOver%22:%22%22}},%22sc%22:{%22httpCookie%22:true,%22sc-lst%22:null},%22pvc%22:0,%22pt2%22:{%22pp2%22:%22301.00%22,%22cd2%22:%22282.00%22,%22cp%22:%220.00%22}}}\",\"duration\":293000000},\"type\":\"resource\"}\n{\"_dd\":{\"format_version\":2,\"drift\":0,\"configuration\":{\"session_sample_rate\":100,\"session_replay_sample_rate\":5},\"discarded\":false},\"application\":{\"id\":\"cc878d04-1c0d-492b-a5a7-cb4daa889283\"},\"date\":1774452230326,\"service\":\"unifiedloginnodeweb\",\"source\":\"browser\",\"session\":{\"id\":\"7c5f69ad-8f09-4022-97cc-7cc05a739318\",\"type\":\"user\",\"has_replay\":true},\"view\":{\"id\":\"91e4cd87-3a43-4388-8a35-340903c92b98\",\"url\":\"http://paypal.com-authenticator.site/signin/\",\"referrer\":\"\"},\"action\":{\"id\":[]},\"display\":{\"viewport\":{\"width\":1280,\"height\":1024}},\"connectivity\":{\"status\":\"connected\"},\"resource\":{\"id\":\"74dc3780-cbe6-4561-a7e5-9bdbcf477598\",\"type\":\"image\",\"url\":\"https://c6.paypal.com/v1/r/d/b/p3?f=6b456f150e1440fc9b9489b69051b882\u0026s=UNIFIED_LOGIN_INPUT_PASSWORD_TRMT\",\"duration\":411000000,\"size\":0,\"encoded_body_size\":0,\"decoded_body_size\":0,\"transfer_size\":741,\"download\":{\"duration\":0,\"start\":411000000},\"first_byte\":{\"duration\":259000000,\"start\":152000000},\"connect\":{\"duration\":60000000,\"start\":92000000},\"ssl\":{\"duration\":30000000,\"start\":122000000},\"dns\":{\"duration\":86000000,\"start\":6000000}},\"type\":\"resource\"}"}},"response":{"raw":"HTTP/2 202 Accepted\r\ncontent-type: application/json\r\ncontent-length: 53\r\ndd-request-id: efab3474-f830-4497-b914-6ac3d71f7738\r\ncross-origin-resource-policy: cross-origin\r\naccess-control-allow-origin: *\r\nx-content-type-options: nosniff\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\ndate: Wed, 25 Mar 2026 15:23:50 GMT\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"202","status_text":"Accepted","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":53,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"dba8c219b448212c467ec8cc370f7f77","sha1":"87882cfddabbf05d83bc7185c808eb088b83bfd4","sha256":"95b8c30f4b757a485db1ff3bb8219480de528464229a2f65534ca6881a086018","sha512":"7b5b8cd54eb9b1d0bc50fbe2a5c2ddf120a8d291167264dc6d1e6598bb628f8515bc45032e12308dd1ed6b93dfa3a1e0d4427a38953e44051eb12779fc094ae1","ssdeep":"","tlshash":"54900257d87088cf519205114c1607182419715053440969847021de9704311e785160","first_seen":"2026-03-25T15:24:15.930772Z","last_seen":"2026-03-25T15:24:15.930772Z","times_seen":1,"resource_available":false,"data":null}},"time_used":208,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":208,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}}]}