Edit tour

Windows Analysis Report
https://www.paypal.com/signin/?returnUri=2Fmyaccount2Ftransfer2FpayRequest2FU-06C88558L1014094C2FU-2DM00000BR77214333FclassicUrl3D2FUS2Fcgi-bin2F3Fcmd3D_prq&id=Ry38v2FrK0UjF72A307PSNceYxU8e31AX6KM7A&expId=p2p&onboardData=7B22signUpRequest223A7B22method223A22get222C22url223A

Overview

General Information

Sample URL:	https://www.paypal.com/signin/?returnUri=2Fmyaccount2Ftransfer2FpayRequest2FU-06C88558L1014094C2FU-2DM00000BR77214333FclassicUrl3D2FUS2Fcgi-bin2F3Fcmd3D_prq&id=Ry38v2FrK0UjF72A307PSNceYxU8
Analysis ID:	1567866
Infos:

Detection

Score:	48
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Suricata IDS alerts for network traffic

HTML page contains hidden javascript code

HTML page contains string obfuscation

HTML title does not match URL

Classification

Process Tree

System is w10x64

chrome.exe (PID: 1904 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)

chrome.exe (PID: 5432 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2292 --field-trial-handle=2224,i,1056999728603779812,10405417576189410303,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)

chrome.exe (PID: 4836 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5064 --field-trial-handle=2224,i,1056999728603779812,10405417576189410303,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)

chrome.exe (PID: 3644 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5520 --field-trial-handle=2224,i,1056999728603779812,10405417576189410303,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)

chrome.exe (PID: 6300 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://www.paypal.com/signin/?returnUri=*2Fmyaccount*2Ftransfer*2FpayRequest*2FU-06C88558L1014094C*2FU-2DM00000BR7721433*3FclassicUrl*3D*2FUS*2Fcgi-bin*2F*3Fcmd*3D_prq&id=Ry38v2FrK0UjF72A307PSNceYxU8e31AX6KM7A&expId=p2p&onboardData=*7B*22signUpRequest*22*3A*7B*22method*22*3A*22get*22*2C*22url*22*3A*22https*3A*2F*2Fwww.paypal.com*2Fmyaccount*2Ftransfer*2FguestLogin*2FpayRequest*2FU-06C88558L1014094C*2FU-2DM00000BR7721433*3FclassicUrl*3D*2FUS*2Fcgi-bin*2F*3Fcmd*3D_prq*26id*3DRy38v2FrK0UjF72A307PSNceYxU8e31AX6KM7A*22*7D*7D&flowContextData=EPipLgYQkcQiPC6xPmHLsMuav-qVcafyzQ_WyOueO1YLprxlMy2pR71HozTcXvF3gDlTVCnYOiGO1RH-x7AipFN1b_fXcnymzC7htRa-Up9txf3z7YS5D19T0nlKma78-VkCV-TQDV5CW84rr3rCJNYe1-fM_jtU4E9Padf_oYXGfzDmevT97BhWrEB2gc-cCgFZtePLBN_tEqZ2EXbR1HfEixVltCquJW08dhO4loCGR0Fw-i9hA2gm89p74lOnm_ylvkeMAFpn0MW2giVYeRb3X0Q993Fc-WNeqYIyYpEqnx8lWPo6TeIWhqhOu3HF3VENmMaY6Nw84pRr3Et2JJaxNrKrdwGltz9Bbxuv5CKbKgj5FHLgD4yz3AaxBVHUmdApOlWCmLbKHzdVBa3Y_WNm9O8_MwExtGHJFp8NDUJAXIhZaK7XQl16wX5aXhnY7INelm&v=1&utm_source=unp&utm_medium=email&utm_campaign=RT000186&utm_unptid=edc46c96-b18e-11ef-a3e7-1b67a4a59178&ppid=RT000186&cnac=US&rsta=en_US*28en-US*29&unptid=edc46c96-b18e-11ef-a3e7-1b67a4a59178&calc=f66544940b4b2&unp_tpcid=requestmoney-notifications-requestee&page=main*3Aemail*3ART000186&pgrp=main*3Aemail&e=cl&mchn=em&s=ci&mail=sys&appVersion=1.294.0&tenant_name=&xt=145585*2C150948*2C104038&link_ref=www.paypal.com_signin__;JSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUlJQ!!E09OEw!ZFlf8dyv9p4m5TistHOCu6FtN37v8zWP5-QyGJsZhABWsjDIA2M-dGUPzMmvyOWcAxfX3C0KPvNI8A$" MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)

cleanup

Suricata Signatures

ET PHISHING Successful Paypal Phish Jan 23 2017

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-03T23:28:58.796725+0100	2023760	1	Successful Credential Theft Detected	192.168.2.7	49810	151.101.1.21	443	TCP
2024-12-03T23:29:27.123219+0100	2023760	1	Successful Credential Theft Detected	192.168.2.7	49968	151.101.1.21	443	TCP

ET PHISHING Successful Paypal Phish M1 Dec 8 2015

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-03T23:28:58.796725+0100	2031565	1	Successful Credential Theft Detected	192.168.2.7	49810	151.101.1.21	443	TCP
2024-12-03T23:29:27.123219+0100	2031565	1	Successful Credential Theft Detected	192.168.2.7	49968	151.101.1.21	443	TCP

ET PHISHING Successful Paypal Phish Oct 16 2017

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-03T23:28:58.796725+0100	2024846	1	Successful Credential Theft Detected	192.168.2.7	49810	151.101.1.21	443	TCP
2024-12-03T23:29:27.123219+0100	2024846	1	Successful Credential Theft Detected	192.168.2.7	49968	151.101.1.21	443	TCP

ETPRO PHISHING Successful Paypal Phish Oct 11 2016

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-03T23:28:58.796725+0100	2822573	1	Successful Credential Theft Detected	192.168.2.7	49810	151.101.1.21	443	TCP
2024-12-03T23:29:27.123219+0100	2822573	1	Successful Credential Theft Detected	192.168.2.7	49968	151.101.1.21	443	TCP

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

Source: https://www.paypal.com/signin

HTTP Parser: Base64 decoded: {"typ":"JWT","alg":"HS256"}

Source: https://www.paypalobjects.com/web/res/5c0/6ee6d0880dac04be108377cc39752/js/opinionLab/onlineOpinionPopup.js

HTTP Parser: Found new string: script /*. Spec #22956 OpinionLab. */..define(['opinionLab'], function(opinionLab) {...'use strict';..window.PAYPAL = window.PAYPAL ? window.PAYPAL : {};..var opVars = window.PAYPAL.opinionLabVars;...function showpopup(redirectTo) {...var mywin;...mywin = window.open('', '', 'top=3000,left=3000,width=1,height=1,menubar=0,scrollbars=0,resizeable=1');...if (mywin) {....mywin.document.open....var myURL = ""...../* This JS is customized for sparta because a JS call..... /* Comparing with corresponding XPT code - Removed the External opinionlab js from the popup content as it could not be loaded due to path issue */.....var HTML_txt = "<html><scr" + "ipt language='javascript'>";....HTML_txt = HTML_txt + "_hr='" + opinionLab._hr + "';";....HTML_txt = HTML_txt + "_ht='" + opinionLab._ht + "';";....HTML_txt = HTML_txt + "custom_var='" + opinionLab.custom_var + "';";.....if (( typeof opinionLab.baseurl == 'undefined')) {....} else {.....HTML_txt = HTML_txt + "baseurl='" + opinionLab.baseurl + "';";....}....if (( typeof opini...

Source: https://www.paypal.com/signin/?returnUri=2Fmyaccount2Ftransfer2FpayRequest2FU-06C88558L1014094C2FU-2DM00000BR77214333FclassicUrl3D2FUS2Fcgi-bin2F3Fcmd3D_prq&id=Ry38v2FrK0UjF72A307PSNceYxU8e31AX6KM7A&expId=p2p&onboardData=7B22signUpRequest223A7B22method223A22get222C22url223A22https3A2F2Fwww.paypal.com2Fmyaccount2Ftransfer2FguestLogin2FpayRequest2FU-06C88558L1014094C2FU-2DM00000BR77214333FclassicUrl3D2FUS2Fcgi-bin2F3Fcmd3D_prq26id3DRy38v2FrK0UjF72A307PSNceYxU8e31AX6KM7A227D7D&flowContextData=EPipLgYQkcQiPC6xPmHLsMuav-qVcafyzQ_WyOueO1YLprxlMy2pR71HozTcXvF3gDlTVCnYOiGO1RH-x7AipFN1b_fXcnymzC7htRa-Up9txf3z7YS5D19T0nlKma78-VkCV-TQDV5CW84rr3rCJNYe1-fM_jtU4E9Padf_oYXGfzDmevT97BhWrEB2gc-cCgFZtePLBN_tEqZ2EXbR1HfEixVltCquJW08dhO4loCGR0Fw-i9hA2gm89p74lOnm_ylvkeMAFpn0MW2giVYeRb3X0Q993Fc-WNeqYIyYpEqnx8lWPo6TeIWhqhOu3HF3VENmMaY6Nw84pRr3Et2JJaxNrKrdwGltz9Bbxuv5CKbKgj5FHLgD4yz3AaxBVHUmdApOlWCmLbKHzdVBa3Y_WNm9O8_MwExtGHJFp8NDUJAXIhZaK7XQl16wX5aXhnY7INelm&v=1&utm_source=unp&utm_med...	HTTP Parser: Title: does not match URL
Source: https://www.paypal.com/signin?cHJwPXJwdA=	HTTP Parser: Title: does not match URL

Source: https://www.paypal.com/signin?cHJwPXJwdA=	HTTP Parser: Iframe src: https://www.paypalobjects.com/webcaptcha/grcenterprise_v3_static.html
Source: https://www.paypal.com/signin?cHJwPXJwdA=	HTTP Parser: Iframe src: https://www.paypalobjects.com/webcaptcha/grcenterprise_v3_static.html

Source: https://www.paypal.com/signin/?returnUri=2Fmyaccount2Ftransfer2FpayRequest2FU-06C88558L1014094C2FU-2DM00000BR77214333FclassicUrl3D2FUS2Fcgi-bin2F3Fcmd3D_prq&id=Ry38v2FrK0UjF72A307PSNceYxU8e31AX6KM7A&expId=p2p&onboardData=7B22signUpRequest223A7B22method223A22get222C22url223A22https3A2F2Fwww.paypal.com2Fmyaccount2Ftransfer2FguestLogin2FpayRequest2FU-06C88558L1014094C2FU-2DM00000BR77214333FclassicUrl3D2FUS2Fcgi-bin2F3Fcmd3D_prq26id3DRy38v2FrK0UjF72A307PSNceYxU8e31AX6KM7A227D7D&flowContextData=EPipLgYQkcQiPC6xPmHLsMuav-qVcafyzQ_WyOueO1YLprxlMy2pR71HozTcXvF3gDlTVCnYOiGO1RH-x7AipFN1b_fXcnymzC7htRa-Up9txf3z7YS5D19T0nlKma78-VkCV-TQDV5CW84rr3rCJNYe1-fM_jtU4E9Padf_oYXGfzDmevT97BhWrEB2gc-cCgFZtePLBN_tEqZ2EXbR1HfEixVltCquJW08dhO4loCGR0Fw-i9hA2gm89p74lOnm_ylvkeMAFpn0MW2giVYeRb3X0Q993Fc-WNeqYIyYpEqnx8lWPo6TeIWhqhOu3HF3VENmMaY6Nw84pRr3Et2JJaxNrKrdwGltz9Bbxuv5CKbKgj5FHLgD4yz3AaxBVHUmdApOlWCmLbKHzdVBa3Y_WNm9O8_MwExtGHJFp8NDUJAXIhZaK7XQl16wX5aXhnY7INelm&v=1&utm_source=unp&utm_med...	HTTP Parser: <input type="password" .../> found
Source: https://www.paypal.com/signin?cHJwPXJwdA=	HTTP Parser: <input type="password" .../> found

Source: https://www.paypal.com/signin/?returnUri=2Fmyaccount2Ftransfer2FpayRequest2FU-06C88558L1014094C2FU-2DM00000BR77214333FclassicUrl3D2FUS2Fcgi-bin2F3Fcmd3D_prq&id=Ry38v2FrK0UjF72A307PSNceYxU8e31AX6KM7A&expId=p2p&onboardData=7B22signUpRequest223A7B22method223A22get222C22url223A22https3A2F2Fwww.paypal.com2Fmyaccount2Ftransfer2FguestLogin2FpayRequest2FU-06C88558L1014094C2FU-2DM00000BR77214333FclassicUrl3D2FUS2Fcgi-bin2F3Fcmd3D_prq26id3DRy38v2FrK0UjF72A307PSNceYxU8e31AX6KM7A227D7D&flowContextData=EPipLgYQkcQiPC6xPmHLsMuav-qVcafyzQ_WyOueO1YLprxlMy2pR71HozTcXvF3gDlTVCnYOiGO1RH-x7AipFN1b_fXcnymzC7htRa-Up9txf3z7YS5D19T0nlKma78-VkCV-TQDV5CW84rr3rCJNYe1-fM_jtU4E9Padf_oYXGfzDmevT97BhWrEB2gc-cCgFZtePLBN_tEqZ2EXbR1HfEixVltCquJW08dhO4loCGR0Fw-i9hA2gm89p74lOnm_ylvkeMAFpn0MW2giVYeRb3X0Q993Fc-WNeqYIyYpEqnx8lWPo6TeIWhqhOu3HF3VENmMaY6Nw84pRr3Et2JJaxNrKrdwGltz9Bbxuv5CKbKgj5FHLgD4yz3AaxBVHUmdApOlWCmLbKHzdVBa3Y_WNm9O8_MwExtGHJFp8NDUJAXIhZaK7XQl16wX5aXhnY7INelm&v=1&utm_source=unp&utm_med...	HTTP Parser: No favicon
Source: https://www.paypal.com/signin/?returnUri=2Fmyaccount2Ftransfer2FpayRequest2FU-06C88558L1014094C2FU-2DM00000BR77214333FclassicUrl3D2FUS2Fcgi-bin2F3Fcmd3D_prq&id=Ry38v2FrK0UjF72A307PSNceYxU8e31AX6KM7A&expId=p2p&onboardData=7B22signUpRequest223A7B22method223A22get222C22url223A22https3A2F2Fwww.paypal.com2Fmyaccount2Ftransfer2FguestLogin2FpayRequest2FU-06C88558L1014094C2FU-2DM00000BR77214333FclassicUrl3D2FUS2Fcgi-bin2F3Fcmd3D_prq26id3DRy38v2FrK0UjF72A307PSNceYxU8e31AX6KM7A227D7D&flowContextData=EPipLgYQkcQiPC6xPmHLsMuav-qVcafyzQ_WyOueO1YLprxlMy2pR71HozTcXvF3gDlTVCnYOiGO1RH-x7AipFN1b_fXcnymzC7htRa-Up9txf3z7YS5D19T0nlKma78-VkCV-TQDV5CW84rr3rCJNYe1-fM_jtU4E9Padf_oYXGfzDmevT97BhWrEB2gc-cCgFZtePLBN_tEqZ2EXbR1HfEixVltCquJW08dhO4loCGR0Fw-i9hA2gm89p74lOnm_ylvkeMAFpn0MW2giVYeRb3X0Q993Fc-WNeqYIyYpEqnx8lWPo6TeIWhqhOu3HF3VENmMaY6Nw84pRr3Et2JJaxNrKrdwGltz9Bbxuv5CKbKgj5FHLgD4yz3AaxBVHUmdApOlWCmLbKHzdVBa3Y_WNm9O8_MwExtGHJFp8NDUJAXIhZaK7XQl16wX5aXhnY7INelm&v=1&utm_source=unp&utm_med...	HTTP Parser: No favicon
Source: https://www.paypal.com/signin	HTTP Parser: No favicon
Source: https://www.paypal.com/signin	HTTP Parser: No favicon
Source: https://www.paypal.com/signin	HTTP Parser: No favicon
Source: https://www.paypal.com/signin	HTTP Parser: No favicon
Source: https://www.paypal.com/signin	HTTP Parser: No favicon
Source: https://www.paypal.com/signin	HTTP Parser: No favicon
Source: https://www.paypal.com/signin?cHJwPXJwdA=	HTTP Parser: No favicon
Source: https://www.paypal.com/signin?cHJwPXJwdA=	HTTP Parser: No favicon
Source: https://www.paypal.com/signin?cHJwPXJwdA=	HTTP Parser: No favicon
Source: https://www.paypal.com/signin?cHJwPXJwdA=	HTTP Parser: No favicon

Source: https://www.paypal.com/signin/?returnUri=2Fmyaccount2Ftransfer2FpayRequest2FU-06C88558L1014094C2FU-2DM00000BR77214333FclassicUrl3D2FUS2Fcgi-bin2F3Fcmd3D_prq&id=Ry38v2FrK0UjF72A307PSNceYxU8e31AX6KM7A&expId=p2p&onboardData=7B22signUpRequest223A7B22method223A22get222C22url223A22https3A2F2Fwww.paypal.com2Fmyaccount2Ftransfer2FguestLogin2FpayRequest2FU-06C88558L1014094C2FU-2DM00000BR77214333FclassicUrl3D2FUS2Fcgi-bin2F3Fcmd3D_prq26id3DRy38v2FrK0UjF72A307PSNceYxU8e31AX6KM7A227D7D&flowContextData=EPipLgYQkcQiPC6xPmHLsMuav-qVcafyzQ_WyOueO1YLprxlMy2pR71HozTcXvF3gDlTVCnYOiGO1RH-x7AipFN1b_fXcnymzC7htRa-Up9txf3z7YS5D19T0nlKma78-VkCV-TQDV5CW84rr3rCJNYe1-fM_jtU4E9Padf_oYXGfzDmevT97BhWrEB2gc-cCgFZtePLBN_tEqZ2EXbR1HfEixVltCquJW08dhO4loCGR0Fw-i9hA2gm89p74lOnm_ylvkeMAFpn0MW2giVYeRb3X0Q993Fc-WNeqYIyYpEqnx8lWPo6TeIWhqhOu3HF3VENmMaY6Nw84pRr3Et2JJaxNrKrdwGltz9Bbxuv5CKbKgj5FHLgD4yz3AaxBVHUmdApOlWCmLbKHzdVBa3Y_WNm9O8_MwExtGHJFp8NDUJAXIhZaK7XQl16wX5aXhnY7INelm&v=1&utm_source=unp&utm_med	HTTP Parser: No <meta name="author".. found
Source: https://www.paypal.com/signin?cHJwPXJwdA=	HTTP Parser: No <meta name="author".. found
Source: https://www.paypal.com/signin?cHJwPXJwdA=	HTTP Parser: No <meta name="author".. found

Source: https://www.paypal.com/signin/?returnUri=2Fmyaccount2Ftransfer2FpayRequest2FU-06C88558L1014094C2FU-2DM00000BR77214333FclassicUrl3D2FUS2Fcgi-bin2F3Fcmd3D_prq&id=Ry38v2FrK0UjF72A307PSNceYxU8e31AX6KM7A&expId=p2p&onboardData=7B22signUpRequest223A7B22method223A22get222C22url223A22https3A2F2Fwww.paypal.com2Fmyaccount2Ftransfer2FguestLogin2FpayRequest2FU-06C88558L1014094C2FU-2DM00000BR77214333FclassicUrl3D2FUS2Fcgi-bin2F3Fcmd3D_prq26id3DRy38v2FrK0UjF72A307PSNceYxU8e31AX6KM7A227D7D&flowContextData=EPipLgYQkcQiPC6xPmHLsMuav-qVcafyzQ_WyOueO1YLprxlMy2pR71HozTcXvF3gDlTVCnYOiGO1RH-x7AipFN1b_fXcnymzC7htRa-Up9txf3z7YS5D19T0nlKma78-VkCV-TQDV5CW84rr3rCJNYe1-fM_jtU4E9Padf_oYXGfzDmevT97BhWrEB2gc-cCgFZtePLBN_tEqZ2EXbR1HfEixVltCquJW08dhO4loCGR0Fw-i9hA2gm89p74lOnm_ylvkeMAFpn0MW2giVYeRb3X0Q993Fc-WNeqYIyYpEqnx8lWPo6TeIWhqhOu3HF3VENmMaY6Nw84pRr3Et2JJaxNrKrdwGltz9Bbxuv5CKbKgj5FHLgD4yz3AaxBVHUmdApOlWCmLbKHzdVBa3Y_WNm9O8_MwExtGHJFp8NDUJAXIhZaK7XQl16wX5aXhnY7INelm&v=1&utm_source=unp&utm_med...	HTTP Parser: No <meta name="copyright".. found
Source: https://www.paypal.com/signin?cHJwPXJwdA=	HTTP Parser: No <meta name="copyright".. found
Source: https://www.paypal.com/signin?cHJwPXJwdA=	HTTP Parser: No <meta name="copyright".. found

Source: unknown	HTTPS traffic detected: 23.218.208.109:443 -> 192.168.2.7:49707 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.218.208.109:443 -> 192.168.2.7:49710 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.246.63:443 -> 192.168.2.7:49718 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 4.175.87.197:443 -> 192.168.2.7:49743 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.109.210.53:443 -> 192.168.2.7:49996 version: TLS 1.2

Networking

Suricata IDS alerts for network traffic

Source: Network traffic	Suricata IDS: 2023760 - Severity 1 - ET PHISHING Successful Paypal Phish Jan 23 2017 : 192.168.2.7:49810 -> 151.101.1.21:443
Source: Network traffic	Suricata IDS: 2024846 - Severity 1 - ET PHISHING Successful Paypal Phish Oct 16 2017 : 192.168.2.7:49810 -> 151.101.1.21:443
Source: Network traffic	Suricata IDS: 2031565 - Severity 1 - ET PHISHING Successful Paypal Phish M1 Dec 8 2015 : 192.168.2.7:49810 -> 151.101.1.21:443
Source: Network traffic	Suricata IDS: 2822573 - Severity 1 - ETPRO PHISHING Successful Paypal Phish Oct 11 2016 : 192.168.2.7:49810 -> 151.101.1.21:443
Source: Network traffic	Suricata IDS: 2023760 - Severity 1 - ET PHISHING Successful Paypal Phish Jan 23 2017 : 192.168.2.7:49968 -> 151.101.1.21:443
Source: Network traffic	Suricata IDS: 2024846 - Severity 1 - ET PHISHING Successful Paypal Phish Oct 16 2017 : 192.168.2.7:49968 -> 151.101.1.21:443
Source: Network traffic	Suricata IDS: 2031565 - Severity 1 - ET PHISHING Successful Paypal Phish M1 Dec 8 2015 : 192.168.2.7:49968 -> 151.101.1.21:443
Source: Network traffic	Suricata IDS: 2822573 - Severity 1 - ETPRO PHISHING Successful Paypal Phish Oct 11 2016 : 192.168.2.7:49968 -> 151.101.1.21:443

Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.50.201.200
Source: unknown	TCP traffic detected without corresponding DNS query: 20.50.201.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.50.201.200
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 20.50.201.200
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknown	TCP traffic detected without corresponding DNS query: 20.50.201.200
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.63

