Edit tour

Windows Analysis Report
https://www.paypal.com/signin/?returnUri=%2Fmyaccount%2Ftransfer%2FpayRequest%2FU-09584045BD498740V%2FU-5R763959NX153980F%3FclassicUrl%3D%2FUS%2Fcgi-bin%2F%3Fcmd%3D_prq&id=OoO85MXTLVUkAlgY4sey9A8h.NxxqjO.iYbAWg&expId=p2p&onboardData=%7B%22signUpRequest%22%3A%7B%22method%22%3A%22get%22%2C%22url%22%3A

Overview

General Information

Sample URL:	https://www.paypal.com/signin/?returnUri=%2Fmyaccount%2Ftransfer%2FpayRequest%2FU-09584045BD498740V%2FU-5R763959NX153980F%3FclassicUrl%3D%2FUS%2Fcgi-bin%2F%3Fcmd%3D_prq&id=OoO85MXTLVUkAlgY4sey9A8h.Nxx
Analysis ID:	1569539
Infos:

Detection

Score:	48
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Suricata IDS alerts for network traffic

HTML page contains string obfuscation

HTML title does not match URL

Stores files to the Windows start menu directory

Classification

Process Tree

System is w10x64

chrome.exe (PID: 6208 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 5444 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 --field-trial-handle=1928,i,14656706162417554829,12577780559382963475,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 3580 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5560 --field-trial-handle=1928,i,14656706162417554829,12577780559382963475,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 3508 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5588 --field-trial-handle=1928,i,14656706162417554829,12577780559382963475,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 5464 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://www.paypal.com/signin/?returnUri=%2Fmyaccount%2Ftransfer%2FpayRequest%2FU-09584045BD498740V%2FU-5R763959NX153980F%3FclassicUrl%3D%2FUS%2Fcgi-bin%2F%3Fcmd%3D_prq&id=OoO85MXTLVUkAlgY4sey9A8h.NxxqjO.iYbAWg&expId=p2p&onboardData=%7B%22signUpRequest%22%3A%7B%22method%22%3A%22get%22%2C%22url%22%3A%22https%3A%2F%2Fwww.paypal.com%2Fmyaccount%2Ftransfer%2FguestLogin%2FpayRequest%2FU-09584045BD498740V%2FU-5R763959NX153980F%3FclassicUrl%3D%2FUS%2Fcgi-bin%2F%3Fcmd%3D_prq%26id%3DOoO85MXTLVUkAlgY4sey9A8h.NxxqjO.iYbAWg%22%7D%7D&flowContextData=F7WdIOgJmH6-07KTJ7GpdWXhkdDQxLohB4l-G7vuWGaUsw9VWkH3unndZA7YlCRgtETWTIDn9hNnR_R_XfGvdxeCRkDmtXLc6qqtXR9sC3Gp-59lNBELQtpM5xEv0i4rCTpJiBcP2uf4VFrJLL1b5u1XG7JtP5TfW7CNqxSVOxEb9_duKrmtDgpztBtl32bVeoc8BgW5poXyk9lJHcKrYdvBHSdT0mosqrrmaGj2a5uNQdBK70Mwpn9Zddmj0KI1GIZrXWvFcpnuRbvbli2inkizkeV4nR1uyKnBSzFqdPDcK4t7K9B6YiFhb5sS8DaQd7F6oWzSe-J8gPxVURmdwwOxFn1ycN09t9caUdBz1XMuv96GDJywuv2feJdoAI73PNjro1a2cFEKAWnCgtoHqxdBD3A1mVV3OiytkjtEUDdvp0GL3CNOAV9zIrunX_DmbTO6KOe21dniBkeG&v=1&utm_source=unp&utm_medium=email&utm_campaign=RT000186&utm_unptid=09b8bd50-b31d-11ef-9fd6-7b2e619a4883&ppid=RT000186&cnac=US&rsta=en_US%28en-US%29&unptid=09b8bd50-b31d-11ef-9fd6-7b2e619a4883&calc=f8278373e34b4&unp_tpcid=requestmoney-notifications-requestee&page=main%3Aemail%3ART000186&pgrp=main%3Aemail&e=cl&mchn=em&s=ci&mail=sys&appVersion=1.294.0&tenant_name=&xt=145585%2C150948%2C104038&link_ref=www.paypal.com_signin" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cleanup

Suricata Signatures

ET PHISHING Successful Paypal Phish Jan 23 2017

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-05T20:20:08.680596+0100	2023760	1	Successful Credential Theft Detected	192.168.2.8	49780	151.101.1.21	443	TCP

ET PHISHING Successful Paypal Phish M1 Dec 8 2015

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-05T20:20:08.680596+0100	2031565	1	Successful Credential Theft Detected	192.168.2.8	49780	151.101.1.21	443	TCP

ET PHISHING Successful Paypal Phish Oct 16 2017

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-05T20:20:08.680596+0100	2024846	1	Successful Credential Theft Detected	192.168.2.8	49780	151.101.1.21	443	TCP

ETPRO PHISHING Successful Paypal Phish Oct 11 2016

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-05T20:20:08.680596+0100	2822573	1	Successful Credential Theft Detected	192.168.2.8	49780	151.101.1.21	443	TCP

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

Source: https://www.paypalobjects.com/web/res/5c0/6ee6d0880dac04be108377cc39752/js/opinionLab/onlineOpinionPopup.js

HTTP Parser: Found new string: script /*. Spec #22956 OpinionLab. */..define(['opinionLab'], function(opinionLab) {...'use strict';..window.PAYPAL = window.PAYPAL ? window.PAYPAL : {};..var opVars = window.PAYPAL.opinionLabVars;...function showpopup(redirectTo) {...var mywin;...mywin = window.open('', '', 'top=3000,left=3000,width=1,height=1,menubar=0,scrollbars=0,resizeable=1');...if (mywin) {....mywin.document.open....var myURL = ""...../* This JS is customized for sparta because a JS call..... /* Comparing with corresponding XPT code - Removed the External opinionlab js from the popup content as it could not be loaded due to path issue */.....var HTML_txt = "<html><scr" + "ipt language='javascript'>";....HTML_txt = HTML_txt + "_hr='" + opinionLab._hr + "';";....HTML_txt = HTML_txt + "_ht='" + opinionLab._ht + "';";....HTML_txt = HTML_txt + "custom_var='" + opinionLab.custom_var + "';";.....if (( typeof opinionLab.baseurl == 'undefined')) {....} else {.....HTML_txt = HTML_txt + "baseurl='" + opinionLab.baseurl + "';";....}....if (( typeof opini...

Source: https://www.paypal.com/signin/?returnUri=%2Fmyaccount%2Ftransfer%2FpayRequest%2FU-09584045BD498740V%2FU-5R763959NX153980F%3FclassicUrl%3D%2FUS%2Fcgi-bin%2F%3Fcmd%3D_prq&id=OoO85MXTLVUkAlgY4sey9A8h.NxxqjO.iYbAWg&expId=p2p&onboardData=%7B%22signUpRequest%22%3A%7B%22method%22%3A%22get%22%2C%22url%22%3A%22https%3A%2F%2Fwww.paypal.com%2Fmyaccount%2Ftransfer%2FguestLogin%2FpayRequest%2FU-09584045BD498740V%2FU-5R763959NX153980F%3FclassicUrl%3D%2FUS%2Fcgi-bin%2F%3Fcmd%3D_prq%26id%3DOoO85MXTLVUkAlgY4sey9A8h.NxxqjO.iYbAWg%22%7D%7D&flowContextData=F7WdIOgJmH6-07KTJ7GpdWXhkdDQxLohB4l-G7vuWGaUsw9VWkH3unndZA7YlCRgtETWTIDn9hNnR_R_XfGvdxeCRkDmtXLc6qqtXR9sC3Gp-59lNBELQtpM5xEv0i4rCTpJiBcP2uf4VFrJLL1b5u1XG7JtP5TfW7CNqxSVOxEb9_duKrmtDgpztBtl32bVeoc8BgW5poXyk9lJHcKrYdvBHSdT0mosqrrmaGj2a5uNQdBK70Mwpn9Zddmj0KI1GIZrXWvFcpnuRbvbli2inkizkeV4nR1uyKnBSzFqdPDcK4t7K9B6YiFhb5sS8DaQd7F6oWzSe-J8gPxVURmdwwOxFn1ycN09t9caUdBz1XMuv96GDJywuv2feJdoAI73PNjro1a2cFEKAWnCgtoHqxdBD3A1mVV3OiytkjtEUDdvp0GL3CNOAV9zIrunX_DmbTO6KOe21dniBkeG&v=1&utm_source=u...

HTTP Parser: Title: does not match URL

HTTP Parser: <input type="password" .../> found

Source: https://www.paypal.com/signin/?returnUri=%2Fmyaccount%2Ftransfer%2FpayRequest%2FU-09584045BD498740V%2FU-5R763959NX153980F%3FclassicUrl%3D%2FUS%2Fcgi-bin%2F%3Fcmd%3D_prq&id=OoO85MXTLVUkAlgY4sey9A8h.NxxqjO.iYbAWg&expId=p2p&onboardData=%7B%22signUpRequest%22%3A%7B%22method%22%3A%22get%22%2C%22url%22%3A%22https%3A%2F%2Fwww.paypal.com%2Fmyaccount%2Ftransfer%2FguestLogin%2FpayRequest%2FU-09584045BD498740V%2FU-5R763959NX153980F%3FclassicUrl%3D%2FUS%2Fcgi-bin%2F%3Fcmd%3D_prq%26id%3DOoO85MXTLVUkAlgY4sey9A8h.NxxqjO.iYbAWg%22%7D%7D&flowContextData=F7WdIOgJmH6-07KTJ7GpdWXhkdDQxLohB4l-G7vuWGaUsw9VWkH3unndZA7YlCRgtETWTIDn9hNnR_R_XfGvdxeCRkDmtXLc6qqtXR9sC3Gp-59lNBELQtpM5xEv0i4rCTpJiBcP2uf4VFrJLL1b5u1XG7JtP5TfW7CNqxSVOxEb9_duKrmtDgpztBtl32bVeoc8BgW5poXyk9lJHcKrYdvBHSdT0mosqrrmaGj2a5uNQdBK70Mwpn9Zddmj0KI1GIZrXWvFcpnuRbvbli2inkizkeV4nR1uyKnBSzFqdPDcK4t7K9B6YiFhb5sS8DaQd7F6oWzSe-J8gPxVURmdwwOxFn1ycN09t9caUdBz1XMuv96GDJywuv2feJdoAI73PNjro1a2cFEKAWnCgtoHqxdBD3A1mVV3OiytkjtEUDdvp0GL3CNOAV9zIrunX_DmbTO6KOe21dniBkeG&v=1&utm_source=u...	HTTP Parser: No favicon
Source: https://www.paypal.com/signin	HTTP Parser: No favicon
Source: https://www.paypal.com/signin	HTTP Parser: No favicon
Source: https://www.paypal.com/signin	HTTP Parser: No favicon
Source: https://www.paypal.com/signin	HTTP Parser: No favicon