Source: global traffic	HTTP traffic detected: GET /signin/?returnUri=2Fmyaccount2Ftransfer2FpayRequest2FU-06C88558L1014094C2FU-2DM00000BR77214333FclassicUrl3D2FUS2Fcgi-bin2F3Fcmd3D_prq&id=Ry38v2FrK0UjF72A307PSNceYxU8e31AX6KM7A&expId=p2p&onboardData=7B22signUpRequest223A7B22method223A22get222C22url223A22https3A2F2Fwww.paypal.com2Fmyaccount2Ftransfer2FguestLogin2FpayRequest2FU-06C88558L1014094C2FU-2DM00000BR77214333FclassicUrl3D2FUS2Fcgi-bin2F3Fcmd3D_prq26id3DRy38v2FrK0UjF72A307PSNceYxU8e31AX6KM7A227D7D&flowContextData=EPipLgYQkcQiPC6xPmHLsMuav-qVcafyzQ_WyOueO1YLprxlMy2pR71HozTcXvF3gDlTVCnYOiGO1RH-x7AipFN1b_fXcnymzC7htRa-Up9txf3z7YS5D19T0nlKma78-VkCV-TQDV5CW84rr3rCJNYe1-fM_jtU4E9Padf_oYXGfzDmevT97BhWrEB2gc-cCgFZtePLBN_tEqZ2EXbR1HfEixVltCquJW08dhO4loCGR0Fw-i9hA2gm89p74lOnm_ylvkeMAFpn0MW2giVYeRb3X0Q993Fc-WNeqYIyYpEqnx8lWPo6TeIWhqhOu3HF3VENmMaY6Nw84pRr3Et2JJaxNrKrdwGltz9Bbxuv5CKbKgj5FHLgD4yz3AaxBVHUmdApOlWCmLbKHzdVBa3Y_WNm9O8_MwExtGHJFp8NDUJAXIhZaK7XQl16wX5aXhnY7INelm&v=1&utm_source=unp&utm_medium=email&utm_campaign=RT000186&utm_unptid=edc46c96-b18e-11ef-a3e7-1b67a4a59178&ppid=RT000186&cnac=US&rsta=en_US28en-US29&unptid=edc46c96-b18e-11ef-a3e7-1b67a4a59178&calc=f66544940b4b2&unp_tpcid=requestmoney-notifications-requestee&page=main3Aemail3ART000186&pgrp=main3Aemail&e=cl&mchn=em&s=ci&mail=sys&appVersion=1.294.0&tenant_name=&xt=1455852C1509482C104038&link_ref=www.paypal.com_signin__;JSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUlJQ!!E09OEw!ZFlf8dyv9p4m5TistHOCu6FtN37v8zWP5-QyGJsZhABWsjDIA2M-dGUPzMmvyOWcAxfX3C0KPvNI8A$ HTTP/1.1Host: www.paypal.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /web/res/087/9f731d8bcedd5b7e7a3975c024278/css/app.css HTTP/1.1Host: www.paypalobjects.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://www.paypal.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /web/res/087/9f731d8bcedd5b7e7a3975c024278/js/lib/modernizr-2.6.1.js HTTP/1.1Host: www.paypalobjects.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.paypal.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /rdaAssets/fraudnet/sync/fn-sync-telemetry-min.js HTTP/1.1Host: www.paypalobjects.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.paypal.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /web/res/087/9f731d8bcedd5b7e7a3975c024278/js/lib/require.js HTTP/1.1Host: www.paypalobjects.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.paypal.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /tags.js HTTP/1.1Host: ddbm2.paypal.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.paypal.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: enforce_policy=ccpa; cookie_check=yes; d_id=7725997addae4c2da66bd27d929586dc1733264923004; LANG=en_US%3BUS; tsrce=unifiedloginnodeweb; x-pp-s=eyJ0IjoiMTczMzI2NDkyMzA2OSIsImwiOiIwIiwibSI6IjAifQ; l7_az=dcg14.slc; ts=vreXpYrS%3D1764800922%26vteXpYrS%3D1733266722%26vr%3D8ea3d9461930ad121082ef6cf7c2e8e3%26vt%3D8ea3d9461930ad121082ef6cf7c2e8e2%26vtyp%3Dnew; ts_c=vr%3D8ea3d9461930ad121082ef6cf7c2e8e3%26vt%3D8ea3d9461930ad121082ef6cf7c2e8e2
Source: global traffic	HTTP traffic detected: GET /web/res/087/9f731d8bcedd5b7e7a3975c024278/js/app.js HTTP/1.1Host: www.paypalobjects.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.paypal.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /pa/js/min/pa.js HTTP/1.1Host: www.paypalobjects.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.paypal.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /rules/other-Win32-v19.bundle HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rdaAssets/fraudnet/sync/fn-sync-telemetry-min.js HTTP/1.1Host: www.paypalobjects.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /web/res/087/9f731d8bcedd5b7e7a3975c024278/js/widgets/clientCalLogger.js HTTP/1.1Host: www.paypalobjects.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.paypal.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /web/res/087/9f731d8bcedd5b7e7a3975c024278/js/lib/modernizr-2.6.1.js HTTP/1.1Host: www.paypalobjects.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /web/res/087/9f731d8bcedd5b7e7a3975c024278/js/widgets/errorDetector.js HTTP/1.1Host: www.paypalobjects.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.paypal.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /images/shared/paypal-logo-129x32.svg HTTP/1.1Host: www.paypalobjects.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.paypalobjects.com/web/res/087/9f731d8bcedd5b7e7a3975c024278/css/app.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /web/res/087/9f731d8bcedd5b7e7a3975c024278/js/lib/require.js HTTP/1.1Host: www.paypalobjects.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /web/res/087/9f731d8bcedd5b7e7a3975c024278/js/app.js HTTP/1.1Host: www.paypalobjects.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /pa/js/min/pa.js HTTP/1.1Host: www.paypalobjects.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /webcaptcha/ngrlCaptcha.min.js HTTP/1.1Host: www.paypalobjects.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.paypal.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /tags.js HTTP/1.1Host: ddbm2.paypal.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: enforce_policy=ccpa; cookie_check=yes; d_id=7725997addae4c2da66bd27d929586dc1733264923004; LANG=en_US%3BUS; tsrce=unifiedloginnodeweb; x-pp-s=eyJ0IjoiMTczMzI2NDkyMzA2OSIsImwiOiIwIiwibSI6IjAifQ; l7_az=dcg14.slc; ts=vreXpYrS%3D1764800922%26vteXpYrS%3D1733266722%26vr%3D8ea3d9461930ad121082ef6cf7c2e8e3%26vt%3D8ea3d9461930ad121082ef6cf7c2e8e2%26vtyp%3Dnew; ts_c=vr%3D8ea3d9461930ad121082ef6cf7c2e8e3%26vt%3D8ea3d9461930ad121082ef6cf7c2e8e2
Source: global traffic	HTTP traffic detected: GET /rules/rule120600v4s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120402v21s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule224902v2s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120609v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120608v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /ts?v=1.9.5&t=1733264925466&g=300&e=ac&tsrce=unp&ppid=RT000186&space_key=SKCPAD&utm_source=unp&utm_medium=email&utm_campaign=RT000186&utm_unptid=edc46c96-b18e-11ef-a3e7-1b67a4a59178&cnac=US&rsta=en_US28en-US29&unptid=edc46c96-b18e-11ef-a3e7-1b67a4a59178&calc=f66544940b4b2&unp_tpcid=requestmoney-notifications-requestee&page=main3Aemail3ART000186&pgrp=main3Aemail&s=ci&mail=sys&appVersion=1.294.0&xt=1455852C1509482C104038&link_ref=www.paypal.com_signin__%3BJSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUlJQ!!E09OEw!ZFlf8dyv9p4m5TistHOCu6FtN37v8zWP5-QyGJsZhABWsjDIA2M-dGUPzMmvyOWcAxfX3C0KPvNI8A%24&event_name=external_deep_link_processed HTTP/1.1Host: t.paypal.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.paypal.com/signin/?returnUri=2Fmyaccount2Ftransfer2FpayRequest2FU-06C88558L1014094C2FU-2DM00000BR77214333FclassicUrl3D2FUS2Fcgi-bin2F3Fcmd3D_prq&id=Ry38v2FrK0UjF72A307PSNceYxU8e31AX6KM7A&expId=p2p&onboardData=7B22signUpRequest223A7B22method223A22get222C22url223A22https3A2F2Fwww.paypal.com2Fmyaccount2Ftransfer2FguestLogin2FpayRequest2FU-06C88558L1014094C2FU-2DM00000BR77214333FclassicUrl3D2FUS2Fcgi-bin2F3Fcmd3D_prq26id3DRy38v2FrK0UjF72A307PSNceYxU8e31AX6KM7A227D7D&flowContextData=EPipLgYQkcQiPC6xPmHLsMuav-qVcafyzQ_WyOueO1YLprxlMy2pR71HozTcXvF3gDlTVCnYOiGO1RH-x7AipFN1b_fXcnymzC7htRa-Up9txf3z7YS5D19T0nlKma78-VkCV-TQDV5CW84rr3rCJNYe1-fM_jtU4E9Padf_oYXGfzDmevT97BhWrEB2gc-cCgFZtePLBN_tEqZ2EXbR1HfEixVltCquJW08dhO4loCGR0Fw-i9hA2gm89p74lOnm_ylvkeMAFpn0MW2giVYeRb3X0Q993Fc-WNeqYIyYpEqnx8lWPo6TeIWhqhOu3HF3VENmMaY6Nw84pRr3Et2JJaxNrKrdwGltz9Bbxuv5CKbKgj5FHLgD4yz3AaxBVHUmdApOlWCmLbKHzdVBa3Y_WNm9O8_MwExtGHJFp8NDUJAXIhZaK7XQl16wX5aXhnY7INelm&v=1&utm_source=unp&utm_medium=email&utm_campaign=RT000186&utm_unptid=edc46c96-b18e-11ef-a3e7-1b67a4a59178&ppid=RT000186&cnac=US&rsta=en_US28en-US29&unptid=edc46c96-b18e-11ef-a3e7-1b67a4a59178&calc=f66544940b4b2&unp_tpcid=requestmoney-notifications-requestee&page=main3Aemail3ART000186&pgrp=main3Aemail&e=cl&mchn=em&s=ci&mail=sys&appVersion=1.294.0&tenant_name=&xt=1455852C150948*2C104038&link_ref=www.paypal.com_signin__;JSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUlJQ!!E09OEw!ZFlf8dyv9p4m5TistHOCu6FtN37v8zWP5-QyGJsZhABWsjDIA2M-dGUPzMmvyOWcAxfX3C0KPvNI8A$Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: enforce_policy=ccpa; cookie_check=yes; d_id=7725997addae4c2da66bd27d929586dc1733264923004; LANG=en_US%3BUS; tsrce=unifiedloginnodeweb; x-pp-s=eyJ0IjoiMTczMzI2NDkyMzA2OSIsImwiOiIwIiwibSI6IjAifQ;
Source: global traffic	HTTP traffic detected: GET /web/res/087/9f731d8bcedd5b7e7a3975c024278/js/widgets/clientCalLogger.js HTTP/1.1Host: www.paypalobjects.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /web/res/087/9f731d8bcedd5b7e7a3975c024278/js/widgets/errorDetector.js HTTP/1.1Host: www.paypalobjects.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /webcaptcha/grcenterprise_v3_static.js HTTP/1.1Host: www.paypalobjects.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.paypal.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /martech/tm/paypal/mktgtagmanager.js HTTP/1.1Host: www.paypalobjects.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.paypal.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://www.paypal.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /pa/mi/paypal/latmconf.js HTTP/1.1Host: www.paypalobjects.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.paypal.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://www.paypal.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /images/shared/paypal-logo-129x32.svg HTTP/1.1Host: www.paypalobjects.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /webcaptcha/ngrlCaptcha.min.js HTTP/1.1Host: www.paypalobjects.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /web/res/087/9f731d8bcedd5b7e7a3975c024278/js/browser_modules/dustjs-linkedin/dist/dust-full.js HTTP/1.1Host: www.paypalobjects.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.paypal.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ts?v=1.9.5&t=1733264925593&g=300&e=ac&tsrce=unp&ppid=RT000186&space_key=SKCPAD&utm_source=unp&utm_medium=email&utm_campaign=RT000186&utm_unptid=edc46c96-b18e-11ef-a3e7-1b67a4a59178&cnac=US&rsta=en_US28en-US29&unptid=edc46c96-b18e-11ef-a3e7-1b67a4a59178&calc=f66544940b4b2&unp_tpcid=requestmoney-notifications-requestee&page=main3Aemail3ART000186&pgrp=main3Aemail&s=ci&mail=sys&appVersion=1.294.0&xt=1455852C1509482C104038&link_ref=www.paypal.com_signin__%3BJSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUlJQ!!E09OEw!ZFlf8dyv9p4m5TistHOCu6FtN37v8zWP5-QyGJsZhABWsjDIA2M-dGUPzMmvyOWcAxfX3C0KPvNI8A%24&event_name=external_deep_link_processed&t=1733264925466&v=1.9.5 HTTP/1.1Host: t.paypal.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.paypal.com/signin/?returnUri=2Fmyaccount2Ftransfer2FpayRequest2FU-06C88558L1014094C2FU-2DM00000BR77214333FclassicUrl3D2FUS2Fcgi-bin2F3Fcmd3D_prq&id=Ry38v2FrK0UjF72A307PSNceYxU8e31AX6KM7A&expId=p2p&onboardData=7B22signUpRequest223A7B22method223A22get222C22url223A22https3A2F2Fwww.paypal.com2Fmyaccount2Ftransfer2FguestLogin2FpayRequest2FU-06C88558L1014094C2FU-2DM00000BR77214333FclassicUrl3D2FUS2Fcgi-bin2F3Fcmd3D_prq26id3DRy38v2FrK0UjF72A307PSNceYxU8e31AX6KM7A227D7D&flowContextData=EPipLgYQkcQiPC6xPmHLsMuav-qVcafyzQ_WyOueO1YLprxlMy2pR71HozTcXvF3gDlTVCnYOiGO1RH-x7AipFN1b_fXcnymzC7htRa-Up9txf3z7YS5D19T0nlKma78-VkCV-TQDV5CW84rr3rCJNYe1-fM_jtU4E9Padf_oYXGfzDmevT97BhWrEB2gc-cCgFZtePLBN_tEqZ2EXbR1HfEixVltCquJW08dhO4loCGR0Fw-i9hA2gm89p74lOnm_ylvkeMAFpn0MW2giVYeRb3X0Q993Fc-WNeqYIyYpEqnx8lWPo6TeIWhqhOu3HF3VENmMaY6Nw84pRr3Et2JJaxNrKrdwGltz9Bbxuv5CKbKgj5FHLgD4yz3AaxBVHUmdApOlWCmLbKHzdVBa3Y_WNm9O8_MwExtGHJFp8NDUJAXIhZaK7XQl16wX5aXhnY7INelm&v=1&utm_source=unp&utm_medium=email&utm_campaign=RT000186&utm_unptid=edc46c96-b18e-11ef-a3e7-1b67a4a59178&ppid=RT000186&cnac=US&rsta=en_US28en-US29&unptid=edc46c96-b18e-11ef-a3e7-1b67a4a59178&calc=f66544940b4b2&unp_tpcid=requestmoney-notifications-requestee&page=main3Aemail3ART000186&pgrp=main3Aemail&e=cl&mchn=em&s=ci&mail=sys&appVersion=1.294.0&tenant_name=&xt=1455852C150948*2C104038&link_ref=www.paypal.com_signin__;JSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUlJQ!!E09OEw!ZFlf8dyv9p4m5TistHOCu6FtN37v8zWP5-QyGJsZhABWsjDIA2M-dGUPzMmvyOWcAxfX3C0KPvNI8A$Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: enforce_policy=ccpa; cookie_check=yes; d_id=7725997addae4c2da66bd27d929586dc1733264923004; LANG=en_US%3BUS; tsrce=unifiedloginnodeweb; x-pp-s=eyJ0IjoiMTczMzI2NDkyMzA2OSI
Source: global traffic	HTTP traffic detected: GET /ts?v=1.9.5&t=1733264925466&g=300&e=ac&tsrce=unp&ppid=RT000186&space_key=SKCPAD&utm_source=unp&utm_medium=email&utm_campaign=RT000186&utm_unptid=edc46c96-b18e-11ef-a3e7-1b67a4a59178&cnac=US&rsta=en_US28en-US29&unptid=edc46c96-b18e-11ef-a3e7-1b67a4a59178&calc=f66544940b4b2&unp_tpcid=requestmoney-notifications-requestee&page=main3Aemail3ART000186&pgrp=main3Aemail&s=ci&mail=sys&appVersion=1.294.0&xt=1455852C1509482C104038&link_ref=www.paypal.com_signin__%3BJSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUlJQ!!E09OEw!ZFlf8dyv9p4m5TistHOCu6FtN37v8zWP5-QyGJsZhABWsjDIA2M-dGUPzMmvyOWcAxfX3C0KPvNI8A%24&event_name=external_deep_link_processed HTTP/1.1Host: t.paypal.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: enforce_policy=ccpa; cookie_check=yes; d_id=7725997addae4c2da66bd27d929586dc1733264923004; LANG=en_US%3BUS; tsrce=unifiedloginnodeweb; x-pp-s=eyJ0IjoiMTczMzI2NDkyMzA2OSIsImwiOiIwIiwibSI6IjAifQ; l7_az=dcg14.slc; ts_c=vr%3D8ea3d9461930ad121082ef6cf7c2e8e3%26vt%3D8ea3d9461930ad121082ef6cf7c2e8e2; datadome=xtf1dxo8AOMVAq~TWxMGe9uUpfEwwflYHmRowdVWyyXv8ePrWiPtnlbrY9zAlII2QbkSc_KGXhQgzniWUtANIm1vpnLfbDNwWW7QNt9czYWod9Ej5KpoOutQ5tdz5zvn; ts=vreXpYrS%3D1764800930%26vteXpYrS%3D1733266730%26vr%3D8ea3d9461930ad121082ef6cf7c2e8e3%26vt%3D8ea3d9461930ad121082ef6cf7c2e8e2%26vtyp%3Dnew
Source: global traffic	HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=cYtZgsf87n8No3k&MD=gyayWuYD HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /js/ HTTP/1.1Host: ddbm2.paypal.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: enforce_policy=ccpa; cookie_check=yes; d_id=7725997addae4c2da66bd27d929586dc1733264923004; LANG=en_US%3BUS; tsrce=unifiedloginnodeweb; x-pp-s=eyJ0IjoiMTczMzI2NDkyMzA2OSIsImwiOiIwIiwibSI6IjAifQ; l7_az=dcg14.slc; ts=vreXpYrS%3D1764800922%26vteXpYrS%3D1733266722%26vr%3D8ea3d9461930ad121082ef6cf7c2e8e3%26vt%3D8ea3d9461930ad121082ef6cf7c2e8e2%26vtyp%3Dnew; ts_c=vr%3D8ea3d9461930ad121082ef6cf7c2e8e3%26vt%3D8ea3d9461930ad121082ef6cf7c2e8e2; datadome=xtf1dxo8AOMVAq~TWxMGe9uUpfEwwflYHmRowdVWyyXv8ePrWiPtnlbrY9zAlII2QbkSc_KGXhQgzniWUtANIm1vpnLfbDNwWW7QNt9czYWod9Ej5KpoOutQ5tdz5zvn
Source: global traffic	HTTP traffic detected: GET /rules/rule120612v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120614v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /web/res/087/9f731d8bcedd5b7e7a3975c024278/js/core/nougat.js HTTP/1.1Host: www.paypalobjects.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.paypal.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /web/res/087/9f731d8bcedd5b7e7a3975c024278/js/router.js HTTP/1.1Host: www.paypalobjects.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.paypal.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /rules/rule120611v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120610v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120613v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /webcaptcha/grcenterprise_v3_static.js HTTP/1.1Host: www.paypalobjects.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /web/res/087/9f731d8bcedd5b7e7a3975c024278/js/view/mainContentView.js HTTP/1.1Host: www.paypalobjects.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.paypal.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /web/res/087/9f731d8bcedd5b7e7a3975c024278/js/widgets/analytics.js HTTP/1.1Host: www.paypalobjects.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.paypal.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /martech/tm/paypal/mktgtagmanager.js HTTP/1.1Host: www.paypalobjects.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /pa/mi/paypal/latmconf.js HTTP/1.1Host: www.paypalobjects.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /webcaptcha/grcenterprise_v3_static.html HTTP/1.1Host: www.paypalobjects.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://www.paypal.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /web/res/087/9f731d8bcedd5b7e7a3975c024278/js/lib/jquery-3.7.0.js HTTP/1.1Host: www.paypalobjects.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.paypal.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ts?v=1.9.5&t=1733264925593&g=300&e=ac&tsrce=unp&ppid=RT000186&space_key=SKCPAD&utm_source=unp&utm_medium=email&utm_campaign=RT000186&utm_unptid=edc46c96-b18e-11ef-a3e7-1b67a4a59178&cnac=US&rsta=en_US28en-US29&unptid=edc46c96-b18e-11ef-a3e7-1b67a4a59178&calc=f66544940b4b2&unp_tpcid=requestmoney-notifications-requestee&page=main3Aemail3ART000186&pgrp=main3Aemail&s=ci&mail=sys&appVersion=1.294.0&xt=1455852C1509482C104038&link_ref=www.paypal.com_signin__%3BJSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUlJQ!!E09OEw!ZFlf8dyv9p4m5TistHOCu6FtN37v8zWP5-QyGJsZhABWsjDIA2M-dGUPzMmvyOWcAxfX3C0KPvNI8A%24&event_name=external_deep_link_processed&t=1733264925466&v=1.9.5 HTTP/1.1Host: t.paypal.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: enforce_policy=ccpa; cookie_check=yes; d_id=7725997addae4c2da66bd27d929586dc1733264923004; LANG=en_US%3BUS; tsrce=unifiedloginnodeweb; x-pp-s=eyJ0IjoiMTczMzI2NDkyMzA2OSIsImwiOiIwIiwibSI6IjAifQ; l7_az=dcg14.slc; ts_c=vr%3D8ea3d9461930ad121082ef6cf7c2e8e3%26vt%3D8ea3d9461930ad121082ef6cf7c2e8e2; datadome=xtf1dxo8AOMVAq~TWxMGe9uUpfEwwflYHmRowdVWyyXv8ePrWiPtnlbrY9zAlII2QbkSc_KGXhQgzniWUtANIm1vpnLfbDNwWW7QNt9czYWod9Ej5KpoOutQ5tdz5zvn; ts=vreXpYrS%3D1764800931%26vteXpYrS%3D1733266731%26vr%3D8ea3d9461930ad121082ef6cf7c2e8e3%26vt%3D8ea3d9461930ad121082ef6cf7c2e8e2%26vtyp%3Dnew
Source: global traffic	HTTP traffic detected: GET /web/res/087/9f731d8bcedd5b7e7a3975c024278/js/lib/underscore-1.13.6.js HTTP/1.1Host: www.paypalobjects.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.paypal.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /web/res/087/9f731d8bcedd5b7e7a3975c024278/js/browser_modules/dustjs-linkedin/dist/dust-full.js HTTP/1.1Host: www.paypalobjects.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /rules/rule120617v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120615v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120616v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /martech/tm/paypal/mktconf.js HTTP/1.1Host: www.paypalobjects.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.paypal.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://www.paypal.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /rules/rule120618v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /web/res/087/9f731d8bcedd5b7e7a3975c024278/js/router.js HTTP/1.1Host: www.paypalobjects.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /web/res/087/9f731d8bcedd5b7e7a3975c024278/js/core/nougat.js HTTP/1.1Host: www.paypalobjects.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /pa/3pjs/tl/6.4.65/patleaf.js HTTP/1.1Host: www.paypalobjects.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.paypal.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://www.paypal.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /web/res/087/9f731d8bcedd5b7e7a3975c024278/js/browser_modules/dust-makara-helpers/browser.amd.js HTTP/1.1Host: www.paypalobjects.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.paypal.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /web/res/087/9f731d8bcedd5b7e7a3975c024278/js/widgets/analytics.js HTTP/1.1Host: www.paypalobjects.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /web/res/087/9f731d8bcedd5b7e7a3975c024278/js/view/mainContentView.js HTTP/1.1Host: www.paypalobjects.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /rules/rule120619v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /web/res/087/9f731d8bcedd5b7e7a3975c024278/js/browser_modules/dusthelpers-supplement/index.js HTTP/1.1Host: www.paypalobjects.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.paypal.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /web/res/087/9f731d8bcedd5b7e7a3975c024278/js/lib/jquery-3.7.0.js HTTP/1.1Host: www.paypalobjects.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /web/res/087/9f731d8bcedd5b7e7a3975c024278/js/lib/dustmotes-iterate.js HTTP/1.1Host: www.paypalobjects.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.paypal.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /web/res/087/9f731d8bcedd5b7e7a3975c024278/js/browser_modules/pulvus-provide/provide.js HTTP/1.1Host: www.paypalobjects.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.paypal.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /web/res/087/9f731d8bcedd5b7e7a3975c024278/js/lib/underscore-1.13.6.js HTTP/1.1Host: www.paypalobjects.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /rules/rule120620v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120621v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120622v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120623v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120624v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /web/res/087/9f731d8bcedd5b7e7a3975c024278/js/browser_modules/dustjs-helpers/dist/dust-helpers.js HTTP/1.1Host: www.paypalobjects.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.paypal.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /web/res/087/9f731d8bcedd5b7e7a3975c024278/js/browser_modules/dust-makara-helpers/browser.amd.js HTTP/1.1Host: www.paypalobjects.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /web/res/087/9f731d8bcedd5b7e7a3975c024278/js/browser_modules/dusthelpers-supplement/index.js HTTP/1.1Host: www.paypalobjects.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /web/res/087/9f731d8bcedd5b7e7a3975c024278/en-US/_languagepack.js HTTP/1.1Host: www.paypalobjects.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.paypal.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /pa/3pjs/tl/6.4.65/patleaf.js HTTP/1.1Host: www.paypalobjects.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /web/res/087/9f731d8bcedd5b7e7a3975c024278/js/core/baseView.js HTTP/1.1Host: www.paypalobjects.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.paypal.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /web/res/087/9f731d8bcedd5b7e7a3975c024278/js/lib/dustmotes-iterate.js HTTP/1.1Host: www.paypalobjects.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ts?v=1.9.5&t=1733264935657&g=300&pgrp=main%3Aunifiedlogin%3A%3A%3Alogin&page=main%3Aunifiedlogin%3A%3A%3Alogin%3Alegacy-web-dyn&pgst=1733264922987&calc=f746281626d66&nsid=evj4EdWICYTM74vseTBj8oH7j-C4iJNk&rsta=en_US&pgtf=Nodejs&env=live&s=ci&ccpg=US&csci=7725997addae4c2da66bd27d929586dc&comp=unifiedloginnodeweb&tsrce=unifiedloginnodeweb&cu=0&ef_policy=ccpa&xe=100353%2C106885%2C105604%2C105604%2C105351%2C101126%2C100614%2C101257%2C102153%2C104200%2C104200%2C105352%2C109195%2C104458%2C104458%2C100364%2C105999%2C100885%2C109334%2C109334%2C101270%2C102557%2C102557%2C101408%2C101408%2C104227%2C104227%2C100644%2C105124%2C100391%2C102695%2C100263%2C101031%2C100267%2C108076%2C100527%2C106031%2C106031%2C107054%2C107054%2C106033%2C106033%2C106032%2C106032%2C105392%2C105392%2C106035%2C106035%2C106034%2C106034%2C106036%2C106036%2C105271%2C110648%2C101688%2C101821%2C101820%2C102208%2C105543%2C105544%2C105416%2C105416%2C101064%2C106058%2C104778%2C103119%2C100303%2C100942%2C105553%2C105553%2C105552%2C105552%2C100304%2C105554%2C105554%2C101334%2C100572%2C101215%2C101214%2C101470%2C101216%2C103648%2C101472%2C101090%2C105698%2C102629%2C101735%2C104039%2C104039%2C104038%2C104038%2C101736%2C109931%2C110442%2C108653%2C108652%2C100846%2C109040%2C105843%2C105843%2C101875%2C105845%2C105845%2C105844%2C105844%2C109047%2C102390%2C102390%2C104571%2C104571%2C105340%2C105340%2C107263%2C107263%2C109195%2C108076%2C109047&xt=100886%2C132008%2C124899%2C124899%2C123668%2C103409%2C101617%2C104043%2C107844%2C127485%2C127485%2C123683%2C144027%2C119355%2C119355%2C103733%2C127242%2C102543%2C144768%2C144768%2C106407%2C109630%2C109630%2C104577%2C104577%2C120155%2C120155%2C101702%2C122483%2C100984%2C110241%2C100632%2C102993%2C100641%2C138090%2C101405%2C127662%2C127662%2C132781%2C132781%2C127659%2C127659%2C127666%2C127666%2C123875%2C123875%2C127651%2C127651%2C127655%2C127655%2C127648%2C127648%2C123248%2C152289%2C105645%2C106327%2C106324%2C108106%2C124626%2C124629%2C123994%2C123994%2C103105%2C127563%2C121149%2C112308%2C100722%2C113529%2C124686%2C124686%2C124682%2C124682%2C100727%2C124696%2C124696%2C104357%2C101510%2C103848%2C103847%2C104754%2C103864%2C114559%2C104762%2C103240%2C125356%2C109962%2C105856%2C120731%2C120731%2C120736%2C120736%2C105858%2C147989%2C150774%2C141151%2C141149%2C102359%2C143321%2C126375%2C126375%2C106610%2C126401%2C126401%2C126385%2C126385%2C143343%2C108797%2C108797%2C119908%2C119908%2C123611%2C123611%2C133840%2C133840%2C144027%2C138090%2C143343&obex=p2p&userRedirected=true&post_login_redirect=returnUri&ret_url=%2F2Fmyaccount2Ftransfer2FpayRequest2FU-06C88558L1014094C2FU-2DM00000BR77214333FclassicUrl3D2FUS2Fcgi-bin2F3Fcmd3D_prq&link=unifiedlogin-login-submit&pglk=main%3Aunifiedlogin%3A%3A%3Alogin%7CbtnLogin&pgln=main%3Aunifiedlogin%3A%3A%3Alogin%3Alegacy-web-dyn%7CbtnLogin&e=cl HTTP/1.1Host: t.paypal.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (
Source: global traffic	HTTP traffic detected: GET /ts?v=1.9.5&t=1733264935660&g=300&pgrp=main%3Aunifiedlogin%3A%3A%3Alogin&page=main%3Aunifiedlogin%3A%3A%3Alogin%3Alegacy-web-dyn&pgst=1733264922987&calc=f746281626d66&nsid=evj4EdWICYTM74vseTBj8oH7j-C4iJNk&rsta=en_US&pgtf=Nodejs&env=live&s=ci&ccpg=US&csci=7725997addae4c2da66bd27d929586dc&comp=unifiedloginnodeweb&tsrce=unifiedloginnodeweb&cu=0&ef_policy=ccpa&xe=100353%2C106885%2C105604%2C105604%2C105351%2C101126%2C100614%2C101257%2C102153%2C104200%2C104200%2C105352%2C109195%2C104458%2C104458%2C100364%2C105999%2C100885%2C109334%2C109334%2C101270%2C102557%2C102557%2C101408%2C101408%2C104227%2C104227%2C100644%2C105124%2C100391%2C102695%2C100263%2C101031%2C100267%2C108076%2C100527%2C106031%2C106031%2C107054%2C107054%2C106033%2C106033%2C106032%2C106032%2C105392%2C105392%2C106035%2C106035%2C106034%2C106034%2C106036%2C106036%2C105271%2C110648%2C101688%2C101821%2C101820%2C102208%2C105543%2C105544%2C105416%2C105416%2C101064%2C106058%2C104778%2C103119%2C100303%2C100942%2C105553%2C105553%2C105552%2C105552%2C100304%2C105554%2C105554%2C101334%2C100572%2C101215%2C101214%2C101470%2C101216%2C103648%2C101472%2C101090%2C105698%2C102629%2C101735%2C104039%2C104039%2C104038%2C104038%2C101736%2C109931%2C110442%2C108653%2C108652%2C100846%2C109040%2C105843%2C105843%2C101875%2C105845%2C105845%2C105844%2C105844%2C109047%2C102390%2C102390%2C104571%2C104571%2C105340%2C105340%2C107263%2C107263%2C109195%2C108076%2C109047&xt=100886%2C132008%2C124899%2C124899%2C123668%2C103409%2C101617%2C104043%2C107844%2C127485%2C127485%2C123683%2C144027%2C119355%2C119355%2C103733%2C127242%2C102543%2C144768%2C144768%2C106407%2C109630%2C109630%2C104577%2C104577%2C120155%2C120155%2C101702%2C122483%2C100984%2C110241%2C100632%2C102993%2C100641%2C138090%2C101405%2C127662%2C127662%2C132781%2C132781%2C127659%2C127659%2C127666%2C127666%2C123875%2C123875%2C127651%2C127651%2C127655%2C127655%2C127648%2C127648%2C123248%2C152289%2C105645%2C106327%2C106324%2C108106%2C124626%2C124629%2C123994%2C123994%2C103105%2C127563%2C121149%2C112308%2C100722%2C113529%2C124686%2C124686%2C124682%2C124682%2C100727%2C124696%2C124696%2C104357%2C101510%2C103848%2C103847%2C104754%2C103864%2C114559%2C104762%2C103240%2C125356%2C109962%2C105856%2C120731%2C120731%2C120736%2C120736%2C105858%2C147989%2C150774%2C141151%2C141149%2C102359%2C143321%2C126375%2C126375%2C106610%2C126401%2C126401%2C126385%2C126385%2C143343%2C108797%2C108797%2C119908%2C119908%2C123611%2C123611%2C133840%2C133840%2C144027%2C138090%2C143343&obex=p2p&userRedirected=true&post_login_redirect=returnUri&ret_url=%2F2Fmyaccount2Ftransfer2FpayRequest2FU-06C88558L1014094C2FU-2DM00000BR77214333FclassicUrl3D2FUS2Fcgi-bin2F3Fcmd3D_prq&e=im&imsrc=setup&view=%7B%22t10%22%3A1495%2C%22t11%22%3A10419%2C%22tcp%22%3A5473%2C%22et%22%3A%223g%22%2C%22nt%22%3A%22navigate%22%2C%22bt%22%3A306%7D&cd=24&sw=1280&sh=1024&dw=1280&dh=1024&bw=1280&bh=907&ce=1&t1=1495&t1c=1495&t1d=169&t1s=1276&t2=596&t3=214&t4d=0&t4=0&t4e=7106&tt=0&rdc=0&protocol=http%2F1.1&cdn=fastly&res=%7B%7D&r
Source: global traffic	HTTP traffic detected: GET /web/res/087/9f731d8bcedd5b7e7a3975c024278/js/view/pageView.js HTTP/1.1Host: www.paypalobjects.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.paypal.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /web/res/087/9f731d8bcedd5b7e7a3975c024278/js/widgets/postMessage.js HTTP/1.1Host: www.paypalobjects.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.paypal.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /web/res/087/9f731d8bcedd5b7e7a3975c024278/js/browser_modules/pulvus-provide/provide.js HTTP/1.1Host: www.paypalobjects.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /web/res/087/9f731d8bcedd5b7e7a3975c024278/js/view/authcaptcha.js HTTP/1.1Host: www.paypalobjects.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.paypal.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /martech/tm/paypal/mktconf.js HTTP/1.1Host: www.paypalobjects.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /signin/client-log HTTP/1.1Host: www.paypal.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: enforce_policy=ccpa; cookie_check=yes; d_id=7725997addae4c2da66bd27d929586dc1733264923004; LANG=en_US%3BUS; tsrce=unifiedloginnodeweb; nsid=s%3Aevj4EdWICYTM74vseTBj8oH7j-C4iJNk.6OioJQrFQLaVnXFFIn2brDGAhqGv1aGT1mitfKHI8zQ; l7_az=dcg14.slc; ts_c=vr%3D8ea3d9461930ad121082ef6cf7c2e8e3%26vt%3D8ea3d9461930ad121082ef6cf7c2e8e2; datadome=xtf1dxo8AOMVAq~TWxMGe9uUpfEwwflYHmRowdVWyyXv8ePrWiPtnlbrY9zAlII2QbkSc_KGXhQgzniWUtANIm1vpnLfbDNwWW7QNt9czYWod9Ej5KpoOutQ5tdz5zvn; tcs=main%3Aunifiedlogin%3A%3A%3Alogin%7CbtnLogin; x-pp-s=eyJ0IjoiMTczMzI2NDkzNzI0OSIsImwiOiIwIiwibSI6IjAifQ; ts=vreXpYrS%3D1764800937%26vteXpYrS%3D1733266737%26vr%3D8ea3d9461930ad121082ef6cf7c2e8e3%26vt%3D8ea3d9461930ad121082ef6cf7c2e8e2%26vtyp%3Dnew
Source: global traffic	HTTP traffic detected: GET /rules/rule120626v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120627v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120625v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120628v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120629v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /web/res/5c0/6ee6d0880dac04be108377cc39752/css/app.css HTTP/1.1Host: www.paypalobjects.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://www.paypal.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /web/res/087/9f731d8bcedd5b7e7a3975c024278/js/browser_modules/dustjs-helpers/dist/dust-helpers.js HTTP/1.1Host: www.paypalobjects.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ts?v=1.9.5&t=1733264935657&g=300&pgrp=main%3Aunifiedlogin%3A%3A%3Alogin&page=main%3Aunifiedlogin%3A%3A%3Alogin%3Alegacy-web-dyn&pgst=1733264922987&calc=f746281626d66&nsid=evj4EdWICYTM74vseTBj8oH7j-C4iJNk&rsta=en_US&pgtf=Nodejs&env=live&s=ci&ccpg=US&csci=7725997addae4c2da66bd27d929586dc&comp=unifiedloginnodeweb&tsrce=unifiedloginnodeweb&cu=0&ef_policy=ccpa&xe=100353%2C106885%2C105604%2C105604%2C105351%2C101126%2C100614%2C101257%2C102153%2C104200%2C104200%2C105352%2C109195%2C104458%2C104458%2C100364%2C105999%2C100885%2C109334%2C109334%2C101270%2C102557%2C102557%2C101408%2C101408%2C104227%2C104227%2C100644%2C105124%2C100391%2C102695%2C100263%2C101031%2C100267%2C108076%2C100527%2C106031%2C106031%2C107054%2C107054%2C106033%2C106033%2C106032%2C106032%2C105392%2C105392%2C106035%2C106035%2C106034%2C106034%2C106036%2C106036%2C105271%2C110648%2C101688%2C101821%2C101820%2C102208%2C105543%2C105544%2C105416%2C105416%2C101064%2C106058%2C104778%2C103119%2C100303%2C100942%2C105553%2C105553%2C105552%2C105552%2C100304%2C105554%2C105554%2C101334%2C100572%2C101215%2C101214%2C101470%2C101216%2C103648%2C101472%2C101090%2C105698%2C102629%2C101735%2C104039%2C104039%2C104038%2C104038%2C101736%2C109931%2C110442%2C108653%2C108652%2C100846%2C109040%2C105843%2C105843%2C101875%2C105845%2C105845%2C105844%2C105844%2C109047%2C102390%2C102390%2C104571%2C104571%2C105340%2C105340%2C107263%2C107263%2C109195%2C108076%2C109047&xt=100886%2C132008%2C124899%2C124899%2C123668%2C103409%2C101617%2C104043%2C107844%2C127485%2C127485%2C123683%2C144027%2C119355%2C119355%2C103733%2C127242%2C102543%2C144768%2C144768%2C106407%2C109630%2C109630%2C104577%2C104577%2C120155%2C120155%2C101702%2C122483%2C100984%2C110241%2C100632%2C102993%2C100641%2C138090%2C101405%2C127662%2C127662%2C132781%2C132781%2C127659%2C127659%2C127666%2C127666%2C123875%2C123875%2C127651%2C127651%2C127655%2C127655%2C127648%2C127648%2C123248%2C152289%2C105645%2C106327%2C106324%2C108106%2C124626%2C124629%2C123994%2C123994%2C103105%2C127563%2C121149%2C112308%2C100722%2C113529%2C124686%2C124686%2C124682%2C124682%2C100727%2C124696%2C124696%2C104357%2C101510%2C103848%2C103847%2C104754%2C103864%2C114559%2C104762%2C103240%2C125356%2C109962%2C105856%2C120731%2C120731%2C120736%2C120736%2C105858%2C147989%2C150774%2C141151%2C141149%2C102359%2C143321%2C126375%2C126375%2C106610%2C126401%2C126401%2C126385%2C126385%2C143343%2C108797%2C108797%2C119908%2C119908%2C123611%2C123611%2C133840%2C133840%2C144027%2C138090%2C143343&obex=p2p&userRedirected=true&post_login_redirect=returnUri&ret_url=%2F2Fmyaccount2Ftransfer2FpayRequest2FU-06C88558L1014094C2FU-2DM00000BR77214333FclassicUrl3D2FUS2Fcgi-bin2F3Fcmd3D_prq&link=unifiedlogin-login-submit&pglk=main%3Aunifiedlogin%3A%3A%3Alogin%7CbtnLogin&pgln=main%3Aunifiedlogin%3A%3A%3Alogin%3Alegacy-web-dyn%7CbtnLogin&e=cl HTTP/1.1Host: t.paypal.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
Source: global traffic	HTTP traffic detected: GET /ts?v=1.9.5&t=1733264937610&g=300&e=ac&tsrce=unp&ppid=RT000186&space_key=SKCPAD&utm_source=unp&utm_medium=email&utm_campaign=RT000186&utm_unptid=edc46c96-b18e-11ef-a3e7-1b67a4a59178&cnac=US&rsta=en_US28en-US29&unptid=edc46c96-b18e-11ef-a3e7-1b67a4a59178&calc=f66544940b4b2&unp_tpcid=requestmoney-notifications-requestee&page=main3Aemail3ART000186&pgrp=main3Aemail&s=ci&mail=sys&appVersion=1.294.0&xt=1455852C1509482C104038&link_ref=www.paypal.com_signin__%3BJSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUlJQ!!E09OEw!ZFlf8dyv9p4m5TistHOCu6FtN37v8zWP5-QyGJsZhABWsjDIA2M-dGUPzMmvyOWcAxfX3C0KPvNI8A%24&event_name=external_deep_link_processed&t=1733264925466&v=1.9.5 HTTP/1.1Host: t.paypal.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Cache-Control: max-age=0sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyReferer: https://www.paypal.com/signin/?returnUri=2Fmyaccount2Ftransfer2FpayRequest2FU-06C88558L1014094C2FU-2DM00000BR77214333FclassicUrl3D2FUS2Fcgi-bin2F3Fcmd3D_prq&id=Ry38v2FrK0UjF72A307PSNceYxU8e31AX6KM7A&expId=p2p&onboardData=7B22signUpRequest223A7B22method223A22get222C22url223A22https3A2F2Fwww.paypal.com2Fmyaccount2Ftransfer2FguestLogin2FpayRequest2FU-06C88558L1014094C2FU-2DM00000BR77214333FclassicUrl3D2FUS2Fcgi-bin2F3Fcmd3D_prq26id3DRy38v2FrK0UjF72A307PSNceYxU8e31AX6KM7A227D7D&flowContextData=EPipLgYQkcQiPC6xPmHLsMuav-qVcafyzQ_WyOueO1YLprxlMy2pR71HozTcXvF3gDlTVCnYOiGO1RH-x7AipFN1b_fXcnymzC7htRa-Up9txf3z7YS5D19T0nlKma78-VkCV-TQDV5CW84rr3rCJNYe1-fM_jtU4E9Padf_oYXGfzDmevT97BhWrEB2gc-cCgFZtePLBN_tEqZ2EXbR1HfEixVltCquJW08dhO4loCGR0Fw-i9hA2gm89p74lOnm_ylvkeMAFpn0MW2giVYeRb3X0Q993Fc-WNeqYIyYpEqnx8lWPo6TeIWhqhOu3HF3VENmMaY6Nw84pRr3Et2JJaxNrKrdwGltz9Bbxuv5CKbKgj5FHLgD4yz3AaxBVHUmdApOlWCmLbKHzdVBa3Y_WNm9O8_MwExtGHJFp8NDUJAXIhZaK7XQl16wX5aXhnY7INelm&v=1&utm_source=unp&utm_medium=email&utm_campaign=RT000186&utm_unptid=edc46c96-b18e-11ef-a3e7-1b67a4a59178&ppid=RT000186&cnac=US&rsta=en_US28en-US29&unptid=edc46c96-b18e-11ef-a3e7-1b67a4a59178&calc=f66544940b4b2&unp_tpcid=requestmoney-notifications-requestee&page=main3Aemail3ART000186&pgrp=main3Aemail&e=cl&mchn=em&s=ci&mail=sys&appVersion=1.294.0&tenant_name=&xt=1455852C1509482C104038&link_ref=www.paypal.com_signin__;JSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUlJQ!!E09OEw!ZFlf8dyv9p4m5TistHOCu6FtN37v8zWP5-QyGJsZhABWsjDIA2M-dGUPzMmvyOWcAxfX3C0KPvNI8A$Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: enforce_policy=ccpa; cookie_check=yes; d_id=7725997addae4c2da66bd27d929586dc1733264923004; LANG=en_US%3BUS; l7_az=dcg14.slc; ts_c=vr%3D8ea3d9461930ad121082ef6cf7c2e8e3%26vt%3D8ea3d9461930ad121082ef6cf7c2e
Source: global traffic	HTTP traffic detected: GET /ts?v=1.9.5&t=1733264937614&g=300&e=ac&tsrce=unp&ppid=RT000186&space_key=SKCPAD&utm_source=unp&utm_medium=email&utm_campaign=RT000186&utm_unptid=edc46c96-b18e-11ef-a3e7-1b67a4a59178&cnac=US&rsta=en_US28en-US29&unptid=edc46c96-b18e-11ef-a3e7-1b67a4a59178&calc=f66544940b4b2&unp_tpcid=requestmoney-notifications-requestee&page=main3Aemail3ART000186&pgrp=main3Aemail&s=ci&mail=sys&appVersion=1.294.0&xt=1455852C1509482C104038&link_ref=www.paypal.com_signin__%3BJSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUlJQ!!E09OEw!ZFlf8dyv9p4m5TistHOCu6FtN37v8zWP5-QyGJsZhABWsjDIA2M-dGUPzMmvyOWcAxfX3C0KPvNI8A%24&event_name=external_deep_link_processed&t=1733264925466&v=1.9.5 HTTP/1.1Host: t.paypal.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Cache-Control: max-age=0sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyReferer: https://www.paypal.com/signin/?returnUri=2Fmyaccount2Ftransfer2FpayRequest2FU-06C88558L1014094C2FU-2DM00000BR77214333FclassicUrl3D2FUS2Fcgi-bin2F3Fcmd3D_prq&id=Ry38v2FrK0UjF72A307PSNceYxU8e31AX6KM7A&expId=p2p&onboardData=7B22signUpRequest223A7B22method223A22get222C22url223A22https3A2F2Fwww.paypal.com2Fmyaccount2Ftransfer2FguestLogin2FpayRequest2FU-06C88558L1014094C2FU-2DM00000BR77214333FclassicUrl3D2FUS2Fcgi-bin2F3Fcmd3D_prq26id3DRy38v2FrK0UjF72A307PSNceYxU8e31AX6KM7A227D7D&flowContextData=EPipLgYQkcQiPC6xPmHLsMuav-qVcafyzQ_WyOueO1YLprxlMy2pR71HozTcXvF3gDlTVCnYOiGO1RH-x7AipFN1b_fXcnymzC7htRa-Up9txf3z7YS5D19T0nlKma78-VkCV-TQDV5CW84rr3rCJNYe1-fM_jtU4E9Padf_oYXGfzDmevT97BhWrEB2gc-cCgFZtePLBN_tEqZ2EXbR1HfEixVltCquJW08dhO4loCGR0Fw-i9hA2gm89p74lOnm_ylvkeMAFpn0MW2giVYeRb3X0Q993Fc-WNeqYIyYpEqnx8lWPo6TeIWhqhOu3HF3VENmMaY6Nw84pRr3Et2JJaxNrKrdwGltz9Bbxuv5CKbKgj5FHLgD4yz3AaxBVHUmdApOlWCmLbKHzdVBa3Y_WNm9O8_MwExtGHJFp8NDUJAXIhZaK7XQl16wX5aXhnY7INelm&v=1&utm_source=unp&utm_medium=email&utm_campaign=RT000186&utm_unptid=edc46c96-b18e-11ef-a3e7-1b67a4a59178&ppid=RT000186&cnac=US&rsta=en_US28en-US29&unptid=edc46c96-b18e-11ef-a3e7-1b67a4a59178&calc=f66544940b4b2&unp_tpcid=requestmoney-notifications-requestee&page=main3Aemail3ART000186&pgrp=main3Aemail&e=cl&mchn=em&s=ci&mail=sys&appVersion=1.294.0&tenant_name=&xt=1455852C1509482C104038&link_ref=www.paypal.com_signin__;JSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUlJQ!!E09OEw!ZFlf8dyv9p4m5TistHOCu6FtN37v8zWP5-QyGJsZhABWsjDIA2M-dGUPzMmvyOWcAxfX3C0KPvNI8A$Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: enforce_policy=ccpa; cookie_check=yes; d_id=7725997addae4c2da66bd27d929586dc1733264923004; LANG=en_US%3BUS; l7_az=dcg14.slc; ts_c=vr%3D8ea3d9461930ad121082ef6cf7c2e8e3%26vt%3D8ea3d9461930ad121082ef6cf7c2e
Source: global traffic	HTTP traffic detected: GET /web/res/087/9f731d8bcedd5b7e7a3975c024278/en-US/_languagepack.js HTTP/1.1Host: www.paypalobjects.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /web/res/087/9f731d8bcedd5b7e7a3975c024278/js/core/baseView.js HTTP/1.1Host: www.paypalobjects.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /pa/js/pa.js HTTP/1.1Host: www.paypalobjects.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.paypal.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /web/res/5c0/6ee6d0880dac04be108377cc39752/js/lib/modernizr-2.6.1.js HTTP/1.1Host: www.paypalobjects.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.paypal.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /web/res/5c0/6ee6d0880dac04be108377cc39752/js/lib/require.js HTTP/1.1Host: www.paypalobjects.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.paypal.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /web/res/087/9f731d8bcedd5b7e7a3975c024278/js/view/pageView.js HTTP/1.1Host: www.paypalobjects.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /signin HTTP/1.1Host: www.paypal.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: enforce_policy=ccpa; cookie_check=yes; d_id=7725997addae4c2da66bd27d929586dc1733264923004; LANG=en_US%3BUS; nsid=s%3Aevj4EdWICYTM74vseTBj8oH7j-C4iJNk.6OioJQrFQLaVnXFFIn2brDGAhqGv1aGT1mitfKHI8zQ; l7_az=dcg14.slc; ts_c=vr%3D8ea3d9461930ad121082ef6cf7c2e8e3%26vt%3D8ea3d9461930ad121082ef6cf7c2e8e2; datadome=xtf1dxo8AOMVAq~TWxMGe9uUpfEwwflYHmRowdVWyyXv8ePrWiPtnlbrY9zAlII2QbkSc_KGXhQgzniWUtANIm1vpnLfbDNwWW7QNt9czYWod9Ej5KpoOutQ5tdz5zvn; tcs=main%3Aunifiedlogin%3A%3A%3Alogin%7CbtnLogin; tsrce=authchallengenodeweb; x-pp-s=eyJ0IjoiMTczMzI2NDkzOTQyNyIsImwiOiIwIiwibSI6IjAifQ; ts=vreXpYrS%3D1764800939%26vteXpYrS%3D1733266739%26vr%3D8ea3d9461930ad121082ef6cf7c2e8e3%26vt%3D8ea3d9461930ad121082ef6cf7c2e8e2%26vtyp%3Dnew
Source: global traffic	HTTP traffic detected: GET /web/res/5c0/6ee6d0880dac04be108377cc39752/js/authchallenge.js HTTP/1.1Host: www.paypalobjects.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.paypal.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /rules/rule120631v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /pa/3pjs/tl/6.4.65/patlcfg.js HTTP/1.1Host: www.paypalobjects.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.paypal.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://www.paypal.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /rules/rule120630v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120633v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120632v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120634v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /web/res/5c0/6ee6d0880dac04be108377cc39752/js/lib/modernizr-2.6.1.js HTTP/1.1Host: www.paypalobjects.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /web/res/5c0/6ee6d0880dac04be108377cc39752/js/lib/require.js HTTP/1.1Host: www.paypalobjects.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /pa/js/pa.js HTTP/1.1Host: www.paypalobjects.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /web/res/5c0/6ee6d0880dac04be108377cc39752/hcaptcha/hcaptcha_fph.html?siteKey=bf07db68-5c2e-42e8-8779-ea8384890eea&locale.x=en_US&country.x=US&checkConnectionTimeout=10000&domain=hcaptcha.paypal.com&imgsDomain=imgs.hcaptcha.paypal.com&assetsDomain=newassets.hcaptcha.paypal.com&accountsDomain=accounts.hcaptcha.paypal.com&customDomains= HTTP/1.1Host: www.paypalobjects.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://www.paypal.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /web/res/5c0/6ee6d0880dac04be108377cc39752/js/config.js HTTP/1.1Host: www.paypalobjects.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.paypal.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /web/res/5c0/6ee6d0880dac04be108377cc39752/js/authchallenge.js HTTP/1.1Host: www.paypalobjects.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /rules/rule120635v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /images/shared/momgram@2x.png HTTP/1.1Host: www.paypalobjects.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.paypalobjects.com/web/res/5c0/6ee6d0880dac04be108377cc39752/css/app.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /pa/3pjs/tl/6.4.65/patlcfg.js HTTP/1.1Host: www.paypalobjects.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /rules/rule120637v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120638v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120639v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120636v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /auth/logclientdata HTTP/1.1Host: www.paypal.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: enforce_policy=ccpa; cookie_check=yes; d_id=7725997addae4c2da66bd27d929586dc1733264923004; LANG=en_US%3BUS; nsid=s%3Aevj4EdWICYTM74vseTBj8oH7j-C4iJNk.6OioJQrFQLaVnXFFIn2brDGAhqGv1aGT1mitfKHI8zQ; l7_az=dcg14.slc; ts_c=vr%3D8ea3d9461930ad121082ef6cf7c2e8e3%26vt%3D8ea3d9461930ad121082ef6cf7c2e8e2; tcs=main%3Aunifiedlogin%3A%3A%3Alogin%7CbtnLogin; tsrce=authchallengenodeweb; datadome=PqyWEejxE55DhYQs0jtTfr4OHXvyCHSColkEQVNyJZbcLQBmGFJMwSrGIb~ODcCO5n9ZEOWwcZFPXZSTalM7UbF6dUmI9EwAW6R2IWHl5hisIaJ~cox6cbl1FHCpLV5l; ddbc=1; TLTSID=48593638776366357170691245727143; TLTDID=75542927983698269206114914803764; x-pp-s=eyJ0IjoiMTczMzI2NDk0MzUwNiIsImwiOiIwIiwibSI6IjAifQ; ts=vreXpYrS%3D1764800943%26vteXpYrS%3D1733266743%26vr%3D8ea3d9461930ad121082ef6cf7c2e8e3%26vt%3D8ea3d9461930ad121082ef6cf7c2e8e2%26vtyp%3Dnew
Source: global traffic	HTTP traffic detected: GET /1/api.js?endpoint=https%3A%2F%2Fhcaptcha.paypal.com&assethost=https%3A%2F%2Fnewassets.hcaptcha.paypal.com&imghost=https%3A%2F%2Fimgs.hcaptcha.paypal.com&sentry=false&reportapi=https%3A%2F%2Faccounts.hcaptcha.paypal.com&host=hcaptcha.paypal.com&onload=hCaptchaCallback&render=explicit&hl=en HTTP/1.1Host: hcaptcha.paypal.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.paypalobjects.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: enforce_policy=ccpa; cookie_check=yes; d_id=7725997addae4c2da66bd27d929586dc1733264923004; LANG=en_US%3BUS; l7_az=dcg14.slc; ts_c=vr%3D8ea3d9461930ad121082ef6cf7c2e8e3%26vt%3D8ea3d9461930ad121082ef6cf7c2e8e2; tsrce=authchallengenodeweb; x-pp-s=eyJ0IjoiMTczMzI2NDk0MzUwNiIsImwiOiIwIiwibSI6IjAifQ; ts=vreXpYrS%3D1764800943%26vteXpYrS%3D1733266743%26vr%3D8ea3d9461930ad121082ef6cf7c2e8e3%26vt%3D8ea3d9461930ad121082ef6cf7c2e8e2%26vtyp%3Dnew
Source: global traffic	HTTP traffic detected: GET /web/res/5c0/6ee6d0880dac04be108377cc39752/js/config.js HTTP/1.1Host: www.paypalobjects.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /web/res/5c0/6ee6d0880dac04be108377cc39752/js/app.js HTTP/1.1Host: www.paypalobjects.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.paypal.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /rules/rule120640v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120642v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /images/shared/momgram@2x.png HTTP/1.1Host: www.paypalobjects.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ts?v=1.9.5&t=1733264943733&g=300&pgrp=authchallengenodeweb%2Flayouts%2Fmaster.html.dust&page=authchallengenodeweb%2Flayouts%2Fmaster.html.dust&pgst=1733264938564&calc=f2319867804a6&nsid=evj4EdWICYTM74vseTBj8oH7j-C4iJNk&rsta=en_US&pgtf=Nodejs&env=live&s=ci&ccpg=US&csci=de5d615516304ee7988e0098060f9dcb&comp=authchallengenodeweb&tsrce=unifiedloginnodeweb&cu=0&ef_policy=ccpa&xe=109541%2C107585&xt=145835%2C135393&e=im&pglk=main%3Aunifiedlogin%3A%3A%3Alogin%7CbtnLogin&imsrc=setup&view=%7B%22t10%22%3A1274%2C%22t11%22%3A7845%2C%22tcp%22%3A5059%2C%22et%22%3A%223g%22%2C%22nt%22%3A%22navigate%22%2C%22bt%22%3A103%7D&ru=https%3A%2F%2Fwww.paypal.com%2Fsignin%2F%3FreturnUri%3D2Fmyaccount2Ftransfer2FpayRequest2FU-06C88558L1014094C2FU-2DM00000BR77214333FclassicUrl3D2FUS2Fcgi-bin2F3Fcmd3D_prq%26id%3DRy38v2FrK0UjF72A307PSNceYxU8e31AX6KM7A%26expId%3Dp2p%26onboardData%3D7B22signUpRequest223A7B22method223A22get222C22url223A22https3A2F2Fwww.paypal.com2Fmyaccount2Ftransfer2FguestLogin2FpayRequest2FU-06C88558L1014094C2FU-2DM00000BR77214333FclassicUrl3D2FUS2Fcgi-bin2F3Fcmd3D_prq26id3DRy38v2FrK0UjF72A307PSNceYxU8e31AX6KM7A227D7D%26flowContextData%3DEPipLgYQkcQiPC6xPmHLsMuav-qVcafyzQ_WyOueO1YLprxlMy2pR71HozTcXvF3gDlTVCnYOiGO1RH-x7AipFN1b_fXcnymzC7htRa-Up9txf3z7YS5D19T0nlKma78-VkCV-TQDV5CW84rr3rCJNYe1-fM_jtU4E9Padf_oYXGfzDmevT97BhWrEB2gc-cCgFZtePLBN_tEqZ2EXbR1HfEixVltCquJW08dhO4loCGR0Fw-i9hA2gm89p74lOnm_ylvkeMAFpn0MW2giVYeRb3X0Q993Fc-WNeqYIyYpEqnx8lWPo6TeIWhqhOu3HF3VENmMaY6Nw84pRr3Et2JJaxNrKrdwGltz9Bbxuv5CKbKgj5FHLgD4yz3AaxBVHUmdApOlWCmLbKHzdVBa3Y_WNm9O8_MwExtGHJFp8NDUJAXIhZaK7XQl16wX5aXhnY7INelm%26v%3D1%26utm_source%3Dunp%26utm_medium%3Demail%26utm_campaign%3DRT000186%26utm_unptid%3Dedc46c96-b18e-11ef-a3e7-1b67a4a59178%26ppid%3DRT000186%26cnac%3DUS%26rsta%3Den_US28en-US29%26unptid%3Dedc46c96-b18e-11ef-a3e7-1b67a4a59178%26calc%3Df66544940b4b2%26unp_tpcid%3Drequestmoney-notifications-requestee%26page%3Dmain3Aemail3ART000186%26pgrp%3Dmain3Aemail%26e%3Dcl%26mchn%3Dem%26s%3Dci%26mail%3Dsys%26appVersion%3D1.294.0%26tenant_name%3D%26xt%3D1455852C1509482C104038%26link_ref%3Dwww.paypal.com_signin__%3BJSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUlJQ!!E09OEw!ZFlf8dyv9p4m5TistHOCu6FtN37v8zWP5-QyGJsZhABWsjDIA2M-dGUPzMmvyOWcAxfX3C0KPvNI8A%24&cd=24&sw=1280&sh=1024&dw=1280&dh=1024&bw=1280&bh=907&ce=1&t1=1274&t1c=1274&t1d=0&t1s=1267&t2=659&t3=30&t4d=0&t4=0&t4e=4729&tt=0&rdc=0&protocol=http%2F1.1&res=%7B%7D HTTP/1.1Host: t.paypal.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.paypal.com/signinAccept-Enco
Source: global traffic	HTTP traffic detected: GET /rules/rule120641v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120643v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /signin HTTP/1.1Host: www.paypal.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: enforce_policy=ccpa; cookie_check=yes; d_id=7725997addae4c2da66bd27d929586dc1733264923004; LANG=en_US%3BUS; nsid=s%3Aevj4EdWICYTM74vseTBj8oH7j-C4iJNk.6OioJQrFQLaVnXFFIn2brDGAhqGv1aGT1mitfKHI8zQ; l7_az=dcg14.slc; ts_c=vr%3D8ea3d9461930ad121082ef6cf7c2e8e3%26vt%3D8ea3d9461930ad121082ef6cf7c2e8e2; tsrce=authchallengenodeweb; datadome=PqyWEejxE55DhYQs0jtTfr4OHXvyCHSColkEQVNyJZbcLQBmGFJMwSrGIb~ODcCO5n9ZEOWwcZFPXZSTalM7UbF6dUmI9EwAW6R2IWHl5hisIaJ~cox6cbl1FHCpLV5l; ddbc=1; TLTSID=48593638776366357170691245727143; TLTDID=75542927983698269206114914803764; x-pp-s=eyJ0IjoiMTczMzI2NDk0NTM1NiIsImwiOiIwIiwibSI6IjAifQ; ts=vreXpYrS%3D1764800945%26vteXpYrS%3D1733266745%26vr%3D8ea3d9461930ad121082ef6cf7c2e8e3%26vt%3D8ea3d9461930ad121082ef6cf7c2e8e2%26vtyp%3Dnew
Source: global traffic	HTTP traffic detected: GET /rules/rule120644v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /ts?v=1.9.5&t=1733264943733&g=300&pgrp=authchallengenodeweb%2Flayouts%2Fmaster.html.dust&page=authchallengenodeweb%2Flayouts%2Fmaster.html.dust&pgst=1733264938564&calc=f2319867804a6&nsid=evj4EdWICYTM74vseTBj8oH7j-C4iJNk&rsta=en_US&pgtf=Nodejs&env=live&s=ci&ccpg=US&csci=de5d615516304ee7988e0098060f9dcb&comp=authchallengenodeweb&tsrce=unifiedloginnodeweb&cu=0&ef_policy=ccpa&xe=109541%2C107585&xt=145835%2C135393&e=im&pglk=main%3Aunifiedlogin%3A%3A%3Alogin%7CbtnLogin&imsrc=setup&view=%7B%22t10%22%3A1274%2C%22t11%22%3A7845%2C%22tcp%22%3A5059%2C%22et%22%3A%223g%22%2C%22nt%22%3A%22navigate%22%2C%22bt%22%3A103%7D&ru=https%3A%2F%2Fwww.paypal.com%2Fsignin%2F%3FreturnUri%3D2Fmyaccount2Ftransfer2FpayRequest2FU-06C88558L1014094C2FU-2DM00000BR77214333FclassicUrl3D2FUS2Fcgi-bin2F3Fcmd3D_prq%26id%3DRy38v2FrK0UjF72A307PSNceYxU8e31AX6KM7A%26expId%3Dp2p%26onboardData%3D7B22signUpRequest223A7B22method223A22get222C22url223A22https3A2F2Fwww.paypal.com2Fmyaccount2Ftransfer2FguestLogin2FpayRequest2FU-06C88558L1014094C2FU-2DM00000BR77214333FclassicUrl3D2FUS2Fcgi-bin2F3Fcmd3D_prq26id3DRy38v2FrK0UjF72A307PSNceYxU8e31AX6KM7A227D7D%26flowContextData%3DEPipLgYQkcQiPC6xPmHLsMuav-qVcafyzQ_WyOueO1YLprxlMy2pR71HozTcXvF3gDlTVCnYOiGO1RH-x7AipFN1b_fXcnymzC7htRa-Up9txf3z7YS5D19T0nlKma78-VkCV-TQDV5CW84rr3rCJNYe1-fM_jtU4E9Padf_oYXGfzDmevT97BhWrEB2gc-cCgFZtePLBN_tEqZ2EXbR1HfEixVltCquJW08dhO4loCGR0Fw-i9hA2gm89p74lOnm_ylvkeMAFpn0MW2giVYeRb3X0Q993Fc-WNeqYIyYpEqnx8lWPo6TeIWhqhOu3HF3VENmMaY6Nw84pRr3Et2JJaxNrKrdwGltz9Bbxuv5CKbKgj5FHLgD4yz3AaxBVHUmdApOlWCmLbKHzdVBa3Y_WNm9O8_MwExtGHJFp8NDUJAXIhZaK7XQl16wX5aXhnY7INelm%26v%3D1%26utm_source%3Dunp%26utm_medium%3Demail%26utm_campaign%3DRT000186%26utm_unptid%3Dedc46c96-b18e-11ef-a3e7-1b67a4a59178%26ppid%3DRT000186%26cnac%3DUS%26rsta%3Den_US28en-US29%26unptid%3Dedc46c96-b18e-11ef-a3e7-1b67a4a59178%26calc%3Df66544940b4b2%26unp_tpcid%3Drequestmoney-notifications-requestee%26page%3Dmain3Aemail3ART000186%26pgrp%3Dmain3Aemail%26e%3Dcl%26mchn%3Dem%26s%3Dci%26mail%3Dsys%26appVersion%3D1.294.0%26tenant_name%3D%26xt%3D1455852C1509482C104038%26link_ref%3Dwww.paypal.com_signin__%3BJSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUlJQ!!E09OEw!ZFlf8dyv9p4m5TistHOCu6FtN37v8zWP5-QyGJsZhABWsjDIA2M-dGUPzMmvyOWcAxfX3C0KPvNI8A%24&cd=24&sw=1280&sh=1024&dw=1280&dh=1024&bw=1280&bh=907&ce=1&t1=1274&t1c=1274&t1d=0&t1s=1267&t2=659&t3=30&t4d=0&t4=0&t4e=4729&tt=0&rdc=0&protocol=http%2F1.1&res=%7B%7D HTTP/1.1Host: t.paypal.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: enforce_policy=ccpa; cookie_check=yes; d_id=7725997addae4c2da66bd27d929586dc1733264923004; LANG=en_US%3BUS; l7_az=dcg14.slc; ts_c=vr%3D8ea3d9461930ad121082ef6cf7c2e8e3%26vt%
Source: global traffic	HTTP traffic detected: GET /1/api.js?endpoint=https%3A%2F%2Fhcaptcha.paypal.com&assethost=https%3A%2F%2Fnewassets.hcaptcha.paypal.com&imghost=https%3A%2F%2Fimgs.hcaptcha.paypal.com&sentry=false&reportapi=https%3A%2F%2Faccounts.hcaptcha.paypal.com&host=hcaptcha.paypal.com&onload=hCaptchaCallback&render=explicit&hl=en HTTP/1.1Host: hcaptcha.paypal.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: enforce_policy=ccpa; cookie_check=yes; d_id=7725997addae4c2da66bd27d929586dc1733264923004; LANG=en_US%3BUS; l7_az=dcg14.slc; ts_c=vr%3D8ea3d9461930ad121082ef6cf7c2e8e3%26vt%3D8ea3d9461930ad121082ef6cf7c2e8e2; tsrce=authchallengenodeweb; datadome=PqyWEejxE55DhYQs0jtTfr4OHXvyCHSColkEQVNyJZbcLQBmGFJMwSrGIb~ODcCO5n9ZEOWwcZFPXZSTalM7UbF6dUmI9EwAW6R2IWHl5hisIaJ~cox6cbl1FHCpLV5l; TLTSID=48593638776366357170691245727143; TLTDID=75542927983698269206114914803764; x-pp-s=eyJ0IjoiMTczMzI2NDk0NTM1NiIsImwiOiIwIiwibSI6IjAifQ; ts=vreXpYrS%3D1764800946%26vteXpYrS%3D1733266746%26vr%3D8ea3d9461930ad121082ef6cf7c2e8e3%26vt%3D8ea3d9461930ad121082ef6cf7c2e8e2%26vtyp%3Dnew
Source: global traffic	HTTP traffic detected: GET /rules/rule120645v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120646v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120647v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /captcha/v1/05c78a4/static/hcaptcha.html HTTP/1.1Host: newassets.hcaptcha.paypal.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://www.paypalobjects.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: enforce_policy=ccpa; cookie_check=yes; d_id=7725997addae4c2da66bd27d929586dc1733264923004; LANG=en_US%3BUS; l7_az=dcg14.slc; ts_c=vr%3D8ea3d9461930ad121082ef6cf7c2e8e3%26vt%3D8ea3d9461930ad121082ef6cf7c2e8e2; tsrce=authchallengenodeweb; x-pp-s=eyJ0IjoiMTczMzI2NDk0NTM1NiIsImwiOiIwIiwibSI6IjAifQ; ts=vreXpYrS%3D1764800946%26vteXpYrS%3D1733266746%26vr%3D8ea3d9461930ad121082ef6cf7c2e8e3%26vt%3D8ea3d9461930ad121082ef6cf7c2e8e2%26vtyp%3Dnew
Source: global traffic	HTTP traffic detected: GET /web/res/5c0/6ee6d0880dac04be108377cc39752/js/core/nougat.js HTTP/1.1Host: www.paypalobjects.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.paypal.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /web/res/5c0/6ee6d0880dac04be108377cc39752/js/router.js HTTP/1.1Host: www.paypalobjects.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.paypal.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /web/res/5c0/6ee6d0880dac04be108377cc39752/js/app.js HTTP/1.1Host: www.paypalobjects.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /web/res/5c0/6ee6d0880dac04be108377cc39752/js/widgets/analytics.js HTTP/1.1Host: www.paypalobjects.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.paypal.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /web/res/5c0/6ee6d0880dac04be108377cc39752/js/opinionLab/opinionLabComponent.js HTTP/1.1Host: www.paypalobjects.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.paypal.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /web/res/5c0/6ee6d0880dac04be108377cc39752/js/lib/jquery-1.12.4.js HTTP/1.1Host: www.paypalobjects.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.paypal.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /web/res/5c0/6ee6d0880dac04be108377cc39752/js/lib/underscore-1.13.4.js HTTP/1.1Host: www.paypalobjects.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.paypal.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /rules/rule120648v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120649v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /auth/logclientdata HTTP/1.1Host: www.paypal.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: enforce_policy=ccpa; cookie_check=yes; d_id=7725997addae4c2da66bd27d929586dc1733264923004; LANG=en_US%3BUS; nsid=s%3Aevj4EdWICYTM74vseTBj8oH7j-C4iJNk.6OioJQrFQLaVnXFFIn2brDGAhqGv1aGT1mitfKHI8zQ; l7_az=dcg14.slc; ts_c=vr%3D8ea3d9461930ad121082ef6cf7c2e8e3%26vt%3D8ea3d9461930ad121082ef6cf7c2e8e2; tsrce=authchallengenodeweb; ddbc=1; TLTSID=48593638776366357170691245727143; TLTDID=75542927983698269206114914803764; datadome=zwGn2eteC7WO~QcWUpdm6LhcvWWyQt_TXv77JxnjrPcIkJIwgU8mHR5psNb0dza1g65FC_tdjjT8ID452Ef9zVcnaBZYWOp7K1W3QRUy33Jef1WHWXWuQ0MYjuu3_Ept; ts=vreXpYrS%3D1764800948%26vteXpYrS%3D1733266748%26vr%3D8ea3d9461930ad121082ef6cf7c2e8e3%26vt%3D8ea3d9461930ad121082ef6cf7c2e8e2%26vtyp%3Dnew; x-pp-s=eyJ0IjoiMTczMzI2NDk0ODU2MSIsImwiOiIwIiwibSI6IjAifQ
Source: global traffic	HTTP traffic detected: GET /rules/rule120651v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120650v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120652v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /web/res/5c0/6ee6d0880dac04be108377cc39752/js/router.js HTTP/1.1Host: www.paypalobjects.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /web/res/5c0/6ee6d0880dac04be108377cc39752/js/core/nougat.js HTTP/1.1Host: www.paypalobjects.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /web/res/5c0/6ee6d0880dac04be108377cc39752/js/lib/dust-core.js HTTP/1.1Host: www.paypalobjects.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.paypal.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /web/res/5c0/6ee6d0880dac04be108377cc39752/js/opinionLab/opinionLabComponent.js HTTP/1.1Host: www.paypalobjects.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /web/res/5c0/6ee6d0880dac04be108377cc39752/js/widgets/analytics.js HTTP/1.1Host: www.paypalobjects.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /web/res/5c0/6ee6d0880dac04be108377cc39752/js/opinionLab/opinionLab.js HTTP/1.1Host: www.paypalobjects.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.paypal.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /web/res/5c0/6ee6d0880dac04be108377cc39752/js/opinionLab/onlineOpinionPopup.js HTTP/1.1Host: www.paypalobjects.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.paypal.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /platform/tealeaftarget HTTP/1.1Host: www.paypal.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: enforce_policy=ccpa; cookie_check=yes; d_id=7725997addae4c2da66bd27d929586dc1733264923004; LANG=en_US%3BUS; nsid=s%3Aevj4EdWICYTM74vseTBj8oH7j-C4iJNk.6OioJQrFQLaVnXFFIn2brDGAhqGv1aGT1mitfKHI8zQ; l7_az=dcg14.slc; ts_c=vr%3D8ea3d9461930ad121082ef6cf7c2e8e3%26vt%3D8ea3d9461930ad121082ef6cf7c2e8e2; tsrce=authchallengenodeweb; ddbc=1; TLTSID=48593638776366357170691245727143; TLTDID=75542927983698269206114914803764; datadome=zwGn2eteC7WO~QcWUpdm6LhcvWWyQt_TXv77JxnjrPcIkJIwgU8mHR5psNb0dza1g65FC_tdjjT8ID452Ef9zVcnaBZYWOp7K1W3QRUy33Jef1WHWXWuQ0MYjuu3_Ept; x-pp-s=eyJ0IjoiMTczMzI2NDk0ODY0NiIsImwiOiIwIiwibSI6IjAifQ; ts=vreXpYrS%3D1764800949%26vteXpYrS%3D1733266749%26vr%3D8ea3d9461930ad121082ef6cf7c2e8e3%26vt%3D8ea3d9461930ad121082ef6cf7c2e8e2%26vtyp%3Dnew
Source: global traffic	HTTP traffic detected: GET /rules/rule120653v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /web/res/5c0/6ee6d0880dac04be108377cc39752/js/core/baseView.js HTTP/1.1Host: www.paypalobjects.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.paypal.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /web/res/5c0/6ee6d0880dac04be108377cc39752/js/lib/underscore-1.13.4.js HTTP/1.1Host: www.paypalobjects.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /web/res/5c0/6ee6d0880dac04be108377cc39752/js/lib/jquery-1.12.4.js HTTP/1.1Host: www.paypalobjects.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /web/res/5c0/6ee6d0880dac04be108377cc39752/js/lib/backbone-1.5.0.min.js HTTP/1.1Host: www.paypalobjects.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.paypal.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /rules/rule120654v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /auth/logclientdata HTTP/1.1Host: www.paypal.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: enforce_policy=ccpa; cookie_check=yes; d_id=7725997addae4c2da66bd27d929586dc1733264923004; LANG=en_US%3BUS; nsid=s%3Aevj4EdWICYTM74vseTBj8oH7j-C4iJNk.6OioJQrFQLaVnXFFIn2brDGAhqGv1aGT1mitfKHI8zQ; l7_az=dcg14.slc; ts_c=vr%3D8ea3d9461930ad121082ef6cf7c2e8e3%26vt%3D8ea3d9461930ad121082ef6cf7c2e8e2; tsrce=authchallengenodeweb; ddbc=1; TLTSID=48593638776366357170691245727143; TLTDID=75542927983698269206114914803764; datadome=zwGn2eteC7WO~QcWUpdm6LhcvWWyQt_TXv77JxnjrPcIkJIwgU8mHR5psNb0dza1g65FC_tdjjT8ID452Ef9zVcnaBZYWOp7K1W3QRUy33Jef1WHWXWuQ0MYjuu3_Ept; ts=vreXpYrS%3D1764800948%26vteXpYrS%3D1733266748%26vr%3D8ea3d9461930ad121082ef6cf7c2e8e3%26vt%3D8ea3d9461930ad121082ef6cf7c2e8e2%26vtyp%3Dnew; x-pp-s=eyJ0IjoiMTczMzI2NDk0ODY0NiIsImwiOiIwIiwibSI6IjAifQ
Source: global traffic	HTTP traffic detected: GET /signin HTTP/1.1Host: www.paypal.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: enforce_policy=ccpa; cookie_check=yes; d_id=7725997addae4c2da66bd27d929586dc1733264923004; LANG=en_US%3BUS; nsid=s%3Aevj4EdWICYTM74vseTBj8oH7j-C4iJNk.6OioJQrFQLaVnXFFIn2brDGAhqGv1aGT1mitfKHI8zQ; l7_az=dcg14.slc; ts_c=vr%3D8ea3d9461930ad121082ef6cf7c2e8e3%26vt%3D8ea3d9461930ad121082ef6cf7c2e8e2; tsrce=authchallengenodeweb; ddbc=1; TLTSID=48593638776366357170691245727143; TLTDID=75542927983698269206114914803764; datadome=zwGn2eteC7WO~QcWUpdm6LhcvWWyQt_TXv77JxnjrPcIkJIwgU8mHR5psNb0dza1g65FC_tdjjT8ID452Ef9zVcnaBZYWOp7K1W3QRUy33Jef1WHWXWuQ0MYjuu3_Ept; x-pp-s=eyJ0IjoiMTczMzI2NDk1MDQwNCIsImwiOiIwIiwibSI6IjAifQ; ts=vreXpYrS%3D1764800950%26vteXpYrS%3D1733266750%26vr%3D8ea3d9461930ad121082ef6cf7c2e8e3%26vt%3D8ea3d9461930ad121082ef6cf7c2e8e2%26vtyp%3Dnew
Source: global traffic	HTTP traffic detected: GET /rules/rule120657v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120655v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120656v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /error?code=404&ref=tealeaf HTTP/1.1Host: www.paypal.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: enforce_policy=ccpa; cookie_check=yes; d_id=7725997addae4c2da66bd27d929586dc1733264923004; LANG=en_US%3BUS; nsid=s%3Aevj4EdWICYTM74vseTBj8oH7j-C4iJNk.6OioJQrFQLaVnXFFIn2brDGAhqGv1aGT1mitfKHI8zQ; l7_az=dcg14.slc; ts_c=vr%3D8ea3d9461930ad121082ef6cf7c2e8e3%26vt%3D8ea3d9461930ad121082ef6cf7c2e8e2; tsrce=authchallengenodeweb; ddbc=1; TLTSID=48593638776366357170691245727143; TLTDID=75542927983698269206114914803764; datadome=zwGn2eteC7WO~QcWUpdm6LhcvWWyQt_TXv77JxnjrPcIkJIwgU8mHR5psNb0dza1g65FC_tdjjT8ID452Ef9zVcnaBZYWOp7K1W3QRUy33Jef1WHWXWuQ0MYjuu3_Ept; x-pp-s=eyJ0IjoiMTczMzI2NDk1MDQwNCIsImwiOiIwIiwibSI6IjAifQ; ts=vreXpYrS%3D1764800951%26vteXpYrS%3D1733266751%26vr%3D8ea3d9461930ad121082ef6cf7c2e8e3%26vt%3D8ea3d9461930ad121082ef6cf7c2e8e2%26vtyp%3Dnew
Source: global traffic	HTTP traffic detected: GET /c/095ea4e9b002a63a8445cfb1bae6f237a55b5efbfc5d7838d6f1732a9a982203/hsw.js HTTP/1.1Host: newassets.hcaptcha.paypal.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://newassets.hcaptcha.paypal.com/captcha/v1/05c78a4/static/hcaptcha.htmlAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: enforce_policy=ccpa; cookie_check=yes; d_id=7725997addae4c2da66bd27d929586dc1733264923004; LANG=en_US%3BUS; l7_az=dcg14.slc; ts_c=vr%3D8ea3d9461930ad121082ef6cf7c2e8e3%26vt%3D8ea3d9461930ad121082ef6cf7c2e8e2; tsrce=authchallengenodeweb; x-pp-s=eyJ0IjoiMTczMzI2NDk1MDQwNCIsImwiOiIwIiwibSI6IjAifQ; ts=vreXpYrS%3D1764800951%26vteXpYrS%3D1733266751%26vr%3D8ea3d9461930ad121082ef6cf7c2e8e3%26vt%3D8ea3d9461930ad121082ef6cf7c2e8e2%26vtyp%3Dnew
Source: global traffic	HTTP traffic detected: GET /checksiteconfig?v=05c78a4&host=hcaptcha.paypal.com&sitekey=bf07db68-5c2e-42e8-8779-ea8384890eea&sc=1&swa=1&spst=1 HTTP/1.1Host: hcaptcha.paypal.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: enforce_policy=ccpa; cookie_check=yes; d_id=7725997addae4c2da66bd27d929586dc1733264923004; LANG=en_US%3BUS; l7_az=dcg14.slc; ts_c=vr%3D8ea3d9461930ad121082ef6cf7c2e8e3%26vt%3D8ea3d9461930ad121082ef6cf7c2e8e2; tsrce=authchallengenodeweb; TLTSID=48593638776366357170691245727143; TLTDID=75542927983698269206114914803764; datadome=zwGn2eteC7WO~QcWUpdm6LhcvWWyQt_TXv77JxnjrPcIkJIwgU8mHR5psNb0dza1g65FC_tdjjT8ID452Ef9zVcnaBZYWOp7K1W3QRUy33Jef1WHWXWuQ0MYjuu3_Ept; x-pp-s=eyJ0IjoiMTczMzI2NDk1MDQwNCIsImwiOiIwIiwibSI6IjAifQ; ts=vreXpYrS%3D1764800951%26vteXpYrS%3D1733266751%26vr%3D8ea3d9461930ad121082ef6cf7c2e8e3%26vt%3D8ea3d9461930ad121082ef6cf7c2e8e2%26vtyp%3Dnew
Source: global traffic	HTTP traffic detected: GET /web/res/5c0/6ee6d0880dac04be108377cc39752/js/opinionLab/opinionLab.js HTTP/1.1Host: www.paypalobjects.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /web/res/5c0/6ee6d0880dac04be108377cc39752/js/opinionLab/onlineOpinionPopup.js HTTP/1.1Host: www.paypalobjects.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /web/res/5c0/6ee6d0880dac04be108377cc39752/js/lib/dust-core.js HTTP/1.1Host: www.paypalobjects.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /web/res/5c0/6ee6d0880dac04be108377cc39752/js/lib/dust-helpers.js HTTP/1.1Host: www.paypalobjects.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.paypal.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /rules/rule120658v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /web/res/5c0/6ee6d0880dac04be108377cc39752/js/core/baseView.js HTTP/1.1Host: www.paypalobjects.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /signin HTTP/1.1Host: www.paypal.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: enforce_policy=ccpa; cookie_check=yes; d_id=7725997addae4c2da66bd27d929586dc1733264923004; LANG=en_US%3BUS; nsid=s%3Aevj4EdWICYTM74vseTBj8oH7j-C4iJNk.6OioJQrFQLaVnXFFIn2brDGAhqGv1aGT1mitfKHI8zQ; l7_az=dcg14.slc; ts_c=vr%3D8ea3d9461930ad121082ef6cf7c2e8e3%26vt%3D8ea3d9461930ad121082ef6cf7c2e8e2; tsrce=authchallengenodeweb; ddbc=1; TLTSID=48593638776366357170691245727143; TLTDID=75542927983698269206114914803764; datadome=0~HxVoOeIODTT6lGHMrN~dkCKS591jVxnq46JS23aSTpEw1nQ~QxxNg6Ptrpl9zk0VzR_H6CBC7n2M8kJhPtmiJi5JOe6OsuejglXv9fsu_RMos6ir6ywdXzcR3x8NtL; x-pp-s=eyJ0IjoiMTczMzI2NDk1MjI3NiIsImwiOiIwIiwibSI6IjAifQ; ts=vreXpYrS%3D1764800952%26vteXpYrS%3D1733266752%26vr%3D8ea3d9461930ad121082ef6cf7c2e8e3%26vt%3D8ea3d9461930ad121082ef6cf7c2e8e2%26vtyp%3Dnew
Source: global traffic	HTTP traffic detected: GET /rules/rule120659v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /web/res/5c0/6ee6d0880dac04be108377cc39752/js/lib/backbone-1.5.0.min.js HTTP/1.1Host: www.paypalobjects.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /rules/rule120660v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120661v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120662v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120663v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /web/res/5c0/6ee6d0880dac04be108377cc39752/js/lib/dust-helpers.js HTTP/1.1Host: www.paypalobjects.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /web/res/5c0/6ee6d0880dac04be108377cc39752/js/lib/dust-helpers-supplement.js HTTP/1.1Host: www.paypalobjects.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.paypal.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /rules/rule120664v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /c/095ea4e9b002a63a8445cfb1bae6f237a55b5efbfc5d7838d6f1732a9a982203/hsw.js HTTP/1.1Host: newassets.hcaptcha.paypal.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: enforce_policy=ccpa; cookie_check=yes; d_id=7725997addae4c2da66bd27d929586dc1733264923004; LANG=en_US%3BUS; ts_c=vr%3D8ea3d9461930ad121082ef6cf7c2e8e3%26vt%3D8ea3d9461930ad121082ef6cf7c2e8e2; tsrce=authchallengenodeweb; TLTSID=48593638776366357170691245727143; TLTDID=75542927983698269206114914803764; x-pp-s=eyJ0IjoiMTczMzI2NDk1MjI3NiIsImwiOiIwIiwibSI6IjAifQ; l7_az=ccg01.phx; ts=vreXpYrS%3D1764800953%26vteXpYrS%3D1733266753%26vr%3D8ea3d9461930ad121082ef6cf7c2e8e3%26vt%3D8ea3d9461930ad121082ef6cf7c2e8e2%26vtyp%3Dnew; datadome=v_SnqDq8X18x4t4hMkTWX0ihD5HzqBEMdR0Es4NAbzb5mXkahvzhJLRUYKNNB7KdFssFCc7suWbecZWiv0qZzUYAsM66Kwwkog~HlzD8JMrr8neHTJKwLCzrla~YZqJP
Source: global traffic	HTTP traffic detected: GET /rules/rule120665v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120667v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120666v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /ts?v=1.9.5&t=1733264954903&g=300&e=err&page=main%3Aauthchallenge%3A%3Asignin&pgrp=main%3Aauthchallenge%3A%3Asignin&comp=authchallengenodeweb&erpg=Script%20error&error_type=WINDOW_ONERROR&error_source=-%200%3A0 HTTP/1.1Host: t.paypal.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.paypal.com/signinAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: enforce_policy=ccpa; cookie_check=yes; d_id=7725997addae4c2da66bd27d929586dc1733264923004; LANG=en_US%3BUS; ts_c=vr%3D8ea3d9461930ad121082ef6cf7c2e8e3%26vt%3D8ea3d9461930ad121082ef6cf7c2e8e2; tsrce=authchallengenodeweb; TLTSID=48593638776366357170691245727143; TLTDID=75542927983698269206114914803764; x-pp-s=eyJ0IjoiMTczMzI2NDk1MjI3NiIsImwiOiIwIiwibSI6IjAifQ; l7_az=ccg01.phx; ts=vreXpYrS%3D1764800953%26vteXpYrS%3D1733266753%26vr%3D8ea3d9461930ad121082ef6cf7c2e8e3%26vt%3D8ea3d9461930ad121082ef6cf7c2e8e2%26vtyp%3Dnew; datadome=v_SnqDq8X18x4t4hMkTWX0ihD5HzqBEMdR0Es4NAbzb5mXkahvzhJLRUYKNNB7KdFssFCc7suWbecZWiv0qZzUYAsM66Kwwkog~HlzD8JMrr8neHTJKwLCzrla~YZqJP
Source: global traffic	HTTP traffic detected: GET /rules/rule120668v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /web/res/5c0/6ee6d0880dac04be108377cc39752/js/lib/dust-helpers-supplement.js HTTP/1.1Host: www.paypalobjects.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /rules/rule120669v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /ts?v=1.9.5&t=1733264954903&g=300&e=err&page=main%3Aauthchallenge%3A%3Asignin&pgrp=main%3Aauthchallenge%3A%3Asignin&comp=authchallengenodeweb&erpg=Script%20error&error_type=WINDOW_ONERROR&error_source=-%200%3A0 HTTP/1.1Host: t.paypal.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: enforce_policy=ccpa; cookie_check=yes; d_id=7725997addae4c2da66bd27d929586dc1733264923004; LANG=en_US%3BUS; ts_c=vr%3D8ea3d9461930ad121082ef6cf7c2e8e3%26vt%3D8ea3d9461930ad121082ef6cf7c2e8e2; tsrce=authchallengenodeweb; TLTSID=48593638776366357170691245727143; TLTDID=75542927983698269206114914803764; x-pp-s=eyJ0IjoiMTczMzI2NDk1MjI3NiIsImwiOiIwIiwibSI6IjAifQ; l7_az=ccg01.phx; datadome=v_SnqDq8X18x4t4hMkTWX0ihD5HzqBEMdR0Es4NAbzb5mXkahvzhJLRUYKNNB7KdFssFCc7suWbecZWiv0qZzUYAsM66Kwwkog~HlzD8JMrr8neHTJKwLCzrla~YZqJP; ts=vreXpYrS%3D1764800957%26vteXpYrS%3D1733266757%26vr%3D8ea3d9461930ad121082ef6cf7c2e8e3%26vt%3D8ea3d9461930ad121082ef6cf7c2e8e2%26vtyp%3Dnew
Source: global traffic	HTTP traffic detected: GET /rules/rule120670v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /ts?v=1.9.5&t=1733264957088&g=300&page=main%3Aauthchallenge%3A%3Asignin&pgst=1733264938564&calc=f2319867804a6&nsid=evj4EdWICYTM74vseTBj8oH7j-C4iJNk&rsta=en_US&pgtf=Nodejs&env=live&s=ci&ccpg=US&csci=de5d615516304ee7988e0098060f9dcb&comp=authchallengenodeweb&tsrce=unifiedloginnodeweb&cu=0&ef_policy=ccpa&xe=109541%2C107585&xt=145835%2C135393&view=%7B%22t10%22%3A0%2C%22t11%22%3A16278%2C%22nt%22%3A%22manual%22%7D&ads_client_data=Navigator(appCodeName%3DMozilla%7CappName%3DNetscape%7CappVersion%3D5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F117.0.0.0%20Safari%2F537.36%7CuserAgent%3DMozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F117.0.0.0%20Safari%2F537.36%7Cwebdriverfalse%7CdeviceMemory8%7Cgeolocation(Available)%7Clanguage%3Den-US%7ConLine%3Dtrue%7Cplatform%3DWin32%7Cproduct%3DGecko)%7CHistory(2)%7Cscreen(1280%2C1024%2C1280%2C984%2C24%2C24)%7Cwindow(Width%3D1280%7Cheight%3D907%7CmozRTCPeerConnection%3Dundefined%7CChrome%3D%5Bobject%20Object%5D%7CcallPhantom%3Dundefined%7C_phantom%3Dundefined%7Cstr%3Dundefined%7Clength%3D1%7CdevicePixelRatio%3D1)%7CloginPresent(false)%7CloginTitle()%7Creferrer(https%3A%2F%2Fwww.paypal.com%2Fsignin%2F%3FreturnUri%3D2Fmyaccount2Ftransfer2FpayRequest2FU-06C88558L1014094C2FU-2DM00000BR77214333FclassicUrl3D2FUS2Fcgi-bin2F3Fcmd3D_prq%26id%3DRy38v2FrK0UjF72A307PSNceYxU8e31AX6KM7A%26expId%3Dp2p%26onboardData%3D7B22signUpRequest223A7B22method223A22get222C22url223A22https3A2F2Fwww.paypal.com2Fmyaccount2Ftransfer2FguestLogin2FpayRequest2FU-06C88558L1014094C2FU-2DM00000BR77214333FclassicUrl3D2FUS2Fcgi-bin2F3Fcmd3D_prq26id3DRy38v2FrK0UjF72A307PSNceYxU8e31AX6KM7A227D7D%26flowContextData%3DEPipLgYQkcQiPC6xPmHLsMuav-qVcafyzQ_WyOueO1YLprxlMy2pR71HozTcXvF3gDlTVCnYOiGO1RH-x7AipFN1b_fXcnymzC7htRa-Up9txf3z7YS5D19T0nlKma78-VkCV-TQDV5CW84rr3rCJNYe1-fM_jtU4E9Padf_oYXGfzDmevT97BhWrEB2gc-cCgFZtePLBN_tEqZ2EXbR1HfEixVltCquJW08dhO4loCGR0Fw-i9hA2gm89p74lOnm_ylvkeMAFpn0MW2giVYeRb3X0Q993Fc-WNeqYIyYpEqnx8lWPo6TeIWhqhOu3HF3VENmMaY6Nw84pRr3Et2JJaxNrKrdwGltz9Bbxuv5CKbKgj5FHLgD4yz3AaxBVHUmdApOlWCmLbKHzdVBa3Y_WNm9O8_MwExtGHJFp8NDUJAXIhZaK7XQl16wX5aXhnY7INelm%26v%3D1%26utm_source%3Dunp%26utm_medium%3Demail%26utm_campaign%3DRT000186%26utm_unptid%3Dedc46c96-b18e-11ef-a3e7-1b67a4a59178%26ppid%3DRT000186%26cnac%3DUS%26rsta%3Den_US28en-US29%26unptid%3Dedc46c96-b18e-11ef-a3e7-1b67a4a59178%26calc%3Df66544940b4b2%26unp_tpcid%3Drequestmoney-notifications-requestee%26page%3Dmain3Aemail3ART000186%26pgrp%3Dmain3Aemail%26e%3Dcl%26mchn%3Dem%26s%3Dci%26mail%3Dsys%26appVersion%3D1.294.0%26tenant_name%3D%26xt%3D1455852C150948*2C104038%26link_ref%3Dwww.paypal.com_signin__%3BJSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUlJQ!!E09OEw!ZFlf8dyv9p4m5TistHOCu6FtN37v8zWP5-QyGJsZhABWsjDIA2M-dGUPzMmvyOWcAxfX3C0KPvNI8A%24)%7Cplugins%3A(PDF%20Viewer%20%7C%20internal-pdf-
Source: global traffic	HTTP traffic detected: GET /rules/rule120672v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120671v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /en_US/i/icon/pp_favicon_x.ico HTTP/1.1Host: www.paypalobjects.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.paypal.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /rules/rule120673v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120674v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /ts?v=1.9.5&t=1733264957088&g=300&page=main%3Aauthchallenge%3A%3Asignin&pgst=1733264938564&calc=f2319867804a6&nsid=evj4EdWICYTM74vseTBj8oH7j-C4iJNk&rsta=en_US&pgtf=Nodejs&env=live&s=ci&ccpg=US&csci=de5d615516304ee7988e0098060f9dcb&comp=authchallengenodeweb&tsrce=unifiedloginnodeweb&cu=0&ef_policy=ccpa&xe=109541%2C107585&xt=145835%2C135393&view=%7B%22t10%22%3A0%2C%22t11%22%3A16278%2C%22nt%22%3A%22manual%22%7D&ads_client_data=Navigator(appCodeName%3DMozilla%7CappName%3DNetscape%7CappVersion%3D5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F117.0.0.0%20Safari%2F537.36%7CuserAgent%3DMozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F117.0.0.0%20Safari%2F537.36%7Cwebdriverfalse%7CdeviceMemory8%7Cgeolocation(Available)%7Clanguage%3Den-US%7ConLine%3Dtrue%7Cplatform%3DWin32%7Cproduct%3DGecko)%7CHistory(2)%7Cscreen(1280%2C1024%2C1280%2C984%2C24%2C24)%7Cwindow(Width%3D1280%7Cheight%3D907%7CmozRTCPeerConnection%3Dundefined%7CChrome%3D%5Bobject%20Object%5D%7CcallPhantom%3Dundefined%7C_phantom%3Dundefined%7Cstr%3Dundefined%7Clength%3D1%7CdevicePixelRatio%3D1)%7CloginPresent(false)%7CloginTitle()%7Creferrer(https%3A%2F%2Fwww.paypal.com%2Fsignin%2F%3FreturnUri%3D2Fmyaccount2Ftransfer2FpayRequest2FU-06C88558L1014094C2FU-2DM00000BR77214333FclassicUrl3D2FUS2Fcgi-bin2F3Fcmd3D_prq%26id%3DRy38v2FrK0UjF72A307PSNceYxU8e31AX6KM7A%26expId%3Dp2p%26onboardData%3D7B22signUpRequest223A7B22method223A22get222C22url223A22https3A2F2Fwww.paypal.com2Fmyaccount2Ftransfer2FguestLogin2FpayRequest2FU-06C88558L1014094C2FU-2DM00000BR77214333FclassicUrl3D2FUS2Fcgi-bin2F3Fcmd3D_prq26id3DRy38v2FrK0UjF72A307PSNceYxU8e31AX6KM7A227D7D%26flowContextData%3DEPipLgYQkcQiPC6xPmHLsMuav-qVcafyzQ_WyOueO1YLprxlMy2pR71HozTcXvF3gDlTVCnYOiGO1RH-x7AipFN1b_fXcnymzC7htRa-Up9txf3z7YS5D19T0nlKma78-VkCV-TQDV5CW84rr3rCJNYe1-fM_jtU4E9Padf_oYXGfzDmevT97BhWrEB2gc-cCgFZtePLBN_tEqZ2EXbR1HfEixVltCquJW08dhO4loCGR0Fw-i9hA2gm89p74lOnm_ylvkeMAFpn0MW2giVYeRb3X0Q993Fc-WNeqYIyYpEqnx8lWPo6TeIWhqhOu3HF3VENmMaY6Nw84pRr3Et2JJaxNrKrdwGltz9Bbxuv5CKbKgj5FHLgD4yz3AaxBVHUmdApOlWCmLbKHzdVBa3Y_WNm9O8_MwExtGHJFp8NDUJAXIhZaK7XQl16wX5aXhnY7INelm%26v%3D1%26utm_source%3Dunp%26utm_medium%3Demail%26utm_campaign%3DRT000186%26utm_unptid%3Dedc46c96-b18e-11ef-a3e7-1b67a4a59178%26ppid%3DRT000186%26cnac%3DUS%26rsta%3Den_US28en-US29%26unptid%3Dedc46c96-b18e-11ef-a3e7-1b67a4a59178%26calc%3Df66544940b4b2%26unp_tpcid%3Drequestmoney-notifications-requestee%26page%3Dmain3Aemail3ART000186%26pgrp%3Dmain3Aemail%26e%3Dcl%26mchn%3Dem%26s%3Dci%26mail%3Dsys%26appVersion%3D1.294.0%26tenant_name%3D%26xt%3D1455852C150948*2C104038%26link_ref%3Dwww.paypal.com_signin__%3BJSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUlJQ!!E09OEw!ZFlf8dyv9p4m5TistHOCu6FtN37v8zWP5-QyGJsZhABWsjDIA2M-dGUPzMmvyOWcAxfX3C0KPvNI8A%24)%7Cplugins%3A(PDF%20Viewer%20%7C%20internal-pdf-
Source: global traffic	HTTP traffic detected: GET /rules/rule120675v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120677v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120676v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /en_US/i/icon/pp_favicon_x.ico HTTP/1.1Host: www.paypalobjects.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /rules/rule120678v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120679v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120680v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120681v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120682v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /getcaptcha/bf07db68-5c2e-42e8-8779-ea8384890eea HTTP/1.1Host: hcaptcha.paypal.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: enforce_policy=ccpa; cookie_check=yes; d_id=7725997addae4c2da66bd27d929586dc1733264923004; LANG=en_US%3BUS; ts_c=vr%3D8ea3d9461930ad121082ef6cf7c2e8e3%26vt%3D8ea3d9461930ad121082ef6cf7c2e8e2; tsrce=authchallengenodeweb; TLTSID=48593638776366357170691245727143; TLTDID=75542927983698269206114914803764; x-pp-s=eyJ0IjoiMTczMzI2NDk1MjI3NiIsImwiOiIwIiwibSI6IjAifQ; l7_az=ccg01.phx; datadome=v_SnqDq8X18x4t4hMkTWX0ihD5HzqBEMdR0Es4NAbzb5mXkahvzhJLRUYKNNB7KdFssFCc7suWbecZWiv0qZzUYAsM66Kwwkog~HlzD8JMrr8neHTJKwLCzrla~YZqJP; ts=vreXpYrS%3D1764800961%26vteXpYrS%3D1733266761%26vr%3D8ea3d9461930ad121082ef6cf7c2e8e3%26vt%3D8ea3d9461930ad121082ef6cf7c2e8e2%26vtyp%3Dnew
Source: global traffic	HTTP traffic detected: GET /rules/rule120602v10s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120601v3s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule224901v11s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /auth/logclientdata HTTP/1.1Host: www.paypal.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: enforce_policy=ccpa; cookie_check=yes; d_id=7725997addae4c2da66bd27d929586dc1733264923004; LANG=en_US%3BUS; nsid=s%3Aevj4EdWICYTM74vseTBj8oH7j-C4iJNk.6OioJQrFQLaVnXFFIn2brDGAhqGv1aGT1mitfKHI8zQ; ts_c=vr%3D8ea3d9461930ad121082ef6cf7c2e8e3%26vt%3D8ea3d9461930ad121082ef6cf7c2e8e2; tsrce=authchallengenodeweb; ddbc=1; TLTSID=48593638776366357170691245727143; TLTDID=75542927983698269206114914803764; datadome=v_SnqDq8X18x4t4hMkTWX0ihD5HzqBEMdR0Es4NAbzb5mXkahvzhJLRUYKNNB7KdFssFCc7suWbecZWiv0qZzUYAsM66Kwwkog~HlzD8JMrr8neHTJKwLCzrla~YZqJP; ts=vreXpYrS%3D1764800964%26vteXpYrS%3D1733266764%26vr%3D8ea3d9461930ad121082ef6cf7c2e8e3%26vt%3D8ea3d9461930ad121082ef6cf7c2e8e2%26vtyp%3Dnew; x-pp-s=eyJ0IjoiMTczMzI2NDk2NDc0OCIsImwiOiIwIiwibSI6IjAifQ; l7_az=dcg01.phx
Source: global traffic	HTTP traffic detected: GET /rules/rule701201v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /ts?v=1.9.5&t=1733264963937&g=300&pgrp=authchallengenodeweb%2Flayouts%2Fmaster.html.dust&page=authchallengenodeweb%2Flayouts%2Fmaster.html.dust&pgst=1733264964660&calc=f175419dbe368&nsid=evj4EdWICYTM74vseTBj8oH7j-C4iJNk&rsta=en_US&pgtf=Nodejs&env=live&s=ci&ccpg=US&csci=a099cee091ad48e9bebf691e7b9d5711&comp=authchallengenodeweb&tsrce=authchallengenodeweb&cu=0&ef_policy=ccpa&xe=108937&xt=142649&e=im&imsrc=setup&view=%7B%22t10%22%3A1223%2C%22t11%22%3A1804%2C%22et%22%3A%223g%22%2C%22nt%22%3A%22navigate%22%2C%22bt%22%3A0%7D&ru=https%3A%2F%2Fwww.paypal.com%2Fsignin&cd=24&sw=1280&sh=1024&dw=1280&dh=1024&bw=1280&bh=907&ce=1&t1=1223&t1c=1223&t1d=0&t1s=1221&t2=737&t3=22&t4d=0&t4=0&t4e=2026&tt=0&rdc=0&protocol=http%2F1.1&res=%7B%7D HTTP/1.1Host: t.paypal.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Cache-Control: max-age=0sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyReferer: https://www.paypal.com/auth/validatecaptchaAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: enforce_policy=ccpa; cookie_check=yes; d_id=7725997addae4c2da66bd27d929586dc1733264923004; LANG=en_US%3BUS; ts_c=vr%3D8ea3d9461930ad121082ef6cf7c2e8e3%26vt%3D8ea3d9461930ad121082ef6cf7c2e8e2; tsrce=authchallengenodeweb; TLTSID=48593638776366357170691245727143; TLTDID=75542927983698269206114914803764; datadome=v_SnqDq8X18x4t4hMkTWX0ihD5HzqBEMdR0Es4NAbzb5mXkahvzhJLRUYKNNB7KdFssFCc7suWbecZWiv0qZzUYAsM66Kwwkog~HlzD8JMrr8neHTJKwLCzrla~YZqJP; ts=vreXpYrS%3D1764800964%26vteXpYrS%3D1733266764%26vr%3D8ea3d9461930ad121082ef6cf7c2e8e3%26vt%3D8ea3d9461930ad121082ef6cf7c2e8e2%26vtyp%3Dnew; x-pp-s=eyJ0IjoiMTczMzI2NDk2NDg2MiIsImwiOiIwIiwibSI6IjAifQ; l7_az=dcg15.slc
Source: global traffic	HTTP traffic detected: GET /rules/rule701200v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700201v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700200v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /signin HTTP/1.1Host: www.paypal.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: enforce_policy=ccpa; cookie_check=yes; d_id=7725997addae4c2da66bd27d929586dc1733264923004; LANG=en_US%3BUS; nsid=s%3Aevj4EdWICYTM74vseTBj8oH7j-C4iJNk.6OioJQrFQLaVnXFFIn2brDGAhqGv1aGT1mitfKHI8zQ; ts_c=vr%3D8ea3d9461930ad121082ef6cf7c2e8e3%26vt%3D8ea3d9461930ad121082ef6cf7c2e8e2; tsrce=authchallengenodeweb; ddbc=1; TLTSID=48593638776366357170691245727143; TLTDID=75542927983698269206114914803764; datadome=v_SnqDq8X18x4t4hMkTWX0ihD5HzqBEMdR0Es4NAbzb5mXkahvzhJLRUYKNNB7KdFssFCc7suWbecZWiv0qZzUYAsM66Kwwkog~HlzD8JMrr8neHTJKwLCzrla~YZqJP; x-pp-s=eyJ0IjoiMTczMzI2NDk2NjYxNSIsImwiOiIwIiwibSI6IjAifQ; l7_az=dcg01.phx; ts=vreXpYrS%3D1764800966%26vteXpYrS%3D1733266766%26vr%3D8ea3d9461930ad121082ef6cf7c2e8e3%26vt%3D8ea3d9461930ad121082ef6cf7c2e8e2%26vtyp%3Dnew
Source: global traffic	HTTP traffic detected: GET /rules/rule702351v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701251v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702350v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /images/shared/icon_alert_sprite-2x.png HTTP/1.1Host: www.paypalobjects.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.paypalobjects.com/web/res/087/9f731d8bcedd5b7e7a3975c024278/css/app.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /web/res/087/9f731d8bcedd5b7e7a3975c024278/js/widgets/postMessage.js HTTP/1.1Host: www.paypalobjects.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.paypal.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /web/res/087/9f731d8bcedd5b7e7a3975c024278/js/view/authcaptcha.js HTTP/1.1Host: www.paypalobjects.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.paypal.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /web/res/087/9f731d8bcedd5b7e7a3975c024278/js/lib/backbone-0.9.2.js HTTP/1.1Host: www.paypalobjects.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.paypal.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /rules/rule701250v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700051v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700050v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702951v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702950v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /images/shared/icon_alert_sprite-2x.png HTTP/1.1Host: www.paypalobjects.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /web/res/087/9f731d8bcedd5b7e7a3975c024278/js/widgets/postMessage.js HTTP/1.1Host: www.paypalobjects.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /web/res/087/9f731d8bcedd5b7e7a3975c024278/js/widgets/validation.js HTTP/1.1Host: www.paypalobjects.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.paypal.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /web/res/087/9f731d8bcedd5b7e7a3975c024278/js/widgets/errorDisplay.js HTTP/1.1Host: www.paypalobjects.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.paypal.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /web/res/087/9f731d8bcedd5b7e7a3975c024278/js/view/authcaptcha.js HTTP/1.1Host: www.paypalobjects.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /web/res/087/9f731d8bcedd5b7e7a3975c024278/js/lib/backbone-0.9.2.js HTTP/1.1Host: www.paypalobjects.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /rules/rule701151v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701150v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=cYtZgsf87n8No3k&MD=gyayWuYD HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /rules/rule702201v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702200v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700401v2s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /js/ HTTP/1.1Host: ddbm2.paypal.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: enforce_policy=ccpa; cookie_check=yes; d_id=7725997addae4c2da66bd27d929586dc1733264923004; LANG=en_US%3BUS; ts_c=vr%3D8ea3d9461930ad121082ef6cf7c2e8e3%26vt%3D8ea3d9461930ad121082ef6cf7c2e8e2; TLTSID=48593638776366357170691245727143; TLTDID=75542927983698269206114914803764; login_email=5e9grx%40vrichto.net; ui_experience=login_type%3DEMAIL_PASSWORD; fn_dt=7725997addae4c2da66bd27d929586dc; tsrce=unifiedloginnodeweb; x-pp-s=eyJ0IjoiMTczMzI2NDk2NjkyMCIsImwiOiIwIiwibSI6IjAifQ; l7_az=dcg15.slc; ts=vreXpYrS%3D1764800967%26vteXpYrS%3D1733266767%26vr%3D8ea3d9461930ad121082ef6cf7c2e8e3%26vt%3D8ea3d9461930ad121082ef6cf7c2e8e2%26vtyp%3Dnew; datadome=ksO9t0fZ25AL~IS4nb_GS21Jjlsm_qYMfXylHfI0PfeuPP_7mSXlCiAv1XpbhIF71_E48pL5nyfbJhl3jC7Ddb67HMipKVPFyTHyx6PPURMtmcf9Xpia~N~_DEXt8r89
Source: global traffic	HTTP traffic detected: GET /web/res/087/9f731d8bcedd5b7e7a3975c024278/js/view/login.js HTTP/1.1Host: www.paypalobjects.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.paypal.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /web/res/087/9f731d8bcedd5b7e7a3975c024278/js/widgets/validation.js HTTP/1.1Host: www.paypalobjects.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /web/res/087/9f731d8bcedd5b7e7a3975c024278/js/widgets/errorDisplay.js HTTP/1.1Host: www.paypalobjects.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /rules/rule700400v2s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700351v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700350v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703901v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /platform/tealeaftarget HTTP/1.1Host: www.paypal.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: enforce_policy=ccpa; cookie_check=yes; d_id=7725997addae4c2da66bd27d929586dc1733264923004; LANG=en_US%3BUS; nsid=s%3Aevj4EdWICYTM74vseTBj8oH7j-C4iJNk.6OioJQrFQLaVnXFFIn2brDGAhqGv1aGT1mitfKHI8zQ; ts_c=vr%3D8ea3d9461930ad121082ef6cf7c2e8e3%26vt%3D8ea3d9461930ad121082ef6cf7c2e8e2; ddbc=1; TLTSID=48593638776366357170691245727143; TLTDID=75542927983698269206114914803764; login_email=5e9grx%40vrichto.net; ui_experience=login_type%3DEMAIL_PASSWORD; fn_dt=7725997addae4c2da66bd27d929586dc; tsrce=unifiedloginnodeweb; x-pp-s=eyJ0IjoiMTczMzI2NDk2NjkyMCIsImwiOiIwIiwibSI6IjAifQ; l7_az=dcg15.slc; datadome=ksO9t0fZ25AL~IS4nb_GS21Jjlsm_qYMfXylHfI0PfeuPP_7mSXlCiAv1XpbhIF71_E48pL5nyfbJhl3jC7Ddb67HMipKVPFyTHyx6PPURMtmcf9Xpia~N~_DEXt8r89; ts=vreXpYrS%3D1764800974%26vteXpYrS%3D1733266774%26vr%3D8ea3d9461930ad121082ef6cf7c2e8e3%26vt%3D8ea3d9461930ad121082ef6cf7c2e8e2%26vtyp%3Dnew
Source: global traffic	HTTP traffic detected: GET /rules/rule703900v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /web/res/087/9f731d8bcedd5b7e7a3975c024278/js/view/notifications.js HTTP/1.1Host: www.paypalobjects.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.paypal.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /web/res/087/9f731d8bcedd5b7e7a3975c024278/js/view/login.js HTTP/1.1Host: www.paypalobjects.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /web/res/087/9f731d8bcedd5b7e7a3975c024278/js/lib/fn.js HTTP/1.1Host: www.paypalobjects.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.paypal.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /web/res/087/9f731d8bcedd5b7e7a3975c024278/js/view/showHidePasswordButton.js HTTP/1.1Host: www.paypalobjects.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.paypal.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /web/res/087/9f731d8bcedd5b7e7a3975c024278/js/lib/jquery-ui.min.js HTTP/1.1Host: www.paypalobjects.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.paypal.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /rules/rule701501v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701500v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /error?code=404&ref=tealeaf HTTP/1.1Host: www.paypal.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: enforce_policy=ccpa; cookie_check=yes; d_id=7725997addae4c2da66bd27d929586dc1733264923004; LANG=en_US%3BUS; nsid=s%3Aevj4EdWICYTM74vseTBj8oH7j-C4iJNk.6OioJQrFQLaVnXFFIn2brDGAhqGv1aGT1mitfKHI8zQ; ts_c=vr%3D8ea3d9461930ad121082ef6cf7c2e8e3%26vt%3D8ea3d9461930ad121082ef6cf7c2e8e2; ddbc=1; TLTSID=48593638776366357170691245727143; TLTDID=75542927983698269206114914803764; login_email=5e9grx%40vrichto.net; ui_experience=login_type%3DEMAIL_PASSWORD; fn_dt=7725997addae4c2da66bd27d929586dc; tsrce=unifiedloginnodeweb; x-pp-s=eyJ0IjoiMTczMzI2NDk2NjkyMCIsImwiOiIwIiwibSI6IjAifQ; l7_az=dcg15.slc; datadome=ksO9t0fZ25AL~IS4nb_GS21Jjlsm_qYMfXylHfI0PfeuPP_7mSXlCiAv1XpbhIF71_E48pL5nyfbJhl3jC7Ddb67HMipKVPFyTHyx6PPURMtmcf9Xpia~N~_DEXt8r89; ts=vreXpYrS%3D1764800976%26vteXpYrS%3D1733266776%26vr%3D8ea3d9461930ad121082ef6cf7c2e8e3%26vt%3D8ea3d9461930ad121082ef6cf7c2e8e2%26vtyp%3Dnew
Source: global traffic	HTTP traffic detected: GET /rules/rule702801v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702800v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /signin/client-log HTTP/1.1Host: www.paypal.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: enforce_policy=ccpa; cookie_check=yes; d_id=7725997addae4c2da66bd27d929586dc1733264923004; LANG=en_US%3BUS; nsid=s%3Aevj4EdWICYTM74vseTBj8oH7j-C4iJNk.6OioJQrFQLaVnXFFIn2brDGAhqGv1aGT1mitfKHI8zQ; ts_c=vr%3D8ea3d9461930ad121082ef6cf7c2e8e3%26vt%3D8ea3d9461930ad121082ef6cf7c2e8e2; ddbc=1; TLTSID=48593638776366357170691245727143; TLTDID=75542927983698269206114914803764; login_email=5e9grx%40vrichto.net; ui_experience=login_type%3DEMAIL_PASSWORD; fn_dt=7725997addae4c2da66bd27d929586dc; tsrce=unifiedloginnodeweb; l7_az=dcg15.slc; datadome=ksO9t0fZ25AL~IS4nb_GS21Jjlsm_qYMfXylHfI0PfeuPP_7mSXlCiAv1XpbhIF71_E48pL5nyfbJhl3jC7Ddb67HMipKVPFyTHyx6PPURMtmcf9Xpia~N~_DEXt8r89; ts=vreXpYrS%3D1764800976%26vteXpYrS%3D1733266776%26vr%3D8ea3d9461930ad121082ef6cf7c2e8e3%26vt%3D8ea3d9461930ad121082ef6cf7c2e8e2%26vtyp%3Dnew; x-pp-s=eyJ0IjoiMTczMzI2NDk3NjU5NCIsImwiOiIwIiwibSI6IjAifQ
Source: global traffic	HTTP traffic detected: GET /rules/rule703351v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703350v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /web/res/087/9f731d8bcedd5b7e7a3975c024278/js/view/notifications.js HTTP/1.1Host: www.paypalobjects.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /web/res/087/9f731d8bcedd5b7e7a3975c024278/js/lib/fn.js HTTP/1.1Host: www.paypalobjects.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /web/res/087/9f731d8bcedd5b7e7a3975c024278/js/view/showHidePasswordButton.js HTTP/1.1Host: www.paypalobjects.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /rules/rule703501v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /web/res/087/9f731d8bcedd5b7e7a3975c024278/js/lib/jquery-ui.min.js HTTP/1.1Host: www.paypalobjects.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /signin/client-log HTTP/1.1Host: www.paypal.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: enforce_policy=ccpa; cookie_check=yes; d_id=7725997addae4c2da66bd27d929586dc1733264923004; LANG=en_US%3BUS; nsid=s%3Aevj4EdWICYTM74vseTBj8oH7j-C4iJNk.6OioJQrFQLaVnXFFIn2brDGAhqGv1aGT1mitfKHI8zQ; ts_c=vr%3D8ea3d9461930ad121082ef6cf7c2e8e3%26vt%3D8ea3d9461930ad121082ef6cf7c2e8e2; ddbc=1; TLTSID=48593638776366357170691245727143; TLTDID=75542927983698269206114914803764; login_email=5e9grx%40vrichto.net; ui_experience=login_type%3DEMAIL_PASSWORD; fn_dt=7725997addae4c2da66bd27d929586dc; tsrce=unifiedloginnodeweb; l7_az=dcg15.slc; datadome=ksO9t0fZ25AL~IS4nb_GS21Jjlsm_qYMfXylHfI0PfeuPP_7mSXlCiAv1XpbhIF71_E48pL5nyfbJhl3jC7Ddb67HMipKVPFyTHyx6PPURMtmcf9Xpia~N~_DEXt8r89; x-pp-s=eyJ0IjoiMTczMzI2NDk3Nzg5MCIsImwiOiIwIiwibSI6IjAifQ; ts=vreXpYrS%3D1764800977%26vteXpYrS%3D1733266777%26vr%3D8ea3d9461930ad121082ef6cf7c2e8e3%26vt%3D8ea3d9461930ad121082ef6cf7c2e8e2%26vtyp%3Dnew
Source: global traffic	HTTP traffic detected: GET /signin HTTP/1.1Host: www.paypal.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: enforce_policy=ccpa; cookie_check=yes; d_id=7725997addae4c2da66bd27d929586dc1733264923004; LANG=en_US%3BUS; nsid=s%3Aevj4EdWICYTM74vseTBj8oH7j-C4iJNk.6OioJQrFQLaVnXFFIn2brDGAhqGv1aGT1mitfKHI8zQ; ts_c=vr%3D8ea3d9461930ad121082ef6cf7c2e8e3%26vt%3D8ea3d9461930ad121082ef6cf7c2e8e2; ddbc=1; TLTSID=48593638776366357170691245727143; TLTDID=75542927983698269206114914803764; login_email=5e9grx%40vrichto.net; ui_experience=login_type%3DEMAIL_PASSWORD; fn_dt=7725997addae4c2da66bd27d929586dc; tsrce=unifiedloginnodeweb; l7_az=dcg15.slc; datadome=ksO9t0fZ25AL~IS4nb_GS21Jjlsm_qYMfXylHfI0PfeuPP_7mSXlCiAv1XpbhIF71_E48pL5nyfbJhl3jC7Ddb67HMipKVPFyTHyx6PPURMtmcf9Xpia~N~_DEXt8r89; x-pp-s=eyJ0IjoiMTczMzI2NDk3ODUwNSIsImwiOiIwIiwibSI6IjAifQ; ts=vreXpYrS%3D1764800978%26vteXpYrS%3D1733266778%26vr%3D8ea3d9461930ad121082ef6cf7c2e8e3%26vt%3D8ea3d9461930ad121082ef6cf7c2e8e2%26vtyp%3Dnew
Source: global traffic	HTTP traffic detected: GET /rules/rule703500v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701801v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701800v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701051v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /js/ HTTP/1.1Host: ddbm2.paypal.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: cookie_check=yes; d_id=7725997addae4c2da66bd27d929586dc1733264923004; LANG=en_US%3BUS; ts_c=vr%3D8ea3d9461930ad121082ef6cf7c2e8e3%26vt%3D8ea3d9461930ad121082ef6cf7c2e8e2; TLTDID=75542927983698269206114914803764; login_email=5e9grx%40vrichto.net; ui_experience=login_type%3DEMAIL_PASSWORD; fn_dt=7725997addae4c2da66bd27d929586dc; tsrce=unifiedloginnodeweb; navcmd=_home; consumer_display=USER_HOMEPAGE%3d0%26USER_TARGETPAGE%3d0%26USER_FILTER_CHOICE%3d0%26BALANCE_MODULE_STATE%3d1%26GIFT_BALANCE_MODULE_STATE%3d1%26LAST_SELECTED_ALIAS_ID%3d0%26SELLING_GROUP%3d1%26PAYMENT_AND_RISK_GROUP%3d1%26SHIPPING_GROUP%3d1%26HOME_VERSION%3d1733351378%26MCE2_ELIGIBILITY%3d4294967295; KHcl0EuY7AKSMgfvHl7J5E7hPtK=ymsDktAxceAPjPB5H7oQcenbXwroWTWazlFtovKN2FXTrZDZbAzWFuZ2fQdhoFHvjiBDZQgerJdPV2o1; navlns=0.0; cwrClyrK4LoCV1fydGbAxiNL6iG=DbLA71ewE20RsHkuAWCOEh926OoZR1N1s0TjeUM1CKHcj_wbbslsgXQTgw-cpl-Lu_AghWuXNX3lbFRXr1llHE0NPD_Rf-ow2UsFpGFdZqgSFW0s9yj4n3cwiOStb21MDGyJMSl5zblqq36U0puVBhY2TtY-eHPWG4Yzt2sXnekhYglp6or4wioGMYjn231_dABgByMimlKEocOE2t90OmVbJDSMELHU4NtZa5-b7IEYnozCLz2xrfSbM1fl4Zyk2ABKu8EKyVvNQUD7SNH8zyAITW3BzzJlaaYBJQL1r1JjF5Kdp6ZBglA4_EZLc9Y4mSH0JHrfbWj5zmqR9AUHKz3MCcmmnTbzc97DOtINbbZ-RjZLROJ0zcCUVWwuvEYNYeTJrsH11CwHQU789KdgQDTMAyzVnEk60XqHWwe1Kv-SLN7UqzgflPkbKXu; x-pp-s=eyJ0IjoiMTczMzI2NDk3OTI2NyIsImwiOiIwIiwibSI6IjAifQ; l7_az=ccg13.slc; ts=vreXpYrS%3D1764800977%26vteXpYrS%3D1733266777%26vr%3D8ea3d9461930ad121082ef6cf7c2e8e3%26vt%3D8ea3d9461930ad121082ef6cf7c2e8e2%26vtyp%3Dnew; datadome=N_~p_AU4NT6vhC_xgqy4V1roy~oPIrR0hGbQ9baoo769bVkTH344AM70vZpMwXqDE2NkTZU_kE_y5xgpqqYsmmc3F6D_k7Rj8i6L8UScFjAFMt3bebSLyblq2TANIUtE
Source: global traffic	HTTP traffic detected: GET /rules/rule701050v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702751v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702750v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /signin HTTP/1.1Host: www.paypal.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: cookie_check=yes; d_id=7725997addae4c2da66bd27d929586dc1733264923004; LANG=en_US%3BUS; nsid=s%3Aevj4EdWICYTM74vseTBj8oH7j-C4iJNk.6OioJQrFQLaVnXFFIn2brDGAhqGv1aGT1mitfKHI8zQ; ts_c=vr%3D8ea3d9461930ad121082ef6cf7c2e8e3%26vt%3D8ea3d9461930ad121082ef6cf7c2e8e2; ddbc=1; TLTDID=75542927983698269206114914803764; login_email=5e9grx%40vrichto.net; ui_experience=login_type%3DEMAIL_PASSWORD; fn_dt=7725997addae4c2da66bd27d929586dc; tsrce=unifiedloginnodeweb; navcmd=_home; consumer_display=USER_HOMEPAGE%3d0%26USER_TARGETPAGE%3d0%26USER_FILTER_CHOICE%3d0%26BALANCE_MODULE_STATE%3d1%26GIFT_BALANCE_MODULE_STATE%3d1%26LAST_SELECTED_ALIAS_ID%3d0%26SELLING_GROUP%3d1%26PAYMENT_AND_RISK_GROUP%3d1%26SHIPPING_GROUP%3d1%26HOME_VERSION%3d1733351378%26MCE2_ELIGIBILITY%3d4294967295; KHcl0EuY7AKSMgfvHl7J5E7hPtK=ymsDktAxceAPjPB5H7oQcenbXwroWTWazlFtovKN2FXTrZDZbAzWFuZ2fQdhoFHvjiBDZQgerJdPV2o1; navlns=0.0; cwrClyrK4LoCV1fydGbAxiNL6iG=DbLA71ewE20RsHkuAWCOEh926OoZR1N1s0TjeUM1CKHcj_wbbslsgXQTgw-cpl-Lu_AghWuXNX3lbFRXr1llHE0NPD_Rf-ow2UsFpGFdZqgSFW0s9yj4n3cwiOStb21MDGyJMSl5zblqq36U0puVBhY2TtY-eHPWG4Yzt2sXnekhYglp6or4wioGMYjn231_dABgByMimlKEocOE2t90OmVbJDSMELHU4NtZa5-b7IEYnozCLz2xrfSbM1fl4Zyk2ABKu8EKyVvNQUD7SNH8zyAITW3BzzJlaaYBJQL1r1JjF5Kdp6ZBglA4_EZLc9Y4mSH0JHrfbWj5zmqR9AUHKz3MCcmmnTbzc97DOtINbbZ-RjZLROJ0zcCUVWwuvEYNYeTJrsH11CwHQU789KdgQDTMAyzVnEk60XqHWwe1Kv-SLN7UqzgflPkbKXu; datadome=ESBjDgDXk~tW6Koptzu~Fg~CpW9g1VmO4NZAoCfXtFMjk_w1auCwfGcZqLJN1WSsCVIgTCHF3DpfTI48n8UEXOK0jsbITRSdwFS_rQLaQK6~5vKz7p8AczJ8K5o8qnsZ; enforce_policy=ccpa; x-pp-s=eyJ0IjoiMTczMzI2NDk4MDQwNSIsImwiOiIwIiwibSI6IjAifQ; l7_az=dcg15.slc; ts=vreXpYrS%3D1764800980%26vteXpYrS%3D1733266780%26vr%3D8ea3d9461930ad121082ef6cf7c2e8e3%26vt%3D8ea3d9461930ad121082ef6cf7c2e8e2%26vtyp%3Dnew
Source: global traffic	HTTP traffic detected: GET /js/bg/_g7F8zg2GdO3pOHRmF2TkLpGsVwPqyf6mfC5A8V3XdU.js HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /X-Client-Data: CI62yQEIpLbJAQipncoBCNrwygEIlKHLAQiFoM0BCLnKzQEIitPNARj1yc0BGOuNpRc=Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.recaptcha.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /rules/rule702301v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702300v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703401v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703400v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702501v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702500v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700501v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /js/bg/_g7F8zg2GdO3pOHRmF2TkLpGsVwPqyf6mfC5A8V3XdU.js HTTP/1.1Host: www.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /X-Client-Data: CI62yQEIpLbJAQipncoBCNrwygEIlKHLAQiFoM0BCLnKzQEIitPNARj1yc0BGOuNpRc=Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /rules/rule700500v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702550v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702551v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701351v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702151v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702150v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703000v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700751v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700750v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701350v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703001v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700151v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700150v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703451v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700901v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700900v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702251v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702250v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702651v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702650v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703101v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703100v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702901v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702900v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703450v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703601v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net