HTTP Parser: No <meta name="author".. found

HTTP Parser: No <meta name="copyright".. found

Networking

Suricata IDS alerts for network traffic

Source: Network traffic	Suricata IDS: 2023760 - Severity 1 - ET PHISHING Successful Paypal Phish Jan 23 2017 : 192.168.2.8:49780 -> 151.101.1.21:443
Source: Network traffic	Suricata IDS: 2024846 - Severity 1 - ET PHISHING Successful Paypal Phish Oct 16 2017 : 192.168.2.8:49780 -> 151.101.1.21:443
Source: Network traffic	Suricata IDS: 2031565 - Severity 1 - ET PHISHING Successful Paypal Phish M1 Dec 8 2015 : 192.168.2.8:49780 -> 151.101.1.21:443
Source: Network traffic	Suricata IDS: 2822573 - Severity 1 - ETPRO PHISHING Successful Paypal Phish Oct 11 2016 : 192.168.2.8:49780 -> 151.101.1.21:443

Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /signin/?returnUri=%2Fmyaccount%2Ftransfer%2FpayRequest%2FU-09584045BD498740V%2FU-5R763959NX153980F%3FclassicUrl%3D%2FUS%2Fcgi-bin%2F%3Fcmd%3D_prq&id=OoO85MXTLVUkAlgY4sey9A8h.NxxqjO.iYbAWg&expId=p2p&onboardData=%7B%22signUpRequest%22%3A%7B%22method%22%3A%22get%22%2C%22url%22%3A%22https%3A%2F%2Fwww.paypal.com%2Fmyaccount%2Ftransfer%2FguestLogin%2FpayRequest%2FU-09584045BD498740V%2FU-5R763959NX153980F%3FclassicUrl%3D%2FUS%2Fcgi-bin%2F%3Fcmd%3D_prq%26id%3DOoO85MXTLVUkAlgY4sey9A8h.NxxqjO.iYbAWg%22%7D%7D&flowContextData=F7WdIOgJmH6-07KTJ7GpdWXhkdDQxLohB4l-G7vuWGaUsw9VWkH3unndZA7YlCRgtETWTIDn9hNnR_R_XfGvdxeCRkDmtXLc6qqtXR9sC3Gp-59lNBELQtpM5xEv0i4rCTpJiBcP2uf4VFrJLL1b5u1XG7JtP5TfW7CNqxSVOxEb9_duKrmtDgpztBtl32bVeoc8BgW5poXyk9lJHcKrYdvBHSdT0mosqrrmaGj2a5uNQdBK70Mwpn9Zddmj0KI1GIZrXWvFcpnuRbvbli2inkizkeV4nR1uyKnBSzFqdPDcK4t7K9B6YiFhb5sS8DaQd7F6oWzSe-J8gPxVURmdwwOxFn1ycN09t9caUdBz1XMuv96GDJywuv2feJdoAI73PNjro1a2cFEKAWnCgtoHqxdBD3A1mVV3OiytkjtEUDdvp0GL3CNOAV9zIrunX_DmbTO6KOe21dniBkeG&v=1&utm_source=unp&utm_medium=email&utm_campaign=RT000186&utm_unptid=09b8bd50-b31d-11ef-9fd6-7b2e619a4883&ppid=RT000186&cnac=US&rsta=en_US%28en-US%29&unptid=09b8bd50-b31d-11ef-9fd6-7b2e619a4883&calc=f8278373e34b4&unp_tpcid=requestmoney-notifications-requestee&page=main%3Aemail%3ART000186&pgrp=main%3Aemail&e=cl&mchn=em&s=ci&mail=sys&appVersion=1.294.0&tenant_name=&xt=145585%2C150948%2C104038&link_ref=www.paypal.com_signin HTTP/1.1Host: www.paypal.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /web/res/087/9f731d8bcedd5b7e7a3975c024278/css/app.css HTTP/1.1Host: www.paypalobjects.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://www.paypal.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /web/res/087/9f731d8bcedd5b7e7a3975c024278/js/lib/modernizr-2.6.1.js HTTP/1.1Host: www.paypalobjects.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.paypal.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /rdaAssets/fraudnet/sync/fn-sync-telemetry-min.js HTTP/1.1Host: www.paypalobjects.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.paypal.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /web/res/087/9f731d8bcedd5b7e7a3975c024278/js/lib/require.js HTTP/1.1Host: www.paypalobjects.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.paypal.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /web/res/087/9f731d8bcedd5b7e7a3975c024278/js/app.js HTTP/1.1Host: www.paypalobjects.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.paypal.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /pa/js/min/pa.js HTTP/1.1Host: www.paypalobjects.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.paypal.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /web/res/087/9f731d8bcedd5b7e7a3975c024278/js/widgets/clientCalLogger.js HTTP/1.1Host: www.paypalobjects.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.paypal.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /web/res/087/9f731d8bcedd5b7e7a3975c024278/js/widgets/errorDetector.js HTTP/1.1Host: www.paypalobjects.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.paypal.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /images/shared/paypal-logo-129x32.svg HTTP/1.1Host: www.paypalobjects.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.paypalobjects.com/web/res/087/9f731d8bcedd5b7e7a3975c024278/css/app.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /web/res/087/9f731d8bcedd5b7e7a3975c024278/js/lib/modernizr-2.6.1.js HTTP/1.1Host: www.paypalobjects.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /rdaAssets/fraudnet/sync/fn-sync-telemetry-min.js HTTP/1.1Host: www.paypalobjects.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /web/res/087/9f731d8bcedd5b7e7a3975c024278/js/lib/require.js HTTP/1.1Host: www.paypalobjects.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /web/res/087/9f731d8bcedd5b7e7a3975c024278/js/app.js HTTP/1.1Host: www.paypalobjects.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /tags.js HTTP/1.1Host: ddbm2.paypal.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.paypal.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: enforce_policy=ccpa; cookie_check=yes; d_id=c0c49a91e6384eadbaa4a565394e21da1733426393114; LANG=en_US%3BUS; tsrce=unifiedloginnodeweb; x-pp-s=eyJ0IjoiMTczMzQyNjM5MzE1OSIsImwiOiIwIiwibSI6IjAifQ; l7_az=dcg15.slc; ts=vreXpYrS%3D1764962393%26vteXpYrS%3D1733428193%26vr%3D9843afe81930ad103d1b5fc8f7399779%26vt%3D9843afe81930ad103d1b5fc8f7399778%26vtyp%3Dnew; ts_c=vr%3D9843afe81930ad103d1b5fc8f7399779%26vt%3D9843afe81930ad103d1b5fc8f7399778
Source: global traffic	HTTP traffic detected: GET /webcaptcha/ngrlCaptcha.min.js HTTP/1.1Host: www.paypalobjects.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.paypal.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /pa/js/min/pa.js HTTP/1.1Host: www.paypalobjects.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ts?v=1.9.5&t=1733426395344&g=300&e=ac&tsrce=unp&ppid=RT000186&space_key=SKCPAD&utm_source=unp&utm_medium=email&utm_campaign=RT000186&utm_unptid=09b8bd50-b31d-11ef-9fd6-7b2e619a4883&cnac=US&rsta=en_US(en-US)&unptid=09b8bd50-b31d-11ef-9fd6-7b2e619a4883&calc=f8278373e34b4&unp_tpcid=requestmoney-notifications-requestee&page=main%3Aemail%3ART000186&pgrp=main%3Aemail&s=ci&mail=sys&appVersion=1.294.0&xt=145585%2C150948%2C104038&link_ref=www.paypal.com_signin&event_name=external_deep_link_processed HTTP/1.1Host: t.paypal.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.paypal.com/signin/?returnUri=%2Fmyaccount%2Ftransfer%2FpayRequest%2FU-09584045BD498740V%2FU-5R763959NX153980F%3FclassicUrl%3D%2FUS%2Fcgi-bin%2F%3Fcmd%3D_prq&id=OoO85MXTLVUkAlgY4sey9A8h.NxxqjO.iYbAWg&expId=p2p&onboardData=%7B%22signUpRequest%22%3A%7B%22method%22%3A%22get%22%2C%22url%22%3A%22https%3A%2F%2Fwww.paypal.com%2Fmyaccount%2Ftransfer%2FguestLogin%2FpayRequest%2FU-09584045BD498740V%2FU-5R763959NX153980F%3FclassicUrl%3D%2FUS%2Fcgi-bin%2F%3Fcmd%3D_prq%26id%3DOoO85MXTLVUkAlgY4sey9A8h.NxxqjO.iYbAWg%22%7D%7D&flowContextData=F7WdIOgJmH6-07KTJ7GpdWXhkdDQxLohB4l-G7vuWGaUsw9VWkH3unndZA7YlCRgtETWTIDn9hNnR_R_XfGvdxeCRkDmtXLc6qqtXR9sC3Gp-59lNBELQtpM5xEv0i4rCTpJiBcP2uf4VFrJLL1b5u1XG7JtP5TfW7CNqxSVOxEb9_duKrmtDgpztBtl32bVeoc8BgW5poXyk9lJHcKrYdvBHSdT0mosqrrmaGj2a5uNQdBK70Mwpn9Zddmj0KI1GIZrXWvFcpnuRbvbli2inkizkeV4nR1uyKnBSzFqdPDcK4t7K9B6YiFhb5sS8DaQd7F6oWzSe-J8gPxVURmdwwOxFn1ycN09t9caUdBz1XMuv96GDJywuv2feJdoAI73PNjro1a2cFEKAWnCgtoHqxdBD3A1mVV3OiytkjtEUDdvp0GL3CNOAV9zIrunX_DmbTO6KOe21dniBkeG&v=1&utm_source=unp&utm_medium=email&utm_campaign=RT000186&utm_unptid=09b8bd50-b31d-11ef-9fd6-7b2e619a4883&ppid=RT000186&cnac=US&rsta=en_US%28en-US%29&unptid=09b8bd50-b31d-11ef-9fd6-7b2e619a4883&calc=f8278373e34b4&unp_tpcid=requestmoney-notifications-requestee&page=main%3Aemail%3ART000186&pgrp=main%3Aemail&e=cl&mchn=em&s=ci&mail=sys&appVersion=1.294.0&tenant_name=&xt=145585%2C150948%2C104038&link_ref=www.paypal.com_signinAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: enforce_policy=ccpa; cookie_check=yes; d_id=c0c49a91e6384eadbaa4a565394e21da1733426393114; LANG=en_US%3BUS; tsrce=unifiedloginnodeweb; x-pp-s=eyJ0IjoiMTczMzQyNjM5MzE1OSIsImwiOiIwIiwibSI6IjAifQ; l7_az=dcg15.slc; ts=vreXpYrS%3D1764962393%26vteXpYrS%3D1733428193%26vr%3D9843afe81930ad103d1b5fc8f7399779%26vt%3D9843afe81930ad103d1b5fc8f7399778%26vtyp%3Dnew; ts_c=vr%3D9843afe81930ad103d1b5fc8f7399779%26vt%3D9843afe81930ad103d1b5fc8f7399778