Source: chromecache_270.2.dr, chromecache_215.2.dr

String found in binary or memory: 'host': 'www.facebook.com', equals www.facebook.com (Facebook)

Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: www.paypal.com
Source: global traffic	DNS traffic detected: DNS query: ddbm2.paypal.com
Source: global traffic	DNS traffic detected: DNS query: www.paypalobjects.com
Source: global traffic	DNS traffic detected: DNS query: t.paypal.com
Source: global traffic	DNS traffic detected: DNS query: www.recaptcha.net
Source: global traffic	DNS traffic detected: DNS query: hcaptcha.paypal.com
Source: global traffic	DNS traffic detected: DNS query: newassets.hcaptcha.paypal.com

Source: unknown

HTTP traffic detected: POST /js/ HTTP/1.1Host: ddbm2.paypal.comConnection: keep-aliveContent-Length: 5577sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-platform: "Windows"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Content-type: application/x-www-form-urlencodedAccept: */*Origin: https://www.paypal.comSec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.paypal.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenConnection: closeContent-Length: 708Content-Type: text/html;charset=utf-8Server: DataDomeX-DataDome: protectedAccept-CH: Sec-CH-UA,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-Arch,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Model,Sec-CH-Device-MemoryCharset: utf-8Cache-Control: max-age=0, private, no-cache, no-store, must-revalidatePragma: no-cacheAccess-Control-Allow-Credentials: trueAccess-Control-Expose-Headers: x-dd-b, x-set-cookieAccess-Control-Allow-Origin: *X-DataDome-CID: AHrlqAAAAAMAYCGI-aWU4rgACC575A==X-DD-B: 1Set-Cookie: datadome=PqyWEejxE55DhYQs0jtTfr4OHXvyCHSColkEQVNyJZbcLQBmGFJMwSrGIb~ODcCO5n9ZEOWwcZFPXZSTalM7UbF6dUmI9EwAW6R2IWHl5hisIaJ~cox6cbl1FHCpLV5l; Max-Age=2592000; Domain=.paypal.com; Path=/; Secure; SameSite=LaxAccept-Ranges: bytesDate: Tue, 03 Dec 2024 22:29:01 GMTVia: 1.1 varnishPaypal-Debug-Id: f2766792c8d65Strict-Transport-Security: max-age=63072000; includeSubDomains; preloadX-Served-By: cache-ewr-kewr1740045-EWRX-Cache: MISSX-Cache-Hits: 0X-Timer: S1733264941.196737,VS0,VE20set-cookie: ddbc=1; secure; httponlyServer-Timing: content-encoding;desc="",x-cdn;desc="fastly"
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenConnection: closeContent-Length: 708Content-Type: text/html;charset=utf-8Server: DataDomeX-DataDome: protectedAccept-CH: Sec-CH-UA,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-Arch,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Model,Sec-CH-Device-MemoryCharset: utf-8Cache-Control: max-age=0, private, no-cache, no-store, must-revalidatePragma: no-cacheAccess-Control-Allow-Credentials: trueAccess-Control-Expose-Headers: x-dd-b, x-set-cookieAccess-Control-Allow-Origin: *X-DataDome-CID: AHrlqAAAAAMAYCGI-aWU4rgACC575A==X-DD-B: 1Set-Cookie: datadome=zwGn2eteC7WO~QcWUpdm6LhcvWWyQt_TXv77JxnjrPcIkJIwgU8mHR5psNb0dza1g65FC_tdjjT8ID452Ef9zVcnaBZYWOp7K1W3QRUy33Jef1WHWXWuQ0MYjuu3_Ept; Max-Age=2592000; Domain=.paypal.com; Path=/; Secure; SameSite=LaxAccept-Ranges: bytesDate: Tue, 03 Dec 2024 22:29:07 GMTVia: 1.1 varnishPaypal-Debug-Id: f563734fb31e4Strict-Transport-Security: max-age=63072000; includeSubDomains; preloadX-Served-By: cache-ewr-kewr1740036-EWRX-Cache: MISSX-Cache-Hits: 0X-Timer: S1733264947.114641,VS0,VE20Server-Timing: content-encoding;desc="",x-cdn;desc="fastly"
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenConnection: closeContent-Length: 708Content-Type: text/html;charset=utf-8Server: DataDomeX-DataDome: protectedAccept-CH: Sec-CH-UA,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-Arch,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Model,Sec-CH-Device-MemoryCharset: utf-8Cache-Control: max-age=0, private, no-cache, no-store, must-revalidatePragma: no-cacheAccess-Control-Allow-Credentials: trueAccess-Control-Expose-Headers: x-dd-b, x-set-cookieAccess-Control-Allow-Origin: *X-DataDome-CID: AHrlqAAAAAMAYCGI-aWU4rgACC575A==X-DD-B: 1Set-Cookie: datadome=0~HxVoOeIODTT6lGHMrN~dkCKS591jVxnq46JS23aSTpEw1nQ~QxxNg6Ptrpl9zk0VzR_H6CBC7n2M8kJhPtmiJi5JOe6OsuejglXv9fsu_RMos6ir6ywdXzcR3x8NtL; Max-Age=2592000; Domain=.paypal.com; Path=/; Secure; SameSite=LaxAccept-Ranges: bytesDate: Tue, 03 Dec 2024 22:29:12 GMTVia: 1.1 varnishPaypal-Debug-Id: f5696826c16f9Strict-Transport-Security: max-age=63072000; includeSubDomains; preloadX-Served-By: cache-ewr-kewr1740056-EWRX-Cache: MISSX-Cache-Hits: 0X-Timer: S1733264952.217644,VS0,VE17Server-Timing: content-encoding;desc="",x-cdn;desc="fastly"
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenConnection: closeContent-Length: 708Content-Type: text/html;charset=utf-8Server: DataDomeX-DataDome: protectedAccept-CH: Sec-CH-UA,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-Arch,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Model,Sec-CH-Device-MemoryCharset: utf-8Cache-Control: max-age=0, private, no-cache, no-store, must-revalidatePragma: no-cacheAccess-Control-Allow-Credentials: trueAccess-Control-Expose-Headers: x-dd-b, x-set-cookieAccess-Control-Allow-Origin: *X-DataDome-CID: AHrlqAAAAAMAYCGI-aWU4rgACC575A==X-DD-B: 1Set-Cookie: datadome=v_SnqDq8X18x4t4hMkTWX0ihD5HzqBEMdR0Es4NAbzb5mXkahvzhJLRUYKNNB7KdFssFCc7suWbecZWiv0qZzUYAsM66Kwwkog~HlzD8JMrr8neHTJKwLCzrla~YZqJP; Max-Age=2592000; Domain=.paypal.com; Path=/; Secure; SameSite=LaxAccept-Ranges: bytesDate: Tue, 03 Dec 2024 22:29:14 GMTVia: 1.1 varnishPaypal-Debug-Id: f591292ad6adaStrict-Transport-Security: max-age=63072000; includeSubDomains; preloadX-Served-By: cache-ewr-kewr1740052-EWRX-Cache: MISSX-Cache-Hits: 0X-Timer: S1733264954.089121,VS0,VE20Server-Timing: content-encoding;desc="",x-cdn;desc="fastly"
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenConnection: closeContent-Length: 708Content-Type: text/html;charset=utf-8Server: DataDomeX-DataDome: protectedAccept-CH: Sec-CH-UA,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-Arch,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Model,Sec-CH-Device-MemoryCharset: utf-8Cache-Control: max-age=0, private, no-cache, no-store, must-revalidatePragma: no-cacheAccess-Control-Allow-Credentials: trueAccess-Control-Expose-Headers: x-dd-b, x-set-cookieAccess-Control-Allow-Origin: *X-DataDome-CID: AHrlqAAAAAMAYCGI-aWU4rgACC575A==X-DD-B: 1Set-Cookie: datadome=4A4Cdw7Ay7PUIKQ0a_jnIdtZ4VN5MhaLMYvFRFxljgQfVaoRyHCMIR6594JErYMfqAPHlXmv5CZoNqqlMZ4~fJrTZA8VYchhMvJEpCio0psBJfq0a_DtxM_~NElXNK9A; Max-Age=2592000; Domain=.paypal.com; Path=/; Secure; SameSite=LaxAccept-Ranges: bytesDate: Tue, 03 Dec 2024 22:29:28 GMTVia: 1.1 varnishPaypal-Debug-Id: f902966a3c141Strict-Transport-Security: max-age=63072000; includeSubDomains; preloadX-Served-By: cache-nyc-kteb1890093-NYCX-Cache: MISSX-Cache-Hits: 0X-Timer: S1733264968.333325,VS0,VE19Server-Timing: content-encoding;desc="",x-cdn;desc="fastly"
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closeAccept-Ch: Sec-CH-UA-FullCache-Control: max-age=0, no-cache, no-store, must-revalidateContent-Type: text/html; charset=UTF-8Origin-Trial: AmF3SS0NWoXo3HaojgmIVVXavukRnZH597u+xZNXRCiKWzSKzfNPHw9NC32GmblY12+HXpkCEYeYGyvRBNkkJg0AAABbeyJvcmlnaW4iOiJodHRwczovL3BheXBhbC5jb206NDQzIiwiZmVhdHVyZSI6IlRwY2QiLCJleHBpcnkiOjE3MzUzNDM5OTksImlzU3ViZG9tYWluIjp0cnVlfQ==Paypal-Debug-Id: f107857a98352Set-Cookie: enforce_policy=; expires=Thu, 01 Jan 1970 00:00:00 GMT GMT; domain=.paypal.com; path=/; Secure; SameSite=NoneSet-Cookie: navcmd=_home; domain=.paypal.com; path=/; Secure; HttpOnly; SameSite=NoneSet-Cookie: consumer_display=USER_HOMEPAGE%3d0%26USER_TARGETPAGE%3d0%26USER_FILTER_CHOICE%3d0%26BALANCE_MODULE_STATE%3d1%26GIFT_BALANCE_MODULE_STATE%3d1%26LAST_SELECTED_ALIAS_ID%3d0%26SELLING_GROUP%3d1%26PAYMENT_AND_RISK_GROUP%3d1%26SHIPPING_GROUP%3d1%26HOME_VERSION%3d1733351378%26MCE2_ELIGIBILITY%3d4294967295; expires=Thu, 03 Dec 2026 22:29:39 GMT GMT; domain=.paypal.com; path=/; Secure; HttpOnly; SameSite=NoneSet-Cookie: KHcl0EuY7AKSMgfvHl7J5E7hPtK=ymsDktAxceAPjPB5H7oQcenbXwroWTWazlFtovKN2FXTrZDZbAzWFuZ2fQdhoFHvjiBDZQgerJdPV2o1; expires=Thu, 03 Dec 2026 22:29:39 GMT GMT; domain=.paypal.com; path=/; Secure; HttpOnly; SameSite=None
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenConnection: closeContent-Length: 708Content-Type: text/html;charset=utf-8Server: DataDomeX-DataDome: protectedAccept-CH: Sec-CH-UA,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-Arch,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Model,Sec-CH-Device-MemoryCharset: utf-8Cache-Control: max-age=0, private, no-cache, no-store, must-revalidatePragma: no-cacheAccess-Control-Allow-Credentials: trueAccess-Control-Expose-Headers: x-dd-b, x-set-cookieAccess-Control-Allow-Origin: *X-DataDome-CID: AHrlqAAAAAMAYCGI-aWU4rgACC575A==X-DD-B: 1Set-Cookie: datadome=ESBjDgDXk~tW6Koptzu~Fg~CpW9g1VmO4NZAoCfXtFMjk_w1auCwfGcZqLJN1WSsCVIgTCHF3DpfTI48n8UEXOK0jsbITRSdwFS_rQLaQK6~5vKz7p8AczJ8K5o8qnsZ; Max-Age=2592000; Domain=.paypal.com; Path=/; Secure; SameSite=LaxAccept-Ranges: bytesDate: Tue, 03 Dec 2024 22:29:40 GMTVia: 1.1 varnishPaypal-Debug-Id: f7983696fd552Strict-Transport-Security: max-age=63072000; includeSubDomains; preloadX-Served-By: cache-nyc-kteb1890072-NYCX-Cache: MISSX-Cache-Hits: 0X-Timer: S1733264980.347063,VS0,VE16Server-Timing: content-encoding;desc="",x-cdn;desc="fastly"
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenConnection: closeContent-Length: 708Content-Type: text/html;charset=utf-8Server: DataDomeX-DataDome: protectedAccept-CH: Sec-CH-UA,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-Arch,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Model,Sec-CH-Device-MemoryCharset: utf-8Cache-Control: max-age=0, private, no-cache, no-store, must-revalidatePragma: no-cacheAccess-Control-Allow-Credentials: trueAccess-Control-Expose-Headers: x-dd-b, x-set-cookieAccess-Control-Allow-Origin: *X-DataDome-CID: AHrlqAAAAAMAYCGI-aWU4rgACC575A==X-DD-B: 1Set-Cookie: datadome=6VULtB~LKfcXKhA~uxLj8x3o6GqH9LxHCxP4Axi8RA~hyxngQv0vyIPVU09pgysDhtBBezleNKvvsxAkC5HCiIQos4gZ6BdPBTqiuXBCNCJK2hXgEK1TAlR3yXpP2d~l; Max-Age=2592000; Domain=.paypal.com; Path=/; Secure; SameSite=LaxAccept-Ranges: bytesDate: Tue, 03 Dec 2024 22:29:43 GMTVia: 1.1 varnishPaypal-Debug-Id: f857429bae6c7Strict-Transport-Security: max-age=63072000; includeSubDomains; preloadX-Served-By: cache-ewr-kewr1740069-EWRX-Cache: MISSX-Cache-Hits: 0X-Timer: S1733264983.980465,VS0,VE21Server-Timing: content-encoding;desc="",x-cdn;desc="fastly"

Source: chromecache_239.2.dr, chromecache_203.2.dr	String found in binary or memory: http://backbonejs.org
Source: chromecache_291.2.dr, chromecache_160.2.dr	String found in binary or memory: http://bugs.jquery.com/ticket/12359
Source: chromecache_291.2.dr, chromecache_160.2.dr	String found in binary or memory: http://bugs.jquery.com/ticket/13378
Source: chromecache_291.2.dr, chromecache_160.2.dr	String found in binary or memory: http://dev.w3.org/csswg/cssom/#resolved-values
Source: chromecache_286.2.dr, chromecache_249.2.dr	String found in binary or memory: http://dustjs.com/
Source: chromecache_291.2.dr, chromecache_160.2.dr	String found in binary or memory: http://erik.eae.net/archives/2007/07/27/18.54.15/#comment-102291
Source: chromecache_190.2.dr, chromecache_201.2.dr	String found in binary or memory: http://es5.github.com/#x15.4.4.18
Source: chromecache_291.2.dr, chromecache_160.2.dr	String found in binary or memory: http://fluidproject.org/blog/2008/01/09/getting-setting-and-removing-tabindex-values-with-javascript
Source: chromecache_243.2.dr, chromecache_222.2.dr, chromecache_164.2.dr, chromecache_244.2.dr	String found in binary or memory: http://github.com/jrburke/requirejs
Source: chromecache_214.2.dr	String found in binary or memory: http://icreatestuff.co.uk/blog/article/ie9-z-index-stacking-problem-or-something-stranger
Source: chromecache_291.2.dr, chromecache_160.2.dr	String found in binary or memory: http://javascript.nwbox.com/IEContentLoaded/
Source: chromecache_291.2.dr, chromecache_160.2.dr	String found in binary or memory: http://jquery.com/
Source: chromecache_291.2.dr, chromecache_160.2.dr	String found in binary or memory: http://jquery.org/license
Source: chromecache_233.2.dr, chromecache_250.2.dr	String found in binary or memory: http://jqueryui.com
Source: chromecache_291.2.dr, chromecache_160.2.dr	String found in binary or memory: http://jsperf.com/getall-vs-sizzle/2
Source: chromecache_257.2.dr, chromecache_191.2.dr	String found in binary or memory: http://jsperf.com/isobject-tests
Source: chromecache_291.2.dr, chromecache_160.2.dr	String found in binary or memory: http://jsperf.com/thor-indexof-vs-for/5
Source: chromecache_238.2.dr, chromecache_157.2.dr	String found in binary or memory: http://linkedin.github.io/dustjs/
Source: chromecache_265.2.dr, chromecache_251.2.dr	String found in binary or memory: http://modernizr.com/download/#-shiv-cssclasses
Source: chromecache_222.2.dr, chromecache_244.2.dr	String found in binary or memory: http://requirejs.org/docs/errors.html#
Source: chromecache_291.2.dr, chromecache_160.2.dr	String found in binary or memory: http://sizzlejs.com/
Source: chromecache_291.2.dr, chromecache_160.2.dr	String found in binary or memory: http://web.archive.org/web/20100324014747/http://blindsignals.com/index.php/2009/07/jquery-delay/
Source: chromecache_291.2.dr, chromecache_160.2.dr	String found in binary or memory: http://weblogs.java.net/blog/driscoll/archive/2009/09/08/eval-javascript-global-context
Source: chromecache_291.2.dr, chromecache_160.2.dr	String found in binary or memory: https://bugs.webkit.org/show_bug.cgi?id=136851
Source: chromecache_291.2.dr, chromecache_160.2.dr	String found in binary or memory: https://bugs.webkit.org/show_bug.cgi?id=29084
Source: chromecache_291.2.dr, chromecache_160.2.dr	String found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=491668
Source: chromecache_291.2.dr, chromecache_160.2.dr	String found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=649285
Source: chromecache_291.2.dr, chromecache_160.2.dr	String found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=687787
Source: chromecache_168.2.dr, chromecache_169.2.dr, chromecache_230.2.dr	String found in binary or memory: https://cloud.google.com/contact
Source: chromecache_168.2.dr, chromecache_169.2.dr, chromecache_230.2.dr	String found in binary or memory: https://cloud.google.com/recaptcha-enterprise/billing-information
Source: chromecache_291.2.dr, chromecache_160.2.dr	String found in binary or memory: https://code.google.com/p/chromium/issues/detail?id=378607
Source: chromecache_291.2.dr, chromecache_160.2.dr	String found in binary or memory: https://code.google.com/p/chromium/issues/detail?id=449857
Source: chromecache_291.2.dr, chromecache_160.2.dr	String found in binary or memory: https://code.google.com/p/chromium/issues/detail?id=470258
Source: chromecache_206.2.dr, chromecache_231.2.dr	String found in binary or memory: https://datadome.co
Source: chromecache_207.2.dr, chromecache_158.2.dr	String found in binary or memory: https://developer.mozilla.org/docs/Web/JavaScript/Reference/Global_Objects/Object/assign)
Source: chromecache_291.2.dr, chromecache_160.2.dr	String found in binary or memory: https://developer.mozilla.org/en-US/docs/CSS/display
Source: chromecache_291.2.dr, chromecache_160.2.dr	String found in binary or memory: https://developer.mozilla.org/en/Security/CSP)
Source: chromecache_168.2.dr, chromecache_169.2.dr, chromecache_230.2.dr	String found in binary or memory: https://developers.google.com/recaptcha/docs/faq#are-there-any-qps-or-daily-limits-on-my-use-of-reca
Source: chromecache_168.2.dr, chromecache_169.2.dr, chromecache_230.2.dr	String found in binary or memory: https://developers.google.com/recaptcha/docs/faq#localhost_support
Source: chromecache_168.2.dr, chromecache_169.2.dr, chromecache_230.2.dr	String found in binary or memory: https://developers.google.com/recaptcha/docs/faq#my-computer-or-network-may-be-sending-automated-que
Source: chromecache_207.2.dr, chromecache_158.2.dr	String found in binary or memory: https://docs.python.org/library/functions.html#range).
Source: chromecache_291.2.dr, chromecache_160.2.dr	String found in binary or memory: https://github.com/jquery/jquery/pull/557)
Source: chromecache_291.2.dr, chromecache_160.2.dr	String found in binary or memory: https://github.com/jquery/jquery/pull/764
Source: chromecache_291.2.dr, chromecache_160.2.dr	String found in binary or memory: https://github.com/jquery/sizzle/pull/225
Source: chromecache_291.2.dr, chromecache_160.2.dr	String found in binary or memory: https://github.com/jrburke/requirejs/wiki/Updating-existing-libraries#wiki-anon
Source: chromecache_257.2.dr, chromecache_228.2.dr, chromecache_191.2.dr, chromecache_263.2.dr	String found in binary or memory: https://github.com/linkedin/dustjs-helpers
Source: chromecache_257.2.dr, chromecache_191.2.dr	String found in binary or memory: https://github.com/linkedin/dustjs-helpers/wiki/Deprecated-Features#
Source: chromecache_280.2.dr, chromecache_194.2.dr, chromecache_195.2.dr	String found in binary or memory: https://hcaptcha.com/license
Source: chromecache_291.2.dr, chromecache_160.2.dr	String found in binary or memory: https://html.spec.whatwg.org/#strip-and-collapse-whitespace
Source: chromecache_155.2.dr, chromecache_253.2.dr	String found in binary or memory: https://jquery.com/
Source: chromecache_155.2.dr, chromecache_253.2.dr	String found in binary or memory: https://jquery.org/license
Source: chromecache_172.2.dr	String found in binary or memory: https://js.hcaptcha.com/1/api.js?onload=hCaptchaCallback&render=explicit
Source: chromecache_214.2.dr	String found in binary or memory: https://mppnodeweb-staging-10.qa.paypal.com/us/webapps/mpp/fonts-setup#fonts-demo
Source: chromecache_207.2.dr, chromecache_158.2.dr	String found in binary or memory: https://people.mozilla.org/~jorendorff/es6-draft.html#sec-tolength
Source: chromecache_230.2.dr	String found in binary or memory: https://play.google.com/log?format=json&hasfast=true
Source: chromecache_161.2.dr, chromecache_274.2.dr	String found in binary or memory: https://secure.opinionlab.com/ccc01/comment_card.asp?
Source: chromecache_230.2.dr	String found in binary or memory: https://support.google.com/recaptcha
Source: chromecache_168.2.dr, chromecache_169.2.dr, chromecache_230.2.dr	String found in binary or memory: https://support.google.com/recaptcha#6262736
Source: chromecache_168.2.dr, chromecache_169.2.dr, chromecache_230.2.dr	String found in binary or memory: https://support.google.com/recaptcha/#6175971
Source: chromecache_168.2.dr, chromecache_169.2.dr, chromecache_230.2.dr	String found in binary or memory: https://support.google.com/recaptcha/?hl=en#6223828
Source: chromecache_207.2.dr, chromecache_158.2.dr	String found in binary or memory: https://underscorejs.org
Source: chromecache_207.2.dr, chromecache_158.2.dr	String found in binary or memory: https://wiki.ecmascript.org/doku.php?id=harmony:egal).
Source: chromecache_168.2.dr, chromecache_169.2.dr, chromecache_230.2.dr	String found in binary or memory: https://www.google.com/recaptcha/api2/
Source: chromecache_168.2.dr, chromecache_169.2.dr, chromecache_230.2.dr	String found in binary or memory: https://www.gstatic.c..?/recaptcha/releases/pPK749sccDmVW_9DSeTMVvh2/recaptcha__.
Source: chromecache_166.2.dr, chromecache_269.2.dr, chromecache_175.2.dr, chromecache_163.2.dr	String found in binary or memory: https://www.gstatic.com/recaptcha/releases/pPK749sccDmVW_9DSeTMVvh2/recaptcha__en.js
Source: chromecache_261.2.dr, chromecache_255.2.dr	String found in binary or memory: https://www.paypal.com/authflow/password-recovery/
Source: chromecache_204.2.dr, chromecache_247.2.dr	String found in binary or memory: https://www.paypalobjects.com
Source: chromecache_214.2.dr	String found in binary or memory: https://www.paypalobjects.com/images/checkout/hermes/icon_ot_spin_lock_skinny.png)
Source: chromecache_214.2.dr	String found in binary or memory: https://www.paypalobjects.com/images/shared//sprite-browsers.png
Source: chromecache_214.2.dr	String found in binary or memory: https://www.paypalobjects.com/images/shared/icon-sprite2-1x.png
Source: chromecache_214.2.dr	String found in binary or memory: https://www.paypalobjects.com/images/shared/icon-sprite2-2x.png
Source: chromecache_214.2.dr	String found in binary or memory: https://www.paypalobjects.com/images/shared/icon-x.svg
Source: chromecache_214.2.dr, chromecache_242.2.dr	String found in binary or memory: https://www.paypalobjects.com/images/shared/icon_alert_sprite-2x.png
Source: chromecache_214.2.dr	String found in binary or memory: https://www.paypalobjects.com/images/shared/icon_profile_placeholder
Source: chromecache_214.2.dr	String found in binary or memory: https://www.paypalobjects.com/images/shared/lg-attention-warning.png
Source: chromecache_214.2.dr, chromecache_242.2.dr	String found in binary or memory: https://www.paypalobjects.com/images/shared/momgram
Source: chromecache_214.2.dr	String found in binary or memory: https://www.paypalobjects.com/images/shared/monogram-small
Source: chromecache_214.2.dr	String found in binary or memory: https://www.paypalobjects.com/images/shared/onetouch-desktop.png
Source: chromecache_214.2.dr	String found in binary or memory: https://www.paypalobjects.com/images/shared/onetouch-desktop_2x.png
Source: chromecache_214.2.dr	String found in binary or memory: https://www.paypalobjects.com/images/shared/onetouch-mobile.png
Source: chromecache_214.2.dr	String found in binary or memory: https://www.paypalobjects.com/images/shared/onetouch-mobile_2x.png
Source: chromecache_214.2.dr	String found in binary or memory: https://www.paypalobjects.com/images/shared/paypal-logo-129x32.png
Source: chromecache_214.2.dr	String found in binary or memory: https://www.paypalobjects.com/images/shared/paypal-logo-129x32.svg
Source: chromecache_214.2.dr	String found in binary or memory: https://www.paypalobjects.com/images/shared/remember-me-Interstitial-image.png
Source: chromecache_214.2.dr	String found in binary or memory: https://www.paypalobjects.com/images/shared/remember-me-Interstitial-image_2x.png
Source: chromecache_242.2.dr	String found in binary or memory: https://www.paypalobjects.com/images/shared/sprite_forms_1x.png
Source: chromecache_214.2.dr	String found in binary or memory: https://www.paypalobjects.com/images/shared/sprite_forms_2x.png
Source: chromecache_214.2.dr	String found in binary or memory: https://www.paypalobjects.com/images/shared/success-animation.gif
Source: chromecache_214.2.dr	String found in binary or memory: https://www.paypalobjects.com/images/shared/success-animation_2x.gif
Source: chromecache_214.2.dr	String found in binary or memory: https://www.paypalobjects.com/images/shared/successCheckmark.png
Source: chromecache_214.2.dr	String found in binary or memory: https://www.paypalobjects.com/images/shared/successCheckmark2x.png
Source: chromecache_270.2.dr, chromecache_215.2.dr	String found in binary or memory: https://www.paypalobjects.com/martech/tm/paypal/3pjs/adobe/alloy.min.js
Source: chromecache_270.2.dr, chromecache_215.2.dr	String found in binary or memory: https://www.paypalobjects.com/martech/tm/paypal/3pjs/gtag/ga4.js
Source: chromecache_270.2.dr, chromecache_215.2.dr	String found in binary or memory: https://www.paypalobjects.com/martech/tm/paypal/3pjs/gtag/gtag.js
Source: chromecache_270.2.dr, chromecache_215.2.dr	String found in binary or memory: https://www.paypalobjects.com/paypalmktg/pardot/pd.js
Source: chromecache_204.2.dr, chromecache_247.2.dr	String found in binary or memory: https://www.paypalobjects.com/webstatic
Source: chromecache_214.2.dr, chromecache_242.2.dr	String found in binary or memory: https://www.paypalobjects.com/webstatic/checkout/hermes/icon_loader_med.gif
Source: chromecache_214.2.dr	String found in binary or memory: https://www.paypalobjects.com/webstatic/fnt/cweb/paypal-icons_1-0-3/PayPalIcons-Regular.eot
Source: chromecache_214.2.dr	String found in binary or memory: https://www.paypalobjects.com/webstatic/fnt/cweb/paypal-icons_1-0-3/PayPalIcons-Regular.eot?#iefix
Source: chromecache_214.2.dr	String found in binary or memory: https://www.paypalobjects.com/webstatic/fnt/cweb/paypal-icons_1-0-3/PayPalIcons-Regular.svg#69ac2c9f
Source: chromecache_214.2.dr	String found in binary or memory: https://www.paypalobjects.com/webstatic/fnt/cweb/paypal-icons_1-0-3/PayPalIcons-Regular.ttf
Source: chromecache_214.2.dr	String found in binary or memory: https://www.paypalobjects.com/webstatic/fnt/cweb/paypal-icons_1-0-3/PayPalIcons-Regular.woff
Source: chromecache_214.2.dr, chromecache_242.2.dr	String found in binary or memory: https://www.paypalobjects.com/webstatic/i/consumer/onboarding/icon_PP_monogram_2x.png
Source: chromecache_214.2.dr, chromecache_242.2.dr	String found in binary or memory: https://www.paypalobjects.com/webstatic/i/consumer/onboarding/sprite_form_2x.png);
Source: chromecache_214.2.dr, chromecache_242.2.dr	String found in binary or memory: https://www.paypalobjects.com/webstatic/mktg/2014design/close_default.png
Source: chromecache_214.2.dr	String found in binary or memory: https://www.paypalobjects.com/webstatic/mktg/2014design/fonts/v1.1/PP-Utility-v1.1.eot?#iefix-acnm6v
Source: chromecache_214.2.dr	String found in binary or memory: https://www.paypalobjects.com/webstatic/mktg/2014design/fonts/v1.1/PP-Utility-v1.1.eot?-acnm6v&_=999
Source: chromecache_214.2.dr	String found in binary or memory: https://www.paypalobjects.com/webstatic/mktg/2014design/fonts/v1.1/PP-Utility-v1.1.svg?-acnm6v&_=999
Source: chromecache_214.2.dr	String found in binary or memory: https://www.paypalobjects.com/webstatic/mktg/2014design/fonts/v1.1/PP-Utility-v1.1.ttf?-acnm6v&_=999
Source: chromecache_214.2.dr	String found in binary or memory: https://www.paypalobjects.com/webstatic/mktg/2014design/fonts/v1.1/PP-Utility-v1.1.woff?-acnm6v&_=99
Source: chromecache_214.2.dr	String found in binary or memory: https://www.paypalobjects.com/webstatic/mktg/2014design/fonts/v1.1/PP-Web-v1.1.eot?#iefix-acnm6v
Source: chromecache_214.2.dr	String found in binary or memory: https://www.paypalobjects.com/webstatic/mktg/2014design/fonts/v1.1/PP-Web-v1.1.eot?-acnm6v&_=999999
Source: chromecache_214.2.dr	String found in binary or memory: https://www.paypalobjects.com/webstatic/mktg/2014design/fonts/v1.1/PP-Web-v1.1.svg?-acnm6v&_=999999#
Source: chromecache_214.2.dr	String found in binary or memory: https://www.paypalobjects.com/webstatic/mktg/2014design/fonts/v1.1/PP-Web-v1.1.ttf?-acnm6v&_=999999
Source: chromecache_214.2.dr	String found in binary or memory: https://www.paypalobjects.com/webstatic/mktg/2014design/fonts/v1.1/PP-Web-v1.1.woff?-acnm6v&_=999999
Source: chromecache_214.2.dr, chromecache_242.2.dr	String found in binary or memory: https://www.paypalobjects.com/webstatic/mktg/consumer/onboarding/ui-sprite.png
Source: chromecache_302.2.dr, chromecache_216.2.dr	String found in binary or memory: https://www.recaptcha.net/recaptcha/enterprise.js?onload=recaptchaEnterpriseCallback&render=explicit
Source: chromecache_217.2.dr	String found in binary or memory: https://www.recaptcha.net/recaptcha/enterprise.js?render=
Source: chromecache_269.2.dr, chromecache_163.2.dr	String found in binary or memory: https://www.recaptcha.net/recaptcha/enterprise/

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49865
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49986
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 49817 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49864
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49985
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49863
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49984
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49862
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49983
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49861
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49982
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49860
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49981
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49980
Source: unknown	Network traffic detected: HTTP traffic on port 49932 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49898 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49875 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49852 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49795 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49990 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49859
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49858
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49857
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49978
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49856
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49977
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49855
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49976
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 49841 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49854
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49975
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49853
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49974
Source: unknown	Network traffic detected: HTTP traffic on port 50085 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49852
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49973
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49851
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49972
Source: unknown	Network traffic detected: HTTP traffic on port 50039 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49850
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49971
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49970
Source: unknown	Network traffic detected: HTTP traffic on port 49967 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49784 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50074 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50004 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49909 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49806 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 49943 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49849
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49848
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49969
Source: unknown	Network traffic detected: HTTP traffic on port 49978 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49847
Source: unknown	Network traffic detected: HTTP traffic on port 49886 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49968
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49846
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49967
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49845
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49966
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49844
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49965
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49843
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49964
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49842
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49963
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49841
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49962
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49840
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49961
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49960
Source: unknown	Network traffic detected: HTTP traffic on port 50015 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50040 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49966 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49989 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49828 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50073 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49933 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49839
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49838
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49959
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49837
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49958
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49836
Source: unknown	Network traffic detected: HTTP traffic on port 49921 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49957
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49835
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49956
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49834
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49955
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49712
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49833
Source: unknown	Network traffic detected: HTTP traffic on port 49887 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49954
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49711
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49832
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49953
Source: unknown	Network traffic detected: HTTP traffic on port 50062 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49831
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49952
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49830
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49951
Source: unknown	Network traffic detected: HTTP traffic on port 49839 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49864 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49950
Source: unknown	Network traffic detected: HTTP traffic on port 49944 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49910 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49853 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50051 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49796 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49709
Source: unknown	Network traffic detected: HTTP traffic on port 49955 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49708
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49829
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49707
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49828
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49949
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49706
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49827
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49948
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49826
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49947
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49825
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49946
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49824
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49945
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49823
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49944
Source: unknown	Network traffic detected: HTTP traffic on port 49771 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49822
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49943
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49788
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49787
Source: unknown	Network traffic detected: HTTP traffic on port 50061 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49785
Source: unknown	Network traffic detected: HTTP traffic on port 49922 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49784
Source: unknown	Network traffic detected: HTTP traffic on port 49945 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49783
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49782
Source: unknown	Network traffic detected: HTTP traffic on port 50017 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49781
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49780
Source: unknown	Network traffic detected: HTTP traffic on port 49968 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49785 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50049 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50026 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49807 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49980 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49779
Source: unknown	Network traffic detected: HTTP traffic on port 49885 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49778
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49899
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49777
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49898
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49776
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49897
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49896
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49774
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49895
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown	Network traffic detected: HTTP traffic on port 49862 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49894
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49893
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49892
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49891
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49890
Source: unknown	Network traffic detected: HTTP traffic on port 49671 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49897 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49911 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49957 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49851 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49830 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 50084 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49889
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49888
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49887
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49886
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49885
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 49863 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49884
Source: unknown	Network traffic detected: HTTP traffic on port 50038 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49883
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49882
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 49840 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49880
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49896 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49797 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49956 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50005 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 50083 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49878
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49999
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49877
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49998
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49876
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49997
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49875
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49996
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49874
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49995
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49873
Source: unknown	Network traffic detected: HTTP traffic on port 49923 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49994
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49872
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49993
Source: unknown	Network traffic detected: HTTP traffic on port 50016 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 49818 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49871
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49992
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49870
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49990
Source: unknown	Network traffic detected: HTTP traffic on port 49874 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49829 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50072 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49934 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50027 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49869
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49868
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49989
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49867
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49988
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49866
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49987
Source: unknown	Network traffic detected: HTTP traffic on port 50013 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50036 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49672 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49803 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50071 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49826 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49906 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49849 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49900 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49698
Source: unknown	Network traffic detected: HTTP traffic on port 49837 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49711 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49975 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50060 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49929 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49872 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50025 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49964 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49798 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49861 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49999 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49712 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49918 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49873 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49787 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49930 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50001 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49986 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49850 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49963 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49799
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50007
Source: unknown	Network traffic detected: HTTP traffic on port 50037 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49798
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50006
Source: unknown	Network traffic detected: HTTP traffic on port 50012 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49797
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50009
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49796
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49795
Source: unknown	Network traffic detected: HTTP traffic on port 49952 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49794
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49793
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49792
Source: unknown	Network traffic detected: HTTP traffic on port 49814 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49791
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49790
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50001
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50000
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50003
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50002
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50005
Source: unknown	Network traffic detected: HTTP traffic on port 49895 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50004
Source: unknown	Network traffic detected: HTTP traffic on port 49768 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50048 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49825 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49884 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49907 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49941 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50082 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49789
Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49997 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49779 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49859 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49871 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49894 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50003 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49965 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49799 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49942 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49977 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50081 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49816 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50035 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49919 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49954 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50014 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50070 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49788 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49988 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49827 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50046 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49848 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49882 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49838 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49976 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49953 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49815 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50047 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49908 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50024 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49860 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49883 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49778 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49998 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49931 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50058 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50002 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49987 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49920 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50069 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49708 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49926 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49949 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50054
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50053
Source: unknown	Network traffic detected: HTTP traffic on port 49789 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49800 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50056
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50055
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50058
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50057
Source: unknown	Network traffic detected: HTTP traffic on port 49961 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49984 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50022 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50061
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50060
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50063
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50062
Source: unknown	Network traffic detected: HTTP traffic on port 50068 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50045 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49950 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49996 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49812 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50065
Source: unknown	Network traffic detected: HTTP traffic on port 49858 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50064
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50067
Source: unknown	Network traffic detected: HTTP traffic on port 50056 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50066
Source: unknown	Network traffic detected: HTTP traffic on port 49893 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50069
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50068
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50070
Source: unknown	Network traffic detected: HTTP traffic on port 49915 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50072
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50071
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50074
Source: unknown	Network traffic detected: HTTP traffic on port 49823 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50073
Source: unknown	Network traffic detected: HTTP traffic on port 49777 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50080 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49790 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49869 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50009 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50034 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49972 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50076
Source: unknown	Network traffic detected: HTTP traffic on port 49834 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50075
Source: unknown	Network traffic detected: HTTP traffic on port 50057 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50078
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50077
Source: unknown	Network traffic detected: HTTP traffic on port 49892 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50079
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50081
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50080
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50083
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50082
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50085
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50084
Source: unknown	Network traffic detected: HTTP traffic on port 49904 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49847 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49927 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49822 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50087
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50086
Source: unknown	Network traffic detected: HTTP traffic on port 49870 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50089
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50088
Source: unknown	Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50079 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49983 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49938 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50023 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49811 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50018
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50017
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50019
Source: unknown	Network traffic detected: HTTP traffic on port 49813 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49951 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49974 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50032 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49836 -> 443

Source: unknown	HTTPS traffic detected: 23.218.208.109:443 -> 192.168.2.7:49707 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.218.208.109:443 -> 192.168.2.7:49710 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.246.63:443 -> 192.168.2.7:49718 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 4.175.87.197:443 -> 192.168.2.7:49743 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.109.210.53:443 -> 192.168.2.7:49996 version: TLS 1.2

Source: classification engine

Classification label: mal48.win@24/231@38/12

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2292 --field-trial-handle=2224,i,1056999728603779812,10405417576189410303,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://www.paypal.com/signin/?returnUri=2Fmyaccount2Ftransfer2FpayRequest2FU-06C88558L1014094C2FU-2DM00000BR77214333FclassicUrl3D2FUS2Fcgi-bin2F3Fcmd3D_prq&id=Ry38v2FrK0UjF72A307PSNceYxU8e31AX6KM7A&expId=p2p&onboardData=7B22signUpRequest223A7B22method223A22get222C22url223A22https3A2F2Fwww.paypal.com2Fmyaccount2Ftransfer2FguestLogin2FpayRequest2FU-06C88558L1014094C2FU-2DM00000BR77214333FclassicUrl3D2FUS2Fcgi-bin2F3Fcmd3D_prq26id3DRy38v2FrK0UjF72A307PSNceYxU8e31AX6KM7A227D7D&flowContextData=EPipLgYQkcQiPC6xPmHLsMuav-qVcafyzQ_WyOueO1YLprxlMy2pR71HozTcXvF3gDlTVCnYOiGO1RH-x7AipFN1b_fXcnymzC7htRa-Up9txf3z7YS5D19T0nlKma78-VkCV-TQDV5CW84rr3rCJNYe1-fM_jtU4E9Padf_oYXGfzDmevT97BhWrEB2gc-cCgFZtePLBN_tEqZ2EXbR1HfEixVltCquJW08dhO4loCGR0Fw-i9hA2gm89p74lOnm_ylvkeMAFpn0MW2giVYeRb3X0Q993Fc-WNeqYIyYpEqnx8lWPo6TeIWhqhOu3HF3VENmMaY6Nw84pRr3Et2JJaxNrKrdwGltz9Bbxuv5CKbKgj5FHLgD4yz3AaxBVHUmdApOlWCmLbKHzdVBa3Y_WNm9O8_MwExtGHJFp8NDUJAXIhZaK7XQl16wX5aXhnY7INelm&v=1&utm_source=unp&utm_medium=email&utm_campaign=RT000186&utm_unptid=edc46c96-b18e-11ef-a3e7-1b67a4a59178&ppid=RT000186&cnac=US&rsta=en_US28en-US29&unptid=edc46c96-b18e-11ef-a3e7-1b67a4a59178&calc=f66544940b4b2&unp_tpcid=requestmoney-notifications-requestee&page=main3Aemail3ART000186&pgrp=main3Aemail&e=cl&mchn=em&s=ci&mail=sys&appVersion=1.294.0&tenant_name=&xt=1455852C150948*2C104038&link_ref=www.paypal.com_signin__;JSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUlJQ!!E09OEw!ZFlf8dyv9p4m5TistHOCu6FtN37v8zWP5-QyGJsZhABWsjDIA2M-dGUPzMmvyOWcAxfX3C0KPvNI8A$"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5064 --field-trial-handle=2224,i,1056999728603779812,10405417576189410303,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5520 --field-trial-handle=2224,i,1056999728603779812,10405417576189410303,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2292 --field-trial-handle=2224,i,1056999728603779812,10405417576189410303,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5064 --field-trial-handle=2224,i,1056999728603779812,10405417576189410303,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5520 --field-trial-handle=2224,i,1056999728603779812,10405417576189410303,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	1 Drive-by Compromise	Windows Management Instrumentation	Path Interception	1 Process Injection	1 Process Injection	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Rootkit	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	4 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	5 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	3 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
https://www.paypal.com/signin/?returnUri=2Fmyaccount2Ftransfer2FpayRequest2FU-06C88558L1014094C2FU-2DM00000BR77214333FclassicUrl3D2FUS2Fcgi-bin2F3Fcmd3D_prq&id=Ry38v2FrK0UjF72A307PSNceYxU8e31AX6KM7A&expId=p2p&onboardData=7B22signUpRequest223A7B22method223A22get222C22url223A22https3A2F2Fwww.paypal.com2Fmyaccount2Ftransfer2FguestLogin2FpayRequest2FU-06C88558L1014094C2FU-2DM00000BR77214333FclassicUrl3D2FUS2Fcgi-bin2F3Fcmd3D_prq26id3DRy38v2FrK0UjF72A307PSNceYxU8e31AX6KM7A227D7D&flowContextData=EPipLgYQkcQiPC6xPmHLsMuav-qVcafyzQ_WyOueO1YLprxlMy2pR71HozTcXvF3gDlTVCnYOiGO1RH-x7AipFN1b_fXcnymzC7htRa-Up9txf3z7YS5D19T0nlKma78-VkCV-TQDV5CW84rr3rCJNYe1-fM_jtU4E9Padf_oYXGfzDmevT97BhWrEB2gc-cCgFZtePLBN_tEqZ2EXbR1HfEixVltCquJW08dhO4loCGR0Fw-i9hA2gm89p74lOnm_ylvkeMAFpn0MW2giVYeRb3X0Q993Fc-WNeqYIyYpEqnx8lWPo6TeIWhqhOu3HF3VENmMaY6Nw84pRr3Et2JJaxNrKrdwGltz9Bbxuv5CKbKgj5FHLgD4yz3AaxBVHUmdApOlWCmLbKHzdVBa3Y_WNm9O8_MwExtGHJFp8NDUJAXIhZaK7XQl16wX5aXhnY7INelm&v=1&utm_source=unp&utm_medium=email&utm_campaign=RT000186&utm_unptid=edc46c96-b18e-11ef-a3e7-1b67a4a59178&ppid=RT000186&cnac=US&rsta=en_US28en-US29&unptid=edc46c96-b18e-11ef-a3e7-1b67a4a59178&calc=f66544940b4b2&unp_tpcid=requestmoney-notifications-requestee&page=main3Aemail3ART000186&pgrp=main3Aemail&e=cl&mchn=em&s=ci&mail=sys&appVersion=1.294.0&tenant_name=&xt=1455852C150948*2C104038&link_ref=www.paypal.com_signin__;JSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUlJQ!!E09OEw!ZFlf8dyv9p4m5TistHOCu6FtN37v8zWP5-QyGJsZhABWsjDIA2M-dGUPzMmvyOWcAxfX3C0KPvNI8A$	0%	Avira URL Cloud	safe

Source	Detection	Scanner	Label
http://jsperf.com/isobject-tests	0%	Avira URL Cloud	safe
http://linkedin.github.io/dustjs/	0%	Avira URL Cloud	safe
http://dustjs.com/	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
paypal-dynamic-cdn.map.fastly.net	151.101.3.1	true	false	high
cs1150.wpc.betacdn.net	192.229.221.25	true	false	high
paypal-dynamic.map.fastly.net	151.101.1.21	true	false	high
www.recaptcha.net	172.217.19.227	true	false	high
www.google.com	142.250.181.68	true	false	high
ddbm2.paypal.com.first-party-js.datadome.co	18.66.161.81	true	false	high
newassets.hcaptcha.paypal.com	unknown	unknown	false	high
hcaptcha.paypal.com	unknown	unknown	false	high
ddbm2.paypal.com	unknown	unknown	false	high
t.paypal.com	unknown	unknown	false	high
www.paypalobjects.com	unknown	unknown	false	high
www.paypal.com	unknown	unknown	false	high

Contacted URLs

Name	Malicious	Reputation
https://www.paypal.com/platform/tealeaftarget?Content-Type=application%2Fjson&X-PageId=P.Z6RU9J34M6PJKMCR5MMMAC522TUJ&X-Tealeaf=device%20(UIC)%20Lib%2F6.4.65&X-TealeafType=GUI&X-TeaLeaf-Page-Url=%2Fsignin&X-Tealeaf-SyncXHR=false&X-Tealeaf-MessageTypes=1%2C2%2C4%2C5%2C6%2C7%2C12%2C14%2C17%2C18&X-Tealeaf-SaaS-AppKey=76938917d7504ff7a962174c021690bd&X-Tealeaf-SaaS-TLTSID=48593638776366357170691245727143&X-Tealeaf-SaaS-TLTDID=75542927983698269206114914803764&Content-Encoding=gzip	false	high
https://www.paypalobjects.com/web/res/5c0/6ee6d0880dac04be108377cc39752/hcaptcha/hcaptcha_fph.html?siteKey=bf07db68-5c2e-42e8-8779-ea8384890eea&locale.x=en_US&country.x=US&checkConnectionTimeout=10000&domain=hcaptcha.paypal.com&imgsDomain=imgs.hcaptcha.paypal.com&assetsDomain=newassets.hcaptcha.paypal.com&accountsDomain=accounts.hcaptcha.paypal.com&customDomains=	false	high
https://hcaptcha.paypal.com/checksiteconfig?v=05c78a4&host=hcaptcha.paypal.com&sitekey=bf07db68-5c2e-42e8-8779-ea8384890eea&sc=1&swa=1&spst=1	false	high
https://www.paypal.com/auth/validatecaptcha	false	high
https://www.paypalobjects.com/web/res/087/9f731d8bcedd5b7e7a3975c024278/js/lib/jquery-ui.min.js	false	high
https://www.paypalobjects.com/web/res/087/9f731d8bcedd5b7e7a3975c024278/js/widgets/postMessage.js	false	high
https://www.paypalobjects.com/web/res/087/9f731d8bcedd5b7e7a3975c024278/js/browser_modules/dust-makara-helpers/browser.amd.js	false	high
https://www.paypalobjects.com/web/res/5c0/6ee6d0880dac04be108377cc39752/js/opinionLab/opinionLab.js	false	high
https://t.paypal.com/ts?v=1.9.5&t=1733264937610&g=300&e=ac&tsrce=unp&ppid=RT000186&space_key=SKCPAD&utm_source=unp&utm_medium=email&utm_campaign=RT000186&utm_unptid=edc46c96-b18e-11ef-a3e7-1b67a4a59178&cnac=US&rsta=en_US28en-US29&unptid=edc46c96-b18e-11ef-a3e7-1b67a4a59178&calc=f66544940b4b2&unp_tpcid=requestmoney-notifications-requestee&page=main3Aemail3ART000186&pgrp=main3Aemail&s=ci&mail=sys&appVersion=1.294.0&xt=1455852C150948*2C104038&link_ref=www.paypal.com_signin__%3BJSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUlJQ!!E09OEw!ZFlf8dyv9p4m5TistHOCu6FtN37v8zWP5-QyGJsZhABWsjDIA2M-dGUPzMmvyOWcAxfX3C0KPvNI8A%24&event_name=external_deep_link_processed&t=1733264925466&v=1.9.5	false	high
https://www.paypalobjects.com/web/res/5c0/6ee6d0880dac04be108377cc39752/js/opinionLab/onlineOpinionPopup.js	false	high
https://t.paypal.com/ts?v=1.9.5&t=1733264963937&g=300&pgrp=authchallengenodeweb%2Flayouts%2Fmaster.html.dust&page=authchallengenodeweb%2Flayouts%2Fmaster.html.dust&pgst=1733264964660&calc=f175419dbe368&nsid=evj4EdWICYTM74vseTBj8oH7j-C4iJNk&rsta=en_US&pgtf=Nodejs&env=live&s=ci&ccpg=US&csci=a099cee091ad48e9bebf691e7b9d5711&comp=authchallengenodeweb&tsrce=authchallengenodeweb&cu=0&ef_policy=ccpa&xe=108937&xt=142649&e=im&imsrc=setup&view=%7B%22t10%22%3A1223%2C%22t11%22%3A1804%2C%22et%22%3A%223g%22%2C%22nt%22%3A%22navigate%22%2C%22bt%22%3A0%7D&ru=https%3A%2F%2Fwww.paypal.com%2Fsignin&cd=24&sw=1280&sh=1024&dw=1280&dh=1024&bw=1280&bh=907&ce=1&t1=1223&t1c=1223&t1d=0&t1s=1221&t2=737&t3=22&t4d=0&t4=0&t4e=2026&tt=0&rdc=0&protocol=http%2F1.1&res=%7B%7D	false	high
https://www.paypalobjects.com/web/res/5c0/6ee6d0880dac04be108377cc39752/js/core/baseView.js	false	high
https://ddbm2.paypal.com/tags.js	false	high
https://www.paypal.com/signin	false	high
https://www.paypalobjects.com/web/res/087/9f731d8bcedd5b7e7a3975c024278/js/widgets/clientCalLogger.js	false	high
https://www.paypalobjects.com/web/res/5c0/6ee6d0880dac04be108377cc39752/js/router.js	false	high
https://t.paypal.com/ts?v=1.9.5&t=1733264935657&g=300&pgrp=main%3Aunifiedlogin%3A%3A%3Alogin&page=main%3Aunifiedlogin%3A%3A%3Alogin%3Alegacy-web-dyn&pgst=1733264922987&calc=f746281626d66&nsid=evj4EdWICYTM74vseTBj8oH7j-C4iJNk&rsta=en_US&pgtf=Nodejs&env=live&s=ci&ccpg=US&csci=7725997addae4c2da66bd27d929586dc&comp=unifiedloginnodeweb&tsrce=unifiedloginnodeweb&cu=0&ef_policy=ccpa&xe=100353%2C106885%2C105604%2C105604%2C105351%2C101126%2C100614%2C101257%2C102153%2C104200%2C104200%2C105352%2C109195%2C104458%2C104458%2C100364%2C105999%2C100885%2C109334%2C109334%2C101270%2C102557%2C102557%2C101408%2C101408%2C104227%2C104227%2C100644%2C105124%2C100391%2C102695%2C100263%2C101031%2C100267%2C108076%2C100527%2C106031%2C106031%2C107054%2C107054%2C106033%2C106033%2C106032%2C106032%2C105392%2C105392%2C106035%2C106035%2C106034%2C106034%2C106036%2C106036%2C105271%2C110648%2C101688%2C101821%2C101820%2C102208%2C105543%2C105544%2C105416%2C105416%2C101064%2C106058%2C104778%2C103119%2C100303%2C100942%2C105553%2C105553%2C105552%2C105552%2C100304%2C105554%2C105554%2C101334%2C100572%2C101215%2C101214%2C101470%2C101216%2C103648%2C101472%2C101090%2C105698%2C102629%2C101735%2C104039%2C104039%2C104038%2C104038%2C101736%2C109931%2C110442%2C108653%2C108652%2C100846%2C109040%2C105843%2C105843%2C101875%2C105845%2C105845%2C105844%2C105844%2C109047%2C102390%2C102390%2C104571%2C104571%2C105340%2C105340%2C107263%2C107263%2C109195%2C108076%2C109047&xt=100886%2C132008%2C124899%2C124899%2C123668%2C103409%2C101617%2C104043%2C107844%2C127485%2C127485%2C123683%2C144027%2C119355%2C119355%2C103733%2C127242%2C102543%2C144768%2C144768%2C106407%2C109630%2C109630%2C104577%2C104577%2C120155%2C120155%2C101702%2C122483%2C100984%2C110241%2C100632%2C102993%2C100641%2C138090%2C101405%2C127662%2C127662%2C132781%2C132781%2C127659%2C127659%2C127666%2C127666%2C123875%2C123875%2C127651%2C127651%2C127655%2C127655%2C127648%2C127648%2C123248%2C152289%2C105645%2C106327%2C106324%2C108106%2C124626%2C124629%2C123994%2C123994%2C103105%2C127563%2C121149%2C112308%2C100722%2C113529%2C124686%2C124686%2C124682%2C124682%2C100727%2C124696%2C124696%2C104357%2C101510%2C103848%2C103847%2C104754%2C103864%2C114559%2C104762%2C103240%2C125356%2C109962%2C105856%2C120731%2C120731%2C120736%2C120736%2C105858%2C147989%2C150774%2C141151%2C141149%2C102359%2C143321%2C126375%2C126375%2C106610%2C126401%2C126401%2C126385%2C126385%2C143343%2C108797%2C108797%2C119908%2C119908%2C123611%2C123611%2C133840%2C133840%2C144027%2C138090%2C143343&obex=p2p&userRedirected=true&post_login_redirect=returnUri&ret_url=%2F2Fmyaccount2Ftransfer2FpayRequest2FU-06C88558L1014094C2FU-2DM00000BR77214333FclassicUrl3D2FUS2Fcgi-bin2F3Fcmd3D_prq&link=unifiedlogin-login-submit&pglk=main%3Aunifiedlogin%3A%3A%3Alogin%7CbtnLogin&pgln=main%3Aunifiedlogin%3A%3A%3Alogin%3Alegacy-web-dyn%7CbtnLogin&e=cl	false	high
https://newassets.hcaptcha.paypal.com/captcha/v1/05c78a4/static/hcaptcha.html	false	high
https://www.paypalobjects.com/web/res/087/9f731d8bcedd5b7e7a3975c024278/js/view/login.js	false	high
https://www.paypalobjects.com/web/res/5c0/6ee6d0880dac04be108377cc39752/js/lib/backbone-1.5.0.min.js	false	high
https://www.paypalobjects.com/web/res/5c0/6ee6d0880dac04be108377cc39752/js/authchallenge.js	false	high
https://www.paypalobjects.com/images/shared/momgram@2x.png	false	high
https://www.paypalobjects.com/web/res/087/9f731d8bcedd5b7e7a3975c024278/js/browser_modules/pulvus-provide/provide.js	false	high
https://www.paypalobjects.com/web/res/5c0/6ee6d0880dac04be108377cc39752/js/lib/jquery-1.12.4.js	false	high
https://www.paypalobjects.com/rdaAssets/fraudnet/sync/fn-sync-telemetry-min.js	false	high
https://t.paypal.com/ts?v=1.9.5&t=1733264935660&g=300&pgrp=main%3Aunifiedlogin%3A%3A%3Alogin&page=main%3Aunifiedlogin%3A%3A%3Alogin%3Alegacy-web-dyn&pgst=1733264922987&calc=f746281626d66&nsid=evj4EdWICYTM74vseTBj8oH7j-C4iJNk&rsta=en_US&pgtf=Nodejs&env=live&s=ci&ccpg=US&csci=7725997addae4c2da66bd27d929586dc&comp=unifiedloginnodeweb&tsrce=unifiedloginnodeweb&cu=0&ef_policy=ccpa&xe=100353%2C106885%2C105604%2C105604%2C105351%2C101126%2C100614%2C101257%2C102153%2C104200%2C104200%2C105352%2C109195%2C104458%2C104458%2C100364%2C105999%2C100885%2C109334%2C109334%2C101270%2C102557%2C102557%2C101408%2C101408%2C104227%2C104227%2C100644%2C105124%2C100391%2C102695%2C100263%2C101031%2C100267%2C108076%2C100527%2C106031%2C106031%2C107054%2C107054%2C106033%2C106033%2C106032%2C106032%2C105392%2C105392%2C106035%2C106035%2C106034%2C106034%2C106036%2C106036%2C105271%2C110648%2C101688%2C101821%2C101820%2C102208%2C105543%2C105544%2C105416%2C105416%2C101064%2C106058%2C104778%2C103119%2C100303%2C100942%2C105553%2C105553%2C105552%2C105552%2C100304%2C105554%2C105554%2C101334%2C100572%2C101215%2C101214%2C101470%2C101216%2C103648%2C101472%2C101090%2C105698%2C102629%2C101735%2C104039%2C104039%2C104038%2C104038%2C101736%2C109931%2C110442%2C108653%2C108652%2C100846%2C109040%2C105843%2C105843%2C101875%2C105845%2C105845%2C105844%2C105844%2C109047%2C102390%2C102390%2C104571%2C104571%2C105340%2C105340%2C107263%2C107263%2C109195%2C108076%2C109047&xt=100886%2C132008%2C124899%2C124899%2C123668%2C103409%2C101617%2C104043%2C107844%2C127485%2C127485%2C123683%2C144027%2C119355%2C119355%2C103733%2C127242%2C102543%2C144768%2C144768%2C106407%2C109630%2C109630%2C104577%2C104577%2C120155%2C120155%2C101702%2C122483%2C100984%2C110241%2C100632%2C102993%2C100641%2C138090%2C101405%2C127662%2C127662%2C132781%2C132781%2C127659%2C127659%2C127666%2C127666%2C123875%2C123875%2C127651%2C127651%2C127655%2C127655%2C127648%2C127648%2C123248%2C152289%2C105645%2C106327%2C106324%2C108106%2C124626%2C124629%2C123994%2C123994%2C103105%2C127563%2C121149%2C112308%2C100722%2C113529%2C124686%2C124686%2C124682%2C124682%2C100727%2C124696%2C124696%2C104357%2C101510%2C103848%2C103847%2C104754%2C103864%2C114559%2C104762%2C103240%2C125356%2C109962%2C105856%2C120731%2C120731%2C120736%2C120736%2C105858%2C147989%2C150774%2C141151%2C141149%2C102359%2C143321%2C126375%2C126375%2C106610%2C126401%2C126401%2C126385%2C126385%2C143343%2C108797%2C108797%2C119908%2C119908%2C123611%2C123611%2C133840%2C133840%2C144027%2C138090%2C143343&obex=p2p&userRedirected=true&post_login_redirect=returnUri&ret_url=%2F2Fmyaccount2Ftransfer2FpayRequest2FU-06C88558L1014094C2FU-2DM00000BR77214333FclassicUrl3D2FUS2Fcgi-bin2F3Fcmd3D_prq&e=im&imsrc=setup&view=%7B%22t10%22%3A1495%2C%22t11%22%3A10419%2C%22tcp%22%3A5473%2C%22et%22%3A%223g%22%2C%22nt%22%3A%22navigate%22%2C%22bt%22%3A306%7D&cd=24&sw=1280&sh=1024&dw=1280&dh=1024&bw=1280&bh=907&ce=1&t1=1495&t1c=1495&t1d=169&t1s=1276&t2=596&t3=214&t4d=0&t4=0&t4e=7106&tt=0&rdc=0&protocol=http%2F1.1&cdn=fastly&res=%7B%7D&rtt=3891	false	high
https://www.paypalobjects.com/web/res/5c0/6ee6d0880dac04be108377cc39752/js/lib/require.js	false	high
https://www.paypalobjects.com/web/res/087/9f731d8bcedd5b7e7a3975c024278/js/lib/modernizr-2.6.1.js	false	high
https://www.paypalobjects.com/web/res/087/9f731d8bcedd5b7e7a3975c024278/js/browser_modules/dustjs-helpers/dist/dust-helpers.js	false	high
https://www.paypalobjects.com/web/res/087/9f731d8bcedd5b7e7a3975c024278/js/view/mainContentView.js	false	high
https://www.paypal.com/signin?cHJwPXJwdA=	false	high
https://www.paypalobjects.com/pa/mi/paypal/latmconf.js	false	high
https://www.paypal.com/auth/logclientdata	false	high
https://www.paypalobjects.com/web/res/087/9f731d8bcedd5b7e7a3975c024278/css/app.css	false	high
https://www.paypalobjects.com/web/res/5c0/6ee6d0880dac04be108377cc39752/js/lib/dust-core.js	false	high
https://www.paypalobjects.com/webcaptcha/grcenterprise_v3_static.html	false	high
https://www.paypal.com/error?code=404&ref=tealeaf	false	high
https://www.paypalobjects.com/web/res/5c0/6ee6d0880dac04be108377cc39752/js/lib/modernizr-2.6.1.js	false	high
https://www.paypalobjects.com/pa/3pjs/tl/6.4.65/patlcfg.js	false	high
https://www.paypalobjects.com/web/res/087/9f731d8bcedd5b7e7a3975c024278/js/view/authcaptcha.js	false	high
https://ddbm2.paypal.com/js/	false	high
https://www.paypalobjects.com/en_US/i/icon/pp_favicon_x.ico	false	high
https://www.paypalobjects.com/web/res/087/9f731d8bcedd5b7e7a3975c024278/js/widgets/errorDetector.js	false	high
https://www.paypalobjects.com/web/res/5c0/6ee6d0880dac04be108377cc39752/css/app.css	false	high
https://www.paypalobjects.com/web/res/087/9f731d8bcedd5b7e7a3975c024278/js/view/notifications.js	false	high
https://www.paypalobjects.com/pa/js/min/pa.js	false	high
https://www.paypalobjects.com/web/res/087/9f731d8bcedd5b7e7a3975c024278/js/lib/require.js	false	high

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://www.paypalobjects.com/webstatic/fnt/cweb/paypal-icons_1-0-3/PayPalIcons-Regular.eot?#iefix	chromecache_214.2.dr	false		high
http://requirejs.org/docs/errors.html#	chromecache_222.2.dr, chromecache_244.2.dr	false		high
https://developers.google.com/recaptcha/docs/faq#localhost_support	chromecache_168.2.dr, chromecache_169.2.dr, chromecache_230.2.dr	false		high
http://icreatestuff.co.uk/blog/article/ie9-z-index-stacking-problem-or-something-stranger	chromecache_214.2.dr	false		high
https://www.paypalobjects.com/images/shared/onetouch-mobile_2x.png	chromecache_214.2.dr	false		high
https://code.google.com/p/chromium/issues/detail?id=378607	chromecache_291.2.dr, chromecache_160.2.dr	false		high
http://dev.w3.org/csswg/cssom/#resolved-values	chromecache_291.2.dr, chromecache_160.2.dr	false		high
http://github.com/jrburke/requirejs	chromecache_243.2.dr, chromecache_222.2.dr, chromecache_164.2.dr, chromecache_244.2.dr	false		high
https://datadome.co	chromecache_206.2.dr, chromecache_231.2.dr	false		high
https://github.com/jrburke/requirejs/wiki/Updating-existing-libraries#wiki-anon	chromecache_291.2.dr, chromecache_160.2.dr	false		high
https://support.google.com/recaptcha/#6175971	chromecache_168.2.dr, chromecache_169.2.dr, chromecache_230.2.dr	false		high
https://bugzilla.mozilla.org/show_bug.cgi?id=687787	chromecache_291.2.dr, chromecache_160.2.dr	false		high
https://www.paypalobjects.com/martech/tm/paypal/3pjs/gtag/gtag.js	chromecache_270.2.dr, chromecache_215.2.dr	false		high
https://wiki.ecmascript.org/doku.php?id=harmony:egal).	chromecache_207.2.dr, chromecache_158.2.dr	false		high
http://dustjs.com/	chromecache_286.2.dr, chromecache_249.2.dr	false	Avira URL Cloud: safe	unknown
https://support.google.com/recaptcha	chromecache_230.2.dr	false		high
https://www.paypalobjects.com/webstatic	chromecache_204.2.dr, chromecache_247.2.dr	false		high
https://github.com/linkedin/dustjs-helpers	chromecache_257.2.dr, chromecache_228.2.dr, chromecache_191.2.dr, chromecache_263.2.dr	false		high
http://bugs.jquery.com/ticket/12359	chromecache_291.2.dr, chromecache_160.2.dr	false		high
https://www.paypalobjects.com/webstatic/mktg/2014design/fonts/v1.1/PP-Web-v1.1.woff?-acnm6v&_=999999	chromecache_214.2.dr	false		high
https://bugzilla.mozilla.org/show_bug.cgi?id=649285	chromecache_291.2.dr, chromecache_160.2.dr	false		high
https://developers.google.com/recaptcha/docs/faq#my-computer-or-network-may-be-sending-automated-que	chromecache_168.2.dr, chromecache_169.2.dr, chromecache_230.2.dr	false		high
https://jquery.com/	chromecache_155.2.dr, chromecache_253.2.dr	false		high
https://www.paypalobjects.com/webstatic/mktg/2014design/fonts/v1.1/PP-Utility-v1.1.woff?-acnm6v&_=99	chromecache_214.2.dr	false		high
https://www.paypalobjects.com/images/shared/onetouch-desktop.png	chromecache_214.2.dr	false		high
https://www.paypalobjects.com/images/shared/remember-me-Interstitial-image.png	chromecache_214.2.dr	false		high
https://bugzilla.mozilla.org/show_bug.cgi?id=491668	chromecache_291.2.dr, chromecache_160.2.dr	false		high
https://code.google.com/p/chromium/issues/detail?id=470258	chromecache_291.2.dr, chromecache_160.2.dr	false		high
https://www.paypalobjects.com/images/shared/onetouch-desktop_2x.png	chromecache_214.2.dr	false		high
https://www.paypalobjects.com/images/shared/icon-sprite2-1x.png	chromecache_214.2.dr	false		high
https://www.paypalobjects.com/webstatic/fnt/cweb/paypal-icons_1-0-3/PayPalIcons-Regular.woff	chromecache_214.2.dr	false		high
http://jsperf.com/getall-vs-sizzle/2	chromecache_291.2.dr, chromecache_160.2.dr	false		high
https://www.paypalobjects.com/images/shared/icon-sprite2-2x.png	chromecache_214.2.dr	false		high
https://cloud.google.com/contact	chromecache_168.2.dr, chromecache_169.2.dr, chromecache_230.2.dr	false		high
https://www.paypalobjects.com/images/shared/successCheckmark.png	chromecache_214.2.dr	false		high
https://github.com/jquery/jquery/pull/557)	chromecache_291.2.dr, chromecache_160.2.dr	false		high
http://jsperf.com/isobject-tests	chromecache_257.2.dr, chromecache_191.2.dr	false	Avira URL Cloud: safe	unknown
https://www.paypalobjects.com/webstatic/fnt/cweb/paypal-icons_1-0-3/PayPalIcons-Regular.svg#69ac2c9f	chromecache_214.2.dr	false		high
https://www.paypalobjects.com/webstatic/mktg/2014design/fonts/v1.1/PP-Utility-v1.1.eot?-acnm6v&_=999	chromecache_214.2.dr	false		high
https://www.paypalobjects.com/webstatic/mktg/2014design/fonts/v1.1/PP-Utility-v1.1.svg?-acnm6v&_=999	chromecache_214.2.dr	false		high
https://www.paypalobjects.com/images/shared/successCheckmark2x.png	chromecache_214.2.dr	false		high
http://linkedin.github.io/dustjs/	chromecache_238.2.dr, chromecache_157.2.dr	false	Avira URL Cloud: safe	unknown
https://www.google.com/recaptcha/api2/	chromecache_168.2.dr, chromecache_169.2.dr, chromecache_230.2.dr	false		high
https://www.paypalobjects.com/webstatic/fnt/cweb/paypal-icons_1-0-3/PayPalIcons-Regular.eot	chromecache_214.2.dr	false		high
https://www.paypalobjects.com/paypalmktg/pardot/pd.js	chromecache_270.2.dr, chromecache_215.2.dr	false		high
https://people.mozilla.org/~jorendorff/es6-draft.html#sec-tolength	chromecache_207.2.dr, chromecache_158.2.dr	false		high
https://secure.opinionlab.com/ccc01/comment_card.asp?	chromecache_161.2.dr, chromecache_274.2.dr	false		high
https://www.paypalobjects.com/images/shared/sprite_forms_1x.png	chromecache_242.2.dr	false		high
https://www.paypalobjects.com/images/shared/lg-attention-warning.png	chromecache_214.2.dr	false		high
https://cloud.google.com/recaptcha-enterprise/billing-information	chromecache_168.2.dr, chromecache_169.2.dr, chromecache_230.2.dr	false		high
https://www.paypalobjects.com/images/shared/success-animation.gif	chromecache_214.2.dr	false		high
https://www.paypalobjects.com/webstatic/mktg/2014design/fonts/v1.1/PP-Utility-v1.1.ttf?-acnm6v&_=999	chromecache_214.2.dr	false		high
https://www.recaptcha.net/recaptcha/enterprise/	chromecache_269.2.dr, chromecache_163.2.dr	false		high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
151.101.1.21	paypal-dynamic.map.fastly.net	United States	54113	FASTLYUS	false
151.101.195.1	unknown	United States	54113	FASTLYUS	false
192.229.221.25	cs1150.wpc.betacdn.net	United States	15133	EDGECASTUS	false
151.101.129.21	unknown	United States	54113	FASTLYUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
151.101.3.1	paypal-dynamic-cdn.map.fastly.net	United States	54113	FASTLYUS	false
151.101.131.1	unknown	United States	54113	FASTLYUS	false
18.66.161.81	ddbm2.paypal.com.first-party-js.datadome.co	United States	3	MIT-GATEWAYSUS	false
18.66.161.70	unknown	United States	3	MIT-GATEWAYSUS	false
142.250.181.68	www.google.com	United States	15169	GOOGLEUS	false
151.101.67.1	unknown	United States	54113	FASTLYUS	false

Private

IP
192.168.2.7

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1567866
Start date and time:	2024-12-03 23:27:40 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 3m 39s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	https://www.paypal.com/signin/?returnUri=2Fmyaccount2Ftransfer2FpayRequest2FU-06C88558L1014094C2FU-2DM00000BR77214333FclassicUrl3D2FUS2Fcgi-bin2F3Fcmd3D_prq&id=Ry38v2FrK0UjF72A307PSNceYxU8e31AX6KM7A&expId=p2p&onboardData=7B22signUpRequest223A7B22method223A22get222C22url223A22https3A2F2Fwww.paypal.com2Fmyaccount2Ftransfer2FguestLogin2FpayRequest2FU-06C88558L1014094C2FU-2DM00000BR77214333FclassicUrl3D2FUS2Fcgi-bin2F3Fcmd3D_prq26id3DRy38v2FrK0UjF72A307PSNceYxU8e31AX6KM7A227D7D&flowContextData=EPipLgYQkcQiPC6xPmHLsMuav-qVcafyzQ_WyOueO1YLprxlMy2pR71HozTcXvF3gDlTVCnYOiGO1RH-x7AipFN1b_fXcnymzC7htRa-Up9txf3z7YS5D19T0nlKma78-VkCV-TQDV5CW84rr3rCJNYe1-fM_jtU4E9Padf_oYXGfzDmevT97BhWrEB2gc-cCgFZtePLBN_tEqZ2EXbR1HfEixVltCquJW08dhO4loCGR0Fw-i9hA2gm89p74lOnm_ylvkeMAFpn0MW2giVYeRb3X0Q993Fc-WNeqYIyYpEqnx8lWPo6TeIWhqhOu3HF3VENmMaY6Nw84pRr3Et2JJaxNrKrdwGltz9Bbxuv5CKbKgj5FHLgD4yz3AaxBVHUmdApOlWCmLbKHzdVBa3Y_WNm9O8_MwExtGHJFp8NDUJAXIhZaK7XQl16wX5aXhnY7INelm&v=1&utm_source=unp&utm_medium=email&utm_campaign=RT000186&utm_unptid=edc46c96-b18e-11ef-a3e7-1b67a4a59178&ppid=RT000186&cnac=US&rsta=en_US28en-US29&unptid=edc46c96-b18e-11ef-a3e7-1b67a4a59178&calc=f66544940b4b2&unp_tpcid=requestmoney-notifications-requestee&page=main3Aemail3ART000186&pgrp=main3Aemail&e=cl&mchn=em&s=ci&mail=sys&appVersion=1.294.0&tenant_name=&xt=1455852C150948*2C104038&link_ref=www.paypal.com_signin__;JSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUlJQ!!E09OEw!ZFlf8dyv9p4m5TistHOCu6FtN37v8zWP5-QyGJsZhABWsjDIA2M-dGUPzMmvyOWcAxfX3C0KPvNI8A$
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	16
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal48.win@24/231@38/12
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, sppsvc.exe, SIHClient.exe, SgrmBroker.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 172.217.19.227, 172.217.17.46, 74.125.205.84, 34.104.35.123, 172.217.17.42, 172.217.17.74, 142.250.181.106, 216.58.208.234, 172.217.21.42, 172.217.19.234, 142.250.181.74, 142.250.181.138, 172.217.19.202, 199.232.210.172, 172.217.21.35, 172.217.19.10, 172.217.19.170, 142.250.181.42, 172.217.17.35
Excluded domains from analysis (whitelisted): fs.microsoft.com, accounts.google.com, content-autofill.googleapis.com, otelrules.azureedge.net, slscr.update.microsoft.com, ctldl.windowsupdate.com, clientservices.googleapis.com, time.windows.com, fe3cr.delivery.mp.microsoft.com, clients2.google.com, edgedl.me.gvt1.com, update.googleapis.com, clients.l.google.com, www.gstatic.com
HTTPS sessions have been limited to 150. Please view the PCAPs for the complete data.
Not all processes where analyzed, report is missing behavior information
Report size exceeded maximum capacity and may have missing network information.
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
VT rate limit hit for: https://www.paypal.com/signin/?returnUri=*2Fmyaccount*2Ftransfer*2FpayRequest*2FU-06C88558L1014094C*2FU-2DM00000BR7721433*3FclassicUrl*3D*2FUS*2Fcgi-bin*2F*3Fcmd*3D_prq&id=Ry38v2FrK0UjF72A307PSNceYxU8e31AX6KM7A&expId=p2p&onboardData=*7B*22signUpRequest*22*3A*7B*22method*22*3A*22get*22*2C*22url*22*3A*22https*3A*2F*2Fwww.paypal.com*2Fmyaccount*2Ftransfer*2FguestLogin*2FpayRequest*2FU-06C88558L1014094C*2FU-2DM00000BR7721433*3FclassicUrl*3D*2FUS*2Fcgi-bin*2F*3Fcmd*3D_prq*26id*3DRy38v2FrK0UjF72A307PSNceYxU8e31AX6KM7A*22*7D*7D&flowContextData=EPipLgYQkcQiPC6xPmHLsMuav-qVcafyzQ_WyOueO1YLprxlMy2pR71HozTcXvF3gDlTVCnYOiGO1RH-x7AipFN1b_fXcnymzC7htRa-Up9txf3z7YS5D19T0nlKma78-VkCV-TQDV5CW84rr3rCJNYe1-fM_jtU4E9Padf_oYXGfzDmevT97BhWrEB2gc-cCgFZtePLBN_tEqZ2EXbR1HfEixVltCquJW08dhO4loCGR0Fw-i9hA2gm89p74lOnm_ylvkeMAFpn0MW2giVYeRb3X0Q993Fc-WNeqYIyYpEqnx8lWPo6TeIWhqhOu3HF3VENmMaY6Nw84pRr3Et2JJaxNrKrdwGltz9Bbxuv5CKbKgj5FHLgD4yz3AaxBVHUmdApOlWCmLbKHzdVBa3Y_WNm9O8_MwExtGHJFp8NDUJAXIhZaK7XQl16wX5aXhnY7INelm&v=

Input	Output
URL: https://www.paypal.com Model: Joe Sandbox AI	{ "typosquatting": false, "unusual_query_string": false, "suspicious_tld": false, "ip_in_url": false, "long_subdomain": false, "malicious_keywords": false, "encoded_characters": false, "redirection": false, "contains_email_address": false, "known_domain": true, "brand_spoofing_attempt": false, "third_party_hosting": false }
URL: https://www.paypal.com
URL: JavaScript Model: Joe Sandbox AI	{ "risk_score": 2, "reasoning": "This appears to be legitimate Google reCAPTCHA code with proper copyright notices and standard functionality. It contains DOM manipulation and data handling but uses trusted Google domains and follows expected reCAPTCHA patterns. The code is minified but not maliciously obfuscated." }
(function(){/* Copyright The Closure Library Authors. SPDX-License-Identifier: Apache-2.0 / / Copyright Google LLC SPDX-License-Identifier: Apache-2.0 / / Copyright 2005, 2007 Bob Ippolito. All Rights Reserved. Copyright The Closure Library Authors. SPDX-License-Identifier: MIT / / Copyright The Closure Library Authors. SPDX-License-Identifier: Apache-2.0 */ var T=function(){return[function(r,d,h,V,R,K,Y,S,N,D,F,E,l,B,C,m){return(r\|32)==(((C=["fr","flat",2],r)-C[2]>>4\|\|(m=new Promise(function(P){window.addEventListener("visibilitychange",P,{once:!0}),document.hidden\|\|P()})),r-7>>4)\|\|(E=[2654435761,0,"1"],Y.wb=K===void 0?!1:K,B=b[38](26,Y,V),N=g[16](55,B),Y[C[0]]=N.next().value,Y.C=N.next().value,Y.rI=N.next().value,Y.Zf=N.next().value,F=Y.R()[C[1]](Infinity),S=F.findIndex(function(P){return P instanceof dy&&k[17](15,P,h)==d}),l=g[9](5,F[S],lj,3,p[12](77)), D=[n[48](22,Y[C[0]]),A[43](38,Y.rI,U[9](11,Y[C[0]]),E[0]),A[10](27,3,Y.rI,U[9](19,Y.rI),E[1]),A[10](28,3,Y.Zf,U[9](19,R),Y.bf),A[10](24,3,Y.Zf,U[9](35,Y.Zf),U[9](27,Y.rI)),T[11](20,T[26](64,h,l[h])),k[30](55,h,E[C[2]],F,Y,Y.Xa)],U[47](20,E[1],Y),m=D),r)&&(K=g[31](9,1,d,V+R,gy),Y=h.map(function(P,v){return K[v%K.length]}),m=p[30](28,0,Y,h)),m},function(r,d,h,V,R,K,Y,S,N){if(N=[75,"userAgent",46],(r&N[0])==r){a:{if(V=By.navigator)if(h=V[N[1]]){d=h;break a}d=""}S=d}if((r>>1&14)==((r\|24)==r&&(p[48](18, h.B),h.F=d),r-5&13\|\|(V=e[48](10,d,h),S=V=="array"\|\|V==d&&typeof h.length=="number"),2))a:{if(n[32](N[2])&&V!=="Silk"){if(!(Y=kG.brands.find(function(D){return D.brand===V}),Y)\|\|!Y.version){S=NaN;break a}K=Y.version.split(".")}else{if((R=U[28](1,"OPR",h,d,"8.0",V),R)===""){S=NaN;break a}K=R.split(".")}S=K.length===0?NaN:Number(K[0])}return(r>>2&3)==3&&(Y=b[15](45,V,pZ(),h),S=function(D,F){return D=b[F=["concat",1,"reduce"],29](F[1],F[1],0,255,d+Y(),K),{rm:k[26](10,0,R[F[0]](D).map(function(E){return A[14](9, 0,E)})[F[2]](function(E,l){return E.xor(l)})),A0:D}}),S},function(r,d,h,V){return(r^25)<((r\|(V=[37,28,27],5))>>4\|\|(d=T[9](26,this.U),h=U[45](2,!1,V[1],this.U,d,!1)),V[0])&&r+4>=V[2]&&H.call(this,d),h},function(r,d,h,V,R,K){return(r+(R=[1,24,29],(r-2\|7)<r&&(r-R[0]\|55)>=r&&(K=sM(function(){return h().parent!=h()?!0:h().frameElement!=null?!0:!1},!0)),2)&R[2])>=r&&(r+5^28)<r&&(K=CZ(ij(d,h),V)),(r\|32)==r&&H.call(this,d),(r\|R[1])==r&&(K=function(Y,S,N,D,F,E,l,B,C){C=[5,"aO","push"],UM.length?(E=UM.pop(), g[C[0]](4,E,S),e[8](63,void 0,S,void 0,Y,E.U),D=E):D=new vy(Y,S),F=D;try{l=new V,N=l[C[1]],p[18](25,null,h)(N,F),B=l}finally{F.U.clear(),F.J=-1,F.R=-1,UM.length<d&&UM[C[2]](F)}return B}),K},function(r,d,h,V,R,K,Y,S){if((S=["call",32,47],(r\|1)&2)==2){K=["/m/04w67_",'<div class="',"TileSelectionStreetSign"],R=K[1]+p[40](S[2],"rc-imageselect-desc-no-canonical")+h;switch(A[18](56,V)?V.toString():V){case K[2]:R+="Tap the center of the <strong>street signs</strong>";break;case "/m/0k4j":R+="Tap the center of the <strong>cars</strong>"; break;case K[0]:R+="Tap the center of the <strong>mail boxes</strong>"}Y=$G(R+d)}if((r^30)>=20&&(r^25)<S[1])H[S[0]](this,d,0,"dresp");if((r\|48)==r)H[S[0]](this,d);return Y},function(r,d,h,V,R,K,Y){if((r+5&7)==(((K=[1,2,"call"],r^7)&12)<5&&(r^32)>>4>=K[1]&&(Hy[K[2]](this,d),this.U=[[]],this.C=K[0]),K)[1]){R=[7,0,127],Wy(V);for(Wy(h);h>R[K[0]]\|\|V>R[K[1]];)d.U.push(V&R[K[1]]\|128),V=(V>>>R[0]\|h<<25)>>>R[K[0]],h>>>=R[0];d.U.push(V)}if((r>>K[0]&11)==K[0])MB[K[2]](this,360,20);return Y},function(r,d,h,V, R,K,Y,S,N){return((r\|((r&46)==(r+5<(N=["J","U","hN"],23)&&(r^37)>=8&&(p[19](44,V),h=e[10](50,V,h),V[N[1]].has(h)&&(V.K=d,V[N[0]]-=V[N[1]].get(h).length,V[N[1]]["delete"](h))),r)&&(K=["n","waf",!0],R.B=Date.now(),X$=R.yM,R[N[0]]=U[32](32,R[N[1]])?new yx(R.yM,R.O,n[6](50,z1,R[N[1]])):new a9(R.yM,R.O),R[N[0]].R=A[27](4,9,R[N[2]]),p[41](2)?R[N[0]].u(n[9](83,"t",K[2],R),n[5](37,"-",R.id),!1):(R.K=p[19](76,0,K[2],V,R),V===1&&window.___grecaptcha_cfg[K[1]]&&window.___grecaptcha_cfg[K[1]].includes("session")&& U[32](41,R[N[1]])&&e[34](41,5,K[0],R),U[32](33,R[
URL: https://www.paypal.com/signin/?returnUri=2Fmyaccount2Ftransfer2FpayRequest2FU-06C88558L1014094C2FU-2DM00000BR77214333FclassicUrl3D2FUS2Fcgi-bin2F3Fcmd3D_prq&id=Ry38v2FrK0UjF72A307PSNceYxU8e31AX6KM7A&expId=p2p&onboardData=7B22signUpRequest*22 Model: Joe Sandbox AI	{ "contains_trigger_text": true, "trigger_text": "Due to a technical error, a transaction may have...", "prominent_button_name": "Log In to Pay", "text_input_field_labels": [ "Email", "Password" ], "pdf_icon_visible": false, "has_visible_captcha": false, "has_urgent_text": false, "has_visible_qrcode": false, "contains_chinese_text": false }

URL: https://www.paypal.com/signin/?returnUri=2Fmyaccount2Ftransfer2FpayRequest2FU-06C88558L1014094C2FU-2DM00000BR77214333FclassicUrl3D2FUS2Fcgi-bin2F3Fcmd3D_prq&id=Ry38v2FrK0UjF72A307PSNceYxU8e31AX6KM7A&expId=p2p&onboardData=7B22signUpRequest*22 Model: Joe Sandbox AI	{ "brands": [ "Scrap Love Bindery" ] }
	{ "brands": [ "Scrap Love Bindery" ] }
URL: https://www.paypal.com/signin/?returnUri=2Fmyaccount2Ftransfer2FpayRequest2FU-06C88558L1014094C2FU-2DM00000BR77214333FclassicUrl3D2FUS2Fcgi-bin2F3Fcmd3D_prq&id=Ry38v2FrK0UjF72A307PSNceYxU8e31AX6KM7A&expId=p2p&onboardData=7B22signUpRequest*22 Model: Joe Sandbox AI	{ "contains_trigger_text": true, "trigger_text": "Due to a technical error, a transaction may have...", "prominent_button_name": "Log In to Pay", "text_input_field_labels": [ "5e9grx@vrichto.net", "**********" ], "pdf_icon_visible": false, "has_visible_captcha": false, "has_urgent_text": false, "has_visible_qrcode": false, "contains_chinese_text": false }

URL: https://www.paypal.com/signin/?returnUri=2Fmyaccount2Ftransfer2FpayRequest2FU-06C88558L1014094C2FU-2DM00000BR77214333FclassicUrl3D2FUS2Fcgi-bin2F3Fcmd3D_prq&id=Ry38v2FrK0UjF72A307PSNceYxU8e31AX6KM7A&expId=p2p&onboardData=7B22signUpRequest*22 Model: Joe Sandbox AI	{ "brands": [ "PayPal" ] }
	{ "brands": [ "PayPal" ] }
URL: https://www.paypal.com/signin/?returnUri=2Fmyaccount2Ftransfer2FpayRequest2FU-06C88558L1014094C2FU-2DM00000BR77214333FclassicUrl3D2FUS2Fcgi-bin2F3Fcmd3D_prq&id=Ry38v2FrK0UjF72A307PSNceYxU8e31AX6KM7A&expId=p2p&onboardData=7B22signUpRequest*22 Model: Joe Sandbox AI	```json{ "legit_domain": "paypal.com", "classification": "wellknown", "reasons": [ "The URL 'www.paypal.com' matches the legitimate domain name for the brand PayPal.", "PayPal is a well-known brand with a strong online presence.", "There are no suspicious elements in the URL such as misspellings, extra characters, or unusual domain extensions.", "The domain is fully matching with the legitimate domain associated with PayPal." ], "riskscore": 1}
URL: www.paypal.com Brands: PayPal Input Fields: 5e9grx@vrichto.net, **********
URL: https://www.paypal.com/signin/?returnUri=2Fmyaccount2Ftransfer2FpayRequest2FU-06C88558L1014094C2FU-2DM00000BR77214333FclassicUrl3D2FUS2Fcgi-bin2F3Fcmd3D_prq&id=Ry38v2FrK0UjF72A307PSNceYxU8e31AX6KM7A&expId=p2p&onboardData=7B22signUpRequest*22 Model: Joe Sandbox AI	{ "contains_trigger_text": true, "trigger_text": "Due to a technical error, a transaction may have...", "prominent_button_name": "Log In to Pay", "text_input_field_labels": [ "5e9grx@vrichto.net", "**********" ], "pdf_icon_visible": false, "has_visible_captcha": false, "has_urgent_text": false, "has_visible_qrcode": false, "contains_chinese_text": false }

URL: https://www.paypal.com/signin/?returnUri=2Fmyaccount2Ftransfer2FpayRequest2FU-06C88558L1014094C2FU-2DM00000BR77214333FclassicUrl3D2FUS2Fcgi-bin2F3Fcmd3D_prq&id=Ry38v2FrK0UjF72A307PSNceYxU8e31AX6KM7A&expId=p2p&onboardData=7B22signUpRequest*22 Model: Joe Sandbox AI	{ "brands": [ "PayPal" ] }
	{ "brands": [ "PayPal" ] }
URL: https://www.paypal.com/signin Model: Joe Sandbox AI	{ "contains_trigger_text": true, "trigger_text": "Security Challenge", "prominent_button_name": "I am human", "text_input_field_labels": "unknown", "pdf_icon_visible": false, "has_visible_captcha": true, "has_urgent_text": false, "has_visible_qrcode": false, "contains_chinese_text": false }

URL: https://www.paypal.com/signin Model: Joe Sandbox AI	{ "brands": [ "PayPal" ] }
	{ "brands": [ "PayPal" ] }
URL: https://www.paypal.com/signin Model: Joe Sandbox AI	```json{ "legit_domain": "paypal.com", "classification": "wellknown", "reasons": [ "The URL 'www.paypal.com' matches the legitimate domain name for PayPal.", "PayPal is a well-known brand with a strong online presence.", "There are no suspicious elements in the URL such as misspellings, extra characters, or unusual domain extensions.", "The domain is fully matching with the brand name, indicating a legitimate webpage." ], "riskscore": 1}
URL: www.paypal.com Brands: PayPal Input Fields: unknown
URL: https://www.paypal.com/signin Model: Joe Sandbox AI	{ "contains_trigger_text": true, "trigger_text": "Security Challenge", "prominent_button_name": "I am human", "text_input_field_labels": "unknown", "pdf_icon_visible": false, "has_visible_captcha": true, "has_urgent_text": false, "has_visible_qrcode": false, "contains_chinese_text": false }

URL: https://www.paypal.com/signin Model: Joe Sandbox AI	{ "brands": [ "PayPal" ] }
	{ "brands": [ "PayPal" ] }
URL: https://www.paypal.com/signin Model: Joe Sandbox AI	{ "contains_trigger_text": true, "trigger_text": "Security Challenge", "prominent_button_name": "I am human", "text_input_field_labels": "unknown", "pdf_icon_visible": false, "has_visible_captcha": true, "has_urgent_text": false, "has_visible_qrcode": false, "contains_chinese_text": false }

URL: https://www.paypal.com/signin Model: Joe Sandbox AI	{ "brands": [ "PayPal" ] }
	{ "brands": [ "PayPal" ] }
URL: https://www.paypal.com/signin Model: Joe Sandbox AI	{ "contains_trigger_text": true, "trigger_text": "Security Challenge", "prominent_button_name": "I am human", "text_input_field_labels": "unknown", "pdf_icon_visible": false, "has_visible_captcha": true, "has_urgent_text": false, "has_visible_qrcode": false, "contains_chinese_text": false }

URL: https://www.paypal.com/signin Model: Joe Sandbox AI	```json{ "legit_domain": "paypal.com", "classification": "wellknown", "reasons": [ "The URL 'www.paypal.com' matches the legitimate domain name for PayPal.", "PayPal is a well-known brand with a strong online presence.", "There are no suspicious elements in the URL such as misspellings, extra characters, or unusual domain extensions." ], "riskscore": 1}
URL: www.paypal.com Brands: PayPal Input Fields: unknown
URL: https://www.paypal.com/signin Model: Joe Sandbox AI	{ "brands": [ "PayPal" ] }
	{ "brands": [ "PayPal" ] }
URL: https://www.paypal.com/signin?cHJwPXJwdA= Model: Joe Sandbox AI	{ "contains_trigger_text": true, "trigger_text": "Due to a technical error, a transaction may have...", "prominent_button_name": "Log In to Pay", "text_input_field_labels": [ "5e9grx@vrichto.net", "Password" ], "pdf_icon_visible": false, "has_visible_captcha": false, "has_urgent_text": false, "has_visible_qrcode": false, "contains_chinese_text": false }

URL: https://www.paypal.com/signin Model: Joe Sandbox AI	```json{ "legit_domain": "paypal.com", "classification": "wellknown", "reasons": [ "The URL 'www.paypal.com' matches the legitimate domain name for PayPal.", "PayPal is a well-known brand with a strong online presence.", "There are no suspicious elements in the URL such as misspellings, extra characters, or unusual domain extensions." ], "riskscore": 1}
URL: www.paypal.com Brands: PayPal Input Fields: unknown
URL: https://www.paypal.com/signin?cHJwPXJwdA= Model: Joe Sandbox AI	{ "brands": [ "PayPal" ] }
	{ "brands": [ "PayPal" ] }
URL: https://www.paypal.com/signin?cHJwPXJwdA= Model: Joe Sandbox AI	{ "contains_trigger_text": true, "trigger_text": "Due to a technical error, a transaction may have...", "prominent_button_name": "Log In to Pay", "text_input_field_labels": [ "Some of your info isn't correct. Please try again.", "5e9grx@vrichto.net", "**********" ], "pdf_icon_visible": false, "has_visible_captcha": false, "has_urgent_text": false, "has_visible_qrcode": false, "contains_chinese_text": false }

URL: https://www.paypal.com/signin Model: Joe Sandbox AI	```json{ "legit_domain": "paypal.com", "classification": "wellknown", "reasons": [ "The URL 'www.paypal.com' matches the legitimate domain name for PayPal.", "PayPal is a well-known brand with a strong online presence.", "There are no suspicious elements in the URL such as misspellings, extra characters, or unusual domain extensions.", "The domain is fully matching with the brand name, indicating a legitimate webpage." ], "riskscore": 1}
URL: www.paypal.com Brands: PayPal Input Fields: unknown
URL: https://www.paypal.com/signin?cHJwPXJwdA= Model: Joe Sandbox AI	{ "brands": [ "PayPal" ] }
	{ "brands": [ "PayPal" ] }
URL: https://www.paypal.com/signin?cHJwPXJwdA= Model: Joe Sandbox AI	{ "contains_trigger_text": true, "trigger_text": "Due to a technical error, a transaction may have...", "prominent_button_name": "Log In to Pay", "text_input_field_labels": [ "se9grx@vrichto.net", "**********" ], "pdf_icon_visible": false, "has_visible_captcha": false, "has_urgent_text": true, "has_visible_qrcode": false, "contains_chinese_text": false }

URL: https://www.paypal.com/signin?cHJwPXJwdA= Model: Joe Sandbox AI	{ "brands": [ "PayPal" ] }
	{ "brands": [ "PayPal" ] }
URL: https://www.paypal.com/signin?cHJwPXJwdA= Model: Joe Sandbox AI	```json{ "legit_domain": "paypal.com", "classification": "wellknown", "reasons": [ "The URL 'www.paypal.com' matches the legitimate domain name for the brand PayPal.", "PayPal is a well-known brand with a strong online presence.", "There are no suspicious elements in the URL such as misspellings, extra characters, or unusual domain extensions.", "The domain is fully matching and does not contain any additional words or hyphens that could indicate phishing." ], "riskscore": 1}
URL: www.paypal.com Brands: PayPal Input Fields: Some of your info isn't correct. Please try again., 5e9grx@vrichto.net, **********
URL: https://www.paypal.com/signin?cHJwPXJwdA= Model: Joe Sandbox AI	```json{ "legit_domain": "paypal.com", "classification": "wellknown", "reasons": [ "The URL 'www.paypal.com' matches the legitimate domain name for the brand PayPal.", "PayPal is a well-known brand with a strong online presence.", "There are no suspicious elements in the URL such as misspellings, extra characters, or unusual domain extensions.", "The domain is fully matching and does not contain any additional words or hyphens that could indicate phishing." ], "riskscore": 1}
URL: www.paypal.com Brands: PayPal Input Fields: se9grx@vrichto.net, **********

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (1305), with no line terminators
Category:	dropped
Size (bytes):	1305
Entropy (8bit):	5.114410235023359
Encrypted:	false
SSDEEP:	24:2Q5RCCLxZhLSEZsNA9DBHey1HgWRWUVIoLAGa9SRRqys3KJS7nvLQR/s8eFEmYzM:uIxZYEiNA9DJesHgWwUKLGyS+ysLAvep
MD5:	77318F6FDC00171A089C5A9554C5D77F
SHA1:	C875B8A24BE51AEA1F71C5AAE4F79B76018F1C86
SHA-256:	F92AC1FD655D048DD658EC255FF71A6D409F2DA598B58199EFA67B976BD61057
SHA-512:	CB9BDB5C36A1ED91CA3876A09DE1CB459D336CB08F9A501529DCFE4028BC2188DD6BF7D77C72B1C939353A5ADF37E7BEAED3078B32BCBF4786D9814524784D07
Malicious:	false
Reputation:	low
Preview:	(function(){function f(t){xhr=new XMLHttpRequest,xhr.open("POST","/signin/client-log",!0),xhr.setRequestHeader("Content-Type","application/json;charset=UTF-8");try{xhr.send(JSON.stringify(t)),e.ulData.logRecords=[]}catch(n){}}function l(){var e={ulCorrelationId:t.getAttribute("data-correlation-id")};return t.getAttribute("data-is-inline-ul")&&(e.flowId=t.getAttribute("data-flow-id"),e.clientCorrelationId=t.getAttribute("data-client-correlation-id")),e}var e=window.PAYPAL\|\|{},t=document.getElementsByTagName("body")[0],n=9e3,r=window.attachEvent\|\|window.addEventListener,i=window.attachEvent?"onbeforeunload":"beforeunload",s,o=t.getAttribute("data-enable-client-cal-logging"),u=document.getElementById("token"),a=u&&u.value;o&&(Date.now?s=Date.now():s=(new Date).getTime(),e.ulData=e.ulData\|\|{},e.ulData.logRecords=[{evt:"ul-rendered",ts:s}],e.ulData.saveClientSideLogs=function(){var n;if(!e.ulData.logRecords\|\|e.ulData.logRecords.length<1)return;e.ulData.logRecords.push({evt:"ul-context-name"

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Dec 3, 2024 23:28:39.173279047 CET	192.168.2.7	1.1.1.1	0x9f85	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Dec 3, 2024 23:28:39.173384905 CET	192.168.2.7	1.1.1.1	0xb163	Standard query (0)	www.google.com	65	IN (0x0001)	false
Dec 3, 2024 23:28:41.213013887 CET	192.168.2.7	1.1.1.1	0xc5da	Standard query (0)	www.paypal.com	A (IP address)	IN (0x0001)	false
Dec 3, 2024 23:28:41.213259935 CET	192.168.2.7	1.1.1.1	0xbce7	Standard query (0)	www.paypal.com	65	IN (0x0001)	false
Dec 3, 2024 23:28:43.320014954 CET	192.168.2.7	1.1.1.1	0x3d2e	Standard query (0)	ddbm2.paypal.com	A (IP address)	IN (0x0001)	false
Dec 3, 2024 23:28:43.322129965 CET	192.168.2.7	1.1.1.1	0x20f0	Standard query (0)	ddbm2.paypal.com	65	IN (0x0001)	false
Dec 3, 2024 23:28:43.323056936 CET	192.168.2.7	1.1.1.1	0x6732	Standard query (0)	www.paypalobjects.com	A (IP address)	IN (0x0001)	false
Dec 3, 2024 23:28:43.323237896 CET	192.168.2.7	1.1.1.1	0xed87	Standard query (0)	www.paypalobjects.com	65	IN (0x0001)	false
Dec 3, 2024 23:28:45.832314968 CET	192.168.2.7	1.1.1.1	0xe60a	Standard query (0)	www.paypalobjects.com	A (IP address)	IN (0x0001)	false
Dec 3, 2024 23:28:45.832449913 CET	192.168.2.7	1.1.1.1	0x572	Standard query (0)	www.paypalobjects.com	65	IN (0x0001)	false
Dec 3, 2024 23:28:47.384582996 CET	192.168.2.7	1.1.1.1	0xcac6	Standard query (0)	ddbm2.paypal.com	A (IP address)	IN (0x0001)	false
Dec 3, 2024 23:28:47.384711027 CET	192.168.2.7	1.1.1.1	0x8f83	Standard query (0)	ddbm2.paypal.com	65	IN (0x0001)	false
Dec 3, 2024 23:28:48.306180000 CET	192.168.2.7	1.1.1.1	0x2cea	Standard query (0)	t.paypal.com	A (IP address)	IN (0x0001)	false
Dec 3, 2024 23:28:48.306320906 CET	192.168.2.7	1.1.1.1	0x766f	Standard query (0)	t.paypal.com	65	IN (0x0001)	false
Dec 3, 2024 23:28:50.589734077 CET	192.168.2.7	1.1.1.1	0x7a54	Standard query (0)	t.paypal.com	A (IP address)	IN (0x0001)	false
Dec 3, 2024 23:28:50.589976072 CET	192.168.2.7	1.1.1.1	0xd246	Standard query (0)	t.paypal.com	65	IN (0x0001)	false
Dec 3, 2024 23:28:50.676537991 CET	192.168.2.7	1.1.1.1	0xc40c	Standard query (0)	www.paypalobjects.com	A (IP address)	IN (0x0001)	false
Dec 3, 2024 23:28:50.676769972 CET	192.168.2.7	1.1.1.1	0xad12	Standard query (0)	www.paypalobjects.com	65	IN (0x0001)	false
Dec 3, 2024 23:28:53.355389118 CET	192.168.2.7	1.1.1.1	0xd0fd	Standard query (0)	www.recaptcha.net	A (IP address)	IN (0x0001)	false
Dec 3, 2024 23:28:53.355550051 CET	192.168.2.7	1.1.1.1	0xbeb8	Standard query (0)	www.recaptcha.net	65	IN (0x0001)	false
Dec 3, 2024 23:28:56.274703026 CET	192.168.2.7	1.1.1.1	0xd4e2	Standard query (0)	www.recaptcha.net	A (IP address)	IN (0x0001)	false
Dec 3, 2024 23:28:56.274890900 CET	192.168.2.7	1.1.1.1	0x744c	Standard query (0)	www.recaptcha.net	65	IN (0x0001)	false
Dec 3, 2024 23:28:57.609806061 CET	192.168.2.7	1.1.1.1	0x350e	Standard query (0)	www.paypal.com	A (IP address)	IN (0x0001)	false
Dec 3, 2024 23:28:57.609956026 CET	192.168.2.7	1.1.1.1	0x1bd	Standard query (0)	www.paypal.com	65	IN (0x0001)	false
Dec 3, 2024 23:29:04.084515095 CET	192.168.2.7	1.1.1.1	0xc218	Standard query (0)	hcaptcha.paypal.com	A (IP address)	IN (0x0001)	false
Dec 3, 2024 23:29:04.084925890 CET	192.168.2.7	1.1.1.1	0xe9e4	Standard query (0)	hcaptcha.paypal.com	65	IN (0x0001)	false
Dec 3, 2024 23:29:06.913750887 CET	192.168.2.7	1.1.1.1	0x8824	Standard query (0)	hcaptcha.paypal.com	A (IP address)	IN (0x0001)	false
Dec 3, 2024 23:29:06.913889885 CET	192.168.2.7	1.1.1.1	0x5f93	Standard query (0)	hcaptcha.paypal.com	65	IN (0x0001)	false
Dec 3, 2024 23:29:06.945476055 CET	192.168.2.7	1.1.1.1	0x616	Standard query (0)	newassets.hcaptcha.paypal.com	A (IP address)	IN (0x0001)	false
Dec 3, 2024 23:29:06.945645094 CET	192.168.2.7	1.1.1.1	0x6d09	Standard query (0)	newassets.hcaptcha.paypal.com	65	IN (0x0001)	false
Dec 3, 2024 23:29:09.985097885 CET	192.168.2.7	1.1.1.1	0x8da0	Standard query (0)	hcaptcha.paypal.com	A (IP address)	IN (0x0001)	false
Dec 3, 2024 23:29:09.985224009 CET	192.168.2.7	1.1.1.1	0xe355	Standard query (0)	hcaptcha.paypal.com	65	IN (0x0001)	false
Dec 3, 2024 23:29:15.319973946 CET	192.168.2.7	1.1.1.1	0x9fcd	Standard query (0)	newassets.hcaptcha.paypal.com	A (IP address)	IN (0x0001)	false
Dec 3, 2024 23:29:15.320115089 CET	192.168.2.7	1.1.1.1	0x5702	Standard query (0)	newassets.hcaptcha.paypal.com	65	IN (0x0001)	false
Dec 3, 2024 23:29:40.820976973 CET	192.168.2.7	1.1.1.1	0x8a29	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Dec 3, 2024 23:29:40.821120977 CET	192.168.2.7	1.1.1.1	0xe13a	Standard query (0)	www.google.com	65	IN (0x0001)	false
Dec 3, 2024 23:29:43.693700075 CET	192.168.2.7	1.1.1.1	0x9ec3	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Dec 3, 2024 23:29:43.693829060 CET	192.168.2.7	1.1.1.1	0x6572	Standard query (0)	www.google.com	65	IN (0x0001)	false