Source: global traffic	HTTP traffic detected: GET /webcaptcha/grcenterprise_v3_static.js HTTP/1.1Host: www.paypalobjects.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.paypal.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /martech/tm/paypal/mktgtagmanager.js HTTP/1.1Host: www.paypalobjects.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.paypal.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://www.paypal.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /pa/mi/paypal/latmconf.js HTTP/1.1Host: www.paypalobjects.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.paypal.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://www.paypal.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /web/res/087/9f731d8bcedd5b7e7a3975c024278/js/browser_modules/dustjs-linkedin/dist/dust-full.js HTTP/1.1Host: www.paypalobjects.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.paypal.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /web/res/087/9f731d8bcedd5b7e7a3975c024278/js/core/nougat.js HTTP/1.1Host: www.paypalobjects.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.paypal.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /web/res/087/9f731d8bcedd5b7e7a3975c024278/js/widgets/clientCalLogger.js HTTP/1.1Host: www.paypalobjects.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /web/res/087/9f731d8bcedd5b7e7a3975c024278/js/widgets/errorDetector.js HTTP/1.1Host: www.paypalobjects.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /images/shared/paypal-logo-129x32.svg HTTP/1.1Host: www.paypalobjects.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /web/res/087/9f731d8bcedd5b7e7a3975c024278/js/router.js HTTP/1.1Host: www.paypalobjects.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.paypal.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ts?v=1.9.5&t=1733426395344&g=300&e=ac&tsrce=unp&ppid=RT000186&space_key=SKCPAD&utm_source=unp&utm_medium=email&utm_campaign=RT000186&utm_unptid=09b8bd50-b31d-11ef-9fd6-7b2e619a4883&cnac=US&rsta=en_US(en-US)&unptid=09b8bd50-b31d-11ef-9fd6-7b2e619a4883&calc=f8278373e34b4&unp_tpcid=requestmoney-notifications-requestee&page=main%3Aemail%3ART000186&pgrp=main%3Aemail&s=ci&mail=sys&appVersion=1.294.0&xt=145585%2C150948%2C104038&link_ref=www.paypal.com_signin&event_name=external_deep_link_processed HTTP/1.1Host: t.paypal.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: enforce_policy=ccpa; cookie_check=yes; d_id=c0c49a91e6384eadbaa4a565394e21da1733426393114; LANG=en_US%3BUS; tsrce=unifiedloginnodeweb; x-pp-s=eyJ0IjoiMTczMzQyNjM5MzE1OSIsImwiOiIwIiwibSI6IjAifQ; l7_az=dcg15.slc; ts_c=vr%3D9843afe81930ad103d1b5fc8f7399779%26vt%3D9843afe81930ad103d1b5fc8f7399778; ts=vreXpYrS%3D1764962400%26vteXpYrS%3D1733428200%26vr%3D9843afe81930ad103d1b5fc8f7399779%26vt%3D9843afe81930ad103d1b5fc8f7399778%26vtyp%3Dnew
Source: global traffic	HTTP traffic detected: GET /webcaptcha/ngrlCaptcha.min.js HTTP/1.1Host: www.paypalobjects.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /tags.js HTTP/1.1Host: ddbm2.paypal.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: enforce_policy=ccpa; cookie_check=yes; d_id=c0c49a91e6384eadbaa4a565394e21da1733426393114; LANG=en_US%3BUS; tsrce=unifiedloginnodeweb; x-pp-s=eyJ0IjoiMTczMzQyNjM5MzE1OSIsImwiOiIwIiwibSI6IjAifQ; l7_az=dcg15.slc; ts=vreXpYrS%3D1764962393%26vteXpYrS%3D1733428193%26vr%3D9843afe81930ad103d1b5fc8f7399779%26vt%3D9843afe81930ad103d1b5fc8f7399778%26vtyp%3Dnew; ts_c=vr%3D9843afe81930ad103d1b5fc8f7399779%26vt%3D9843afe81930ad103d1b5fc8f7399778
Source: global traffic	HTTP traffic detected: GET /web/res/087/9f731d8bcedd5b7e7a3975c024278/js/widgets/analytics.js HTTP/1.1Host: www.paypalobjects.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.paypal.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /web/res/087/9f731d8bcedd5b7e7a3975c024278/js/view/mainContentView.js HTTP/1.1Host: www.paypalobjects.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.paypal.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /web/res/087/9f731d8bcedd5b7e7a3975c024278/js/lib/jquery-3.7.0.js HTTP/1.1Host: www.paypalobjects.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.paypal.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /webcaptcha/grcenterprise_v3_static.html HTTP/1.1Host: www.paypalobjects.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://www.paypal.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /webcaptcha/grcenterprise_v3_static.js HTTP/1.1Host: www.paypalobjects.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /pa/mi/paypal/latmconf.js HTTP/1.1Host: www.paypalobjects.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /martech/tm/paypal/mktgtagmanager.js HTTP/1.1Host: www.paypalobjects.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /web/res/087/9f731d8bcedd5b7e7a3975c024278/js/core/nougat.js HTTP/1.1Host: www.paypalobjects.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /web/res/087/9f731d8bcedd5b7e7a3975c024278/js/lib/underscore-1.13.6.js HTTP/1.1Host: www.paypalobjects.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.paypal.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /web/res/087/9f731d8bcedd5b7e7a3975c024278/js/browser_modules/dustjs-linkedin/dist/dust-full.js HTTP/1.1Host: www.paypalobjects.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /web/res/087/9f731d8bcedd5b7e7a3975c024278/js/router.js HTTP/1.1Host: www.paypalobjects.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /pa/3pjs/tl/6.4.65/patleaf.js HTTP/1.1Host: www.paypalobjects.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.paypal.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://www.paypal.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /martech/tm/paypal/mktconf.js HTTP/1.1Host: www.paypalobjects.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.paypal.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://www.paypal.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /web/res/087/9f731d8bcedd5b7e7a3975c024278/js/browser_modules/dust-makara-helpers/browser.amd.js HTTP/1.1Host: www.paypalobjects.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.paypal.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /recaptcha/enterprise.js?render=6LdCCOUUAAAAAHTE-Snr6hi4HJGtJk_d1_ce-gWB&hl=en HTTP/1.1Host: www.recaptcha.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.paypalobjects.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /web/res/087/9f731d8bcedd5b7e7a3975c024278/js/browser_modules/dusthelpers-supplement/index.js HTTP/1.1Host: www.paypalobjects.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.paypal.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /web/res/087/9f731d8bcedd5b7e7a3975c024278/js/widgets/analytics.js HTTP/1.1Host: www.paypalobjects.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /web/res/087/9f731d8bcedd5b7e7a3975c024278/js/view/mainContentView.js HTTP/1.1Host: www.paypalobjects.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /web/res/087/9f731d8bcedd5b7e7a3975c024278/js/lib/jquery-3.7.0.js HTTP/1.1Host: www.paypalobjects.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /web/res/087/9f731d8bcedd5b7e7a3975c024278/js/lib/underscore-1.13.6.js HTTP/1.1Host: www.paypalobjects.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /web/res/087/9f731d8bcedd5b7e7a3975c024278/js/lib/dustmotes-iterate.js HTTP/1.1Host: www.paypalobjects.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.paypal.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /js/ HTTP/1.1Host: ddbm2.paypal.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: enforce_policy=ccpa; cookie_check=yes; d_id=c0c49a91e6384eadbaa4a565394e21da1733426393114; LANG=en_US%3BUS; tsrce=unifiedloginnodeweb; x-pp-s=eyJ0IjoiMTczMzQyNjM5MzE1OSIsImwiOiIwIiwibSI6IjAifQ; l7_az=dcg15.slc; ts_c=vr%3D9843afe81930ad103d1b5fc8f7399779%26vt%3D9843afe81930ad103d1b5fc8f7399778; ts=vreXpYrS%3D1764962402%26vteXpYrS%3D1733428202%26vr%3D9843afe81930ad103d1b5fc8f7399779%26vt%3D9843afe81930ad103d1b5fc8f7399778%26vtyp%3Dnew; datadome=2EmtQqjYJilU~DXymVMGM0PSTj7xPg6xpxnMifoAxb2eCAfOU9~xrKCHw0QBHLNV80ZXGNoAkLWUXjXjxVHSmJZ7bN5NgKfxUW~zsfs4Hiahu4elkwmhUpp1Lpvp95Vc