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Dec 3, 2024 23:28:39.316530943 CET	1.1.1.1	192.168.2.7	0xb163	No error (0)	www.google.com			65	IN (0x0001)	false
Dec 3, 2024 23:28:39.316931963 CET	1.1.1.1	192.168.2.7	0x9f85	No error (0)	www.google.com		142.250.181.68	A (IP address)	IN (0x0001)	false
Dec 3, 2024 23:28:41.355994940 CET	1.1.1.1	192.168.2.7	0xc5da	No error (0)	www.paypal.com	www.glb.paypal.com		CNAME (Canonical name)	IN (0x0001)	false
Dec 3, 2024 23:28:41.355994940 CET	1.1.1.1	192.168.2.7	0xc5da	No error (0)	www.glb.paypal.com	paypal-dynamic.map.fastly.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 3, 2024 23:28:41.355994940 CET	1.1.1.1	192.168.2.7	0xc5da	No error (0)	paypal-dynamic.map.fastly.net		151.101.1.21	A (IP address)	IN (0x0001)	false
Dec 3, 2024 23:28:41.355994940 CET	1.1.1.1	192.168.2.7	0xc5da	No error (0)	paypal-dynamic.map.fastly.net		151.101.193.21	A (IP address)	IN (0x0001)	false
Dec 3, 2024 23:28:41.355994940 CET	1.1.1.1	192.168.2.7	0xc5da	No error (0)	paypal-dynamic.map.fastly.net		151.101.129.21	A (IP address)	IN (0x0001)	false
Dec 3, 2024 23:28:41.355994940 CET	1.1.1.1	192.168.2.7	0xc5da	No error (0)	paypal-dynamic.map.fastly.net		151.101.65.21	A (IP address)	IN (0x0001)	false
Dec 3, 2024 23:28:42.035598040 CET	1.1.1.1	192.168.2.7	0xbce7	No error (0)	www.paypal.com	www.glb.paypal.com		CNAME (Canonical name)	IN (0x0001)	false
Dec 3, 2024 23:28:42.035598040 CET	1.1.1.1	192.168.2.7	0xbce7	No error (0)	www.glb.paypal.com	paypal-dynamic.map.fastly.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 3, 2024 23:28:43.466866016 CET	1.1.1.1	192.168.2.7	0x6732	No error (0)	www.paypalobjects.com	ppo.glb.paypal.com		CNAME (Canonical name)	IN (0x0001)	false
Dec 3, 2024 23:28:43.466866016 CET	1.1.1.1	192.168.2.7	0x6732	No error (0)	ppo.glb.paypal.com	cs1150.wpc.betacdn.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 3, 2024 23:28:43.466866016 CET	1.1.1.1	192.168.2.7	0x6732	No error (0)	cs1150.wpc.betacdn.net		192.229.221.25	A (IP address)	IN (0x0001)	false
Dec 3, 2024 23:28:43.692924976 CET	1.1.1.1	192.168.2.7	0xed87	No error (0)	www.paypalobjects.com	ppo.glb.paypal.com		CNAME (Canonical name)	IN (0x0001)	false
Dec 3, 2024 23:28:43.692924976 CET	1.1.1.1	192.168.2.7	0xed87	No error (0)	ppo.glb.paypal.com	cs1150.wpc.betacdn.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 3, 2024 23:28:43.801959991 CET	1.1.1.1	192.168.2.7	0x20f0	No error (0)	ddbm2.paypal.com	ddbm2.paypal.com.first-party-js.datadome.co		CNAME (Canonical name)	IN (0x0001)	false
Dec 3, 2024 23:28:43.802010059 CET	1.1.1.1	192.168.2.7	0x3d2e	No error (0)	ddbm2.paypal.com	ddbm2.paypal.com.first-party-js.datadome.co		CNAME (Canonical name)	IN (0x0001)	false
Dec 3, 2024 23:28:43.802010059 CET	1.1.1.1	192.168.2.7	0x3d2e	No error (0)	ddbm2.paypal.com.first-party-js.datadome.co		18.66.161.81	A (IP address)	IN (0x0001)	false
Dec 3, 2024 23:28:43.802010059 CET	1.1.1.1	192.168.2.7	0x3d2e	No error (0)	ddbm2.paypal.com.first-party-js.datadome.co		18.66.161.97	A (IP address)	IN (0x0001)	false
Dec 3, 2024 23:28:43.802010059 CET	1.1.1.1	192.168.2.7	0x3d2e	No error (0)	ddbm2.paypal.com.first-party-js.datadome.co		18.66.161.65	A (IP address)	IN (0x0001)	false
Dec 3, 2024 23:28:43.802010059 CET	1.1.1.1	192.168.2.7	0x3d2e	No error (0)	ddbm2.paypal.com.first-party-js.datadome.co		18.66.161.70	A (IP address)	IN (0x0001)	false
Dec 3, 2024 23:28:45.975658894 CET	1.1.1.1	192.168.2.7	0xe60a	No error (0)	www.paypalobjects.com	ppo.glb.paypal.com		CNAME (Canonical name)	IN (0x0001)	false
Dec 3, 2024 23:28:45.975658894 CET	1.1.1.1	192.168.2.7	0xe60a	No error (0)	ppo.glb.paypal.com	cs1150.wpc.betacdn.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 3, 2024 23:28:45.975658894 CET	1.1.1.1	192.168.2.7	0xe60a	No error (0)	cs1150.wpc.betacdn.net		192.229.221.25	A (IP address)	IN (0x0001)	false
Dec 3, 2024 23:28:45.979681015 CET	1.1.1.1	192.168.2.7	0x572	No error (0)	www.paypalobjects.com	ppo.glb.paypal.com		CNAME (Canonical name)	IN (0x0001)	false
Dec 3, 2024 23:28:45.979681015 CET	1.1.1.1	192.168.2.7	0x572	No error (0)	ppo.glb.paypal.com	cs1150.wpc.betacdn.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 3, 2024 23:28:47.530277967 CET	1.1.1.1	192.168.2.7	0xcac6	No error (0)	ddbm2.paypal.com	ddbm2.paypal.com.first-party-js.datadome.co		CNAME (Canonical name)	IN (0x0001)	false
Dec 3, 2024 23:28:47.530277967 CET	1.1.1.1	192.168.2.7	0xcac6	No error (0)	ddbm2.paypal.com.first-party-js.datadome.co		18.66.161.70	A (IP address)	IN (0x0001)	false
Dec 3, 2024 23:28:47.530277967 CET	1.1.1.1	192.168.2.7	0xcac6	No error (0)	ddbm2.paypal.com.first-party-js.datadome.co		18.66.161.65	A (IP address)	IN (0x0001)	false
Dec 3, 2024 23:28:47.530277967 CET	1.1.1.1	192.168.2.7	0xcac6	No error (0)	ddbm2.paypal.com.first-party-js.datadome.co		18.66.161.97	A (IP address)	IN (0x0001)	false
Dec 3, 2024 23:28:47.530277967 CET	1.1.1.1	192.168.2.7	0xcac6	No error (0)	ddbm2.paypal.com.first-party-js.datadome.co		18.66.161.81	A (IP address)	IN (0x0001)	false
Dec 3, 2024 23:28:47.530505896 CET	1.1.1.1	192.168.2.7	0x8f83	No error (0)	ddbm2.paypal.com	ddbm2.paypal.com.first-party-js.datadome.co		CNAME (Canonical name)	IN (0x0001)	false
Dec 3, 2024 23:28:48.668593884 CET	1.1.1.1	192.168.2.7	0x2cea	No error (0)	t.paypal.com	t.glb.paypal.com		CNAME (Canonical name)	IN (0x0001)	false
Dec 3, 2024 23:28:48.668593884 CET	1.1.1.1	192.168.2.7	0x2cea	No error (0)	t.glb.paypal.com	paypal-dynamic-cdn.map.fastly.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 3, 2024 23:28:48.668593884 CET	1.1.1.1	192.168.2.7	0x2cea	No error (0)	paypal-dynamic-cdn.map.fastly.net		151.101.3.1	A (IP address)	IN (0x0001)	false
Dec 3, 2024 23:28:48.668593884 CET	1.1.1.1	192.168.2.7	0x2cea	No error (0)	paypal-dynamic-cdn.map.fastly.net		151.101.67.1	A (IP address)	IN (0x0001)	false
Dec 3, 2024 23:28:48.668593884 CET	1.1.1.1	192.168.2.7	0x2cea	No error (0)	paypal-dynamic-cdn.map.fastly.net		151.101.131.1	A (IP address)	IN (0x0001)	false
Dec 3, 2024 23:28:48.668593884 CET	1.1.1.1	192.168.2.7	0x2cea	No error (0)	paypal-dynamic-cdn.map.fastly.net		151.101.195.1	A (IP address)	IN (0x0001)	false
Dec 3, 2024 23:28:48.677742958 CET	1.1.1.1	192.168.2.7	0x766f	No error (0)	t.paypal.com	t.glb.paypal.com		CNAME (Canonical name)	IN (0x0001)	false
Dec 3, 2024 23:28:48.677742958 CET	1.1.1.1	192.168.2.7	0x766f	No error (0)	t.glb.paypal.com	paypal-dynamic-cdn.map.fastly.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 3, 2024 23:28:50.732690096 CET	1.1.1.1	192.168.2.7	0x7a54	No error (0)	t.paypal.com	t.glb.paypal.com		CNAME (Canonical name)	IN (0x0001)	false
Dec 3, 2024 23:28:50.732690096 CET	1.1.1.1	192.168.2.7	0x7a54	No error (0)	t.glb.paypal.com	paypal-dynamic-cdn.map.fastly.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 3, 2024 23:28:50.732690096 CET	1.1.1.1	192.168.2.7	0x7a54	No error (0)	paypal-dynamic-cdn.map.fastly.net		151.101.195.1	A (IP address)	IN (0x0001)	false
Dec 3, 2024 23:28:50.732690096 CET	1.1.1.1	192.168.2.7	0x7a54	No error (0)	paypal-dynamic-cdn.map.fastly.net		151.101.67.1	A (IP address)	IN (0x0001)	false
Dec 3, 2024 23:28:50.732690096 CET	1.1.1.1	192.168.2.7	0x7a54	No error (0)	paypal-dynamic-cdn.map.fastly.net		151.101.131.1	A (IP address)	IN (0x0001)	false
Dec 3, 2024 23:28:50.732690096 CET	1.1.1.1	192.168.2.7	0x7a54	No error (0)	paypal-dynamic-cdn.map.fastly.net		151.101.3.1	A (IP address)	IN (0x0001)	false
Dec 3, 2024 23:28:50.733989000 CET	1.1.1.1	192.168.2.7	0xd246	No error (0)	t.paypal.com	t.glb.paypal.com		CNAME (Canonical name)	IN (0x0001)	false
Dec 3, 2024 23:28:50.733989000 CET	1.1.1.1	192.168.2.7	0xd246	No error (0)	t.glb.paypal.com	paypal-dynamic-cdn.map.fastly.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 3, 2024 23:28:50.820219994 CET	1.1.1.1	192.168.2.7	0xc40c	No error (0)	www.paypalobjects.com	ppo.glb.paypal.com		CNAME (Canonical name)	IN (0x0001)	false
Dec 3, 2024 23:28:50.820219994 CET	1.1.1.1	192.168.2.7	0xc40c	No error (0)	ppo.glb.paypal.com	cs1150.wpc.betacdn.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 3, 2024 23:28:50.820219994 CET	1.1.1.1	192.168.2.7	0xc40c	No error (0)	cs1150.wpc.betacdn.net		192.229.221.25	A (IP address)	IN (0x0001)	false
Dec 3, 2024 23:28:50.821038961 CET	1.1.1.1	192.168.2.7	0xad12	No error (0)	www.paypalobjects.com	ppo.glb.paypal.com		CNAME (Canonical name)	IN (0x0001)	false
Dec 3, 2024 23:28:50.821038961 CET	1.1.1.1	192.168.2.7	0xad12	No error (0)	ppo.glb.paypal.com	cs1150.wpc.betacdn.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 3, 2024 23:28:53.501595974 CET	1.1.1.1	192.168.2.7	0xd0fd	No error (0)	www.recaptcha.net		172.217.19.227	A (IP address)	IN (0x0001)	false
Dec 3, 2024 23:28:56.418055058 CET	1.1.1.1	192.168.2.7	0xd4e2	No error (0)	www.recaptcha.net		172.217.19.227	A (IP address)	IN (0x0001)	false
Dec 3, 2024 23:28:57.753118992 CET	1.1.1.1	192.168.2.7	0x350e	No error (0)	www.paypal.com	www.glb.paypal.com		CNAME (Canonical name)	IN (0x0001)	false
Dec 3, 2024 23:28:57.753118992 CET	1.1.1.1	192.168.2.7	0x350e	No error (0)	www.glb.paypal.com	paypal-dynamic.map.fastly.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 3, 2024 23:28:57.753118992 CET	1.1.1.1	192.168.2.7	0x350e	No error (0)	paypal-dynamic.map.fastly.net		151.101.129.21	A (IP address)	IN (0x0001)	false
Dec 3, 2024 23:28:57.753118992 CET	1.1.1.1	192.168.2.7	0x350e	No error (0)	paypal-dynamic.map.fastly.net		151.101.193.21	A (IP address)	IN (0x0001)	false
Dec 3, 2024 23:28:57.753118992 CET	1.1.1.1	192.168.2.7	0x350e	No error (0)	paypal-dynamic.map.fastly.net		151.101.65.21	A (IP address)	IN (0x0001)	false
Dec 3, 2024 23:28:57.753118992 CET	1.1.1.1	192.168.2.7	0x350e	No error (0)	paypal-dynamic.map.fastly.net		151.101.1.21	A (IP address)	IN (0x0001)	false
Dec 3, 2024 23:28:57.753761053 CET	1.1.1.1	192.168.2.7	0x1bd	No error (0)	www.paypal.com	www.glb.paypal.com		CNAME (Canonical name)	IN (0x0001)	false
Dec 3, 2024 23:28:57.753761053 CET	1.1.1.1	192.168.2.7	0x1bd	No error (0)	www.glb.paypal.com	paypal-dynamic.map.fastly.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 3, 2024 23:29:04.387047052 CET	1.1.1.1	192.168.2.7	0xe9e4	No error (0)	hcaptcha.paypal.com	paypal-dynamic-cdn.map.fastly.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 3, 2024 23:29:04.395744085 CET	1.1.1.1	192.168.2.7	0xc218	No error (0)	hcaptcha.paypal.com	paypal-dynamic-cdn.map.fastly.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 3, 2024 23:29:04.395744085 CET	1.1.1.1	192.168.2.7	0xc218	No error (0)	paypal-dynamic-cdn.map.fastly.net		151.101.3.1	A (IP address)	IN (0x0001)	false
Dec 3, 2024 23:29:04.395744085 CET	1.1.1.1	192.168.2.7	0xc218	No error (0)	paypal-dynamic-cdn.map.fastly.net		151.101.67.1	A (IP address)	IN (0x0001)	false
Dec 3, 2024 23:29:04.395744085 CET	1.1.1.1	192.168.2.7	0xc218	No error (0)	paypal-dynamic-cdn.map.fastly.net		151.101.131.1	A (IP address)	IN (0x0001)	false
Dec 3, 2024 23:29:04.395744085 CET	1.1.1.1	192.168.2.7	0xc218	No error (0)	paypal-dynamic-cdn.map.fastly.net		151.101.195.1	A (IP address)	IN (0x0001)	false
Dec 3, 2024 23:29:07.057605028 CET	1.1.1.1	192.168.2.7	0x5f93	No error (0)	hcaptcha.paypal.com	paypal-dynamic-cdn.map.fastly.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 3, 2024 23:29:07.057634115 CET	1.1.1.1	192.168.2.7	0x8824	No error (0)	hcaptcha.paypal.com	paypal-dynamic-cdn.map.fastly.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 3, 2024 23:29:07.057634115 CET	1.1.1.1	192.168.2.7	0x8824	No error (0)	paypal-dynamic-cdn.map.fastly.net		151.101.131.1	A (IP address)	IN (0x0001)	false
Dec 3, 2024 23:29:07.057634115 CET	1.1.1.1	192.168.2.7	0x8824	No error (0)	paypal-dynamic-cdn.map.fastly.net		151.101.195.1	A (IP address)	IN (0x0001)	false
Dec 3, 2024 23:29:07.057634115 CET	1.1.1.1	192.168.2.7	0x8824	No error (0)	paypal-dynamic-cdn.map.fastly.net		151.101.3.1	A (IP address)	IN (0x0001)	false
Dec 3, 2024 23:29:07.057634115 CET	1.1.1.1	192.168.2.7	0x8824	No error (0)	paypal-dynamic-cdn.map.fastly.net		151.101.67.1	A (IP address)	IN (0x0001)	false
Dec 3, 2024 23:29:07.228614092 CET	1.1.1.1	192.168.2.7	0x616	No error (0)	newassets.hcaptcha.paypal.com	paypal-dynamic-cdn.map.fastly.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 3, 2024 23:29:07.228614092 CET	1.1.1.1	192.168.2.7	0x616	No error (0)	paypal-dynamic-cdn.map.fastly.net		151.101.3.1	A (IP address)	IN (0x0001)	false
Dec 3, 2024 23:29:07.228614092 CET	1.1.1.1	192.168.2.7	0x616	No error (0)	paypal-dynamic-cdn.map.fastly.net		151.101.67.1	A (IP address)	IN (0x0001)	false
Dec 3, 2024 23:29:07.228614092 CET	1.1.1.1	192.168.2.7	0x616	No error (0)	paypal-dynamic-cdn.map.fastly.net		151.101.131.1	A (IP address)	IN (0x0001)	false
Dec 3, 2024 23:29:07.228614092 CET	1.1.1.1	192.168.2.7	0x616	No error (0)	paypal-dynamic-cdn.map.fastly.net		151.101.195.1	A (IP address)	IN (0x0001)	false
Dec 3, 2024 23:29:07.254743099 CET	1.1.1.1	192.168.2.7	0x6d09	No error (0)	newassets.hcaptcha.paypal.com	paypal-dynamic-cdn.map.fastly.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 3, 2024 23:29:10.128407955 CET	1.1.1.1	192.168.2.7	0x8da0	No error (0)	hcaptcha.paypal.com	paypal-dynamic-cdn.map.fastly.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 3, 2024 23:29:10.128407955 CET	1.1.1.1	192.168.2.7	0x8da0	No error (0)	paypal-dynamic-cdn.map.fastly.net		151.101.67.1	A (IP address)	IN (0x0001)	false
Dec 3, 2024 23:29:10.128407955 CET	1.1.1.1	192.168.2.7	0x8da0	No error (0)	paypal-dynamic-cdn.map.fastly.net		151.101.3.1	A (IP address)	IN (0x0001)	false
Dec 3, 2024 23:29:10.128407955 CET	1.1.1.1	192.168.2.7	0x8da0	No error (0)	paypal-dynamic-cdn.map.fastly.net		151.101.195.1	A (IP address)	IN (0x0001)	false
Dec 3, 2024 23:29:10.128407955 CET	1.1.1.1	192.168.2.7	0x8da0	No error (0)	paypal-dynamic-cdn.map.fastly.net		151.101.131.1	A (IP address)	IN (0x0001)	false
Dec 3, 2024 23:29:10.128588915 CET	1.1.1.1	192.168.2.7	0xe355	No error (0)	hcaptcha.paypal.com	paypal-dynamic-cdn.map.fastly.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 3, 2024 23:29:15.466015100 CET	1.1.1.1	192.168.2.7	0x5702	No error (0)	newassets.hcaptcha.paypal.com	paypal-dynamic-cdn.map.fastly.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 3, 2024 23:29:15.466900110 CET	1.1.1.1	192.168.2.7	0x9fcd	No error (0)	newassets.hcaptcha.paypal.com	paypal-dynamic-cdn.map.fastly.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 3, 2024 23:29:15.466900110 CET	1.1.1.1	192.168.2.7	0x9fcd	No error (0)	paypal-dynamic-cdn.map.fastly.net		151.101.195.1	A (IP address)	IN (0x0001)	false
Dec 3, 2024 23:29:15.466900110 CET	1.1.1.1	192.168.2.7	0x9fcd	No error (0)	paypal-dynamic-cdn.map.fastly.net		151.101.67.1	A (IP address)	IN (0x0001)	false
Dec 3, 2024 23:29:15.466900110 CET	1.1.1.1	192.168.2.7	0x9fcd	No error (0)	paypal-dynamic-cdn.map.fastly.net		151.101.131.1	A (IP address)	IN (0x0001)	false
Dec 3, 2024 23:29:15.466900110 CET	1.1.1.1	192.168.2.7	0x9fcd	No error (0)	paypal-dynamic-cdn.map.fastly.net		151.101.3.1	A (IP address)	IN (0x0001)	false
Dec 3, 2024 23:29:40.964952946 CET	1.1.1.1	192.168.2.7	0xe13a	No error (0)	www.google.com			65	IN (0x0001)	false
Dec 3, 2024 23:29:40.965270996 CET	1.1.1.1	192.168.2.7	0x8a29	No error (0)	www.google.com		142.250.181.68	A (IP address)	IN (0x0001)	false
Dec 3, 2024 23:29:43.836999893 CET	1.1.1.1	192.168.2.7	0x6572	No error (0)	www.google.com			65	IN (0x0001)	false
Dec 3, 2024 23:29:43.837053061 CET	1.1.1.1	192.168.2.7	0x9ec3	No error (0)	www.google.com		142.250.181.68	A (IP address)	IN (0x0001)	false

Timestamp	Bytes transferred	Direction	Data
2024-12-03 22:28:41 UTC	161	OUT	HEAD /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-12-03 22:28:42 UTC	479	IN	HTTP/1.1 200 OK Content-Type: application/octet-stream Server: Kestrel ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-weu-z1 Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json X-OSID: 2 X-CID: 2 X-CCC: GB Cache-Control: public, max-age=142127 Date: Tue, 03 Dec 2024 22:28:41 GMT Connection: close X-CID: 2

Timestamp	Bytes transferred	Direction	Data
2024-12-03 22:28:42 UTC	2221	OUT	GET /signin/?returnUri=2Fmyaccount2Ftransfer2FpayRequest2FU-06C88558L1014094C2FU-2DM00000BR77214333FclassicUrl3D2FUS2Fcgi-bin2F3Fcmd3D_prq&id=Ry38v2FrK0UjF72A307PSNceYxU8e31AX6KM7A&expId=p2p&onboardData=7B22signUpRequest223A7B22method223A22get222C22url223A22https3A2F2Fwww.paypal.com2Fmyaccount2Ftransfer2FguestLogin2FpayRequest2FU-06C88558L1014094C2FU-2DM00000BR77214333FclassicUrl3D2FUS2Fcgi-bin2F3Fcmd3D_prq26id3DRy38v2FrK0UjF72A307PSNceYxU8e31AX6KM7A227D7D&flowContextData=EPipLgYQkcQiPC6xPmHLsMuav-qVcafyzQ_WyOueO1YLprxlMy2pR71HozTcXvF3gDlTVCnYOiGO1RH-x7AipFN1b_fXcnymzC7htRa-Up9txf3z7YS5D19T0nlKma78-VkCV-TQDV5CW84rr3rCJNYe1-fM_jtU4E9Padf_oYXGfzDmevT97BhWrEB2gc-cCgFZtePLBN_tEqZ2EXbR1HfEixVltCquJW08dhO4loCGR0Fw-i9hA2gm89p74lOnm_ylvkeMAFpn0MW2giVYeRb3X0Q993Fc-WNeqYIyYpEqnx8lWPo6TeIWhqhOu3HF3VENmMaY6Nw84pRr3Et2JJaxNrKrdwGltz9Bbxuv5CKbKgj5FHLgD4yz3AaxBVHUmdApOlWCmLbKHzdVBa3Y_WNm9O8_MwExtGHJFp8NDUJAXIhZaK7XQl16wX5aXhnY7INelm&v=1&utm_source=unp&utm_medium=email&utm_camp [TRUNCATED] Host: www.paypal.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-12-03 22:28:43 UTC	299	IN	HTTP/1.1 200 OK Connection: close Content-Length: 22479 Accept-Ch: sec-ch-ua-full, sec-ch-ua-arch, sec-ch-ua-model, sec-ch-ua-platform-version, sec-ch-ua-full-version, sec-ch-ua-full-version-list, sec-ch-ua-bitness, sec-ch-ua-wow64 Cache-Control: max-age=0, no-cache, no-store, must-revalidate
2024-12-03 22:28:43 UTC	2385	IN	Data Raw: 43 6f 6e 74 65 6e 74 2d 53 65 63 75 72 69 74 79 2d 50 6f 6c 69 63 79 3a 20 64 65 66 61 75 6c 74 2d 73 72 63 20 27 73 65 6c 66 27 20 68 74 74 70 73 3a 2f 2f 2a 2e 70 61 79 70 61 6c 2e 63 6f 6d 20 68 74 74 70 73 3a 2f 2f 2a 2e 70 61 79 70 61 6c 2e 63 6e 20 68 74 74 70 73 3a 2f 2f 2a 2e 70 61 79 70 61 6c 6f 62 6a 65 63 74 73 2e 63 6f 6d 20 68 74 74 70 73 3a 2f 2f 6f 62 6a 65 63 74 73 2e 70 61 79 70 61 6c 2e 63 6e 20 27 75 6e 73 61 66 65 2d 69 6e 6c 69 6e 65 27 3b 20 73 63 72 69 70 74 2d 73 72 63 20 27 6e 6f 6e 63 65 2d 58 58 30 7a 73 2b 57 54 6e 56 42 73 33 64 61 30 75 57 61 48 52 70 38 54 54 65 6b 61 57 59 61 38 72 33 77 31 34 42 30 56 73 72 75 34 39 4a 6c 54 27 20 27 73 65 6c 66 27 20 68 74 74 70 73 3a 2f 2f 2a 2e 70 61 79 70 61 6c 2e 63 6f 6d 20 68 74 74 Data Ascii: Content-Security-Policy: default-src 'self' https://.paypal.com https://.paypal.cn https://.paypalobjects.com https://objects.paypal.cn 'unsafe-inline'; script-src 'nonce-XX0zs+WTnVBs3da0uWaHRp8TTekaWYa8r3w14B0Vsru49JlT' 'self' https://.paypal.com htt
2024-12-03 22:28:43 UTC	1443	IN	Data Raw: 53 65 74 2d 43 6f 6f 6b 69 65 3a 20 64 5f 69 64 3d 37 37 32 35 39 39 37 61 64 64 61 65 34 63 32 64 61 36 36 62 64 32 37 64 39 32 39 35 38 36 64 63 31 37 33 33 32 36 34 39 32 33 30 30 34 3b 20 4d 61 78 2d 41 67 65 3d 33 31 35 35 33 32 37 39 39 3b 20 44 6f 6d 61 69 6e 3d 2e 70 61 79 70 61 6c 2e 63 6f 6d 3b 20 50 61 74 68 3d 2f 3b 20 45 78 70 69 72 65 73 3d 53 75 6e 2c 20 30 33 20 44 65 63 20 32 30 33 34 20 32 32 3a 32 38 3a 34 32 20 47 4d 54 3b 20 48 74 74 70 4f 6e 6c 79 3b 20 53 65 63 75 72 65 3b 20 53 61 6d 65 53 69 74 65 3d 4e 6f 6e 65 0d 0a 53 65 74 2d 43 6f 6f 6b 69 65 3a 20 4c 41 4e 47 3d 65 6e 5f 55 53 25 33 42 55 53 3b 20 4d 61 78 2d 41 67 65 3d 33 31 35 35 36 3b 20 44 6f 6d 61 69 6e 3d 2e 70 61 79 70 61 6c 2e 63 6f 6d 3b 20 50 61 74 68 3d 2f 3b 20 Data Ascii: Set-Cookie: d_id=7725997addae4c2da66bd27d929586dc1733264923004; Max-Age=315532799; Domain=.paypal.com; Path=/; Expires=Sun, 03 Dec 2034 22:28:42 GMT; HttpOnly; Secure; SameSite=NoneSet-Cookie: LANG=en_US%3BUS; Max-Age=31556; Domain=.paypal.com; Path=/;
2024-12-03 22:28:43 UTC	645	IN	Data Raw: 54 72 61 63 65 70 61 72 65 6e 74 3a 20 30 30 2d 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 66 37 34 36 32 38 31 36 32 36 64 36 36 2d 30 32 35 38 37 32 64 32 39 37 61 35 39 62 63 63 2d 30 31 0d 0a 58 2d 43 6f 6e 74 65 6e 74 2d 54 79 70 65 2d 4f 70 74 69 6f 6e 73 3a 20 6e 6f 73 6e 69 66 66 0d 0a 58 2d 46 72 61 6d 65 2d 4f 70 74 69 6f 6e 73 3a 20 53 41 4d 45 4f 52 49 47 49 4e 0d 0a 58 2d 58 73 73 2d 50 72 6f 74 65 63 74 69 6f 6e 3a 20 31 3b 20 6d 6f 64 65 3d 62 6c 6f 63 6b 0d 0a 44 43 3a 20 63 63 67 31 31 2d 6f 72 69 67 69 6e 2d 77 77 77 2d 31 2e 70 61 79 70 61 6c 2e 63 6f 6d 0d 0a 41 63 63 65 70 74 2d 52 61 6e 67 65 73 3a 20 62 79 74 65 73 0d 0a 56 69 61 3a 20 31 2e 31 20 76 61 72 6e 69 73 68 2c 20 31 2e 31 20 76 61 72 6e 69 73 68 2c 20 31 2e Data Ascii: Traceparent: 00-0000000000000000000f746281626d66-025872d297a59bcc-01X-Content-Type-Options: nosniffX-Frame-Options: SAMEORIGINX-Xss-Protection: 1; mode=blockDC: ccg11-origin-www-1.paypal.comAccept-Ranges: bytesVia: 1.1 varnish, 1.1 varnish, 1.
2024-12-03 22:28:43 UTC	1378	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 21 2d 2d 5b 69 66 20 6c 74 20 49 45 20 39 5d 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 6c 6f 63 61 6c 65 3d 22 65 6e 5f 55 53 22 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 6c 6f 77 65 72 2d 74 68 61 6e 2d 69 65 39 20 69 65 20 64 65 73 6b 74 6f 70 22 20 64 61 74 61 2d 6c 61 6e 67 70 61 63 6b 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 70 61 79 70 61 6c 6f 62 6a 65 63 74 73 2e 63 6f 6d 2f 77 65 62 2f 72 65 73 2f 30 38 37 2f 39 66 37 33 31 64 38 62 63 65 64 64 35 62 37 65 37 61 33 39 37 35 63 30 32 34 32 37 38 2f 65 6e 2d 55 53 2f 5f 6c 61 6e 67 75 61 67 65 70 61 63 6b 22 3e 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 3c 21 2d 2d 5b 69 66 20 6c 74 20 49 45 20 31 30 5d 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e Data Ascii: <!DOCTYPE html>...[if lt IE 9]><html lang="en" locale="en_US" class="no-js lower-than-ie9 ie desktop" data-langpack="https://www.paypalobjects.com/web/res/087/9f731d8bcedd5b7e7a3975c024278/en-US/_languagepack"><![endif]-->...[if lt IE 10]><html lang="en
2024-12-03 22:28:43 UTC	1378	IN	Data Raw: 6e 71 61 61 51 68 4c 6e 2f 6e 6d 57 54 38 63 53 55 6a 4f 78 38 39 38 71 6f 59 5a 30 62 69 51 6c 4e 69 43 48 4b 57 57 6f 66 49 54 6a 79 72 54 76 6f 49 37 5a 6e 6e 47 62 68 73 2b 66 20 72 6c 6f 67 69 64 20 3a 20 72 5a 4a 76 6e 71 61 61 51 68 4c 6e 25 32 46 6e 6d 57 54 38 63 53 55 6f 74 53 79 6c 4d 47 4f 54 47 6b 52 55 4d 44 70 6d 55 54 76 62 58 64 76 65 76 75 4d 4d 46 41 66 56 70 67 50 48 51 4f 33 44 53 31 35 51 25 32 42 73 39 30 70 64 30 34 69 78 54 36 4e 44 59 55 44 73 6a 62 4f 70 4a 53 52 44 79 79 5a 4d 5f 31 39 33 38 65 61 33 64 39 36 62 20 2d 2d 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 3c 74 69 74 6c 65 3e 3c 2f 74 69 74 6c 65 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 Data Ascii: nqaaQhLn/nmWT8cSUjOx898qoYZ0biQlNiCHKWWofITjyrTvoI7ZnnGbhs+f rlogid : rZJvnqaaQhLn%2FnmWT8cSUotSylMGOTGkRUMDpmUTvbXdvevuMMFAfVpgPHQO3DS15Q%2Bs90pd04ixT6NDYUDsjbOpJSRDyyZM_1938ea3d96b --><meta charset="utf-8" /><title></title><meta http-equiv="content-type
2024-12-03 22:28:43 UTC	1378	IN	Data Raw: 73 22 20 2f 3e 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 69 6d 61 67 65 22 20 63 6f 6e 74 65 6e 74 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 70 61 79 70 61 6c 6f 62 6a 65 63 74 73 2e 63 6f 6d 2f 77 65 62 73 74 61 74 69 63 2f 69 63 6f 6e 2f 70 70 32 35 38 2e 70 6e 67 22 20 2f 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 69 6e 64 65 78 22 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 70 61 79 70 61 6c 6f 62 6a 65 63 74 73 2e 63 6f 6d 2f 77 65 62 2f 72 65 73 2f 30 38 37 2f 39 66 37 33 31 64 38 62 63 65 64 64 35 62 37 65 37 61 33 39 37 35 63 30 32 34 32 37 38 2f 63 73 73 2f 61 70 70 2e 63 73 73 22 20 2f 3e 3c 21 2d Data Ascii: s" /><meta property="og:image" content="https://www.paypalobjects.com/webstatic/icon/pp258.png" /><meta name="robots" content="noindex"><link rel="stylesheet" href="https://www.paypalobjects.com/web/res/087/9f731d8bcedd5b7e7a3975c024278/css/app.css" /><!-
2024-12-03 22:28:43 UTC	1378	IN	Data Raw: 2e 70 61 79 70 61 6c 6f 62 6a 65 63 74 73 2e 63 6f 6d 2f 77 65 62 2f 72 65 73 2f 30 38 37 2f 39 66 37 33 31 64 38 62 63 65 64 64 35 62 37 65 37 61 33 39 37 35 63 30 32 34 32 37 38 2f 6a 73 2f 74 65 6d 70 6c 61 74 65 73 2f 25 73 22 64 61 74 61 2d 65 6e 61 62 6c 65 2d 63 6c 69 65 6e 74 2d 63 61 6c 2d 6c 6f 67 67 69 6e 67 3d 22 74 72 75 65 22 64 61 74 61 2d 63 6f 72 72 65 6c 61 74 69 6f 6e 2d 69 64 3d 22 66 37 34 36 32 38 31 36 32 36 64 36 36 22 64 61 74 61 2d 63 6c 69 65 6e 74 2d 6e 61 6d 65 3d 22 75 6c 22 64 61 74 61 2d 65 6e 61 62 6c 65 2d 66 6e 2d 62 65 61 63 6f 6e 2d 6f 6e 2d 77 65 62 2d 76 69 65 77 73 3d 22 74 72 75 65 22 64 61 74 61 2d 6e 6f 6e 63 65 3d 22 58 58 30 7a 73 2b 57 54 6e 56 42 73 33 64 61 30 75 57 61 48 52 70 38 54 54 65 6b 61 57 59 61 38 Data Ascii: .paypalobjects.com/web/res/087/9f731d8bcedd5b7e7a3975c024278/js/templates/%s"data-enable-client-cal-logging="true"data-correlation-id="f746281626d66"data-client-name="ul"data-enable-fn-beacon-on-web-views="true"data-nonce="XX0zs+WTnVBs3da0uWaHRp8TTekaWYa8
2024-12-03 22:28:43 UTC	1378	IN	Data Raw: 35 29 20 37 30 34 2d 32 35 38 32 20 74 6f 20 72 65 76 69 65 77 20 61 6e 64 20 72 65 71 75 65 73 74 20 61 20 72 65 66 75 6e 64 20 69 66 20 6e 65 63 65 73 73 61 72 79 2e 3c 2f 73 70 61 6e 3e 3c 2f 64 69 76 3e 3c 2f 68 31 3e 3c 64 69 76 20 69 64 3d 22 6e 6f 74 69 66 69 63 61 74 69 6f 6e 73 22 20 63 6c 61 73 73 3d 22 6e 6f 74 69 66 69 63 61 74 69 6f 6e 73 22 3e 3c 2f 64 69 76 3e 3c 66 6f 72 6d 20 61 63 74 69 6f 6e 3d 22 2f 73 69 67 6e 69 6e 22 20 6d 65 74 68 6f 64 3d 22 70 6f 73 74 22 20 63 6c 61 73 73 3d 22 70 72 6f 63 65 65 64 20 6d 61 73 6b 61 62 6c 65 22 20 61 75 74 6f 63 6f 6d 70 6c 65 74 65 3d 22 6f 66 66 22 20 6e 61 6d 65 3d 22 6c 6f 67 69 6e 22 20 6e 6f 76 61 6c 69 64 61 74 65 3e 3c 69 6e 70 75 74 20 74 79 70 65 3d 22 68 69 64 64 65 6e 22 20 69 64 3d Data Ascii: 5) 704-2582 to review and request a refund if necessary.</span></div></h1><div id="notifications" class="notifications"></div><form action="/signin" method="post" class="proceed maskable" autocomplete="off" name="login" novalidate><input type="hidden" id=
2024-12-03 22:28:43 UTC	1378	IN	Data Raw: 6d 61 69 6c 22 63 6c 61 73 73 3d 22 68 61 73 48 65 6c 70 20 20 76 61 6c 69 64 61 74 65 45 6d 70 74 79 20 20 20 22 76 61 6c 75 65 3d 22 22 09 09 61 75 74 6f 63 6f 6d 70 6c 65 74 65 3d 09 22 75 73 65 72 6e 61 6d 65 22 09 09 09 70 6c 61 63 65 68 6f 6c 64 65 72 3d 09 22 45 6d 61 69 6c 22 09 09 61 72 69 61 2d 64 65 73 63 72 69 62 65 64 62 79 3d 22 65 6d 61 69 6c 45 72 72 6f 72 4d 65 73 73 61 67 65 22 2f 3e 3c 6c 61 62 65 6c 20 66 6f 72 3d 22 65 6d 61 69 6c 22 20 63 6c 61 73 73 3d 22 66 69 65 6c 64 4c 61 62 65 6c 22 3e 45 6d 61 69 6c 3c 2f 6c 61 62 65 6c 3e 3c 2f 64 69 76 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22 65 72 72 6f 72 4d 65 73 73 61 67 65 22 69 64 3d 22 65 6d 61 69 6c 45 72 72 6f 72 4d 65 73 73 61 67 65 22 20 3e 3c 70 20 63 6c 61 73 73 3d 22 65 6d 70 74 Data Ascii: mail"class="hasHelp validateEmpty "value=""autocomplete="username"placeholder="Email"aria-describedby="emailErrorMessage"/><label for="email" class="fieldLabel">Email</label></div><div class="errorMessage"id="emailErrorMessage" ><p class="empt
2024-12-03 22:28:43 UTC	1378	IN	Data Raw: 74 6f 6e 3e 3c 2f 64 69 76 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22 66 6f 72 67 6f 74 4c 69 6e 6b 22 3e 3c 61 20 68 72 65 66 3d 22 2f 61 75 74 68 66 6c 6f 77 2f 70 61 73 73 77 6f 72 64 2d 72 65 63 6f 76 65 72 79 2f 3f 72 65 64 69 72 65 63 74 55 72 69 3d 25 32 35 32 46 73 69 67 6e 69 6e 25 32 35 32 46 25 32 35 33 46 72 65 74 75 72 6e 55 72 69 25 32 35 33 44 2a 32 46 6d 79 61 63 63 6f 75 6e 74 2a 32 46 74 72 61 6e 73 66 65 72 2a 32 46 70 61 79 52 65 71 75 65 73 74 2a 32 46 55 2d 30 36 43 38 38 35 35 38 4c 31 30 31 34 30 39 34 43 2a 32 46 55 2d 32 44 4d 30 30 30 30 30 42 52 37 37 32 31 34 33 33 2a 33 46 63 6c 61 73 73 69 63 55 72 6c 2a 33 44 2a 32 46 55 53 2a 32 46 63 67 69 2d 62 69 6e 2a 32 46 2a 33 46 63 6d 64 2a 33 44 5f 70 72 71 25 32 35 32 36 69 64 25 32 Data Ascii: ton></div><div class="forgotLink"><a href="/authflow/password-recovery/?redirectUri=%252Fsignin%252F%253FreturnUri%253D2Fmyaccount2Ftransfer2FpayRequest2FU-06C88558L1014094C2FU-2DM00000BR77214333FclassicUrl3D2FUS2Fcgi-bin2F3Fcmd3D_prq%2526id%2

Timestamp	Bytes transferred	Direction	Data
2024-12-03 22:28:43 UTC	239	OUT	GET /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT Range: bytes=0-2147483646 User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-12-03 22:28:44 UTC	534	IN	HTTP/1.1 200 OK Content-Type: application/octet-stream Last-Modified: Tue, 16 May 2017 22:58:00 GMT ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" ApiVersion: Distribute 1.1 Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json X-Azure-Ref: 0WwMRYwAAAABe7whxSEuqSJRuLqzPsqCaTE9OMjFFREdFMTcxNQBjZWZjMjU4My1hOWIyLTQ0YTctOTc1NS1iNzZkMTdlMDVmN2Y= Cache-Control: public, max-age=49001 Date: Tue, 03 Dec 2024 22:28:43 GMT Content-Length: 55 Connection: close X-CID: 2
2024-12-03 22:28:44 UTC	55	IN	Data Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

Timestamp	Bytes transferred	Direction	Data
2024-12-03 22:28:45 UTC	586	OUT	GET /web/res/087/9f731d8bcedd5b7e7a3975c024278/css/app.css HTTP/1.1 Host: www.paypalobjects.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: text/css,/;q=0.1 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: style Referer: https://www.paypal.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-12-03 22:28:45 UTC	779	IN	HTTP/1.1 200 OK Access-Control-Allow-Headers: x-csrf-token Access-Control-Allow-Methods: GET Access-Control-Allow-Origin: * Cache-Control: max-age=31536000, s-maxage=31536000 Content-Type: text/css Date: Tue, 03 Dec 2024 22:28:45 GMT DC: ccg11-origin-www-1.paypal.com Etag: W/"6737ef0a-1278c" Expires: Wed, 03 Dec 2025 22:28:45 GMT Last-Modified: Sat, 16 Nov 2024 01:02:02 GMT Paypal-Debug-Id: bd5c98c08d7b7 Server: ECAcc (lhd/35CF) Strict-Transport-Security: max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: https://www.paypal.com,https://www.sandbox.paypal.com Traceparent: 00-0000000000000000000bd5c98c08d7b7-ae5d808507650231-01 Vary: Accept-Encoding X-Cache: HIT X-Content-Type-Options: nosniff Content-Length: 75660 Connection: close
2024-12-03 22:28:45 UTC	16383	IN	Data Raw: 2f 2a 2a 20 6d 65 74 68 6f 64 20 72 65 73 70 6f 6e 73 69 62 6c 65 20 66 6f 72 20 6c 6f 61 64 69 6e 67 20 74 68 65 20 62 61 63 6b 67 72 6f 75 6e 64 20 69 6d 61 67 65 20 73 65 74 20 69 6e 20 43 53 53 20 2a 2a 2f 0a 40 2d 77 65 62 6b 69 74 2d 6b 65 79 66 72 61 6d 65 73 20 72 6f 74 61 74 69 6f 6e 20 7b 0a 20 20 66 72 6f 6d 20 7b 0a 20 20 20 20 2d 77 65 62 6b 69 74 2d 74 72 61 6e 73 66 6f 72 6d 3a 20 72 6f 74 61 74 65 28 30 64 65 67 29 3b 0a 20 20 20 20 74 72 61 6e 73 66 6f 72 6d 3a 20 72 6f 74 61 74 65 28 30 64 65 67 29 3b 0a 20 20 7d 0a 20 20 74 6f 20 7b 0a 20 20 20 20 2d 77 65 62 6b 69 74 2d 74 72 61 6e 73 66 6f 72 6d 3a 20 72 6f 74 61 74 65 28 33 35 39 64 65 67 29 3b 0a 20 20 20 20 74 72 61 6e 73 66 6f 72 6d 3a 20 72 6f 74 61 74 65 28 33 35 39 64 65 67 29 Data Ascii: / method responsible for loading the background image set in CSS /@-webkit-keyframes rotation { from { -webkit-transform: rotate(0deg); transform: rotate(0deg); } to { -webkit-transform: rotate(359deg); transform: rotate(359deg)
2024-12-03 22:28:45 UTC	1	IN	Data Raw: 66 Data Ascii: f
2024-12-03 22:28:46 UTC	16383	IN	Data Raw: 6c 6f 77 3a 20 76 69 73 69 62 6c 65 3b 0a 20 20 62 6f 72 64 65 72 3a 20 30 3b 0a 20 20 70 61 64 64 69 6e 67 3a 20 30 3b 0a 20 20 62 61 63 6b 67 72 6f 75 6e 64 3a 20 6e 6f 6e 65 3b 0a 20 20 63 6f 6c 6f 72 3a 20 23 30 30 37 30 62 61 3b 0a 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 48 65 6c 76 65 74 69 63 61 4e 65 75 65 2d 4d 65 64 69 75 6d 2c 20 22 48 65 6c 76 65 74 69 63 61 20 4e 65 75 65 20 4d 65 64 69 75 6d 22 2c 20 48 65 6c 76 65 74 69 63 61 4e 65 75 65 2c 20 22 48 65 6c 76 65 74 69 63 61 20 4e 65 75 65 22 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 41 72 69 61 6c 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 65 6d 3b 0a 20 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 6c 65 66 74 3b 0a 20 20 74 65 78 74 2d 64 65 63 6f 72 61 Data Ascii: low: visible; border: 0; padding: 0; background: none; color: #0070ba; font-family: HelveticaNeue-Medium, "Helvetica Neue Medium", HelveticaNeue, "Helvetica Neue", Helvetica, Arial, sans-serif; font-size: 1em; text-align: left; text-decora
2024-12-03 22:28:46 UTC	16383	IN	Data Raw: 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 74 6f 20 72 69 67 68 74 2c 20 23 43 42 44 32 44 36 20 35 30 25 2c 20 72 67 62 61 28 32 35 35 2c 20 32 35 35 2c 20 32 35 35 2c 20 30 29 20 34 30 25 29 3b 0a 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 70 6f 73 69 74 69 6f 6e 3a 20 74 6f 70 3b 0a 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 73 69 7a 65 3a 20 33 70 78 20 31 70 78 3b 0a 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 72 65 70 65 61 74 3a 20 72 65 70 65 61 74 2d 78 3b 0a 20 20 68 65 69 67 68 74 3a 20 31 70 78 3b 0a 20 20 62 6f 72 64 65 72 3a 20 30 3b 0a 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 7d 0a 2e 73 65 6e 74 4d 65 73 73 61 67 65 20 7b 0a 20 20 63 6f 6c 6f 72 3a 20 23 31 62 39 65 31 62 3b 0a 7d 0a 2e 63 61 70 74 63 68 61 2d 63 6f 6e 74 61 69 6e 65 72 20 7b 0a 20 20 77 Data Ascii: near-gradient(to right, #CBD2D6 50%, rgba(255, 255, 255, 0) 40%); background-position: top; background-size: 3px 1px; background-repeat: repeat-x; height: 1px; border: 0; margin: 0;}.sentMessage { color: #1b9e1b;}.captcha-container { w
2024-12-03 22:28:46 UTC	16383	IN	Data Raw: 0a 2e 6f 6e 65 54 6f 75 63 68 52 6d 20 2e 73 74 65 70 73 20 2e 73 74 65 70 73 2d 69 63 6f 6e 2e 69 63 6f 6e 2d 31 20 7b 0a 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 70 6f 73 69 74 69 6f 6e 3a 20 30 20 2d 34 38 70 78 3b 0a 7d 0a 2e 6f 6e 65 54 6f 75 63 68 52 6d 20 2e 73 74 65 70 73 20 2e 73 74 65 70 73 2d 69 63 6f 6e 2e 69 63 6f 6e 2d 32 20 7b 0a 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 70 6f 73 69 74 69 6f 6e 3a 20 30 20 2d 39 30 70 78 3b 0a 7d 0a 2e 6f 6e 65 54 6f 75 63 68 52 6d 20 2e 72 65 61 73 73 75 72 65 20 7b 0a 20 20 6d 61 72 67 69 6e 3a 20 31 35 70 78 20 30 3b 0a 7d 0a 2e 6f 6e 65 54 6f 75 63 68 52 6d 20 2e 73 65 63 6f 6e 64 61 72 79 4c 69 6e 6b 20 7b 0a 20 20 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 31 32 70 78 3b 0a 7d 0a 2f 2a 2a 0a 2a 20 53 68 61 72 65 Data Ascii: .oneTouchRm .steps .steps-icon.icon-1 { background-position: 0 -48px;}.oneTouchRm .steps .steps-icon.icon-2 { background-position: 0 -90px;}.oneTouchRm .reassure { margin: 15px 0;}.oneTouchRm .secondaryLink { margin-top: 12px;}/*** Share
2024-12-03 22:28:46 UTC	10127	IN	Data Raw: 6f 6d 2f 69 6d 61 67 65 73 2f 73 68 61 72 65 64 2f 73 75 63 63 65 73 73 2d 61 6e 69 6d 61 74 69 6f 6e 5f 32 78 2e 67 69 66 22 29 20 6e 6f 2d 72 65 70 65 61 74 20 74 6f 70 20 63 65 6e 74 65 72 3b 0a 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 73 69 7a 65 3a 20 31 30 30 70 78 3b 0a 20 20 7d 0a 7d 0a 2e 67 72 65 79 4f 75 74 2c 0a 61 2e 67 72 65 79 4f 75 74 3a 68 6f 76 65 72 2c 0a 61 2e 67 72 65 79 4f 75 74 3a 6c 69 6e 6b 2c 0a 61 2e 67 72 65 79 4f 75 74 3a 76 69 73 69 74 65 64 2c 0a 61 2e 67 72 65 79 4f 75 74 3a 66 6f 63 75 73 20 7b 0a 20 20 63 6f 6c 6f 72 3a 20 23 64 64 64 3b 0a 7d 0a 2e 67 72 65 79 42 61 63 6b 67 72 6f 75 6e 64 20 7b 0a 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 64 64 64 3b 0a 7d 0a 62 75 74 74 6f 6e 2e 67 72 65 79 42 Data Ascii: om/images/shared/success-animation_2x.gif") no-repeat top center; background-size: 100px; }}.greyOut,a.greyOut:hover,a.greyOut:link,a.greyOut:visited,a.greyOut:focus { color: #ddd;}.greyBackground { background-color: #ddd;}button.greyB

Timestamp	Bytes transferred	Direction	Data
2024-12-03 22:28:45 UTC	567	OUT	GET /rdaAssets/fraudnet/sync/fn-sync-telemetry-min.js HTTP/1.1 Host: www.paypalobjects.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://www.paypal.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-12-03 22:28:45 UTC	754	IN	HTTP/1.1 200 OK Access-Control-Allow-Methods: GET Access-Control-Allow-Origin: * Cache-Control: s-maxage=31536000, public,max-age=3600 Content-Type: application/javascript Date: Tue, 03 Dec 2024 22:28:45 GMT DC: ccg11-origin-www-1.paypal.com Etag: "67230a66-19a5+ident" Expires: Tue, 03 Dec 2024 23:28:45 GMT Last-Modified: Thu, 31 Oct 2024 04:41:10 GMT Paypal-Debug-Id: 672801e377ba4 Server: ECAcc (lhd/35BC) Strict-Transport-Security: max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: https://www.paypal.com,https://www.sandbox.paypal.com Traceparent: 00-0000000000000000000672801e377ba4-3e2623f270924a3d-01 Vary: Accept-Encoding X-Cache: HIT X-Content-Type-Options: nosniff Content-Length: 6565 Connection: close
2024-12-03 22:28:45 UTC	6565	IN	Data Raw: 76 61 72 20 50 41 59 50 41 4c 3d 77 69 6e 64 6f 77 2e 50 41 59 50 41 4c 7c 7c 7b 7d 3b 21 66 75 6e 63 74 69 6f 6e 28 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 76 61 72 20 74 3d 66 75 6e 63 74 69 6f 6e 28 74 29 7b 76 61 72 20 65 3d 66 75 6e 63 74 69 6f 6e 28 74 2c 65 2c 6e 29 7b 6e 5b 30 5d 3d 28 32 35 35 26 28 30 7c 74 5b 65 5d 29 29 3c 3c 32 34 7c 28 32 35 35 26 28 30 7c 74 5b 65 2b 31 5d 29 29 3c 3c 31 36 7c 28 32 35 35 26 28 30 7c 74 5b 65 2b 32 5d 29 29 3c 3c 38 7c 32 35 35 26 28 30 7c 74 5b 65 2b 33 5d 29 7c 30 2c 6e 5b 31 5d 3d 28 32 35 35 26 28 30 7c 74 5b 65 2b 34 5d 29 29 3c 3c 32 34 7c 28 32 35 35 26 28 30 7c 74 5b 65 2b 35 5d 29 29 3c 3c 31 36 7c 28 32 35 35 26 28 30 7c 74 5b 65 2b 36 5d 29 29 3c 3c 38 7c 32 35 35 26 28 30 7c 74 5b 65 2b 37 Data Ascii: var PAYPAL=window.PAYPAL\|\|{};!function(){"use strict";var t=function(t){var e=function(t,e,n){n[0]=(255&(0\|t[e]))<<24\|(255&(0\|t[e+1]))<<16\|(255&(0\|t[e+2]))<<8\|255&(0\|t[e+3])\|0,n[1]=(255&(0\|t[e+4]))<<24\|(255&(0\|t[e+5]))<<16\|(255&(0\|t[e+6]))<<8\|255&(0\|t[e+7

Timestamp	Bytes transferred	Direction	Data
2024-12-03 22:28:45 UTC	966	OUT	GET /tags.js HTTP/1.1 Host: ddbm2.paypal.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: same-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://www.paypal.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: enforce_policy=ccpa; cookie_check=yes; d_id=7725997addae4c2da66bd27d929586dc1733264923004; LANG=en_US%3BUS; tsrce=unifiedloginnodeweb; x-pp-s=eyJ0IjoiMTczMzI2NDkyMzA2OSIsImwiOiIwIiwibSI6IjAifQ; l7_az=dcg14.slc; ts=vreXpYrS%3D1764800922%26vteXpYrS%3D1733266722%26vr%3D8ea3d9461930ad121082ef6cf7c2e8e3%26vt%3D8ea3d9461930ad121082ef6cf7c2e8e2%26vtyp%3Dnew; ts_c=vr%3D8ea3d9461930ad121082ef6cf7c2e8e3%26vt%3D8ea3d9461930ad121082ef6cf7c2e8e2
2024-12-03 22:28:46 UTC	708	IN	HTTP/1.1 200 OK Content-Type: text/javascript Content-Length: 173111 Connection: close Last-Modified: Tue, 19 Nov 2024 10:41:39 GMT x-amz-server-side-encryption: AES256 x-amz-version-id: srBbjf4IpQWkR6dukRm3KeuXFeESXHnZ Accept-Ranges: bytes Server: AmazonS3 Date: Tue, 03 Dec 2024 22:28:47 GMT Cache-Control: max-age=3600, public ETag: "f413de3002ba35101fcc6ab056e87d4b" X-Cache: RefreshHit from cloudfront Via: 1.1 4cc1f4a5fc43c9a7209c93d5255b40b0.cloudfront.net (CloudFront) X-Amz-Cf-Pop: BAH52-C1 X-Amz-Cf-Id: ytdzPfQyZTd7gVF8WwA3ZJytqdWShC3mF4V4_1z0Vce910Ihb1u5rQ== X-Content-Type-Options: nosniff Strict-Transport-Security: max-age=63072000; includeSubDomains; preload Vary: Origin
2024-12-03 22:28:46 UTC	16384	IN	Data Raw: 2f 2a 2a 20 44 61 74 61 44 6f 6d 65 20 69 73 20 61 20 63 79 62 65 72 73 65 63 75 72 69 74 79 20 73 6f 6c 75 74 69 6f 6e 20 74 6f 20 64 65 74 65 63 74 20 62 6f 74 20 61 63 74 69 76 69 74 79 20 68 74 74 70 73 3a 2f 2f 64 61 74 61 64 6f 6d 65 2e 63 6f 20 28 76 65 72 73 69 6f 6e 20 34 2e 33 36 2e 30 29 20 2a 2f 20 0a 21 66 75 6e 63 74 69 6f 6e 20 65 28 74 2c 6e 2c 6f 29 7b 66 75 6e 63 74 69 6f 6e 20 69 28 72 2c 73 29 7b 69 66 28 21 6e 5b 72 5d 29 7b 69 66 28 21 74 5b 72 5d 29 7b 76 61 72 20 64 3d 27 5c 78 36 36 5c 78 37 35 5c 78 36 65 5c 78 36 33 5c 78 37 34 5c 78 36 39 5c 78 36 66 5c 78 36 65 27 3d 3d 74 79 70 65 6f 66 20 72 65 71 75 69 72 65 26 26 72 65 71 75 69 72 65 3b 69 66 28 21 73 26 26 64 29 72 65 74 75 72 6e 20 64 28 72 2c 21 30 29 3b 69 66 28 61 29 Data Ascii: /** DataDome is a cybersecurity solution to detect bot activity https://datadome.co (version 4.36.0) */ !function e(t,n,o){function i(r,s){if(!n[r]){if(!t[r]){var d='\x66\x75\x6e\x63\x74\x69\x6f\x6e'==typeof require&&require;if(!s&&d)return d(r,!0);if(a)
2024-12-03 22:28:46 UTC	16384	IN	Data Raw: 6e 2c 6f 29 7b 65 5b 5b 27 5c 78 37 32 5c 78 36 35 5c 78 36 64 5c 78 36 66 5c 78 37 36 5c 78 36 35 5c 78 34 35 5c 78 37 36 5c 78 36 35 5c 78 36 65 5c 78 37 34 5c 78 34 63 5c 78 36 39 5c 78 37 33 5c 78 37 34 5c 78 36 35 5c 78 36 65 5c 78 36 35 5c 78 37 32 27 5d 5d 3f 65 5b 5b 27 5c 78 37 32 5c 78 36 35 5c 78 36 64 5c 78 36 66 5c 78 37 36 5c 78 36 35 5c 78 34 35 5c 78 37 36 5c 78 36 35 5c 78 36 65 5c 78 37 34 5c 78 34 63 5c 78 36 39 5c 78 37 33 5c 78 37 34 5c 78 36 35 5c 78 36 65 5c 78 36 35 5c 78 37 32 27 5d 5d 28 74 2c 6e 2c 6f 29 3a 65 5b 5b 27 5c 78 36 34 5c 78 36 35 5c 78 37 34 5c 78 36 31 5c 78 36 33 5c 78 36 38 5c 78 34 35 5c 78 37 36 5c 78 36 35 5c 78 36 65 5c 78 37 34 27 5d 5d 26 26 65 5b 5b 27 5c 78 36 34 5c 78 36 35 5c 78 37 34 5c 78 36 31 5c 78 Data Ascii: n,o){e[['\x72\x65\x6d\x6f\x76\x65\x45\x76\x65\x6e\x74\x4c\x69\x73\x74\x65\x6e\x65\x72']]?e[['\x72\x65\x6d\x6f\x76\x65\x45\x76\x65\x6e\x74\x4c\x69\x73\x74\x65\x6e\x65\x72']](t,n,o):e[['\x64\x65\x74\x61\x63\x68\x45\x76\x65\x6e\x74']]&&e[['\x64\x65\x74\x61\x
2024-12-03 22:28:46 UTC	2410	IN	Data Raw: 5c 78 36 34 5c 78 37 31 27 2c 27 5c 78 37 61 5c 78 36 37 5c 78 37 32 5c 78 34 36 5c 78 37 34 5c 78 37 31 27 2c 27 5c 78 34 31 5c 78 37 38 5c 78 36 65 5c 78 37 38 5c 78 34 32 5c 78 33 33 5c 78 36 61 5c 78 35 32 5c 78 37 61 5c 78 37 38 5c 78 36 61 5c 78 36 32 5c 78 34 34 5c 78 34 64 5c 78 36 36 5c 78 35 30 5c 78 34 32 5c 78 36 37 5c 78 36 36 5c 78 34 39 5c 78 34 32 5c 78 36 37 5c 78 37 35 27 2c 27 5c 78 34 32 5c 78 37 37 5c 78 36 36 5c 78 35 35 5c 78 34 34 5c 78 37 37 5c 78 36 36 5c 78 35 33 5c 78 37 31 5c 78 33 32 5c 78 34 38 5c 78 34 63 5c 78 37 39 5c 78 33 32 5c 78 35 34 5c 78 36 66 5c 78 37 61 5c 78 37 37 5c 78 37 36 5c 78 34 62 5c 78 37 61 5c 78 37 37 5c 78 37 31 27 2c 27 5c 78 34 33 5c 78 36 37 5c 78 35 38 5c 78 35 36 5c 78 34 34 5c 78 34 64 5c 78 37 Data Ascii: \x64\x71','\x7a\x67\x72\x46\x74\x71','\x41\x78\x6e\x78\x42\x33\x6a\x52\x7a\x78\x6a\x62\x44\x4d\x66\x50\x42\x67\x66\x49\x42\x67\x75','\x42\x77\x66\x55\x44\x77\x66\x53\x71\x32\x48\x4c\x79\x32\x54\x6f\x7a\x77\x76\x4b\x7a\x77\x71','\x43\x67\x58\x56\x44\x4d\x7
2024-12-03 22:28:46 UTC	16384	IN	Data Raw: 37 39 5c 78 37 38 5c 78 37 32 5c 78 35 30 5c 78 34 32 5c 78 33 32 5c 78 33 34 27 2c 27 5c 78 37 32 5c 78 34 64 5c 78 36 36 5c 78 35 30 5c 78 34 32 5c 78 36 37 5c 78 37 36 5c 78 34 62 5c 78 36 39 5c 78 36 38 5c 78 37 32 5c 78 35 36 5c 78 36 39 5c 78 36 37 5c 78 37 36 5c 78 33 34 5c 78 37 61 5c 78 37 37 5c 78 36 65 5c 78 33 31 5c 78 34 34 5c 78 36 37 5c 78 37 35 5c 78 34 37 5c 78 36 61 5c 78 33 33 5c 78 36 32 5c 78 35 36 5c 78 34 33 5c 78 33 33 5c 78 37 32 5c 78 36 65 5c 78 37 61 5c 78 37 38 5c 78 36 65 5c 78 35 61 5c 78 37 39 5c 78 37 37 5c 78 34 34 5c 78 34 63 5c 78 36 61 5c 78 35 39 5c 78 36 32 5c 78 35 36 5c 78 34 32 5c 78 34 39 5c 78 36 31 5c 78 34 65 5c 78 37 36 5c 78 33 32 5c 78 34 63 5c 78 35 35 5c 78 37 61 5c 78 36 37 5c 78 33 39 5c 78 33 33 5c 78 Data Ascii: 79\x78\x72\x50\x42\x32\x34','\x72\x4d\x66\x50\x42\x67\x76\x4b\x69\x68\x72\x56\x69\x67\x76\x34\x7a\x77\x6e\x31\x44\x67\x75\x47\x6a\x33\x62\x56\x43\x33\x72\x6e\x7a\x78\x6e\x5a\x79\x77\x44\x4c\x6a\x59\x62\x56\x42\x49\x61\x4e\x76\x32\x4c\x55\x7a\x67\x39\x33\x
2024-12-03 22:28:47 UTC	13019	IN	Data Raw: 36 27 5d 28 27 5c 78 36 39 5c 78 37 30 5c 78 36 38 5c 78 36 66 5c 78 36 65 5c 78 36 35 27 29 26 26 2d 31 3d 3d 3d 6e 61 76 69 67 61 74 6f 72 5b 27 5c 78 37 35 5c 78 37 33 5c 78 36 35 5c 78 37 32 5c 78 34 31 5c 78 36 37 5c 78 36 35 5c 78 36 65 5c 78 37 34 27 5d 5b 65 28 35 30 35 29 5d 28 29 5b 65 28 37 34 35 29 5d 28 27 5c 78 36 39 5c 78 37 30 5c 78 36 31 5c 78 36 34 27 29 26 26 28 74 68 69 73 5b 27 5c 78 36 31 5c 78 37 33 5c 78 37 39 5c 78 36 65 5c 78 36 33 5c 78 36 38 5c 78 37 32 5c 78 36 66 5c 78 36 65 5c 78 36 39 5c 78 37 61 5c 78 36 35 5c 78 35 34 5c 78 36 31 5c 78 37 33 5c 78 36 62 27 5d 28 74 68 69 73 5b 27 5c 78 36 34 5c 78 36 34 5c 78 35 66 5c 78 36 31 5c 78 36 35 27 5d 29 2c 74 68 69 73 5b 27 5c 78 36 31 5c 78 37 33 5c 78 37 39 5c 78 36 65 5c 78 Data Ascii: 6']('\x69\x70\x68\x6f\x6e\x65')&&-1===navigator['\x75\x73\x65\x72\x41\x67\x65\x6e\x74'][e(505)]()[e(745)]('\x69\x70\x61\x64')&&(this['\x61\x73\x79\x6e\x63\x68\x72\x6f\x6e\x69\x7a\x65\x54\x61\x73\x6b'](this['\x64\x64\x5f\x61\x65']),this['\x61\x73\x79\x6e\x
2024-12-03 22:28:47 UTC	16384	IN	Data Raw: 5c 78 37 32 5c 78 34 34 5c 78 36 35 5c 78 37 30 5c 78 37 34 5c 78 36 38 27 5d 3b 7d 2c 74 68 69 73 5b 27 5c 78 36 34 5c 78 36 34 5c 78 35 66 5c 78 36 31 5c 78 36 37 27 5d 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 74 72 79 7b 76 61 72 20 74 3d 64 6f 63 75 6d 65 6e 74 5b 27 5c 78 36 33 5c 78 37 32 5c 78 36 35 5c 78 36 31 5c 78 37 34 5c 78 36 35 5c 78 34 35 5c 78 36 63 5c 78 36 35 5c 78 36 64 5c 78 36 35 5c 78 36 65 5c 78 37 34 27 5d 28 27 5c 78 36 33 5c 78 36 31 5c 78 36 65 5c 78 37 36 5c 78 36 31 5c 78 37 33 27 29 3b 65 5b 27 5c 78 36 33 5c 78 37 36 5c 78 37 33 27 5d 3d 21 28 21 74 5b 27 5c 78 36 37 5c 78 36 35 5c 78 37 34 5c 78 34 33 5c 78 36 66 5c 78 36 65 5c 78 37 34 5c 78 36 35 5c 78 37 38 5c 78 37 34 27 5d 7c 7c 21 74 5b 27 5c 78 36 37 5c 78 36 35 5c 78 37 Data Ascii: \x72\x44\x65\x70\x74\x68'];},this['\x64\x64\x5f\x61\x67']=function(){try{var t=document['\x63\x72\x65\x61\x74\x65\x45\x6c\x65\x6d\x65\x6e\x74']('\x63\x61\x6e\x76\x61\x73');e['\x63\x76\x73']=!(!t['\x67\x65\x74\x43\x6f\x6e\x74\x65\x78\x74']\|\|!t['\x67\x65\x7
2024-12-03 22:28:47 UTC	16384	IN	Data Raw: 27 5d 5b 27 5c 78 37 34 5c 78 37 39 5c 78 37 30 5c 78 36 35 27 5d 3d 3d 3d 6e 28 36 33 30 29 3f 65 5b 27 5c 78 36 35 5c 78 36 33 5c 78 37 30 5c 78 36 33 27 5d 3d 21 21 31 3a 27 5c 78 37 35 5c 78 36 65 5c 78 36 34 5c 78 36 35 5c 78 36 36 5c 78 36 39 5c 78 36 65 5c 78 36 35 5c 78 36 34 27 21 3d 74 79 70 65 6f 66 20 70 72 6f 63 65 73 73 26 26 74 79 70 65 6f 66 20 70 72 6f 63 65 73 73 5b 27 5c 78 37 36 5c 78 36 35 5c 78 37 32 5c 78 37 33 5c 78 36 39 5c 78 36 66 5c 78 36 65 5c 78 37 33 27 5d 3d 3d 3d 6e 28 37 32 39 29 26 26 70 72 6f 63 65 73 73 5b 27 5c 78 37 36 5c 78 36 35 5c 78 37 32 5c 78 37 33 5c 78 36 39 5c 78 36 66 5c 78 36 65 5c 78 37 33 27 5d 5b 27 5c 78 36 35 5c 78 36 63 5c 78 36 35 5c 78 36 33 5c 78 37 34 5c 78 37 32 5c 78 36 66 5c 78 36 65 27 5d 3f Data Ascii: ']['\x74\x79\x70\x65']===n(630)?e['\x65\x63\x70\x63']=!!1:'\x75\x6e\x64\x65\x66\x69\x6e\x65\x64'!=typeof process&&typeof process['\x76\x65\x72\x73\x69\x6f\x6e\x73']===n(729)&&process['\x76\x65\x72\x73\x69\x6f\x6e\x73']['\x65\x6c\x65\x63\x74\x72\x6f\x6e']?
2024-12-03 22:28:47 UTC	16384	IN	Data Raw: 78 35 33 5c 78 37 34 5c 78 37 32 5c 78 36 39 5c 78 36 65 5c 78 36 37 27 5d 28 29 3a 27 5c 78 34 65 5c 78 34 31 27 2c 77 69 6e 64 6f 77 5b 6e 28 37 38 39 29 5d 5b 27 5c 78 37 30 5c 78 36 63 5c 78 36 31 5c 78 37 34 5c 78 36 36 5c 78 36 66 5c 78 37 32 5c 78 36 64 27 5d 2c 65 5b 27 5c 78 36 32 5c 78 37 32 5c 78 35 66 5c 78 36 66 5c 78 36 38 27 5d 5b 27 5c 78 37 34 5c 78 36 66 5c 78 35 33 5c 78 37 34 5c 78 37 32 5c 78 36 39 5c 78 36 65 5c 78 36 37 27 5d 28 29 2c 65 5b 6e 28 36 33 31 29 5d 5b 27 5c 78 37 34 5c 78 36 66 5c 78 35 33 5c 78 37 34 5c 78 37 32 5c 78 36 39 5c 78 36 65 5c 78 36 37 27 5d 28 29 2c 65 5b 27 5c 78 37 34 5c 78 37 61 5c 78 37 30 27 5d 2c 65 5b 27 5c 78 37 30 5c 78 36 63 5c 78 37 35 27 5d 2c 65 5b 27 5c 78 36 64 5c 78 36 64 5c 78 37 34 27 5d Data Ascii: x53\x74\x72\x69\x6e\x67']():'\x4e\x41',window[n(789)]['\x70\x6c\x61\x74\x66\x6f\x72\x6d'],e['\x62\x72\x5f\x6f\x68']['\x74\x6f\x53\x74\x72\x69\x6e\x67'](),e[n(631)]['\x74\x6f\x53\x74\x72\x69\x6e\x67'](),e['\x74\x7a\x70'],e['\x70\x6c\x75'],e['\x6d\x6d\x74']
2024-12-03 22:28:47 UTC	14808	IN	Data Raw: 34 5c 78 36 31 5c 78 37 34 5c 78 36 31 5c 78 34 34 5c 78 36 66 5c 78 36 64 5c 78 36 35 5c 78 34 66 5c 78 37 30 5c 78 37 34 5c 78 36 39 5c 78 36 66 5c 78 36 65 5c 78 37 33 27 5d 5d 5b 5b 27 5c 78 37 36 5c 78 36 35 5c 78 37 32 5c 78 37 33 5c 78 36 39 5c 78 36 66 5c 78 36 65 27 5d 5d 3b 69 66 28 63 5b 5b 27 5c 78 36 63 5c 78 36 35 5c 78 36 65 5c 78 36 37 5c 78 37 34 5c 78 36 38 27 5d 5d 3c 31 36 30 30 30 7c 7c 72 29 72 65 74 75 72 6e 20 77 69 6e 64 6f 77 5b 5b 27 5c 78 36 34 5c 78 36 31 5c 78 37 34 5c 78 36 31 5c 78 34 34 5c 78 36 66 5c 78 36 64 5c 78 36 35 5c 78 34 66 5c 78 37 30 5c 78 37 34 5c 78 36 39 5c 78 36 66 5c 78 36 65 5c 78 37 33 27 5d 5d 5b 5b 27 5c 78 37 34 5c 78 36 35 5c 78 37 33 5c 78 37 34 5c 78 36 39 5c 78 36 65 5c 78 36 37 5c 78 34 64 5c 78 Data Ascii: 4\x61\x74\x61\x44\x6f\x6d\x65\x4f\x70\x74\x69\x6f\x6e\x73']][['\x76\x65\x72\x73\x69\x6f\x6e']];if(c[['\x6c\x65\x6e\x67\x74\x68']]<16000\|\|r)return window[['\x64\x61\x74\x61\x44\x6f\x6d\x65\x4f\x70\x74\x69\x6f\x6e\x73']][['\x74\x65\x73\x74\x69\x6e\x67\x4d\x
2024-12-03 22:28:47 UTC	1576	IN	Data Raw: 5c 78 34 64 5c 78 34 63 27 5d 5d 28 27 5c 78 36 31 5c 78 36 36 5c 78 37 34 5c 78 36 35 5c 78 37 32 5c 78 36 32 5c 78 36 35 5c 78 36 37 5c 78 36 39 5c 78 36 65 27 2c 77 29 3a 28 64 6f 63 75 6d 65 6e 74 5b 5b 27 5c 78 36 32 5c 78 36 66 5c 78 36 34 5c 78 37 39 27 5d 5d 5b 5b 27 5c 78 36 39 5c 78 36 65 5c 78 37 33 5c 78 36 35 5c 78 37 32 5c 78 37 34 5c 78 34 31 5c 78 36 34 5c 78 36 61 5c 78 36 31 5c 78 36 33 5c 78 36 35 5c 78 36 65 5c 78 37 34 5c 78 34 38 5c 78 35 34 5c 78 34 64 5c 78 34 63 27 5d 5d 28 27 5c 78 36 32 5c 78 36 35 5c 78 36 36 5c 78 36 66 5c 78 37 32 5c 78 36 35 5c 78 36 35 5c 78 36 65 5c 78 36 34 27 2c 27 5c 78 33 63 5c 78 37 33 5c 78 37 34 5c 78 37 39 5c 78 36 63 5c 78 36 35 5c 78 32 30 5c 78 36 39 5c 78 36 34 5c 78 33 64 5c 78 32 32 5c 78 36 Data Ascii: \x4d\x4c']]('\x61\x66\x74\x65\x72\x62\x65\x67\x69\x6e',w):(document[['\x62\x6f\x64\x79']][['\x69\x6e\x73\x65\x72\x74\x41\x64\x6a\x61\x63\x65\x6e\x74\x48\x54\x4d\x4c']]('\x62\x65\x66\x6f\x72\x65\x65\x6e\x64','\x3c\x73\x74\x79\x6c\x65\x20\x69\x64\x3d\x22\x6

Timestamp	Bytes transferred	Direction	Data
2024-12-03 22:28:45 UTC	534	OUT	GET /pa/js/min/pa.js HTTP/1.1 Host: www.paypalobjects.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://www.paypal.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-12-03 22:28:45 UTC	800	IN	HTTP/1.1 200 OK Access-Control-Allow-Headers: x-csrf-token Access-Control-Allow-Methods: GET Access-Control-Allow-Origin: * Cache-Control: s-maxage=31536000, public,max-age=3600 Content-Type: application/javascript Date: Tue, 03 Dec 2024 22:28:45 GMT DC: ccg11-origin-www-1.paypal.com Etag: "6735ac2d-11212+ident" Expires: Tue, 03 Dec 2024 23:28:45 GMT Last-Modified: Thu, 14 Nov 2024 07:52:13 GMT Paypal-Debug-Id: 511a8365045ae Server: ECAcc (lhd/35DA) Strict-Transport-Security: max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: https://www.paypal.com,https://www.sandbox.paypal.com Traceparent: 00-0000000000000000000511a8365045ae-b659a3b396b10de0-01 Vary: Accept-Encoding X-Cache: HIT X-Content-Type-Options: nosniff Content-Length: 70162 Connection: close
2024-12-03 22:28:46 UTC	16383	IN	Data Raw: 2f 2a 40 20 32 30 32 34 20 50 61 79 50 61 6c 20 28 76 31 2e 39 2e 35 29 20 2a 2f 0a 21 66 75 6e 63 74 69 6f 6e 28 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 66 75 6e 63 74 69 6f 6e 20 72 28 74 2c 65 2c 6e 29 7b 28 65 3d 66 75 6e 63 74 69 6f 6e 28 74 29 7b 74 3d 66 75 6e 63 74 69 6f 6e 28 74 2c 65 29 7b 69 66 28 22 6f 62 6a 65 63 74 22 21 3d 74 79 70 65 6f 66 20 74 7c 7c 21 74 29 72 65 74 75 72 6e 20 74 3b 76 61 72 20 6e 3d 74 5b 53 79 6d 62 6f 6c 2e 74 6f 50 72 69 6d 69 74 69 76 65 5d 3b 69 66 28 76 6f 69 64 20 30 3d 3d 3d 6e 29 72 65 74 75 72 6e 28 22 73 74 72 69 6e 67 22 3d 3d 3d 65 3f 53 74 72 69 6e 67 3a 4e 75 6d 62 65 72 29 28 74 29 3b 74 3d 6e 2e 63 61 6c 6c 28 74 2c 65 7c 7c 22 64 65 66 61 75 6c 74 22 29 3b 69 66 28 22 6f 62 6a 65 63 74 22 21 3d Data Ascii: /@ 2024 PayPal (v1.9.5) /!function(){"use strict";function r(t,e,n){(e=function(t){t=function(t,e){if("object"!=typeof t\|\|!t)return t;var n=t[Symbol.toPrimitive];if(void 0===n)return("string"===e?String:Number)(t);t=n.call(t,e\|\|"default");if("object"!=
2024-12-03 22:28:46 UTC	16383	IN	Data Raw: 20 22 2b 74 5b 72 5d 2e 74 72 69 6d 28 29 2c 72 21 3d 3d 74 2e 6c 65 6e 67 74 68 2d 31 26 26 28 6e 2b 3d 22 2c 20 22 29 7d 65 6c 73 65 20 6e 3d 74 3b 72 65 74 75 72 6e 20 6e 7d 76 61 72 20 5f 65 3d 7b 70 70 3a 2f 5c 2e 70 61 79 70 61 6c 5c 2e 63 6f 6d 24 2f 2c 61 6c 6c 3a 48 7d 3b 66 75 6e 63 74 69 6f 6e 20 50 65 28 74 2c 65 29 7b 76 61 72 20 6e 3d 21 31 2c 65 3d 65 7c 7c 71 3b 72 65 74 75 72 6e 20 6e 3d 5f 65 5b 74 3d 74 7c 7c 22 61 6c 6c 22 5d 2e 74 65 73 74 28 65 29 3f 21 30 3a 6e 7d 66 75 6e 63 74 69 6f 6e 20 45 28 74 2c 65 2c 6e 29 7b 74 72 79 7b 76 61 72 20 72 3d 65 2e 72 65 70 6c 61 63 65 28 22 5b 22 2c 22 2e 22 29 2e 72 65 70 6c 61 63 65 28 22 5d 22 2c 22 22 29 2e 73 70 6c 69 74 28 22 2e 22 29 2e 72 65 64 75 63 65 28 66 75 6e 63 74 69 6f 6e 28 74 Data Ascii: "+t[r].trim(),r!==t.length-1&&(n+=", ")}else n=t;return n}var _e={pp:/\.paypal\.com$/,all:H};function Pe(t,e){var n=!1,e=e\|\|q;return n=_e[t=t\|\|"all"].test(e)?!0:n}function E(t,e,n){try{var r=e.replace("[",".").replace("]","").split(".").reduce(function(t
2024-12-03 22:28:46 UTC	2	IN	Data Raw: 29 2c Data Ascii: ),
2024-12-03 22:28:46 UTC	16383	IN	Data Raw: 6f 3d 30 3b 6f 3c 61 2e 6c 65 6e 67 74 68 3b 6f 2b 2b 29 66 6f 72 28 76 61 72 20 63 3d 61 5b 6f 5d 2c 75 3d 6b 65 28 22 69 6e 70 75 74 22 2c 63 29 2c 73 3d 75 2e 6c 65 6e 67 74 68 2c 6c 3d 30 3b 6c 3c 73 3b 6c 2b 2b 29 21 66 75 6e 63 74 69 6f 6e 28 74 2c 65 29 7b 68 28 65 2c 22 66 6f 63 75 73 22 2c 66 75 6e 63 74 69 6f 6e 28 29 7b 72 2e 5f 6c 61 73 74 46 6f 72 6d 3d 74 2c 72 2e 5f 6c 61 73 74 49 6e 70 75 74 3d 65 2c 72 2e 5f 74 72 61 63 6b 69 6e 67 46 41 7c 7c 28 72 2e 5f 74 72 61 63 6b 69 6e 67 46 41 3d 21 30 2c 22 62 65 66 6f 72 65 75 6e 6c 6f 61 64 2c 68 61 73 68 63 68 61 6e 67 65 22 2e 73 70 6c 69 74 28 22 2c 22 29 2e 66 6f 72 45 61 63 68 28 66 75 6e 63 74 69 6f 6e 28 74 29 7b 68 28 77 69 6e 64 6f 77 2c 74 2c 66 75 6e 63 74 69 6f 6e 28 29 7b 6e 75 6c Data Ascii: o=0;o<a.length;o++)for(var c=a[o],u=ke("input",c),s=u.length,l=0;l<s;l++)!function(t,e){h(e,"focus",function(){r._lastForm=t,r._lastInput=e,r._trackingFA\|\|(r._trackingFA=!0,"beforeunload,hashchange".split(",").forEach(function(t){h(window,t,function(){nul
2024-12-03 22:28:46 UTC	16383	IN	Data Raw: 6f 61 64 56 65 6e 64 6f 72 44 65 66 61 75 6c 74 28 74 2e 6e 61 6d 65 29 7c 7c 7b 7d 2c 74 29 3b 62 72 28 74 29 26 26 28 6d 72 26 26 76 72 5b 65 5d 26 26 2d 31 21 3d 3d 76 72 5b 65 5d 2e 69 6e 64 65 78 4f 66 28 74 2e 6e 61 6d 65 29 3f 75 5b 65 5d 3d 21 31 3a 6e 2e 70 75 73 68 28 74 29 29 7d 29 2c 6e 2e 6c 65 6e 67 74 68 29 26 26 28 69 3d 7b 69 64 3a 65 2c 74 72 69 67 67 65 72 3a 6f 2e 74 72 69 67 67 65 72 2c 63 61 70 74 75 72 65 3a 6f 2e 63 61 70 74 75 72 65 2c 76 65 6e 64 6f 72 73 3a 6e 7d 2c 6f 3d 50 41 59 50 41 4c 2e 61 6e 61 6c 79 74 69 63 73 2e 6c 6f 67 4a 53 45 72 72 6f 72 2c 74 3d 69 2e 74 72 69 67 67 65 72 2e 74 79 70 65 2c 61 3d 69 2e 74 72 69 67 67 65 72 2e 63 6f 6e 64 69 74 69 6f 6e 2c 69 2e 74 72 69 67 67 65 72 2e 68 61 73 4f 77 6e 50 72 6f 70 Data Ascii: oadVendorDefault(t.name)\|\|{},t);br(t)&&(mr&&vr[e]&&-1!==vr[e].indexOf(t.name)?u[e]=!1:n.push(t))}),n.length)&&(i={id:e,trigger:o.trigger,capture:o.capture,vendors:n},o=PAYPAL.analytics.logJSError,t=i.trigger.type,a=i.trigger.condition,i.trigger.hasOwnProp
2024-12-03 22:28:46 UTC	4628	IN	Data Raw: 28 61 2e 76 61 6c 75 65 3d 4d 61 74 68 2e 6d 61 78 28 74 2e 73 74 61 72 74 54 69 6d 65 2d 6e 69 28 29 2c 30 29 2c 61 2e 65 6e 74 72 69 65 73 3d 5b 74 5d 2c 6e 28 29 29 7d 29 3b 74 26 26 28 6e 3d 52 28 6f 2c 61 2c 42 69 2c 63 2e 72 65 70 6f 72 74 41 6c 6c 43 68 61 6e 67 65 73 29 2c 72 3d 6f 69 28 66 75 6e 63 74 69 6f 6e 28 29 7b 7a 69 5b 61 2e 69 64 5d 7c 7c 28 65 28 74 2e 74 61 6b 65 52 65 63 6f 72 64 73 28 29 29 2c 74 2e 64 69 73 63 6f 6e 6e 65 63 74 28 29 2c 7a 69 5b 61 2e 69 64 5d 3d 21 30 2c 6e 28 21 30 29 29 7d 29 2c 5b 22 6b 65 79 64 6f 77 6e 22 2c 22 63 6c 69 63 6b 22 5d 2e 66 6f 72 45 61 63 68 28 66 75 6e 63 74 69 6f 6e 28 74 29 7b 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 74 2c 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 73 65 Data Ascii: (a.value=Math.max(t.startTime-ni(),0),a.entries=[t],n())});t&&(n=R(o,a,Bi,c.reportAllChanges),r=oi(function(){zi[a.id]\|\|(e(t.takeRecords()),t.disconnect(),zi[a.id]=!0,n(!0))}),["keydown","click"].forEach(function(t){addEventListener(t,function(){return se

Timestamp	Bytes transferred	Direction	Data
2024-12-03 22:28:46 UTC	195	OUT	GET /rules/other-Win32-v19.bundle HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-03 22:28:47 UTC	471	IN	HTTP/1.1 200 OK Date: Tue, 03 Dec 2024 22:28:46 GMT Content-Type: text/plain Content-Length: 218853 Connection: close Vary: Accept-Encoding Cache-Control: public Last-Modified: Mon, 02 Dec 2024 13:20:33 GMT ETag: "0x8DD12D41A424BC1" x-ms-request-id: 300ecd5c-a01e-0050-4036-45db6e000000 x-ms-version: 2018-03-28 x-azure-ref: 20241203T222846Z-174f7845968ljs8phC1EWRe6en00000016a000000000u31s x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-03 22:28:47 UTC	15913	IN	Data Raw: 31 30 30 30 76 35 2b 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 30 30 30 22 20 56 3d 22 35 22 20 44 43 3d 22 45 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 52 75 6c 65 45 72 72 6f 72 73 41 67 67 72 65 67 61 74 65 64 22 20 41 54 54 3d 22 66 39 39 38 63 63 35 62 61 34 64 34 34 38 64 36 61 31 65 38 65 39 31 33 66 66 31 38 62 65 39 34 2d 64 64 31 32 32 65 30 61 2d 66 63 66 38 2d 34 64 63 35 2d 39 64 62 62 2d 36 61 66 61 63 35 33 32 35 31 38 33 2d 37 34 30 35 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 53 3d 22 37 30 22 20 44 4c 3d 22 41 22 20 44 43 61 3d 22 50 53 50 20 50 53 55 22 20 Data Ascii: 1000v5+<?xml version="1.0" encoding="utf-8"?><R Id="1000" V="5" DC="ESM" EN="Office.Telemetry.RuleErrorsAggregated" ATT="f998cc5ba4d448d6a1e8e913ff18be94-dd122e0a-fcf8-4dc5-9dbb-6afac5325183-7405" SP="CriticalBusinessImpact" S="70" DL="A" DCa="PSP PSU"
2024-12-03 22:28:47 UTC	16384	IN	Data Raw: 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 42 22 20 49 3d 22 35 22 20 4f 3d 22 66 61 6c 73 65 22 3e 0d 0a 20 20 20 20 3c 4f 20 54 3d 22 41 4e 44 22 3e 0d 0a 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 47 45 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 34 30 30 22 20 54 3d 22 49 33 32 22 20 2f 3e 0d 0a 20 Data Ascii: /> </R> </O> </R> </O> </C> <C T="B" I="5" O="false"> <O T="AND"> <L> <O T="GE"> <L> <S T="1" F="0" /> </L> <R> <V V="400" T="I32" />
2024-12-03 22:28:47 UTC	16384	IN	Data Raw: 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 30 38 32 30 22 20 56 3d 22 33 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 4f 75 74 6c 6f 6f 6b 2e 44 65 73 6b 74 6f 70 2e 43 6f 6e 74 61 63 74 43 61 72 64 50 72 6f 70 65 72 74 69 65 73 43 6f 75 6e 74 73 22 20 41 54 54 3d 22 64 38 30 37 36 30 39 32 37 36 37 34 34 32 34 35 62 61 66 38 31 62 66 37 62 63 38 30 33 33 66 36 2d 32 32 36 38 65 33 37 34 2d 37 37 36 36 2d 34 39 37 36 2d 62 65 34 34 2d 62 36 61 64 35 62 64 64 63 35 62 36 2d 37 38 31 33 22 20 44 43 61 3d 22 50 53 55 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 41 20 54 3d 22 31 22 20 45 3d 22 54 65 6c 65 6d 65 74 72 79 53 68 75 74 64 6f 77 6e 22 20 2f 3e 0d Data Ascii: .0" encoding="utf-8"?><R Id="10820" V="3" DC="SM" EN="Office.Outlook.Desktop.ContactCardPropertiesCounts" ATT="d807609276744245baf81bf7bc8033f6-2268e374-7766-4976-be44-b6ad5bddc5b6-7813" DCa="PSU" xmlns=""> <S> <A T="1" E="TelemetryShutdown" />
2024-12-03 22:28:47 UTC	16384	IN	Data Raw: 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 39 22 20 4f 3d 22 74 72 75 65 22 20 4e 3d 22 50 75 72 67 65 64 5f 41 67 65 22 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 34 22 20 46 3d 22 43 6f 75 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 31 30 22 20 4f 3d 22 74 72 75 65 22 20 4e 3d 22 50 75 72 67 65 64 5f 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 35 22 20 46 3d 22 43 6f 75 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 31 31 22 20 4f 3d 22 74 72 75 65 22 20 4e 3d 22 46 69 6c 65 5f 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 38 22 20 46 3d 22 43 6f 75 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 Data Ascii: </C> <C T="U32" I="9" O="true" N="Purged_Age"> <S T="4" F="Count" /> </C> <C T="U32" I="10" O="true" N="Purged_Count"> <S T="5" F="Count" /> </C> <C T="U32" I="11" O="true" N="File_Count"> <S T="8" F="Count" /> </C>
2024-12-03 22:28:47 UTC	16384	IN	Data Raw: 20 20 3c 53 20 54 3d 22 31 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 31 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 43 6f 75 6e 74 5f 43 72 65 61 74 65 43 61 72 64 5f 56 61 6c 69 64 4d 61 6e 61 67 65 72 5f 46 61 6c 73 65 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 32 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 43 6f 75 6e 74 5f 43 72 65 61 74 65 52 65 73 75 6c 74 5f 56 61 6c 69 64 50 65 72 73 6f 6e 61 5f 46 61 6c 73 65 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 32 22 20 2f 3e 0d 0a 20 Data Ascii: <S T="10" /> </C> </C> <C T="U32" I="1" O="false" N="Count_CreateCard_ValidManager_False"> <C> <S T="11" /> </C> </C> <C T="U32" I="2" O="false" N="Count_CreateResult_ValidPersona_False"> <C> <S T="12" />
2024-12-03 22:28:47 UTC	16384	IN	Data Raw: 50 61 69 6e 74 5f 49 4d 73 6f 50 65 72 73 6f 6e 61 5f 57 61 73 4e 75 6c 6c 5f 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 33 32 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 32 30 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 50 61 69 6e 74 5f 49 4d 73 6f 50 65 72 73 6f 6e 61 5f 4e 75 6c 6c 5f 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 33 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 32 31 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 43 6c 65 61 6e 75 70 4d 73 6f 50 65 72 73 6f 6e 61 5f 49 4d 73 6f 50 65 72 73 6f 6e Data Ascii: Paint_IMsoPersona_WasNull_Count"> <C> <S T="32" /> </C> </C> <C T="U32" I="20" O="false" N="Paint_IMsoPersona_Null_Count"> <C> <S T="33" /> </C> </C> <C T="U32" I="21" O="false" N="CleanupMsoPersona_IMsoPerson
2024-12-03 22:28:47 UTC	16384	IN	Data Raw: 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 32 30 30 22 20 54 3d 22 49 36 34 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 4c 54 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 33 22 20 46 3d 22 52 65 74 72 69 65 76 61 6c 4d 69 6c 6c 69 73 65 63 6f 6e 64 73 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 34 30 30 22 Data Ascii: <R> <V V="200" T="I64" /> </R> </O> </L> <R> <O T="LT"> <L> <S T="3" F="RetrievalMilliseconds" /> </L> <R> <V V="400"
2024-12-03 22:28:47 UTC	16384	IN	Data Raw: 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 30 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 4f 63 6f 6d 32 49 55 43 4f 66 66 69 63 65 49 6e 74 65 67 72 61 74 69 6f 6e 46 69 72 73 74 43 61 6c 6c 53 75 63 63 65 73 73 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 31 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 4f 63 6f 6d 32 49 55 43 4f 66 66 69 63 65 49 6e 74 65 67 72 61 74 69 6f 6e 46 69 72 73 74 43 61 6c 6c 46 61 69 6c 65 64 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 Data Ascii: </S> <C T="U32" I="0" O="false" N="Ocom2IUCOfficeIntegrationFirstCallSuccessCount"> <C> <S T="9" /> </C> </C> <C T="U32" I="1" O="false" N="Ocom2IUCOfficeIntegrationFirstCallFailedCount"> <C> <S T="10" /> </C
2024-12-03 22:28:47 UTC	16384	IN	Data Raw: 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 33 22 20 46 3d 22 54 65 6e 61 6e 74 20 65 6e 61 62 6c 65 64 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 33 22 20 46 3d 22 55 73 65 72 20 65 6e 61 62 6c 65 64 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 66 61 6c 73 65 22 20 54 3d 22 42 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 Data Ascii: L> <S T="3" F="Tenant enabled" /> </L> <R> <O T="EQ"> <L> <S T="3" F="User enabled" /> </L> <R> <V V="false" T="B" /> </R>
2024-12-03 22:28:47 UTC	16384	IN	Data Raw: 75 73 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 34 30 34 22 20 54 3d 22 55 33 32 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 3c 2f 46 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 37 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 41 4e 44 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 47 45 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 32 22 20 46 3d 22 48 74 74 70 53 74 61 74 75 73 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 Data Ascii: us" /> </L> <R> <V V="404" T="U32" /> </R> </O> </F> <F T="7"> <O T="AND"> <L> <O T="GE"> <L> <S T="2" F="HttpStatus" /> </L>

Timestamp	Bytes transferred	Direction	Data
2024-12-03 22:28:47 UTC	393	OUT	GET /rdaAssets/fraudnet/sync/fn-sync-telemetry-min.js HTTP/1.1 Host: www.paypalobjects.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-12-03 22:28:48 UTC	754	IN	HTTP/1.1 200 OK Access-Control-Allow-Methods: GET Access-Control-Allow-Origin: * Cache-Control: s-maxage=31536000, public,max-age=3600 Content-Type: application/javascript Date: Tue, 03 Dec 2024 22:28:48 GMT DC: ccg11-origin-www-1.paypal.com Etag: "67230a66-19a5+ident" Expires: Tue, 03 Dec 2024 23:28:48 GMT Last-Modified: Thu, 31 Oct 2024 04:41:10 GMT Paypal-Debug-Id: 672801e377ba4 Server: ECAcc (lhd/35BC) Strict-Transport-Security: max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: https://www.paypal.com,https://www.sandbox.paypal.com Traceparent: 00-0000000000000000000672801e377ba4-3e2623f270924a3d-01 Vary: Accept-Encoding X-Cache: HIT X-Content-Type-Options: nosniff Content-Length: 6565 Connection: close
2024-12-03 22:28:48 UTC	6565	IN	Data Raw: 76 61 72 20 50 41 59 50 41 4c 3d 77 69 6e 64 6f 77 2e 50 41 59 50 41 4c 7c 7c 7b 7d 3b 21 66 75 6e 63 74 69 6f 6e 28 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 76 61 72 20 74 3d 66 75 6e 63 74 69 6f 6e 28 74 29 7b 76 61 72 20 65 3d 66 75 6e 63 74 69 6f 6e 28 74 2c 65 2c 6e 29 7b 6e 5b 30 5d 3d 28 32 35 35 26 28 30 7c 74 5b 65 5d 29 29 3c 3c 32 34 7c 28 32 35 35 26 28 30 7c 74 5b 65 2b 31 5d 29 29 3c 3c 31 36 7c 28 32 35 35 26 28 30 7c 74 5b 65 2b 32 5d 29 29 3c 3c 38 7c 32 35 35 26 28 30 7c 74 5b 65 2b 33 5d 29 7c 30 2c 6e 5b 31 5d 3d 28 32 35 35 26 28 30 7c 74 5b 65 2b 34 5d 29 29 3c 3c 32 34 7c 28 32 35 35 26 28 30 7c 74 5b 65 2b 35 5d 29 29 3c 3c 31 36 7c 28 32 35 35 26 28 30 7c 74 5b 65 2b 36 5d 29 29 3c 3c 38 7c 32 35 35 26 28 30 7c 74 5b 65 2b 37 Data Ascii: var PAYPAL=window.PAYPAL\|\|{};!function(){"use strict";var t=function(t){var e=function(t,e,n){n[0]=(255&(0\|t[e]))<<24\|(255&(0\|t[e+1]))<<16\|(255&(0\|t[e+2]))<<8\|255&(0\|t[e+3])\|0,n[1]=(255&(0\|t[e+4]))<<24\|(255&(0\|t[e+5]))<<16\|(255&(0\|t[e+6]))<<8\|255&(0\|t[e+7

Timestamp	Bytes transferred	Direction	Data
2024-12-03 22:28:47 UTC	675	OUT	GET /images/shared/paypal-logo-129x32.svg HTTP/1.1 Host: www.paypalobjects.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://www.paypalobjects.com/web/res/087/9f731d8bcedd5b7e7a3975c024278/css/app.css Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-12-03 22:28:48 UTC	706	IN	HTTP/1.1 200 OK Access-Control-Allow-Origin: * Cache-Control: s-maxage=31536000, public,max-age=3600 Content-Type: image/svg+xml Date: Tue, 03 Dec 2024 22:28:48 GMT DC: ccg11-origin-www-1.paypal.com Etag: W/"544ad849-1351" Expires: Tue, 03 Dec 2024 23:28:48 GMT Last-Modified: Fri, 24 Oct 2014 22:52:57 GMT Paypal-Debug-Id: a9274e1a826b2 Server: ECAcc (lhd/3598) Strict-Transport-Security: max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: https://www.paypal.com,https://www.sandbox.paypal.com Traceparent: 00-0000000000000000000a9274e1a826b2-d020aa44b15f9c8c-01 Vary: Accept-Encoding X-Cache: HIT X-Content-Type-Options: nosniff Content-Length: 4945 Connection: close
2024-12-03 22:28:48 UTC	4945	IN	Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 21 2d 2d 20 47 65 6e 65 72 61 74 6f 72 3a 20 41 64 6f 62 65 20 49 6c 6c 75 73 74 72 61 74 6f 72 20 31 36 2e 30 2e 30 2c 20 53 56 47 20 45 78 70 6f 72 74 20 50 6c 75 67 2d 49 6e 20 2e 20 53 56 47 20 56 65 72 73 69 6f 6e 3a 20 36 2e 30 30 20 42 75 69 6c 64 20 30 29 20 20 2d 2d 3e 0d 0a 3c 21 44 4f 43 54 59 50 45 20 73 76 67 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 53 56 47 20 31 2e 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 47 72 61 70 68 69 63 73 2f 53 56 47 2f 31 2e 31 2f 44 54 44 2f 73 76 67 31 31 2e 64 74 64 22 3e 0d 0a 3c 73 76 67 20 76 65 72 73 69 6f 6e 3d 22 31 2e 31 22 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?>... Generator: Adobe Illustrator 16.0.0, SVG Export Plug-In . SVG Version: 6.00 Build 0) --><!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd"><svg version="1.1"

Timestamp	Bytes transferred	Direction	Data
2024-12-03 22:28:48 UTC	548	OUT	GET /webcaptcha/ngrlCaptcha.min.js HTTP/1.1 Host: www.paypalobjects.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://www.paypal.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-12-03 22:28:48 UTC	684	IN	HTTP/1.1 200 OK Cache-Control: s-maxage=31536000, public,max-age=3600 Content-Type: application/javascript Date: Tue, 03 Dec 2024 22:28:48 GMT DC: ccg11-origin-www-1.paypal.com Etag: W/"6697f682-5a55" Expires: Tue, 03 Dec 2024 23:28:48 GMT Last-Modified: Wed, 17 Jul 2024 16:51:14 GMT Paypal-Debug-Id: 12e4091c01e73 Server: ECAcc (lhd/3597) Strict-Transport-Security: max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: https://www.paypal.com,https://www.sandbox.paypal.com Traceparent: 00-000000000000000000012e4091c01e73-51d8654737e0dd92-01 Vary: Accept-Encoding X-Cache: HIT X-Content-Type-Options: nosniff Content-Length: 23125 Connection: close
2024-12-03 22:28:49 UTC	16383	IN	Data Raw: 21 66 75 6e 63 74 69 6f 6e 28 65 29 7b 76 61 72 20 74 3d 7b 7d 3b 66 75 6e 63 74 69 6f 6e 20 6e 28 72 29 7b 69 66 28 74 5b 72 5d 29 72 65 74 75 72 6e 20 74 5b 72 5d 2e 65 78 70 6f 72 74 73 3b 76 61 72 20 61 3d 74 5b 72 5d 3d 7b 69 3a 72 2c 6c 3a 21 31 2c 65 78 70 6f 72 74 73 3a 7b 7d 7d 3b 72 65 74 75 72 6e 20 65 5b 72 5d 2e 63 61 6c 6c 28 61 2e 65 78 70 6f 72 74 73 2c 61 2c 61 2e 65 78 70 6f 72 74 73 2c 6e 29 2c 61 2e 6c 3d 21 30 2c 61 2e 65 78 70 6f 72 74 73 7d 6e 2e 6d 3d 65 2c 6e 2e 63 3d 74 2c 6e 2e 64 3d 66 75 6e 63 74 69 6f 6e 28 65 2c 74 2c 72 29 7b 6e 2e 6f 28 65 2c 74 29 7c 7c 4f 62 6a 65 63 74 2e 64 65 66 69 6e 65 50 72 6f 70 65 72 74 79 28 65 2c 74 2c 7b 65 6e 75 6d 65 72 61 62 6c 65 3a 21 30 2c 67 65 74 3a 72 7d 29 7d 2c 6e 2e 72 3d 66 75 6e Data Ascii: !function(e){var t={};function n(r){if(t[r])return t[r].exports;var a=t[r]={i:r,l:!1,exports:{}};return e[r].call(a.exports,a,a.exports,n),a.l=!0,a.exports}n.m=e,n.c=t,n.d=function(e,t,r){n.o(e,t)\|\|Object.defineProperty(e,t,{enumerable:!0,get:r})},n.r=fun
2024-12-03 22:28:49 UTC	6742	IN	Data Raw: 6c 65 64 3d 21 30 29 7d 22 75 6e 64 65 66 69 6e 65 64 22 21 3d 74 79 70 65 6f 66 20 61 75 74 6f 73 75 62 6d 69 74 26 26 21 30 3d 3d 3d 61 75 74 6f 73 75 62 6d 69 74 3f 28 61 2e 74 72 69 67 67 65 72 43 75 73 74 6f 6d 54 72 61 63 6b 69 6e 67 28 7b 61 64 73 43 61 70 74 63 68 61 3a 22 73 69 6c 65 6e 74 22 7d 29 2c 6e 28 29 29 3a 28 68 3f 65 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 22 63 6c 69 63 6b 22 2c 66 75 6e 63 74 69 6f 6e 28 65 29 7b 65 2e 70 72 65 76 65 6e 74 44 65 66 61 75 6c 74 28 29 2c 61 2e 74 72 69 67 67 65 72 43 75 73 74 6f 6d 54 72 61 63 6b 69 6e 67 28 7b 61 64 73 43 61 70 74 63 68 61 3a 22 72 65 63 61 70 74 63 68 61 22 7d 29 2c 6e 28 29 2c 74 2e 6f 6e 28 22 63 68 61 6c 6c 65 6e 67 65 53 6f 6c 76 65 64 22 2c 66 75 6e 63 74 69 6f 6e Data Ascii: led=!0)}"undefined"!=typeof autosubmit&&!0===autosubmit?(a.triggerCustomTracking({adsCaptcha:"silent"}),n()):(h?e.addEventListener("click",function(e){e.preventDefault(),a.triggerCustomTracking({adsCaptcha:"recaptcha"}),n(),t.on("challengeSolved",function