Source: global traffic	HTTP traffic detected: GET /web/res/087/9f731d8bcedd5b7e7a3975c024278/js/browser_modules/pulvus-provide/provide.js HTTP/1.1Host: www.paypalobjects.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.paypal.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /web/res/087/9f731d8bcedd5b7e7a3975c024278/js/browser_modules/dustjs-helpers/dist/dust-helpers.js HTTP/1.1Host: www.paypalobjects.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.paypal.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /web/res/087/9f731d8bcedd5b7e7a3975c024278/js/browser_modules/dust-makara-helpers/browser.amd.js HTTP/1.1Host: www.paypalobjects.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ts?v=1.9.5&t=1733426405531&g=300&pgrp=main%3Aunifiedlogin%3A%3A%3Alogin&page=main%3Aunifiedlogin%3A%3A%3Alogin%3Alegacy-web-dyn&pgst=1733426393098&calc=f2110553b2e4e&nsid=GW_RscjBMue_uO0mnkc7Z8KQBUhwfX2j&rsta=en_US&pgtf=Nodejs&env=live&s=ci&ccpg=US&csci=c0c49a91e6384eadbaa4a565394e21da&comp=unifiedloginnodeweb&tsrce=unifiedloginnodeweb&cu=0&ef_policy=ccpa&xe=100353%2C106885%2C105604%2C105604%2C105351%2C101126%2C100614%2C101257%2C102153%2C104200%2C104200%2C105352%2C109195%2C104458%2C104458%2C100364%2C105999%2C100885%2C109334%2C109334%2C101270%2C102557%2C102557%2C101408%2C101408%2C104227%2C104227%2C100644%2C105124%2C100391%2C102695%2C100263%2C101031%2C100267%2C108076%2C100527%2C106031%2C106031%2C107054%2C107054%2C106033%2C106033%2C106032%2C106032%2C105392%2C105392%2C106035%2C106035%2C106034%2C106034%2C106036%2C106036%2C105271%2C110648%2C101688%2C101821%2C101820%2C102208%2C105543%2C105544%2C105416%2C105416%2C101064%2C106058%2C104778%2C103119%2C100303%2C100942%2C105553%2C105553%2C105552%2C105552%2C100304%2C105554%2C105554%2C101334%2C100572%2C101215%2C101214%2C101470%2C101216%2C103648%2C101472%2C101090%2C105698%2C102629%2C101735%2C104039%2C104039%2C104038%2C104038%2C101736%2C109931%2C110442%2C108653%2C108652%2C100846%2C109040%2C105843%2C105843%2C101875%2C105845%2C105845%2C105844%2C105844%2C109047%2C102390%2C102390%2C104571%2C104571%2C105340%2C105340%2C107263%2C107263%2C109195%2C108076%2C109047&xt=100886%2C132008%2C124899%2C124899%2C123668%2C103409%2C101617%2C104043%2C107844%2C127485%2C127485%2C123683%2C144027%2C119355%2C119355%2C103733%2C127242%2C102543%2C144768%2C144768%2C106407%2C109630%2C109630%2C104576%2C104576%2C117999%2C117999%2C101702%2C122483%2C100984%2C110241%2C100632%2C102993%2C100641%2C138090%2C101405%2C127662%2C127662%2C132781%2C132781%2C127659%2C127659%2C127666%2C127666%2C123875%2C123875%2C127651%2C127651%2C127655%2C127655%2C127648%2C127648%2C123248%2C152289%2C105645%2C106327%2C106324%2C108106%2C124626%2C124629%2C123994%2C123994%2C103105%2C127563%2C121149%2C112308%2C100722%2C113529%2C124686%2C124686%2C124682%2C124682%2C100727%2C124696%2C124696%2C104357%2C101510%2C103848%2C103847%2C104754%2C103864%2C114559%2C104762%2C103240%2C125356%2C109962%2C105856%2C120731%2C120731%2C120736%2C120736%2C105858%2C147989%2C150775%2C141151%2C141149%2C102359%2C143321%2C126375%2C126375%2C106610%2C126401%2C126401%2C126385%2C126385%2C143343%2C108797%2C108797%2C119908%2C119908%2C123611%2C123611%2C133840%2C133840%2C144027%2C138090%2C143343&obex=p2p&userRedirected=true&post_login_redirect=returnUri&ret_url=%2Fmyaccount%2Ftransfer%2FpayRequest%2FU-09584045BD498740V%2FU-5R763959NX153980F&link=unifiedlogin-login-submit&pglk=main%3Aunifiedlogin%3A%3A%3Alogin%7CbtnLogin&pgln=main%3Aunifiedlogin%3A%3A%3Alogin%3Alegacy-web-dyn%7CbtnLogin&e=cl HTTP/1.1Host: t.paypal.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (K
Source: global traffic	HTTP traffic detected: GET /ts?v=1.9.5&t=1733426405534&g=300&pgrp=main%3Aunifiedlogin%3A%3A%3Alogin&page=main%3Aunifiedlogin%3A%3A%3Alogin%3Alegacy-web-dyn&pgst=1733426393098&calc=f2110553b2e4e&nsid=GW_RscjBMue_uO0mnkc7Z8KQBUhwfX2j&rsta=en_US&pgtf=Nodejs&env=live&s=ci&ccpg=US&csci=c0c49a91e6384eadbaa4a565394e21da&comp=unifiedloginnodeweb&tsrce=unifiedloginnodeweb&cu=0&ef_policy=ccpa&xe=100353%2C106885%2C105604%2C105604%2C105351%2C101126%2C100614%2C101257%2C102153%2C104200%2C104200%2C105352%2C109195%2C104458%2C104458%2C100364%2C105999%2C100885%2C109334%2C109334%2C101270%2C102557%2C102557%2C101408%2C101408%2C104227%2C104227%2C100644%2C105124%2C100391%2C102695%2C100263%2C101031%2C100267%2C108076%2C100527%2C106031%2C106031%2C107054%2C107054%2C106033%2C106033%2C106032%2C106032%2C105392%2C105392%2C106035%2C106035%2C106034%2C106034%2C106036%2C106036%2C105271%2C110648%2C101688%2C101821%2C101820%2C102208%2C105543%2C105544%2C105416%2C105416%2C101064%2C106058%2C104778%2C103119%2C100303%2C100942%2C105553%2C105553%2C105552%2C105552%2C100304%2C105554%2C105554%2C101334%2C100572%2C101215%2C101214%2C101470%2C101216%2C103648%2C101472%2C101090%2C105698%2C102629%2C101735%2C104039%2C104039%2C104038%2C104038%2C101736%2C109931%2C110442%2C108653%2C108652%2C100846%2C109040%2C105843%2C105843%2C101875%2C105845%2C105845%2C105844%2C105844%2C109047%2C102390%2C102390%2C104571%2C104571%2C105340%2C105340%2C107263%2C107263%2C109195%2C108076%2C109047&xt=100886%2C132008%2C124899%2C124899%2C123668%2C103409%2C101617%2C104043%2C107844%2C127485%2C127485%2C123683%2C144027%2C119355%2C119355%2C103733%2C127242%2C102543%2C144768%2C144768%2C106407%2C109630%2C109630%2C104576%2C104576%2C117999%2C117999%2C101702%2C122483%2C100984%2C110241%2C100632%2C102993%2C100641%2C138090%2C101405%2C127662%2C127662%2C132781%2C132781%2C127659%2C127659%2C127666%2C127666%2C123875%2C123875%2C127651%2C127651%2C127655%2C127655%2C127648%2C127648%2C123248%2C152289%2C105645%2C106327%2C106324%2C108106%2C124626%2C124629%2C123994%2C123994%2C103105%2C127563%2C121149%2C112308%2C100722%2C113529%2C124686%2C124686%2C124682%2C124682%2C100727%2C124696%2C124696%2C104357%2C101510%2C103848%2C103847%2C104754%2C103864%2C114559%2C104762%2C103240%2C125356%2C109962%2C105856%2C120731%2C120731%2C120736%2C120736%2C105858%2C147989%2C150775%2C141151%2C141149%2C102359%2C143321%2C126375%2C126375%2C106610%2C126401%2C126401%2C126385%2C126385%2C143343%2C108797%2C108797%2C119908%2C119908%2C123611%2C123611%2C133840%2C133840%2C144027%2C138090%2C143343&obex=p2p&userRedirected=true&post_login_redirect=returnUri&ret_url=%2Fmyaccount%2Ftransfer%2FpayRequest%2FU-09584045BD498740V%2FU-5R763959NX153980F&e=im&imsrc=setup&view=%7B%22t10%22%3A1437%2C%22t11%22%3A11487%2C%22tcp%22%3A5214%2C%22et%22%3A%223g%22%2C%22nt%22%3A%22navigate%22%2C%22bt%22%3A1260%7D&cd=24&sw=1280&sh=1024&dw=1280&dh=1024&bw=1280&bh=907&ce=1&t1=1437&t1c=1437&t1d=168&t1s=1226&t2=617&t3=217&t4d=0&t4=0&t4e=7221&tt=0&rdc=0&protocol=http%2F1.1&cdn=fastly&res=%7B%7D&rtt=4361 HTTP/1.1Host: t.paypal.comConnection:
Source: global traffic	HTTP traffic detected: GET /pa/3pjs/tl/6.4.65/patleaf.js HTTP/1.1Host: www.paypalobjects.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /signin/client-log HTTP/1.1Host: www.paypal.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: enforce_policy=ccpa; cookie_check=yes; d_id=c0c49a91e6384eadbaa4a565394e21da1733426393114; LANG=en_US%3BUS; tsrce=unifiedloginnodeweb; nsid=s%3AGW_RscjBMue_uO0mnkc7Z8KQBUhwfX2j.FFWOARB2%2BuuO26tFpElNMknNGOEOXTm%2FpBrBjPfDp7c; l7_az=dcg15.slc; ts_c=vr%3D9843afe81930ad103d1b5fc8f7399779%26vt%3D9843afe81930ad103d1b5fc8f7399778; tcs=main%3Aunifiedlogin%3A%3A%3Alogin%7CbtnLogin; datadome=2EmtQqjYJilU~DXymVMGM0PSTj7xPg6xpxnMifoAxb2eCAfOU9~xrKCHw0QBHLNV80ZXGNoAkLWUXjXjxVHSmJZ7bN5NgKfxUW~zsfs4Hiahu4elkwmhUpp1Lpvp95Vc; x-pp-s=eyJ0IjoiMTczMzQyNjQwNzE1MiIsImwiOiIwIiwibSI6IjAifQ; ts=vreXpYrS%3D1764962407%26vteXpYrS%3D1733428207%26vr%3D9843afe81930ad103d1b5fc8f7399779%26vt%3D9843afe81930ad103d1b5fc8f7399778%26vtyp%3Dnew
Source: global traffic	HTTP traffic detected: GET /web/res/5c0/6ee6d0880dac04be108377cc39752/css/app.css HTTP/1.1Host: www.paypalobjects.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://www.paypal.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /web/res/087/9f731d8bcedd5b7e7a3975c024278/js/browser_modules/dusthelpers-supplement/index.js HTTP/1.1Host: www.paypalobjects.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /recaptcha/enterprise.js?render=6LdCCOUUAAAAAHTE-Snr6hi4HJGtJk_d1_ce-gWB&hl=en HTTP/1.1Host: www.recaptcha.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /web/res/087/9f731d8bcedd5b7e7a3975c024278/js/lib/dustmotes-iterate.js HTTP/1.1Host: www.paypalobjects.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /pa/js/pa.js HTTP/1.1Host: www.paypalobjects.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.paypal.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /web/res/5c0/6ee6d0880dac04be108377cc39752/js/lib/modernizr-2.6.1.js HTTP/1.1Host: www.paypalobjects.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.paypal.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /web/res/5c0/6ee6d0880dac04be108377cc39752/js/lib/require.js HTTP/1.1Host: www.paypalobjects.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.paypal.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /martech/tm/paypal/mktconf.js HTTP/1.1Host: www.paypalobjects.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /signin HTTP/1.1Host: www.paypal.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: enforce_policy=ccpa; cookie_check=yes; d_id=c0c49a91e6384eadbaa4a565394e21da1733426393114; LANG=en_US%3BUS; nsid=s%3AGW_RscjBMue_uO0mnkc7Z8KQBUhwfX2j.FFWOARB2%2BuuO26tFpElNMknNGOEOXTm%2FpBrBjPfDp7c; l7_az=dcg15.slc; ts_c=vr%3D9843afe81930ad103d1b5fc8f7399779%26vt%3D9843afe81930ad103d1b5fc8f7399778; tcs=main%3Aunifiedlogin%3A%3A%3Alogin%7CbtnLogin; datadome=2EmtQqjYJilU~DXymVMGM0PSTj7xPg6xpxnMifoAxb2eCAfOU9~xrKCHw0QBHLNV80ZXGNoAkLWUXjXjxVHSmJZ7bN5NgKfxUW~zsfs4Hiahu4elkwmhUpp1Lpvp95Vc; tsrce=authchallengenodeweb; x-pp-s=eyJ0IjoiMTczMzQyNjQwOTA4MiIsImwiOiIwIiwibSI6IjAifQ; ts=vreXpYrS%3D1764962409%26vteXpYrS%3D1733428209%26vr%3D9843afe81930ad103d1b5fc8f7399779%26vt%3D9843afe81930ad103d1b5fc8f7399778%26vtyp%3Dnew
Source: global traffic	HTTP traffic detected: GET /web/res/5c0/6ee6d0880dac04be108377cc39752/js/authchallenge.js HTTP/1.1Host: www.paypalobjects.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.paypal.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /web/res/5c0/6ee6d0880dac04be108377cc39752/js/config.js HTTP/1.1Host: www.paypalobjects.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.paypal.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /web/res/5c0/6ee6d0880dac04be108377cc39752/js/lib/modernizr-2.6.1.js HTTP/1.1Host: www.paypalobjects.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /web/res/5c0/6ee6d0880dac04be108377cc39752/js/app.js HTTP/1.1Host: www.paypalobjects.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.paypal.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /pa/js/pa.js HTTP/1.1Host: www.paypalobjects.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /web/res/5c0/6ee6d0880dac04be108377cc39752/hcaptcha/hcaptcha_fph.html?siteKey=bf07db68-5c2e-42e8-8779-ea8384890eea&locale.x=en_US&country.x=US&checkConnectionTimeout=10000&domain=hcaptcha.paypal.com&imgsDomain=imgs.hcaptcha.paypal.com&assetsDomain=newassets.hcaptcha.paypal.com&accountsDomain=accounts.hcaptcha.paypal.com&customDomains= HTTP/1.1Host: www.paypalobjects.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://www.paypal.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /pa/3pjs/tl/6.4.65/patlcfg.js HTTP/1.1Host: www.paypalobjects.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.paypal.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://www.paypal.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /images/shared/momgram@2x.png HTTP/1.1Host: www.paypalobjects.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.paypalobjects.com/web/res/5c0/6ee6d0880dac04be108377cc39752/css/app.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /web/res/5c0/6ee6d0880dac04be108377cc39752/js/lib/require.js HTTP/1.1Host: www.paypalobjects.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /web/res/5c0/6ee6d0880dac04be108377cc39752/js/config.js HTTP/1.1Host: www.paypalobjects.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /web/res/5c0/6ee6d0880dac04be108377cc39752/js/authchallenge.js HTTP/1.1Host: www.paypalobjects.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /web/res/5c0/6ee6d0880dac04be108377cc39752/js/core/nougat.js HTTP/1.1Host: www.paypalobjects.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.paypal.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /web/res/5c0/6ee6d0880dac04be108377cc39752/js/router.js HTTP/1.1Host: www.paypalobjects.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.paypal.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /1/api.js?endpoint=https%3A%2F%2Fhcaptcha.paypal.com&assethost=https%3A%2F%2Fnewassets.hcaptcha.paypal.com&imghost=https%3A%2F%2Fimgs.hcaptcha.paypal.com&sentry=false&reportapi=https%3A%2F%2Faccounts.hcaptcha.paypal.com&host=hcaptcha.paypal.com&onload=hCaptchaCallback&render=explicit&hl=en HTTP/1.1Host: hcaptcha.paypal.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.paypalobjects.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: enforce_policy=ccpa; cookie_check=yes; d_id=c0c49a91e6384eadbaa4a565394e21da1733426393114; LANG=en_US%3BUS; l7_az=dcg15.slc; ts_c=vr%3D9843afe81930ad103d1b5fc8f7399779%26vt%3D9843afe81930ad103d1b5fc8f7399778; tsrce=authchallengenodeweb; x-pp-s=eyJ0IjoiMTczMzQyNjQwOTA4MiIsImwiOiIwIiwibSI6IjAifQ; ts=vreXpYrS%3D1764962409%26vteXpYrS%3D1733428209%26vr%3D9843afe81930ad103d1b5fc8f7399779%26vt%3D9843afe81930ad103d1b5fc8f7399778%26vtyp%3Dnew
Source: global traffic	HTTP traffic detected: GET /web/res/5c0/6ee6d0880dac04be108377cc39752/js/widgets/analytics.js HTTP/1.1Host: www.paypalobjects.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.paypal.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /web/res/5c0/6ee6d0880dac04be108377cc39752/js/app.js HTTP/1.1Host: www.paypalobjects.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /web/res/5c0/6ee6d0880dac04be108377cc39752/js/opinionLab/opinionLabComponent.js HTTP/1.1Host: www.paypalobjects.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.paypal.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /pa/3pjs/tl/6.4.65/patlcfg.js HTTP/1.1Host: www.paypalobjects.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /auth/logclientdata HTTP/1.1Host: www.paypal.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: enforce_policy=ccpa; cookie_check=yes; d_id=c0c49a91e6384eadbaa4a565394e21da1733426393114; LANG=en_US%3BUS; nsid=s%3AGW_RscjBMue_uO0mnkc7Z8KQBUhwfX2j.FFWOARB2%2BuuO26tFpElNMknNGOEOXTm%2FpBrBjPfDp7c; l7_az=dcg15.slc; ts_c=vr%3D9843afe81930ad103d1b5fc8f7399779%26vt%3D9843afe81930ad103d1b5fc8f7399778; tcs=main%3Aunifiedlogin%3A%3A%3Alogin%7CbtnLogin; tsrce=authchallengenodeweb; datadome=2zSIQ6nLOyseIhoQRSN~ljKzrWXqLOG3PFrB4cQUzhceBqjeCfgVooetsKxKI34oWaTUvfSvwy_YOagypOlf4PEvJsYPbiciz7HvVuQJtF0E6p8pe5nWKIv_E8kuKWlq; ddbc=1; TLTSID=71139903928702455522704624189564; TLTDID=24394070527605051854525965496125; x-pp-s=eyJ0IjoiMTczMzQyNjQxMjg2NSIsImwiOiIwIiwibSI6IjAifQ; ts=vreXpYrS%3D1764962412%26vteXpYrS%3D1733428212%26vr%3D9843afe81930ad103d1b5fc8f7399779%26vt%3D9843afe81930ad103d1b5fc8f7399778%26vtyp%3Dnew
Source: global traffic	HTTP traffic detected: GET /web/res/5c0/6ee6d0880dac04be108377cc39752/js/lib/jquery-1.12.4.js HTTP/1.1Host: www.paypalobjects.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.paypal.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ts?v=1.9.5&t=1733426412465&g=300&pgrp=authchallengenodeweb%2Flayouts%2Fmaster.html.dust&page=authchallengenodeweb%2Flayouts%2Fmaster.html.dust&pgst=1733426408434&calc=f876809cfbf28&nsid=GW_RscjBMue_uO0mnkc7Z8KQBUhwfX2j&rsta=en_US&pgtf=Nodejs&env=live&s=ci&ccpg=US&csci=55f3ef6c8bc44e84b7b3591ab89cc647&comp=authchallengenodeweb&tsrce=unifiedloginnodeweb&cu=0&ef_policy=ccpa&xe=109541%2C107585&xt=145835%2C135393&e=im&pglk=main%3Aunifiedlogin%3A%3A%3Alogin%7CbtnLogin&imsrc=setup&view=%7B%22t10%22%3A1356%2C%22t11%22%3A6702%2C%22tcp%22%3A4567%2C%22et%22%3A%223g%22%2C%22nt%22%3A%22navigate%22%2C%22bt%22%3A153%7D&ru=https%3A%2F%2Fwww.paypal.com%2Fsignin%2F%3FreturnUri%3D%252Fmyaccount%252Ftransfer%252FpayRequest%252FU-09584045BD498740V%252FU-5R763959NX153980F%253FclassicUrl%253D%252FUS%252Fcgi-bin%252F%253Fcmd%253D_prq%26id%3DOoO85MXTLVUkAlgY4sey9A8h.NxxqjO.iYbAWg%26expId%3Dp2p%26onboardData%3D%257B%2522signUpRequest%2522%253A%257B%2522method%2522%253A%2522get%2522%252C%2522url%2522%253A%2522https%253A%252F%252Fwww.paypal.com%252Fmyaccount%252Ftransfer%252FguestLogin%252FpayRequest%252FU-09584045BD498740V%252FU-5R763959NX153980F%253FclassicUrl%253D%252FUS%252Fcgi-bin%252F%253Fcmd%253D_prq%2526id%253DOoO85MXTLVUkAlgY4sey9A8h.NxxqjO.iYbAWg%2522%257D%257D%26flowContextData%3DF7WdIOgJmH6-07KTJ7GpdWXhkdDQxLohB4l-G7vuWGaUsw9VWkH3unndZA7YlCRgtETWTIDn9hNnR_R_XfGvdxeCRkDmtXLc6qqtXR9sC3Gp-59lNBELQtpM5xEv0i4rCTpJiBcP2uf4VFrJLL1b5u1XG7JtP5TfW7CNqxSVOxEb9_duKrmtDgpztBtl32bVeoc8BgW5poXyk9lJHcKrYdvBHSdT0mosqrrmaGj2a5uNQdBK70Mwpn9Zddmj0KI1GIZrXWvFcpnuRbvbli2inkizkeV4nR1uyKnBSzFqdPDcK4t7K9B6YiFhb5sS8DaQd7F6oWzSe-J8gPxVURmdwwOxFn1ycN09t9caUdBz1XMuv96GDJywuv2feJdoAI73PNjro1a2cFEKAWnCgtoHqxdBD3A1mVV3OiytkjtEUDdvp0GL3CNOAV9zIrunX_DmbTO6KOe21dniBkeG%26v%3D1%26utm_source%3Dunp%26utm_medium%3Demail%26utm_campaign%3DRT000186%26utm_unptid%3D09b8bd50-b31d-11ef-9fd6-7b2e619a4883%26ppid%3DRT000186%26cnac%3DUS%26rsta%3Den_US%2528en-US%2529%26unptid%3D09b8bd50-b31d-11ef-9fd6-7b2e619a4883%26calc%3Df8278373e34b4%26unp_tpcid%3Drequestmoney-notifications-requestee%26page%3Dmain%253Aemail%253ART000186%26pgrp%3Dmain%253Aemail%26e%3Dcl%26mchn%3Dem%26s%3Dci%26mail%3Dsys%26appVersion%3D1.294.0%26tenant_name%3D%26xt%3D145585%252C150948%252C104038%26link_ref%3Dwww.paypal.com_signin&cd=24&sw=1280&sh=1024&dw=1280&dh=1024&bw=1280&bh=907&ce=1&t1=1356&t1c=1356&t1d=0&t1s=1349&t2=588&t3=49&t4d=0&t4=0&t4e=3538&tt=0&rdc=0&protocol=http%2F1.1&res=%7B%7D HTTP/1.1Host: t.paypal.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.paypal.com/signinAccept-Encoding: gzip, deflate, brAccept-Language: en-US,e
Source: global traffic	HTTP traffic detected: GET /images/shared/momgram@2x.png HTTP/1.1Host: www.paypalobjects.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /web/res/5c0/6ee6d0880dac04be108377cc39752/js/lib/underscore-1.13.4.js HTTP/1.1Host: www.paypalobjects.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.paypal.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /web/res/5c0/6ee6d0880dac04be108377cc39752/js/core/nougat.js HTTP/1.1Host: www.paypalobjects.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /web/res/5c0/6ee6d0880dac04be108377cc39752/js/lib/dust-core.js HTTP/1.1Host: www.paypalobjects.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.paypal.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /signin HTTP/1.1Host: www.paypal.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: enforce_policy=ccpa; cookie_check=yes; d_id=c0c49a91e6384eadbaa4a565394e21da1733426393114; LANG=en_US%3BUS; nsid=s%3AGW_RscjBMue_uO0mnkc7Z8KQBUhwfX2j.FFWOARB2%2BuuO26tFpElNMknNGOEOXTm%2FpBrBjPfDp7c; l7_az=dcg15.slc; ts_c=vr%3D9843afe81930ad103d1b5fc8f7399779%26vt%3D9843afe81930ad103d1b5fc8f7399778; tsrce=authchallengenodeweb; datadome=2zSIQ6nLOyseIhoQRSN~ljKzrWXqLOG3PFrB4cQUzhceBqjeCfgVooetsKxKI34oWaTUvfSvwy_YOagypOlf4PEvJsYPbiciz7HvVuQJtF0E6p8pe5nWKIv_E8kuKWlq; ddbc=1; TLTSID=71139903928702455522704624189564; TLTDID=24394070527605051854525965496125; x-pp-s=eyJ0IjoiMTczMzQyNjQxNDgzNSIsImwiOiIwIiwibSI6IjAifQ; ts=vreXpYrS%3D1764962414%26vteXpYrS%3D1733428214%26vr%3D9843afe81930ad103d1b5fc8f7399779%26vt%3D9843afe81930ad103d1b5fc8f7399778%26vtyp%3Dnew
Source: global traffic	HTTP traffic detected: GET /web/res/5c0/6ee6d0880dac04be108377cc39752/js/router.js HTTP/1.1Host: www.paypalobjects.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /1/api.js?endpoint=https%3A%2F%2Fhcaptcha.paypal.com&assethost=https%3A%2F%2Fnewassets.hcaptcha.paypal.com&imghost=https%3A%2F%2Fimgs.hcaptcha.paypal.com&sentry=false&reportapi=https%3A%2F%2Faccounts.hcaptcha.paypal.com&host=hcaptcha.paypal.com&onload=hCaptchaCallback&render=explicit&hl=en HTTP/1.1Host: hcaptcha.paypal.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: enforce_policy=ccpa; cookie_check=yes; d_id=c0c49a91e6384eadbaa4a565394e21da1733426393114; LANG=en_US%3BUS; l7_az=dcg15.slc; ts_c=vr%3D9843afe81930ad103d1b5fc8f7399779%26vt%3D9843afe81930ad103d1b5fc8f7399778; tsrce=authchallengenodeweb; datadome=2zSIQ6nLOyseIhoQRSN~ljKzrWXqLOG3PFrB4cQUzhceBqjeCfgVooetsKxKI34oWaTUvfSvwy_YOagypOlf4PEvJsYPbiciz7HvVuQJtF0E6p8pe5nWKIv_E8kuKWlq; TLTSID=71139903928702455522704624189564; TLTDID=24394070527605051854525965496125; x-pp-s=eyJ0IjoiMTczMzQyNjQxNDgzNSIsImwiOiIwIiwibSI6IjAifQ; ts=vreXpYrS%3D1764962414%26vteXpYrS%3D1733428214%26vr%3D9843afe81930ad103d1b5fc8f7399779%26vt%3D9843afe81930ad103d1b5fc8f7399778%26vtyp%3Dnew
Source: global traffic	HTTP traffic detected: GET /ts?v=1.9.5&t=1733426412465&g=300&pgrp=authchallengenodeweb%2Flayouts%2Fmaster.html.dust&page=authchallengenodeweb%2Flayouts%2Fmaster.html.dust&pgst=1733426408434&calc=f876809cfbf28&nsid=GW_RscjBMue_uO0mnkc7Z8KQBUhwfX2j&rsta=en_US&pgtf=Nodejs&env=live&s=ci&ccpg=US&csci=55f3ef6c8bc44e84b7b3591ab89cc647&comp=authchallengenodeweb&tsrce=unifiedloginnodeweb&cu=0&ef_policy=ccpa&xe=109541%2C107585&xt=145835%2C135393&e=im&pglk=main%3Aunifiedlogin%3A%3A%3Alogin%7CbtnLogin&imsrc=setup&view=%7B%22t10%22%3A1356%2C%22t11%22%3A6702%2C%22tcp%22%3A4567%2C%22et%22%3A%223g%22%2C%22nt%22%3A%22navigate%22%2C%22bt%22%3A153%7D&ru=https%3A%2F%2Fwww.paypal.com%2Fsignin%2F%3FreturnUri%3D%252Fmyaccount%252Ftransfer%252FpayRequest%252FU-09584045BD498740V%252FU-5R763959NX153980F%253FclassicUrl%253D%252FUS%252Fcgi-bin%252F%253Fcmd%253D_prq%26id%3DOoO85MXTLVUkAlgY4sey9A8h.NxxqjO.iYbAWg%26expId%3Dp2p%26onboardData%3D%257B%2522signUpRequest%2522%253A%257B%2522method%2522%253A%2522get%2522%252C%2522url%2522%253A%2522https%253A%252F%252Fwww.paypal.com%252Fmyaccount%252Ftransfer%252FguestLogin%252FpayRequest%252FU-09584045BD498740V%252FU-5R763959NX153980F%253FclassicUrl%253D%252FUS%252Fcgi-bin%252F%253Fcmd%253D_prq%2526id%253DOoO85MXTLVUkAlgY4sey9A8h.NxxqjO.iYbAWg%2522%257D%257D%26flowContextData%3DF7WdIOgJmH6-07KTJ7GpdWXhkdDQxLohB4l-G7vuWGaUsw9VWkH3unndZA7YlCRgtETWTIDn9hNnR_R_XfGvdxeCRkDmtXLc6qqtXR9sC3Gp-59lNBELQtpM5xEv0i4rCTpJiBcP2uf4VFrJLL1b5u1XG7JtP5TfW7CNqxSVOxEb9_duKrmtDgpztBtl32bVeoc8BgW5poXyk9lJHcKrYdvBHSdT0mosqrrmaGj2a5uNQdBK70Mwpn9Zddmj0KI1GIZrXWvFcpnuRbvbli2inkizkeV4nR1uyKnBSzFqdPDcK4t7K9B6YiFhb5sS8DaQd7F6oWzSe-J8gPxVURmdwwOxFn1ycN09t9caUdBz1XMuv96GDJywuv2feJdoAI73PNjro1a2cFEKAWnCgtoHqxdBD3A1mVV3OiytkjtEUDdvp0GL3CNOAV9zIrunX_DmbTO6KOe21dniBkeG%26v%3D1%26utm_source%3Dunp%26utm_medium%3Demail%26utm_campaign%3DRT000186%26utm_unptid%3D09b8bd50-b31d-11ef-9fd6-7b2e619a4883%26ppid%3DRT000186%26cnac%3DUS%26rsta%3Den_US%2528en-US%2529%26unptid%3D09b8bd50-b31d-11ef-9fd6-7b2e619a4883%26calc%3Df8278373e34b4%26unp_tpcid%3Drequestmoney-notifications-requestee%26page%3Dmain%253Aemail%253ART000186%26pgrp%3Dmain%253Aemail%26e%3Dcl%26mchn%3Dem%26s%3Dci%26mail%3Dsys%26appVersion%3D1.294.0%26tenant_name%3D%26xt%3D145585%252C150948%252C104038%26link_ref%3Dwww.paypal.com_signin&cd=24&sw=1280&sh=1024&dw=1280&dh=1024&bw=1280&bh=907&ce=1&t1=1356&t1c=1356&t1d=0&t1s=1349&t2=588&t3=49&t4d=0&t4=0&t4e=3538&tt=0&rdc=0&protocol=http%2F1.1&res=%7B%7D HTTP/1.1Host: t.paypal.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: enforce_policy=ccpa; cookie_check=yes; d_id=c0c49a91e6384eadbaa4a565394e21da1733426393114; LANG=en_US%3BUS; l7_az=dcg15.slc; ts_c=vr%3D9843afe81930ad103d1b5fc8f7399779%26vt%3D9843afe81930ad103d1b5fc8f7399778; tsrce=authcha
Source: global traffic	HTTP traffic detected: GET /web/res/5c0/6ee6d0880dac04be108377cc39752/js/opinionLab/opinionLab.js HTTP/1.1Host: www.paypalobjects.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.paypal.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /web/res/5c0/6ee6d0880dac04be108377cc39752/js/opinionLab/onlineOpinionPopup.js HTTP/1.1Host: www.paypalobjects.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.paypal.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /web/res/5c0/6ee6d0880dac04be108377cc39752/js/core/baseView.js HTTP/1.1Host: www.paypalobjects.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.paypal.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /web/res/5c0/6ee6d0880dac04be108377cc39752/js/opinionLab/opinionLabComponent.js HTTP/1.1Host: www.paypalobjects.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /captcha/v1/d136a52/static/hcaptcha.html HTTP/1.1Host: newassets.hcaptcha.paypal.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://www.paypalobjects.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: enforce_policy=ccpa; cookie_check=yes; d_id=c0c49a91e6384eadbaa4a565394e21da1733426393114; LANG=en_US%3BUS; l7_az=dcg15.slc; ts_c=vr%3D9843afe81930ad103d1b5fc8f7399779%26vt%3D9843afe81930ad103d1b5fc8f7399778; tsrce=authchallengenodeweb; x-pp-s=eyJ0IjoiMTczMzQyNjQxNDgzNSIsImwiOiIwIiwibSI6IjAifQ; ts=vreXpYrS%3D1764962414%26vteXpYrS%3D1733428214%26vr%3D9843afe81930ad103d1b5fc8f7399779%26vt%3D9843afe81930ad103d1b5fc8f7399778%26vtyp%3Dnew
Source: global traffic	HTTP traffic detected: GET /web/res/5c0/6ee6d0880dac04be108377cc39752/js/widgets/analytics.js HTTP/1.1Host: www.paypalobjects.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /web/res/5c0/6ee6d0880dac04be108377cc39752/js/lib/jquery-1.12.4.js HTTP/1.1Host: www.paypalobjects.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /web/res/5c0/6ee6d0880dac04be108377cc39752/js/lib/underscore-1.13.4.js HTTP/1.1Host: www.paypalobjects.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /web/res/5c0/6ee6d0880dac04be108377cc39752/js/lib/dust-core.js HTTP/1.1Host: www.paypalobjects.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /auth/logclientdata HTTP/1.1Host: www.paypal.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: enforce_policy=ccpa; cookie_check=yes; d_id=c0c49a91e6384eadbaa4a565394e21da1733426393114; LANG=en_US%3BUS; nsid=s%3AGW_RscjBMue_uO0mnkc7Z8KQBUhwfX2j.FFWOARB2%2BuuO26tFpElNMknNGOEOXTm%2FpBrBjPfDp7c; l7_az=dcg15.slc; ts_c=vr%3D9843afe81930ad103d1b5fc8f7399779%26vt%3D9843afe81930ad103d1b5fc8f7399778; tsrce=authchallengenodeweb; ddbc=1; TLTSID=71139903928702455522704624189564; TLTDID=24394070527605051854525965496125; datadome=buJ29aABw9ywhcwsxLedKnsC4BAmLRyJrGVvMBQoK~J0j0xnjOkH7nUpkES4yULXec_bkkBjWn~DdWPkGMh7Bdg7HO475FpNdpN2VKAqG6qmkS5tul3JkYU8x_vn1Pe1; x-pp-s=eyJ0IjoiMTczMzQyNjQxNjgwNiIsImwiOiIwIiwibSI6IjAifQ; ts=vreXpYrS%3D1764962416%26vteXpYrS%3D1733428216%26vr%3D9843afe81930ad103d1b5fc8f7399779%26vt%3D9843afe81930ad103d1b5fc8f7399778%26vtyp%3Dnew
Source: global traffic	HTTP traffic detected: GET /web/res/5c0/6ee6d0880dac04be108377cc39752/js/lib/backbone-1.5.0.min.js HTTP/1.1Host: www.paypalobjects.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.paypal.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /web/res/5c0/6ee6d0880dac04be108377cc39752/js/lib/dust-helpers.js HTTP/1.1Host: www.paypalobjects.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.paypal.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /web/res/5c0/6ee6d0880dac04be108377cc39752/js/opinionLab/onlineOpinionPopup.js HTTP/1.1Host: www.paypalobjects.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /web/res/5c0/6ee6d0880dac04be108377cc39752/js/opinionLab/opinionLab.js HTTP/1.1Host: www.paypalobjects.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /web/res/5c0/6ee6d0880dac04be108377cc39752/js/core/baseView.js HTTP/1.1Host: www.paypalobjects.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /auth/logclientdata HTTP/1.1Host: www.paypal.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: enforce_policy=ccpa; cookie_check=yes; d_id=c0c49a91e6384eadbaa4a565394e21da1733426393114; LANG=en_US%3BUS; nsid=s%3AGW_RscjBMue_uO0mnkc7Z8KQBUhwfX2j.FFWOARB2%2BuuO26tFpElNMknNGOEOXTm%2FpBrBjPfDp7c; l7_az=dcg15.slc; ts_c=vr%3D9843afe81930ad103d1b5fc8f7399779%26vt%3D9843afe81930ad103d1b5fc8f7399778; tsrce=authchallengenodeweb; ddbc=1; TLTSID=71139903928702455522704624189564; TLTDID=24394070527605051854525965496125; datadome=buJ29aABw9ywhcwsxLedKnsC4BAmLRyJrGVvMBQoK~J0j0xnjOkH7nUpkES4yULXec_bkkBjWn~DdWPkGMh7Bdg7HO475FpNdpN2VKAqG6qmkS5tul3JkYU8x_vn1Pe1; ts=vreXpYrS%3D1764962416%26vteXpYrS%3D1733428216%26vr%3D9843afe81930ad103d1b5fc8f7399779%26vt%3D9843afe81930ad103d1b5fc8f7399778%26vtyp%3Dnew; x-pp-s=eyJ0IjoiMTczMzQyNjQxNjgxMCIsImwiOiIwIiwibSI6IjAifQ
Source: global traffic	HTTP traffic detected: GET /signin HTTP/1.1Host: www.paypal.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: enforce_policy=ccpa; cookie_check=yes; d_id=c0c49a91e6384eadbaa4a565394e21da1733426393114; LANG=en_US%3BUS; nsid=s%3AGW_RscjBMue_uO0mnkc7Z8KQBUhwfX2j.FFWOARB2%2BuuO26tFpElNMknNGOEOXTm%2FpBrBjPfDp7c; l7_az=dcg15.slc; ts_c=vr%3D9843afe81930ad103d1b5fc8f7399779%26vt%3D9843afe81930ad103d1b5fc8f7399778; tsrce=authchallengenodeweb; ddbc=1; TLTSID=71139903928702455522704624189564; TLTDID=24394070527605051854525965496125; datadome=buJ29aABw9ywhcwsxLedKnsC4BAmLRyJrGVvMBQoK~J0j0xnjOkH7nUpkES4yULXec_bkkBjWn~DdWPkGMh7Bdg7HO475FpNdpN2VKAqG6qmkS5tul3JkYU8x_vn1Pe1; x-pp-s=eyJ0IjoiMTczMzQyNjQxODYxNyIsImwiOiIwIiwibSI6IjAifQ; ts=vreXpYrS%3D1764962418%26vteXpYrS%3D1733428218%26vr%3D9843afe81930ad103d1b5fc8f7399779%26vt%3D9843afe81930ad103d1b5fc8f7399778%26vtyp%3Dnew
Source: global traffic	HTTP traffic detected: GET /web/res/5c0/6ee6d0880dac04be108377cc39752/js/lib/dust-helpers-supplement.js HTTP/1.1Host: www.paypalobjects.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.paypal.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /web/res/5c0/6ee6d0880dac04be108377cc39752/js/lib/dust-helpers.js HTTP/1.1Host: www.paypalobjects.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /checksiteconfig?v=d136a52&host=hcaptcha.paypal.com&sitekey=bf07db68-5c2e-42e8-8779-ea8384890eea&sc=1&swa=1&spst=1 HTTP/1.1Host: hcaptcha.paypal.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: enforce_policy=ccpa; cookie_check=yes; d_id=c0c49a91e6384eadbaa4a565394e21da1733426393114; LANG=en_US%3BUS; l7_az=dcg15.slc; ts_c=vr%3D9843afe81930ad103d1b5fc8f7399779%26vt%3D9843afe81930ad103d1b5fc8f7399778; tsrce=authchallengenodeweb; TLTSID=71139903928702455522704624189564; TLTDID=24394070527605051854525965496125; datadome=buJ29aABw9ywhcwsxLedKnsC4BAmLRyJrGVvMBQoK~J0j0xnjOkH7nUpkES4yULXec_bkkBjWn~DdWPkGMh7Bdg7HO475FpNdpN2VKAqG6qmkS5tul3JkYU8x_vn1Pe1; x-pp-s=eyJ0IjoiMTczMzQyNjQxODYxNyIsImwiOiIwIiwibSI6IjAifQ; ts=vreXpYrS%3D1764962418%26vteXpYrS%3D1733428218%26vr%3D9843afe81930ad103d1b5fc8f7399779%26vt%3D9843afe81930ad103d1b5fc8f7399778%26vtyp%3Dnew
Source: global traffic	HTTP traffic detected: GET /c/cc9cbcc44893d9601186ed793b76ac72a56a3e176be51252819b38f7d2f1f97c/hsw.js HTTP/1.1Host: newassets.hcaptcha.paypal.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://newassets.hcaptcha.paypal.com/captcha/v1/d136a52/static/hcaptcha.htmlAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: enforce_policy=ccpa; cookie_check=yes; d_id=c0c49a91e6384eadbaa4a565394e21da1733426393114; LANG=en_US%3BUS; l7_az=dcg15.slc; ts_c=vr%3D9843afe81930ad103d1b5fc8f7399779%26vt%3D9843afe81930ad103d1b5fc8f7399778; tsrce=authchallengenodeweb; x-pp-s=eyJ0IjoiMTczMzQyNjQxODYxNyIsImwiOiIwIiwibSI6IjAifQ; ts=vreXpYrS%3D1764962418%26vteXpYrS%3D1733428218%26vr%3D9843afe81930ad103d1b5fc8f7399779%26vt%3D9843afe81930ad103d1b5fc8f7399778%26vtyp%3Dnew
Source: global traffic	HTTP traffic detected: GET /web/res/5c0/6ee6d0880dac04be108377cc39752/js/lib/backbone-1.5.0.min.js HTTP/1.1Host: www.paypalobjects.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /platform/tealeaftarget HTTP/1.1Host: www.paypal.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: enforce_policy=ccpa; cookie_check=yes; d_id=c0c49a91e6384eadbaa4a565394e21da1733426393114; LANG=en_US%3BUS; nsid=s%3AGW_RscjBMue_uO0mnkc7Z8KQBUhwfX2j.FFWOARB2%2BuuO26tFpElNMknNGOEOXTm%2FpBrBjPfDp7c; l7_az=dcg15.slc; ts_c=vr%3D9843afe81930ad103d1b5fc8f7399779%26vt%3D9843afe81930ad103d1b5fc8f7399778; tsrce=authchallengenodeweb; ddbc=1; TLTSID=71139903928702455522704624189564; TLTDID=24394070527605051854525965496125; datadome=buJ29aABw9ywhcwsxLedKnsC4BAmLRyJrGVvMBQoK~J0j0xnjOkH7nUpkES4yULXec_bkkBjWn~DdWPkGMh7Bdg7HO475FpNdpN2VKAqG6qmkS5tul3JkYU8x_vn1Pe1; x-pp-s=eyJ0IjoiMTczMzQyNjQxODYxNyIsImwiOiIwIiwibSI6IjAifQ; ts=vreXpYrS%3D1764962420%26vteXpYrS%3D1733428220%26vr%3D9843afe81930ad103d1b5fc8f7399779%26vt%3D9843afe81930ad103d1b5fc8f7399778%26vtyp%3Dnew
Source: global traffic	HTTP traffic detected: GET /signin HTTP/1.1Host: www.paypal.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: enforce_policy=ccpa; cookie_check=yes; d_id=c0c49a91e6384eadbaa4a565394e21da1733426393114; LANG=en_US%3BUS; nsid=s%3AGW_RscjBMue_uO0mnkc7Z8KQBUhwfX2j.FFWOARB2%2BuuO26tFpElNMknNGOEOXTm%2FpBrBjPfDp7c; l7_az=dcg15.slc; ts_c=vr%3D9843afe81930ad103d1b5fc8f7399779%26vt%3D9843afe81930ad103d1b5fc8f7399778; tsrce=authchallengenodeweb; ddbc=1; TLTSID=71139903928702455522704624189564; TLTDID=24394070527605051854525965496125; ts=vreXpYrS%3D1764962420%26vteXpYrS%3D1733428220%26vr%3D9843afe81930ad103d1b5fc8f7399779%26vt%3D9843afe81930ad103d1b5fc8f7399778%26vtyp%3Dnew; datadome=zlCfnW4VK7jZ4nx3Wxq6AKd3Z_~7eyMfMhlNSkGMKu3K4trVcOiYHsbYXb5G7_4qFcXjIsA74xDGn6O_IMMYA5IGahByNnX~gFFzwtJcfNQpoB~xxgh~HvIFEFRl24fv; x-pp-s=eyJ0IjoiMTczMzQyNjQyMDQwMiIsImwiOiIwIiwibSI6IjAifQ
Source: global traffic	HTTP traffic detected: GET /ts?v=1.9.5&t=1733426420899&g=300&page=main%3Aauthchallenge%3A%3Asignin&pgst=1733426408434&calc=f876809cfbf28&nsid=GW_RscjBMue_uO0mnkc7Z8KQBUhwfX2j&rsta=en_US&pgtf=Nodejs&env=live&s=ci&ccpg=US&csci=55f3ef6c8bc44e84b7b3591ab89cc647&comp=authchallengenodeweb&tsrce=unifiedloginnodeweb&cu=0&ef_policy=ccpa&xe=109541%2C107585&xt=145835%2C135393&view=%7B%22t10%22%3A0%2C%22t11%22%3A10703%2C%22nt%22%3A%22manual%22%7D&ads_client_data=Navigator(appCodeName%3DMozilla%7CappName%3DNetscape%7CappVersion%3D5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F117.0.0.0%20Safari%2F537.36%7CuserAgent%3DMozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F117.0.0.0%20Safari%2F537.36%7Cwebdriverfalse%7CdeviceMemory8%7Cgeolocation(Available)%7Clanguage%3Den-US%7ConLine%3Dtrue%7Cplatform%3DWin32%7Cproduct%3DGecko)%7CHistory(2)%7Cscreen(1280%2C1024%2C1280%2C984%2C24%2C24)%7Cwindow(Width%3D1280%7Cheight%3D907%7CmozRTCPeerConnection%3Dundefined%7CChrome%3D%5Bobject%20Object%5D%7CcallPhantom%3Dundefined%7C_phantom%3Dundefined%7Cstr%3Dundefined%7Clength%3D1%7CdevicePixelRatio%3D1)%7CloginPresent(false)%7CloginTitle()%7Creferrer(https%3A%2F%2Fwww.paypal.com%2Fsignin%2F%3FreturnUri%3D%252Fmyaccount%252Ftransfer%252FpayRequest%252FU-09584045BD498740V%252FU-5R763959NX153980F%253FclassicUrl%253D%252FUS%252Fcgi-bin%252F%253Fcmd%253D_prq%26id%3DOoO85MXTLVUkAlgY4sey9A8h.NxxqjO.iYbAWg%26expId%3Dp2p%26onboardData%3D%257B%2522signUpRequest%2522%253A%257B%2522method%2522%253A%2522get%2522%252C%2522url%2522%253A%2522https%253A%252F%252Fwww.paypal.com%252Fmyaccount%252Ftransfer%252FguestLogin%252FpayRequest%252FU-09584045BD498740V%252FU-5R763959NX153980F%253FclassicUrl%253D%252FUS%252Fcgi-bin%252F%253Fcmd%253D_prq%2526id%253DOoO85MXTLVUkAlgY4sey9A8h.NxxqjO.iYbAWg%2522%257D%257D%26flowContextData%3DF7WdIOgJmH6-07KTJ7GpdWXhkdDQxLohB4l-G7vuWGaUsw9VWkH3unndZA7YlCRgtETWTIDn9hNnR_R_XfGvdxeCRkDmtXLc6qqtXR9sC3Gp-59lNBELQtpM5xEv0i4rCTpJiBcP2uf4VFrJLL1b5u1XG7JtP5TfW7CNqxSVOxEb9_duKrmtDgpztBtl32bVeoc8BgW5poXyk9lJHcKrYdvBHSdT0mosqrrmaGj2a5uNQdBK70Mwpn9Zddmj0KI1GIZrXWvFcpnuRbvbli2inkizkeV4nR1uyKnBSzFqdPDcK4t7K9B6YiFhb5sS8DaQd7F6oWzSe-J8gPxVURmdwwOxFn1ycN09t9caUdBz1XMuv96GDJywuv2feJdoAI73PNjro1a2cFEKAWnCgtoHqxdBD3A1mVV3OiytkjtEUDdvp0GL3CNOAV9zIrunX_DmbTO6KOe21dniBkeG%26v%3D1%26utm_source%3Dunp%26utm_medium%3Demail%26utm_campaign%3DRT000186%26utm_unptid%3D09b8bd50-b31d-11ef-9fd6-7b2e619a4883%26ppid%3DRT000186%26cnac%3DUS%26rsta%3Den_US%2528en-US%2529%26unptid%3D09b8bd50-b31d-11ef-9fd6-7b2e619a4883%26calc%3Df8278373e34b4%26unp_tpcid%3Drequestmoney-notifications-requestee%26page%3Dmain%253Aemail%253ART000186%26pgrp%3Dmain%253Aemail%26e%3Dcl%26mchn%3Dem%26s%3Dci%26mail%3Dsys%26appVersion%3D1.294.0%26tenant_name%3D%26xt%3D145585%252C150948%252C104038%26link_ref%3Dwww.paypal.com_signin)%7Cplugins%3A(PDF%20Viewer%20%7C%20internal-pdf-viewer%20%7C%20Portable%20Document%20Format%20%7C
Source: global traffic	HTTP traffic detected: GET /error?code=404&ref=tealeaf HTTP/1.1Host: www.paypal.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: enforce_policy=ccpa; cookie_check=yes; d_id=c0c49a91e6384eadbaa4a565394e21da1733426393114; LANG=en_US%3BUS; nsid=s%3AGW_RscjBMue_uO0mnkc7Z8KQBUhwfX2j.FFWOARB2%2BuuO26tFpElNMknNGOEOXTm%2FpBrBjPfDp7c; l7_az=dcg15.slc; ts_c=vr%3D9843afe81930ad103d1b5fc8f7399779%26vt%3D9843afe81930ad103d1b5fc8f7399778; tsrce=authchallengenodeweb; ddbc=1; TLTSID=71139903928702455522704624189564; TLTDID=24394070527605051854525965496125; datadome=zlCfnW4VK7jZ4nx3Wxq6AKd3Z_~7eyMfMhlNSkGMKu3K4trVcOiYHsbYXb5G7_4qFcXjIsA74xDGn6O_IMMYA5IGahByNnX~gFFzwtJcfNQpoB~xxgh~HvIFEFRl24fv; x-pp-s=eyJ0IjoiMTczMzQyNjQyMDQwMiIsImwiOiIwIiwibSI6IjAifQ; ts=vreXpYrS%3D1764962421%26vteXpYrS%3D1733428221%26vr%3D9843afe81930ad103d1b5fc8f7399779%26vt%3D9843afe81930ad103d1b5fc8f7399778%26vtyp%3Dnew
Source: global traffic	HTTP traffic detected: GET /en_US/i/icon/pp_favicon_x.ico HTTP/1.1Host: www.paypalobjects.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.paypal.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /web/res/5c0/6ee6d0880dac04be108377cc39752/js/view/authcaptcha.js HTTP/1.1Host: www.paypalobjects.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.paypal.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /web/res/5c0/6ee6d0880dac04be108377cc39752/js/lib/dust-helpers-supplement.js HTTP/1.1Host: www.paypalobjects.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /c/cc9cbcc44893d9601186ed793b76ac72a56a3e176be51252819b38f7d2f1f97c/hsw.js HTTP/1.1Host: newassets.hcaptcha.paypal.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: enforce_policy=ccpa; cookie_check=yes; d_id=c0c49a91e6384eadbaa4a565394e21da1733426393114; LANG=en_US%3BUS; l7_az=dcg15.slc; ts_c=vr%3D9843afe81930ad103d1b5fc8f7399779%26vt%3D9843afe81930ad103d1b5fc8f7399778; tsrce=authchallengenodeweb; TLTSID=71139903928702455522704624189564; TLTDID=24394070527605051854525965496125; x-pp-s=eyJ0IjoiMTczMzQyNjQyMDQwMiIsImwiOiIwIiwibSI6IjAifQ; ts=vreXpYrS%3D1764962421%26vteXpYrS%3D1733428221%26vr%3D9843afe81930ad103d1b5fc8f7399779%26vt%3D9843afe81930ad103d1b5fc8f7399778%26vtyp%3Dnew; datadome=bM~ynBB3bJdLhO16FWg6WKMgmd5XU0mXJDQI5ziGzzaWLLOXMcHObFQdtk_iaOLGL7P8__KdrpkLbWBika1h5rB8Gf~tT1jd~AoCxYQ2IGD0IVgVDDCNYZg3ZjqvvJUH
Source: global traffic	HTTP traffic detected: GET /ts?v=1.9.5&t=1733426420899&g=300&page=main%3Aauthchallenge%3A%3Asignin&pgst=1733426408434&calc=f876809cfbf28&nsid=GW_RscjBMue_uO0mnkc7Z8KQBUhwfX2j&rsta=en_US&pgtf=Nodejs&env=live&s=ci&ccpg=US&csci=55f3ef6c8bc44e84b7b3591ab89cc647&comp=authchallengenodeweb&tsrce=unifiedloginnodeweb&cu=0&ef_policy=ccpa&xe=109541%2C107585&xt=145835%2C135393&view=%7B%22t10%22%3A0%2C%22t11%22%3A10703%2C%22nt%22%3A%22manual%22%7D&ads_client_data=Navigator(appCodeName%3DMozilla%7CappName%3DNetscape%7CappVersion%3D5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F117.0.0.0%20Safari%2F537.36%7CuserAgent%3DMozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F117.0.0.0%20Safari%2F537.36%7Cwebdriverfalse%7CdeviceMemory8%7Cgeolocation(Available)%7Clanguage%3Den-US%7ConLine%3Dtrue%7Cplatform%3DWin32%7Cproduct%3DGecko)%7CHistory(2)%7Cscreen(1280%2C1024%2C1280%2C984%2C24%2C24)%7Cwindow(Width%3D1280%7Cheight%3D907%7CmozRTCPeerConnection%3Dundefined%7CChrome%3D%5Bobject%20Object%5D%7CcallPhantom%3Dundefined%7C_phantom%3Dundefined%7Cstr%3Dundefined%7Clength%3D1%7CdevicePixelRatio%3D1)%7CloginPresent(false)%7CloginTitle()%7Creferrer(https%3A%2F%2Fwww.paypal.com%2Fsignin%2F%3FreturnUri%3D%252Fmyaccount%252Ftransfer%252FpayRequest%252FU-09584045BD498740V%252FU-5R763959NX153980F%253FclassicUrl%253D%252FUS%252Fcgi-bin%252F%253Fcmd%253D_prq%26id%3DOoO85MXTLVUkAlgY4sey9A8h.NxxqjO.iYbAWg%26expId%3Dp2p%26onboardData%3D%257B%2522signUpRequest%2522%253A%257B%2522method%2522%253A%2522get%2522%252C%2522url%2522%253A%2522https%253A%252F%252Fwww.paypal.com%252Fmyaccount%252Ftransfer%252FguestLogin%252FpayRequest%252FU-09584045BD498740V%252FU-5R763959NX153980F%253FclassicUrl%253D%252FUS%252Fcgi-bin%252F%253Fcmd%253D_prq%2526id%253DOoO85MXTLVUkAlgY4sey9A8h.NxxqjO.iYbAWg%2522%257D%257D%26flowContextData%3DF7WdIOgJmH6-07KTJ7GpdWXhkdDQxLohB4l-G7vuWGaUsw9VWkH3unndZA7YlCRgtETWTIDn9hNnR_R_XfGvdxeCRkDmtXLc6qqtXR9sC3Gp-59lNBELQtpM5xEv0i4rCTpJiBcP2uf4VFrJLL1b5u1XG7JtP5TfW7CNqxSVOxEb9_duKrmtDgpztBtl32bVeoc8BgW5poXyk9lJHcKrYdvBHSdT0mosqrrmaGj2a5uNQdBK70Mwpn9Zddmj0KI1GIZrXWvFcpnuRbvbli2inkizkeV4nR1uyKnBSzFqdPDcK4t7K9B6YiFhb5sS8DaQd7F6oWzSe-J8gPxVURmdwwOxFn1ycN09t9caUdBz1XMuv96GDJywuv2feJdoAI73PNjro1a2cFEKAWnCgtoHqxdBD3A1mVV3OiytkjtEUDdvp0GL3CNOAV9zIrunX_DmbTO6KOe21dniBkeG%26v%3D1%26utm_source%3Dunp%26utm_medium%3Demail%26utm_campaign%3DRT000186%26utm_unptid%3D09b8bd50-b31d-11ef-9fd6-7b2e619a4883%26ppid%3DRT000186%26cnac%3DUS%26rsta%3Den_US%2528en-US%2529%26unptid%3D09b8bd50-b31d-11ef-9fd6-7b2e619a4883%26calc%3Df8278373e34b4%26unp_tpcid%3Drequestmoney-notifications-requestee%26page%3Dmain%253Aemail%253ART000186%26pgrp%3Dmain%253Aemail%26e%3Dcl%26mchn%3Dem%26s%3Dci%26mail%3Dsys%26appVersion%3D1.294.0%26tenant_name%3D%26