Timestamp	Bytes transferred	Direction	Data
2024-12-03 22:28:49 UTC	616	OUT	POST /js/ HTTP/1.1 Host: ddbm2.paypal.com Connection: keep-alive Content-Length: 5577 sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-platform: "Windows" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Content-type: application/x-www-form-urlencoded Accept: / Origin: https://www.paypal.com Sec-Fetch-Site: same-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://www.paypal.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-12-03 22:28:49 UTC	5577	OUT	Data Raw: 6a 73 44 61 74 61 3d 25 37 42 25 32 32 74 74 73 74 25 32 32 25 33 41 36 33 2e 38 30 30 30 30 30 30 30 30 30 34 36 35 36 36 25 32 43 25 32 32 69 66 6f 76 25 32 32 25 33 41 66 61 6c 73 65 25 32 43 25 32 32 62 72 5f 68 25 32 32 25 33 41 39 30 37 25 32 43 25 32 32 62 72 5f 77 25 32 32 25 33 41 31 32 38 30 25 32 43 25 32 32 69 73 66 25 32 32 25 33 41 66 61 6c 73 65 25 32 43 25 32 32 6e 64 64 63 25 32 32 25 33 41 30 25 32 43 25 32 32 72 73 5f 68 25 32 32 25 33 41 31 30 32 34 25 32 43 25 32 32 72 73 5f 77 25 32 32 25 33 41 31 32 38 30 25 32 43 25 32 32 72 73 5f 63 64 25 32 32 25 33 41 32 34 25 32 43 25 32 32 70 68 65 25 32 32 25 33 41 66 61 6c 73 65 25 32 43 25 32 32 6e 6d 25 32 32 25 33 41 66 61 6c 73 65 25 32 43 25 32 32 6a 73 66 25 32 32 25 33 41 66 61 6c 73 Data Ascii: jsData=%7B%22ttst%22%3A63.800000000046566%2C%22ifov%22%3Afalse%2C%22br_h%22%3A907%2C%22br_w%22%3A1280%2C%22isf%22%3Afalse%2C%22nddc%22%3A0%2C%22rs_h%22%3A1024%2C%22rs_w%22%3A1280%2C%22rs_cd%22%3A24%2C%22phe%22%3Afalse%2C%22nm%22%3Afalse%2C%22jsf%22%3Afals
2024-12-03 22:28:50 UTC	577	IN	HTTP/1.1 200 OK Content-Type: application/json;charset=utf-8 Content-Length: 230 Connection: close Date: Tue, 03 Dec 2024 22:28:49 GMT Strict-Transport-Security: max-age=63072000; includeSubDomains; preload Server: DataDome Pragma: no-cache Cache-Control: no-cache, no-store, must-revalidate Expires: 0 X-Cache: Miss from cloudfront Via: 1.1 05275a1a5434f15a35e2fc92c846659a.cloudfront.net (CloudFront) X-Amz-Cf-Pop: BAH52-C1 X-Amz-Cf-Id: uIHASoyZ1c1hxxFOQ3AccWj_2f5prQxpxN1WyPicGEaZGIWlV2WPwA== X-Content-Type-Options: nosniff Access-Control-Allow-Origin: *
2024-12-03 22:28:50 UTC	230	IN	Data Raw: 7b 22 73 74 61 74 75 73 22 3a 32 30 30 2c 22 63 6f 6f 6b 69 65 22 3a 22 64 61 74 61 64 6f 6d 65 3d 78 74 66 31 64 78 6f 38 41 4f 4d 56 41 71 7e 54 57 78 4d 47 65 39 75 55 70 66 45 77 77 66 6c 59 48 6d 52 6f 77 64 56 57 79 79 58 76 38 65 50 72 57 69 50 74 6e 6c 62 72 59 39 7a 41 6c 49 49 32 51 62 6b 53 63 5f 4b 47 58 68 51 67 7a 6e 69 57 55 74 41 4e 49 6d 31 76 70 6e 4c 66 62 44 4e 77 57 57 37 51 4e 74 39 63 7a 59 57 6f 64 39 45 6a 35 4b 70 6f 4f 75 74 51 35 74 64 7a 35 7a 76 6e 3b 20 4d 61 78 2d 41 67 65 3d 32 35 39 32 30 30 30 3b 20 44 6f 6d 61 69 6e 3d 2e 70 61 79 70 61 6c 2e 63 6f 6d 3b 20 50 61 74 68 3d 2f 3b 20 53 65 63 75 72 65 3b 20 53 61 6d 65 53 69 74 65 3d 4c 61 78 22 7d Data Ascii: {"status":200,"cookie":"datadome=xtf1dxo8AOMVAq~TWxMGe9uUpfEwwflYHmRowdVWyyXv8ePrWiPtnlbrY9zAlII2QbkSc_KGXhQgzniWUtANIm1vpnLfbDNwWW7QNt9czYWod9Ej5KpoOutQ5tdz5zvn; Max-Age=2592000; Domain=.paypal.com; Path=/; Secure; SameSite=Lax"}

Timestamp	Bytes transferred	Direction	Data
2024-12-03 22:28:49 UTC	192	OUT	GET /rules/rule120600v4s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-03 22:28:50 UTC	494	IN	HTTP/1.1 200 OK Date: Tue, 03 Dec 2024 22:28:49 GMT Content-Type: text/xml Content-Length: 2980 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:10 GMT ETag: "0x8DC582BA80D96A1" x-ms-request-id: 0a3cdbcf-401e-0016-597f-3f53e0000000 x-ms-version: 2018-03-28 x-azure-ref: 20241203T222849Z-174f7845968nxc96hC1EWRspw800000016d00000000017as x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-03 22:28:50 UTC	2980	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 30 30 22 20 56 3d 22 34 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 53 79 73 74 65 6d 2e 53 79 73 74 65 6d 48 65 61 6c 74 68 4d 65 74 61 64 61 74 61 44 65 76 69 63 65 43 6f 6e 73 6f 6c 69 64 61 74 65 64 22 20 41 54 54 3d 22 63 64 38 33 36 36 32 36 36 31 31 63 34 63 61 61 61 38 66 63 35 62 32 65 37 32 38 65 65 38 31 64 2d 33 62 36 64 36 63 34 35 2d 36 33 37 37 2d 34 62 66 35 2d 39 37 39 32 2d 64 62 66 38 65 31 38 38 31 30 38 38 2d 37 35 32 31 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 44 43 61 3d 22 44 43 22 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120600" V="4" DC="SM" EN="Office.System.SystemHealthMetadataDeviceConsolidated" ATT="cd836626611c4caaa8fc5b2e728ee81d-3b6d6c45-6377-4bf5-9792-dbf8e1881088-7521" SP="CriticalBusinessImpact" DL="A" DCa="DC"

Timestamp	Bytes transferred	Direction	Data
2024-12-03 22:28:49 UTC	193	OUT	GET /rules/rule120402v21s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-03 22:28:50 UTC	494	IN	HTTP/1.1 200 OK Date: Tue, 03 Dec 2024 22:28:50 GMT Content-Type: text/xml Content-Length: 3788 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:17 GMT ETag: "0x8DC582BAC2126A6" x-ms-request-id: 0b3277ea-501e-00a0-5e91-3f9d9f000000 x-ms-version: 2018-03-28 x-azure-ref: 20241203T222850Z-174f7845968n2hr8hC1EWR9cag000000169g000000001c31 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-03 22:28:50 UTC	3788	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 34 30 32 22 20 56 3d 22 32 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 53 79 73 74 65 6d 2e 53 79 73 74 65 6d 48 65 61 6c 74 68 55 6e 67 72 61 63 65 66 75 6c 41 70 70 45 78 69 74 44 65 73 6b 74 6f 70 22 20 41 54 54 3d 22 63 64 38 33 36 36 32 36 36 31 31 63 34 63 61 61 61 38 66 63 35 62 32 65 37 32 38 65 65 38 31 64 2d 33 62 36 64 36 63 34 35 2d 36 33 37 37 2d 34 62 66 35 2d 39 37 39 32 2d 64 62 66 38 65 31 38 38 31 30 38 38 2d 37 35 32 31 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 43 65 6e 73 75 73 22 20 44 4c 3d 22 41 22 20 44 43 61 3d 22 50 53 50 22 20 78 6d 6c 6e 73 3d 22 22 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120402" V="21" DC="SM" EN="Office.System.SystemHealthUngracefulAppExitDesktop" ATT="cd836626611c4caaa8fc5b2e728ee81d-3b6d6c45-6377-4bf5-9792-dbf8e1881088-7521" SP="CriticalCensus" DL="A" DCa="PSP" xmlns=""

Timestamp	Bytes transferred	Direction	Data
2024-12-03 22:28:49 UTC	192	OUT	GET /rules/rule224902v2s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-03 22:28:50 UTC	470	IN	HTTP/1.1 200 OK Date: Tue, 03 Dec 2024 22:28:50 GMT Content-Type: text/xml Content-Length: 450 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:25 GMT ETag: "0x8DC582BD4C869AE" x-ms-request-id: 59158d4f-901e-00a0-5491-3f6a6d000000 x-ms-version: 2018-03-28 x-azure-ref: 20241203T222850Z-174f784596886s2bhC1EWR743w00000016p0000000005kfd x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-03 22:28:50 UTC	450	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 32 32 34 39 30 32 22 20 56 3d 22 32 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 31 30 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 55 54 53 20 54 3d 22 32 22 20 49 64 3d 22 62 62 72 35 71 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 53 20 54 3d 22 33 22 20 47 3d 22 7b 61 33 36 61 39 37 30 64 2d 34 35 61 39 2d 34 65 30 64 2d 39 63 61 62 2d 32 61 32 33 35 63 63 39 64 37 63 36 7d 22 20 2f 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 47 22 20 49 3d 22 30 22 20 4f 3d 22 66 61 6c 73 65 4e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="224902" V="2" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120100" /> <UTS T="2" Id="bbr5q" /> <SS T="3" G="{a36a970d-45a9-4e0d-9cab-2a235cc9d7c6}" /> </S> <C T="G" I="0" O="falseN

Timestamp	Bytes transferred	Direction	Data
2024-12-03 22:28:49 UTC	192	OUT	GET /rules/rule120609v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-03 22:28:50 UTC	470	IN	HTTP/1.1 200 OK Date: Tue, 03 Dec 2024 22:28:50 GMT Content-Type: text/xml Content-Length: 408 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:33 GMT ETag: "0x8DC582BB56D3AFB" x-ms-request-id: dc0e4179-901e-005b-2991-3f2005000000 x-ms-version: 2018-03-28 x-azure-ref: 20241203T222850Z-174f7845968nxc96hC1EWRspw800000016ag00000000a5qh x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-03 22:28:50 UTC	408	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 30 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 38 32 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 44 64 5d 5b 45 65 5d 5b 4c 6c 5d 5b 4c 6c 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120609" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120682" /> <SR T="2" R="^([Dd][Ee][Ll][Ll])"> <S T="1" F="0" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true">

Timestamp	Bytes transferred	Direction	Data
2024-12-03 22:28:49 UTC	192	OUT	GET /rules/rule120608v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-03 22:28:50 UTC	494	IN	HTTP/1.1 200 OK Date: Tue, 03 Dec 2024 22:28:50 GMT Content-Type: text/xml Content-Length: 2160 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:03 GMT ETag: "0x8DC582BA3B95D81" x-ms-request-id: 6eac4bdd-a01e-006f-1c91-3f13cd000000 x-ms-version: 2018-03-28 x-azure-ref: 20241203T222850Z-174f7845968frfdmhC1EWRxxbw00000016mg00000000cea5 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-03 22:28:50 UTC	2160	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 30 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 44 43 61 3d 22 50 53 55 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 30 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 32 22 20 52 3d 22 31 32 30 36 37 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 33 22 20 52 3d 22 31 32 30 36 31 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 34 22 20 52 3d 22 31 32 30 36 31 32 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 35 22 20 52 3d 22 31 32 30 36 31 34 22 20 2f 3e 0d 0a 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120608" V="0" DC="SM" T="Subrule" DCa="PSU" xmlns=""> <S> <R T="1" R="120609" /> <R T="2" R="120679" /> <R T="3" R="120610" /> <R T="4" R="120612" /> <R T="5" R="120614" />

Timestamp	Bytes transferred	Direction	Data
2024-12-03 22:28:50 UTC	3247	OUT	GET /ts?v=1.9.5&t=1733264925466&g=300&e=ac&tsrce=unp&ppid=RT000186&space_key=SKCPAD&utm_source=unp&utm_medium=email&utm_campaign=RT000186&utm_unptid=edc46c96-b18e-11ef-a3e7-1b67a4a59178&cnac=US&rsta=en_US28en-US29&unptid=edc46c96-b18e-11ef-a3e7-1b67a4a59178&calc=f66544940b4b2&unp_tpcid=requestmoney-notifications-requestee&page=main3Aemail3ART000186&pgrp=main3Aemail&s=ci&mail=sys&appVersion=1.294.0&xt=1455852C1509482C104038&link_ref=www.paypal.com_signin__%3BJSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUlJQ!!E09OEw!ZFlf8dyv9p4m5TistHOCu6FtN37v8zWP5-QyGJsZhABWsjDIA2M-dGUPzMmvyOWcAxfX3C0KPvNI8A%24&event_name=external_deep_link_processed HTTP/1.1 Host: t.paypal.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/;q=0.8 Sec-Fetch-Site: same-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://www.paypal.com/signin/?returnUri=2Fmyaccount2Ftransfer2FpayRequest2FU-06C88558L1014094C2FU-2DM00000BR77214333FclassicUrl3D2FUS2Fcgi-bin2F3Fcmd3D_prq&id=Ry38v2FrK0UjF72A307PSNceYxU8e31AX6KM7A&expId=p2p&onboardData=7B22signUpRequest223A7B22method223A22get222C22url223A22https3A2F2Fwww.paypal.com2Fmyaccount2Ftransfer2FguestLogin2FpayRequest2FU-06C88558L1014094C2FU-2DM00000BR77214333FclassicUrl3D2FUS2Fcgi-bin2F3Fcmd3D_prq26id3DRy38v2FrK0UjF72A307PSNceYxU8e31AX6KM7A227D7D&flowContextData=EPipLgYQkcQiPC6xPmHLsMuav-qVcafyzQ_WyOueO1YLprxlMy2pR71HozTcXvF3gDlTVCnYOiGO1RH-x7AipFN1b_fXcnymzC7htRa-Up9txf3z7YS5D19T0nlKma78-VkCV-TQDV5CW84rr3rCJNYe1-fM_jtU4E9Padf_oYXGfzDmevT97BhWrEB2gc-cCgFZtePLBN_tEqZ2EXbR1HfEixVltCquJW08dhO4loCGR0Fw-i9hA2gm89p74lOnm_ylvkeMAFpn0MW2giVYeRb3X0Q993Fc-WNeqYIyYpEqnx8lWPo6TeIWhqhOu3HF3VENmMaY6Nw84pRr3Et2JJaxNrKrdwGltz9Bbxuv5CKbKgj5FHLgD4yz3AaxBVHUmdApOlWCmLbKHzdVBa3Y_WNm9O8_MwExtGHJFp8NDUJAXIhZaK7XQl16wX5aXhnY7INelm&v=1&utm_source=un [TRUNCATED] Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: enforce_policy=ccpa; cookie_check=yes; d_id=7725997addae4c2da66bd27d929586dc1733264923004; LANG=en_US%3BUS; tsrce=unifiedloginnodeweb; x-pp-s=eyJ0IjoiMTczMzI2NDkyMzA2OSIsImwiOiIwIiwibSI6IjAifQ; l7_az=dcg14.slc; ts=vreXpYrS%3D1764800922%26vteXpYrS%3D1733266722%26vr%3D8ea3d9461930ad121082ef6cf7c2e8e3%26vt%3D8ea3d9461930ad121082ef6cf7c2e8e2%26vtyp%3Dnew; ts_c=vr%3D8ea3d9461930ad121082ef6cf7c2e8e3%26vt%3D8ea3d9461930ad121082ef6cf7c2e8e2
2024-12-03 22:28:50 UTC	1360	IN	HTTP/1.1 200 OK Connection: close Access-Control-Expose-Headers: Server-Timing CORRELATION-ID: 56b8c04293e93 Cache-Control: max-age=0, no-cache, no-store, must-revalidate Content-Type: image/gif Expires: Tue, 03 Dec 2024 22:28:50 GMT P3p: CP="CAO IND OUR SAM UNI STA COR COM" Paypal-Debug-Id: 56b8c04293e93 Pragma: no-cache Set-Cookie: ts=vreXpYrS%3D1764800930%26vteXpYrS%3D1733266730%26vr%3D8ea3d9461930ad121082ef6cf7c2e8e3%26vt%3D8ea3d9461930ad121082ef6cf7c2e8e2%26vtyp%3Dnew;Expires=Wed, 03 Dec 2025 22:28:50 GMT;domain=.paypal.com;path=/;secure;HttpOnly;SameSite=None; Set-Cookie: ts_c=vr%3D8ea3d9461930ad121082ef6cf7c2e8e3%26vt%3D8ea3d9461930ad121082ef6cf7c2e8e2;Expires=Wed, 03 Dec 2025 22:28:50 GMT;domain=.paypal.com;path=/;secure;SameSite=None; Traceparent: 00-000000000000000000056b8c04293e93-c865fde6317fa238-01 Accept-Ranges: bytes Via: 1.1 varnish, 1.1 varnish Date: Tue, 03 Dec 2024 22:28:50 GMT Strict-Transport-Security: max-age=63072000; includeSubDomains; preload X-Served-By: cache-iad-kjyo7100137-IAD, cache-ewr-kewr1740065-EWR X-Cache: MISS, MISS X-Cache-Hits: 0, 0 X-Timer: S1733264930.282819,VS0,VE92 vary: Accept-Encoding Server-Timing: "traceparent;desc="00-000000000000000000056b8c04293e93-fa34dec80c5d2ae5-01"";content-encoding;desc="",x-cdn;desc="fastly" Timing-Allow-Origin: * transfer-encoding: chunked
2024-12-03 22:28:50 UTC	4	IN	Data Raw: 32 61 0d 0a Data Ascii: 2a
2024-12-03 22:28:50 UTC	42	IN	Data Raw: 47 49 46 38 39 61 01 00 01 00 80 ff 00 c0 c0 c0 00 00 00 21 f9 04 01 00 00 00 00 2c 00 00 00 00 01 00 01 00 00 01 01 32 00 3b Data Ascii: GIF89a!,2;
2024-12-03 22:28:50 UTC	7	IN	Data Raw: 0d 0a 30 0d 0a 0d 0a Data Ascii: 0

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

Phishing

Compliance

Networking

System Summary

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

LLM Input / Output

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Chrome Cache Entry: 152

Chrome Cache Entry: 153

Chrome Cache Entry: 154

Chrome Cache Entry: 155

Chrome Cache Entry: 156

Chrome Cache Entry: 157

Chrome Cache Entry: 158

Chrome Cache Entry: 159

Chrome Cache Entry: 160

Chrome Cache Entry: 161

Chrome Cache Entry: 162

Chrome Cache Entry: 163

Chrome Cache Entry: 164

Chrome Cache Entry: 165

Chrome Cache Entry: 166

Chrome Cache Entry: 167

Chrome Cache Entry: 168

Chrome Cache Entry: 169

Chrome Cache Entry: 170

Chrome Cache Entry: 171

Chrome Cache Entry: 172

Chrome Cache Entry: 173

Chrome Cache Entry: 174

Chrome Cache Entry: 175

Chrome Cache Entry: 176

Chrome Cache Entry: 177

Chrome Cache Entry: 178

Chrome Cache Entry: 179

Chrome Cache Entry: 180

Timestamp	Bytes transferred	Direction	Data
2024-12-03 22:28:50 UTC	556	OUT	GET /webcaptcha/grcenterprise_v3_static.js HTTP/1.1 Host: www.paypalobjects.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://www.paypal.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-12-03 22:28:50 UTC	683	IN	HTTP/1.1 200 OK Cache-Control: s-maxage=31536000, public,max-age=3600 Content-Type: application/javascript Date: Tue, 03 Dec 2024 22:28:50 GMT DC: ccg11-origin-www-1.paypal.com Etag: W/"65f1e42c-180e" Expires: Tue, 03 Dec 2024 23:28:50 GMT Last-Modified: Wed, 13 Mar 2024 17:36:44 GMT Paypal-Debug-Id: b3ccb366af5af Server: ECAcc (lhd/35E9) Strict-Transport-Security: max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: https://www.paypal.com,https://www.sandbox.paypal.com Traceparent: 00-0000000000000000000b3ccb366af5af-57e51581fae364c4-01 Vary: Accept-Encoding X-Cache: HIT X-Content-Type-Options: nosniff Content-Length: 6158 Connection: close
2024-12-03 22:28:50 UTC	6158	IN	Data Raw: 22 75 73 65 20 73 74 72 69 63 74 22 3b 0a 0a 66 75 6e 63 74 69 6f 6e 20 69 6e 69 74 28 29 20 7b 0a 20 20 20 20 63 6f 6e 73 74 20 6b 65 79 20 3d 20 67 65 74 4c 69 73 74 65 6e 65 72 53 65 61 72 63 68 4b 65 79 28 27 64 61 74 61 2d 6b 65 79 27 29 3b 0a 20 20 20 20 63 6f 6e 73 74 20 73 65 73 73 69 6f 6e 49 64 20 3d 20 67 65 74 4c 69 73 74 65 6e 65 72 53 65 61 72 63 68 4b 65 79 28 27 64 61 74 61 2d 73 65 73 73 69 6f 6e 49 64 27 29 3b 0a 20 20 20 20 63 6f 6e 73 74 20 63 73 72 66 20 3d 20 67 65 74 4c 69 73 74 65 6e 65 72 53 65 61 72 63 68 4b 65 79 28 27 64 61 74 61 2d 63 73 72 66 27 29 3b 0a 20 20 20 20 63 6f 6e 73 74 20 61 63 74 69 6f 6e 20 3d 20 67 65 74 4c 69 73 74 65 6e 65 72 53 65 61 72 63 68 4b 65 79 28 27 64 61 74 61 2d 61 63 74 69 6f 6e 27 29 3b 0a 20 20 Data Ascii: "use strict";function init() { const key = getListenerSearchKey('data-key'); const sessionId = getListenerSearchKey('data-sessionId'); const csrf = getListenerSearchKey('data-csrf'); const action = getListenerSearchKey('data-action');

Timestamp	Bytes transferred	Direction	Data
2024-12-03 22:28:50 UTC	583	OUT	GET /martech/tm/paypal/mktgtagmanager.js HTTP/1.1 Host: www.paypalobjects.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Origin: https://www.paypal.com sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: script Referer: https://www.paypal.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-12-03 22:28:50 UTC	795	IN	HTTP/1.1 200 OK Access-Control-Allow-Headers: x-csrf-token Access-Control-Allow-Methods: GET Access-Control-Allow-Origin: * Cache-Control: s-maxage=31536000, public,max-age=3600 Content-Type: application/javascript Date: Tue, 03 Dec 2024 22:28:50 GMT DC: ccg11-origin-www-1.paypal.com Etag: W/"67042d91-3eb4" Expires: Tue, 03 Dec 2024 23:28:50 GMT Last-Modified: Mon, 07 Oct 2024 18:50:57 GMT Paypal-Debug-Id: 43977cf5beaba Server: ECAcc (lhd/35D1) Strict-Transport-Security: max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: https://www.paypal.com,https://www.sandbox.paypal.com Traceparent: 00-000000000000000000043977cf5beaba-bf7373f9bbb8911f-01 Vary: Accept-Encoding X-Cache: HIT X-Content-Type-Options: nosniff Content-Length: 16052 Connection: close
2024-12-03 22:28:50 UTC	16052	IN	Data Raw: 2f 2a 40 20 32 30 32 34 20 50 61 79 50 61 6c 20 28 76 31 2e 30 2e 31 29 20 2a 2f 0a 21 66 75 6e 63 74 69 6f 6e 28 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 66 75 6e 63 74 69 6f 6e 20 66 28 74 29 7b 69 66 28 21 74 7c 7c 74 2e 63 6f 6e 73 74 72 75 63 74 6f 72 21 3d 3d 4f 62 6a 65 63 74 26 26 74 2e 63 6f 6e 73 74 72 75 63 74 6f 72 21 3d 3d 41 72 72 61 79 29 72 65 74 75 72 6e 20 74 3b 76 61 72 20 65 2c 6e 3d 74 2e 63 6f 6e 73 74 72 75 63 74 6f 72 28 29 3b 66 6f 72 28 65 20 69 6e 20 74 29 6e 5b 65 5d 3d 66 28 74 5b 65 5d 29 3b 72 65 74 75 72 6e 20 6e 7d 66 75 6e 63 74 69 6f 6e 20 73 28 74 2c 65 29 7b 76 61 72 20 6e 3b 72 65 74 75 72 6e 20 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 74 26 26 28 6e 3d 74 2e 61 70 70 6c 79 28 65 7c 7c 74 68 69 73 2c Data Ascii: /@ 2024 PayPal (v1.0.1) /!function(){"use strict";function f(t){if(!t\|\|t.constructor!==Object&&t.constructor!==Array)return t;var e,n=t.constructor();for(e in t)n[e]=f(t[e]);return n}function s(t,e){var n;return function(){return t&&(n=t.apply(e\|\|this,

Timestamp	Bytes transferred	Direction	Data
2024-12-03 22:28:50 UTC	572	OUT	GET /pa/mi/paypal/latmconf.js HTTP/1.1 Host: www.paypalobjects.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Origin: https://www.paypal.com sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: script Referer: https://www.paypal.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-12-03 22:28:50 UTC	799	IN	HTTP/1.1 200 OK Access-Control-Allow-Headers: x-csrf-token Access-Control-Allow-Methods: GET Access-Control-Allow-Origin: * Cache-Control: s-maxage=31536000, public,max-age=3600 Content-Type: application/javascript Date: Tue, 03 Dec 2024 22:28:50 GMT DC: ccg11-origin-www-1.paypal.com Etag: "6735ac2d-3ac5+ident" Expires: Tue, 03 Dec 2024 23:28:50 GMT Last-Modified: Thu, 14 Nov 2024 07:52:13 GMT Paypal-Debug-Id: d75a691818126 Server: ECAcc (lhd/35E2) Strict-Transport-Security: max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: https://www.paypal.com,https://www.sandbox.paypal.com Traceparent: 00-0000000000000000000d75a691818126-4cbc44814fd959c9-01 Vary: Accept-Encoding X-Cache: HIT X-Content-Type-Options: nosniff Content-Length: 15045 Connection: close
2024-12-03 22:28:50 UTC	15045	IN	Data Raw: 2f 2a 21 20 32 30 32 34 20 64 6c 2d 70 70 2d 6c 61 74 6d 40 70 61 79 70 61 6c 2e 63 6f 6d 20 76 65 72 28 35 2e 31 2e 31 29 20 2a 2f 0a 21 66 75 6e 63 74 69 6f 6e 28 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 21 66 75 6e 63 74 69 6f 6e 28 29 7b 66 75 6e 63 74 69 6f 6e 20 65 28 65 2c 6e 29 7b 28 6e 75 6c 6c 3d 3d 6e 7c 7c 6e 3e 65 2e 6c 65 6e 67 74 68 29 26 26 28 6e 3d 65 2e 6c 65 6e 67 74 68 29 3b 66 6f 72 28 76 61 72 20 6f 3d 30 2c 61 3d 41 72 72 61 79 28 6e 29 3b 6f 3c 6e 3b 6f 2b 2b 29 61 5b 6f 5d 3d 65 5b 6f 5d 3b 72 65 74 75 72 6e 20 61 7d 66 75 6e 63 74 69 6f 6e 20 6e 28 6e 2c 6f 29 7b 72 65 74 75 72 6e 20 66 75 6e 63 74 69 6f 6e 28 65 29 7b 69 66 28 41 72 72 61 79 2e 69 73 41 72 72 61 79 28 65 29 29 72 65 74 75 72 6e 20 65 7d 28 6e 29 7c 7c 66 75 Data Ascii: /! 2024 dl-pp-latm@paypal.com ver(5.1.1) /!function(){"use strict";!function(){function e(e,n){(null==n\|\|n>e.length)&&(n=e.length);for(var o=0,a=Array(n);o<n;o++)a[o]=e[o];return a}function n(n,o){return function(e){if(Array.isArray(e))return e}(n)\|\|fu

Timestamp	Bytes transferred	Direction	Data
2024-12-03 22:28:51 UTC	374	OUT	GET /webcaptcha/ngrlCaptcha.min.js HTTP/1.1 Host: www.paypalobjects.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-12-03 22:28:51 UTC	684	IN	HTTP/1.1 200 OK Cache-Control: s-maxage=31536000, public,max-age=3600 Content-Type: application/javascript Date: Tue, 03 Dec 2024 22:28:51 GMT DC: ccg11-origin-www-1.paypal.com Etag: W/"6697f682-5a55" Expires: Tue, 03 Dec 2024 23:28:51 GMT Last-Modified: Wed, 17 Jul 2024 16:51:14 GMT Paypal-Debug-Id: 12e4091c01e73 Server: ECAcc (lhd/3597) Strict-Transport-Security: max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: https://www.paypal.com,https://www.sandbox.paypal.com Traceparent: 00-000000000000000000012e4091c01e73-51d8654737e0dd92-01 Vary: Accept-Encoding X-Cache: HIT X-Content-Type-Options: nosniff Content-Length: 23125 Connection: close
2024-12-03 22:28:51 UTC	16383	IN	Data Raw: 21 66 75 6e 63 74 69 6f 6e 28 65 29 7b 76 61 72 20 74 3d 7b 7d 3b 66 75 6e 63 74 69 6f 6e 20 6e 28 72 29 7b 69 66 28 74 5b 72 5d 29 72 65 74 75 72 6e 20 74 5b 72 5d 2e 65 78 70 6f 72 74 73 3b 76 61 72 20 61 3d 74 5b 72 5d 3d 7b 69 3a 72 2c 6c 3a 21 31 2c 65 78 70 6f 72 74 73 3a 7b 7d 7d 3b 72 65 74 75 72 6e 20 65 5b 72 5d 2e 63 61 6c 6c 28 61 2e 65 78 70 6f 72 74 73 2c 61 2c 61 2e 65 78 70 6f 72 74 73 2c 6e 29 2c 61 2e 6c 3d 21 30 2c 61 2e 65 78 70 6f 72 74 73 7d 6e 2e 6d 3d 65 2c 6e 2e 63 3d 74 2c 6e 2e 64 3d 66 75 6e 63 74 69 6f 6e 28 65 2c 74 2c 72 29 7b 6e 2e 6f 28 65 2c 74 29 7c 7c 4f 62 6a 65 63 74 2e 64 65 66 69 6e 65 50 72 6f 70 65 72 74 79 28 65 2c 74 2c 7b 65 6e 75 6d 65 72 61 62 6c 65 3a 21 30 2c 67 65 74 3a 72 7d 29 7d 2c 6e 2e 72 3d 66 75 6e Data Ascii: !function(e){var t={};function n(r){if(t[r])return t[r].exports;var a=t[r]={i:r,l:!1,exports:{}};return e[r].call(a.exports,a,a.exports,n),a.l=!0,a.exports}n.m=e,n.c=t,n.d=function(e,t,r){n.o(e,t)\|\|Object.defineProperty(e,t,{enumerable:!0,get:r})},n.r=fun
2024-12-03 22:28:51 UTC	6742	IN	Data Raw: 6c 65 64 3d 21 30 29 7d 22 75 6e 64 65 66 69 6e 65 64 22 21 3d 74 79 70 65 6f 66 20 61 75 74 6f 73 75 62 6d 69 74 26 26 21 30 3d 3d 3d 61 75 74 6f 73 75 62 6d 69 74 3f 28 61 2e 74 72 69 67 67 65 72 43 75 73 74 6f 6d 54 72 61 63 6b 69 6e 67 28 7b 61 64 73 43 61 70 74 63 68 61 3a 22 73 69 6c 65 6e 74 22 7d 29 2c 6e 28 29 29 3a 28 68 3f 65 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 22 63 6c 69 63 6b 22 2c 66 75 6e 63 74 69 6f 6e 28 65 29 7b 65 2e 70 72 65 76 65 6e 74 44 65 66 61 75 6c 74 28 29 2c 61 2e 74 72 69 67 67 65 72 43 75 73 74 6f 6d 54 72 61 63 6b 69 6e 67 28 7b 61 64 73 43 61 70 74 63 68 61 3a 22 72 65 63 61 70 74 63 68 61 22 7d 29 2c 6e 28 29 2c 74 2e 6f 6e 28 22 63 68 61 6c 6c 65 6e 67 65 53 6f 6c 76 65 64 22 2c 66 75 6e 63 74 69 6f 6e Data Ascii: led=!0)}"undefined"!=typeof autosubmit&&!0===autosubmit?(a.triggerCustomTracking({adsCaptcha:"silent"}),n()):(h?e.addEventListener("click",function(e){e.preventDefault(),a.triggerCustomTracking({adsCaptcha:"recaptcha"}),n(),t.on("challengeSolved",function

Timestamp	Bytes transferred	Direction	Data
2024-12-03 22:28:51 UTC	3410	OUT	GET /ts?v=1.9.5&t=1733264925593&g=300&e=ac&tsrce=unp&ppid=RT000186&space_key=SKCPAD&utm_source=unp&utm_medium=email&utm_campaign=RT000186&utm_unptid=edc46c96-b18e-11ef-a3e7-1b67a4a59178&cnac=US&rsta=en_US28en-US29&unptid=edc46c96-b18e-11ef-a3e7-1b67a4a59178&calc=f66544940b4b2&unp_tpcid=requestmoney-notifications-requestee&page=main3Aemail3ART000186&pgrp=main3Aemail&s=ci&mail=sys&appVersion=1.294.0&xt=1455852C1509482C104038&link_ref=www.paypal.com_signin__%3BJSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUlJQ!!E09OEw!ZFlf8dyv9p4m5TistHOCu6FtN37v8zWP5-QyGJsZhABWsjDIA2M-dGUPzMmvyOWcAxfX3C0KPvNI8A%24&event_name=external_deep_link_processed&t=1733264925466&v=1.9.5 HTTP/1.1 Host: t.paypal.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/;q=0.8 Sec-Fetch-Site: same-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://www.paypal.com/signin/?returnUri=2Fmyaccount2Ftransfer2FpayRequest2FU-06C88558L1014094C2FU-2DM00000BR77214333FclassicUrl3D2FUS2Fcgi-bin2F3Fcmd3D_prq&id=Ry38v2FrK0UjF72A307PSNceYxU8e31AX6KM7A&expId=p2p&onboardData=7B22signUpRequest223A7B22method223A22get222C22url223A22https3A2F2Fwww.paypal.com2Fmyaccount2Ftransfer2FguestLogin2FpayRequest2FU-06C88558L1014094C2FU-2DM00000BR77214333FclassicUrl3D2FUS2Fcgi-bin2F3Fcmd3D_prq26id3DRy38v2FrK0UjF72A307PSNceYxU8e31AX6KM7A227D7D&flowContextData=EPipLgYQkcQiPC6xPmHLsMuav-qVcafyzQ_WyOueO1YLprxlMy2pR71HozTcXvF3gDlTVCnYOiGO1RH-x7AipFN1b_fXcnymzC7htRa-Up9txf3z7YS5D19T0nlKma78-VkCV-TQDV5CW84rr3rCJNYe1-fM_jtU4E9Padf_oYXGfzDmevT97BhWrEB2gc-cCgFZtePLBN_tEqZ2EXbR1HfEixVltCquJW08dhO4loCGR0Fw-i9hA2gm89p74lOnm_ylvkeMAFpn0MW2giVYeRb3X0Q993Fc-WNeqYIyYpEqnx8lWPo6TeIWhqhOu3HF3VENmMaY6Nw84pRr3Et2JJaxNrKrdwGltz9Bbxuv5CKbKgj5FHLgD4yz3AaxBVHUmdApOlWCmLbKHzdVBa3Y_WNm9O8_MwExtGHJFp8NDUJAXIhZaK7XQl16wX5aXhnY7INelm&v=1&utm_source=un [TRUNCATED] Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: enforce_policy=ccpa; cookie_check=yes; d_id=7725997addae4c2da66bd27d929586dc1733264923004; LANG=en_US%3BUS; tsrce=unifiedloginnodeweb; x-pp-s=eyJ0IjoiMTczMzI2NDkyMzA2OSIsImwiOiIwIiwibSI6IjAifQ; l7_az=dcg14.slc; ts=vreXpYrS%3D1764800922%26vteXpYrS%3D1733266722%26vr%3D8ea3d9461930ad121082ef6cf7c2e8e3%26vt%3D8ea3d9461930ad121082ef6cf7c2e8e2%26vtyp%3Dnew; ts_c=vr%3D8ea3d9461930ad121082ef6cf7c2e8e3%26vt%3D8ea3d9461930ad121082ef6cf7c2e8e2; datadome=xtf1dxo8AOMVAq~TWxMGe9uUpfEwwflYHmRowdVWyyXv8ePrWiPtnlbrY9zAlII2QbkSc_KGXhQgzniWUtANIm1vpnLfbDNwWW7QNt9czYWod9Ej5KpoOutQ5tdz5zvn
2024-12-03 22:28:52 UTC	1360	IN	HTTP/1.1 200 OK Connection: close Access-Control-Expose-Headers: Server-Timing CORRELATION-ID: 0c99881c05329 Cache-Control: max-age=0, no-cache, no-store, must-revalidate Content-Type: image/gif Expires: Tue, 03 Dec 2024 22:28:51 GMT P3p: CP="CAO IND OUR SAM UNI STA COR COM" Paypal-Debug-Id: 0c99881c05329 Pragma: no-cache Set-Cookie: ts=vreXpYrS%3D1764800931%26vteXpYrS%3D1733266731%26vr%3D8ea3d9461930ad121082ef6cf7c2e8e3%26vt%3D8ea3d9461930ad121082ef6cf7c2e8e2%26vtyp%3Dnew;Expires=Wed, 03 Dec 2025 22:28:51 GMT;domain=.paypal.com;path=/;secure;HttpOnly;SameSite=None; Set-Cookie: ts_c=vr%3D8ea3d9461930ad121082ef6cf7c2e8e3%26vt%3D8ea3d9461930ad121082ef6cf7c2e8e2;Expires=Wed, 03 Dec 2025 22:28:51 GMT;domain=.paypal.com;path=/;secure;SameSite=None; Traceparent: 00-00000000000000000000c99881c05329-462018fb23dfc401-01 Accept-Ranges: bytes Via: 1.1 varnish, 1.1 varnish Date: Tue, 03 Dec 2024 22:28:52 GMT Strict-Transport-Security: max-age=63072000; includeSubDomains; preload X-Served-By: cache-iad-kjyo7100156-IAD, cache-ewr-kewr1740041-EWR X-Cache: MISS, MISS X-Cache-Hits: 0, 0 X-Timer: S1733264932.947344,VS0,VE79 vary: Accept-Encoding Server-Timing: "traceparent;desc="00-00000000000000000000c99881c05329-f5d122ee9a41e819-01"";content-encoding;desc="",x-cdn;desc="fastly" Timing-Allow-Origin: * transfer-encoding: chunked
2024-12-03 22:28:52 UTC	4	IN	Data Raw: 32 61 0d 0a Data Ascii: 2a
2024-12-03 22:28:52 UTC	42	IN	Data Raw: 47 49 46 38 39 61 01 00 01 00 80 ff 00 c0 c0 c0 00 00 00 21 f9 04 01 00 00 00 00 2c 00 00 00 00 01 00 01 00 00 01 01 32 00 3b Data Ascii: GIF89a!,2;
2024-12-03 22:28:52 UTC	7	IN	Data Raw: 0d 0a 30 0d 0a 0d 0a Data Ascii: 0

Timestamp	Bytes transferred	Direction	Data
2024-12-03 22:28:52 UTC	1589	OUT	GET /ts?v=1.9.5&t=1733264925466&g=300&e=ac&tsrce=unp&ppid=RT000186&space_key=SKCPAD&utm_source=unp&utm_medium=email&utm_campaign=RT000186&utm_unptid=edc46c96-b18e-11ef-a3e7-1b67a4a59178&cnac=US&rsta=en_US28en-US29&unptid=edc46c96-b18e-11ef-a3e7-1b67a4a59178&calc=f66544940b4b2&unp_tpcid=requestmoney-notifications-requestee&page=main3Aemail3ART000186&pgrp=main3Aemail&s=ci&mail=sys&appVersion=1.294.0&xt=1455852C1509482C104038&link_ref=www.paypal.com_signin__%3BJSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUlJQ!!E09OEw!ZFlf8dyv9p4m5TistHOCu6FtN37v8zWP5-QyGJsZhABWsjDIA2M-dGUPzMmvyOWcAxfX3C0KPvNI8A%24&event_name=external_deep_link_processed HTTP/1.1 Host: t.paypal.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: /* Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: enforce_policy=ccpa; cookie_check=yes; d_id=7725997addae4c2da66bd27d929586dc1733264923004; LANG=en_US%3BUS; tsrce=unifiedloginnodeweb; x-pp-s=eyJ0IjoiMTczMzI2NDkyMzA2OSIsImwiOiIwIiwibSI6IjAifQ; l7_az=dcg14.slc; ts_c=vr%3D8ea3d9461930ad121082ef6cf7c2e8e3%26vt%3D8ea3d9461930ad121082ef6cf7c2e8e2; datadome=xtf1dxo8AOMVAq~TWxMGe9uUpfEwwflYHmRowdVWyyXv8ePrWiPtnlbrY9zAlII2QbkSc_KGXhQgzniWUtANIm1vpnLfbDNwWW7QNt9czYWod9Ej5KpoOutQ5tdz5zvn; ts=vreXpYrS%3D1764800930%26vteXpYrS%3D1733266730%26vr%3D8ea3d9461930ad121082ef6cf7c2e8e3%26vt%3D8ea3d9461930ad121082ef6cf7c2e8e2%26vtyp%3Dnew
2024-12-03 22:28:52 UTC	1360	IN	HTTP/1.1 200 OK Connection: close Access-Control-Expose-Headers: Server-Timing CORRELATION-ID: 5800c12648620 Cache-Control: max-age=0, no-cache, no-store, must-revalidate Content-Type: image/gif Expires: Tue, 03 Dec 2024 22:28:52 GMT P3p: CP="CAO IND OUR SAM UNI STA COR COM" Paypal-Debug-Id: 5800c12648620 Pragma: no-cache Set-Cookie: ts=vreXpYrS%3D1764800932%26vteXpYrS%3D1733266732%26vr%3D8ea3d9461930ad121082ef6cf7c2e8e3%26vt%3D8ea3d9461930ad121082ef6cf7c2e8e2%26vtyp%3Dnew;Expires=Wed, 03 Dec 2025 22:28:52 GMT;domain=.paypal.com;path=/;secure;HttpOnly;SameSite=None; Set-Cookie: ts_c=vr%3D8ea3d9461930ad121082ef6cf7c2e8e3%26vt%3D8ea3d9461930ad121082ef6cf7c2e8e2;Expires=Wed, 03 Dec 2025 22:28:52 GMT;domain=.paypal.com;path=/;secure;SameSite=None; Traceparent: 00-00000000000000000005800c12648620-9289bcddbbf5be4f-01 Accept-Ranges: bytes Via: 1.1 varnish, 1.1 varnish Date: Tue, 03 Dec 2024 22:28:52 GMT Strict-Transport-Security: max-age=63072000; includeSubDomains; preload X-Served-By: cache-iad-kiad7000065-IAD, cache-ewr-kewr1740058-EWR X-Cache: MISS, MISS X-Cache-Hits: 0, 0 X-Timer: S1733264932.307888,VS0,VE90 vary: Accept-Encoding Server-Timing: "traceparent;desc="00-00000000000000000005800c12648620-a727093002fde5b2-01"";content-encoding;desc="",x-cdn;desc="fastly" Timing-Allow-Origin: * transfer-encoding: chunked
2024-12-03 22:28:52 UTC	4	IN	Data Raw: 32 61 0d 0a Data Ascii: 2a
2024-12-03 22:28:52 UTC	42	IN	Data Raw: 47 49 46 38 39 61 01 00 01 00 80 ff 00 c0 c0 c0 00 00 00 21 f9 04 01 00 00 00 00 2c 00 00 00 00 01 00 01 00 00 01 01 32 00 3b Data Ascii: GIF89a!,2;
2024-12-03 22:28:52 UTC	7	IN	Data Raw: 0d 0a 30 0d 0a 0d 0a Data Ascii: 0

Timestamp	Bytes transferred	Direction	Data
2024-12-03 22:28:52 UTC	306	OUT	GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=cYtZgsf87n8No3k&MD=gyayWuYD HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33 Host: slscr.update.microsoft.com
2024-12-03 22:28:52 UTC	560	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Type: application/octet-stream Expires: -1 Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT ETag: "XAopazV00XDWnJCwkmEWRv6JkbjRA9QSSZ2+e/3MzEk=_2880" MS-CorrelationId: 2bece8f7-ae1a-4f5a-944f-c82e013503ec MS-RequestId: 9848c120-f772-43bc-ad1c-9101657be944 MS-CV: pCH6UoxSvE+6+cNS.0 X-Microsoft-SLSClientCache: 2880 Content-Disposition: attachment; filename=environment.cab X-Content-Type-Options: nosniff Date: Tue, 03 Dec 2024 22:28:51 GMT Connection: close Content-Length: 24490
2024-12-03 22:28:52 UTC	15824	IN	Data Raw: 4d 53 43 46 00 00 00 00 92 1e 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 23 d0 00 00 14 00 00 00 00 00 10 00 92 1e 00 00 18 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 e6 42 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 78 cf 8d 5c 26 1e e6 42 43 4b ed 5c 07 54 13 db d6 4e a3 f7 2e d5 d0 3b 4c 42 af 4a 57 10 e9 20 bd 77 21 94 80 88 08 24 2a 02 02 d2 55 10 a4 a8 88 97 22 8a 0a d2 11 04 95 ae d2 8b 20 28 0a 88 20 45 05 f4 9f 80 05 bd ed dd f7 ff 77 dd f7 bf 65 d6 4a 66 ce 99 33 67 4e d9 7b 7f fb db 7b 56 f4 4d 34 b4 21 e0 a7 03 0a d9 fc 68 6e 1d 20 70 28 14 02 85 20 20 ad 61 10 08 e3 66 0d ed 66 9b 1d 6a 90 af 1f 17 f0 4b 68 35 01 83 6c fb 44 42 5c 7d 83 3d 03 30 be 3e ae be 58 Data Ascii: MSCFD#AdBenvironment.cabx\&BCK\TN.;LBJW w!$*U" ( EweJf3gN{{VM4!hn p( affjKh5lDB\}=0>X
2024-12-03 22:28:52 UTC	8666	IN	Data Raw: 04 01 31 2f 30 2d 30 0a 02 05 00 e1 2b 8a 50 02 01 00 30 0a 02 01 00 02 02 12 fe 02 01 ff 30 07 02 01 00 02 02 11 e6 30 0a 02 05 00 e1 2c db d0 02 01 00 30 36 06 0a 2b 06 01 04 01 84 59 0a 04 02 31 28 30 26 30 0c 06 0a 2b 06 01 04 01 84 59 0a 03 02 a0 0a 30 08 02 01 00 02 03 07 a1 20 a1 0a 30 08 02 01 00 02 03 01 86 a0 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 03 81 81 00 0c d9 08 df 48 94 57 65 3e ad e7 f2 17 9c 1f ca 3d 4d 6c cd 51 e1 ed 9c 17 a5 52 35 0f fd de 4b bd 22 92 c5 69 e5 d7 9f 29 23 72 40 7a ca 55 9d 8d 11 ad d5 54 00 bb 53 b4 87 7b 72 84 da 2d f6 e3 2c 4f 7e ba 1a 58 88 6e d6 b9 6d 16 ae 85 5b b5 c2 81 a8 e0 ee 0a 9c 60 51 3a 7b e4 61 f8 c3 e4 38 bd 7d 28 17 d6 79 f0 c8 58 c6 ef 1f f7 88 65 b1 ea 0a c0 df f7 ee 5c 23 c2 27 fd 98 63 08 31 Data Ascii: 1/0-0+P000,06+Y1(0&0+Y0 00*HHWe>=MlQR5K"i)#r@zUTS{r-,O~Xnm[`Q:{a8}(yXe\#'c1

Timestamp	Bytes transferred	Direction	Data
2024-12-03 22:28:52 UTC	928	OUT	GET /js/ HTTP/1.1 Host: ddbm2.paypal.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: enforce_policy=ccpa; cookie_check=yes; d_id=7725997addae4c2da66bd27d929586dc1733264923004; LANG=en_US%3BUS; tsrce=unifiedloginnodeweb; x-pp-s=eyJ0IjoiMTczMzI2NDkyMzA2OSIsImwiOiIwIiwibSI6IjAifQ; l7_az=dcg14.slc; ts=vreXpYrS%3D1764800922%26vteXpYrS%3D1733266722%26vr%3D8ea3d9461930ad121082ef6cf7c2e8e3%26vt%3D8ea3d9461930ad121082ef6cf7c2e8e2%26vtyp%3Dnew; ts_c=vr%3D8ea3d9461930ad121082ef6cf7c2e8e3%26vt%3D8ea3d9461930ad121082ef6cf7c2e8e2; datadome=xtf1dxo8AOMVAq~TWxMGe9uUpfEwwflYHmRowdVWyyXv8ePrWiPtnlbrY9zAlII2QbkSc_KGXhQgzniWUtANIm1vpnLfbDNwWW7QNt9czYWod9Ej5KpoOutQ5tdz5zvn
2024-12-03 22:28:52 UTC	524	IN	HTTP/1.1 405 Method Not Allowed Content-Type: text/html;charset=iso-8859-1 Content-Length: 319 Connection: close Date: Tue, 03 Dec 2024 22:28:52 GMT Cache-Control: must-revalidate,no-cache,no-store X-Cache: Error from cloudfront Via: 1.1 b4620d66a028319b68950536b2441dc8.cloudfront.net (CloudFront) X-Amz-Cf-Pop: BAH52-C1 X-Amz-Cf-Id: hrihloFPSUqwlGzvREXWzoXdeEA868jXZLfS1UP-B69iq3e-JLnMQQ== X-Content-Type-Options: nosniff Strict-Transport-Security: max-age=63072000; includeSubDomains; preload Vary: Origin
2024-12-03 22:28:52 UTC	319	IN	Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 2f 3e 0a 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 35 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 3c 68 32 3e 48 54 54 50 20 45 52 52 4f 52 20 34 30 35 3c 2f 68 32 3e 0a 3c 70 3e 50 72 6f 62 6c 65 6d 20 61 63 63 65 73 73 69 6e 67 20 74 68 69 73 20 72 65 73 6f 75 72 63 65 2e 20 52 65 61 73 6f 6e 3a 0a 3c 70 72 65 3e 20 20 20 20 48 54 54 50 20 6d 65 74 68 6f 64 20 47 45 54 20 69 73 20 6e 6f 74 20 73 75 70 70 6f 72 74 65 64 20 62 79 20 74 68 69 73 20 55 52 4c 3c 2f 70 72 Data Ascii: <html><head><meta http-equiv="Content-Type" content="text/html;charset=utf-8"/><title>Error 405</title></title></head><body><h2>HTTP ERROR 405</h2><p>Problem accessing this resource. Reason:<pre> HTTP method GET is not supported by this URL</pr

Timestamp	Bytes transferred	Direction	Data
2024-12-03 22:28:52 UTC	192	OUT	GET /rules/rule120612v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-03 22:28:52 UTC	470	IN	HTTP/1.1 200 OK Date: Tue, 03 Dec 2024 22:28:52 GMT Content-Type: text/xml Content-Length: 471 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:25 GMT ETag: "0x8DC582BB10C598B" x-ms-request-id: 724e5c80-801e-007b-4caf-42e7ab000000 x-ms-version: 2018-03-28 x-azure-ref: 20241203T222852Z-174f7845968kvnqxhC1EWRmf3g0000000tf0000000000krv x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-03 22:28:52 UTC	471	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120612" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120611" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Timestamp	Bytes transferred	Direction	Data
2024-12-03 22:28:52 UTC	192	OUT	GET /rules/rule120614v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-03 22:28:52 UTC	470	IN	HTTP/1.1 200 OK Date: Tue, 03 Dec 2024 22:28:52 GMT Content-Type: text/xml Content-Length: 467 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:08 GMT ETag: "0x8DC582BA6C038BC" x-ms-request-id: c220f382-901e-0029-3552-43274a000000 x-ms-version: 2018-03-28 x-azure-ref: 20241203T222852Z-174f7845968px8v7hC1EWR08ng00000016v0000000009a4y x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-03 22:28:52 UTC	467	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120614" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120613" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />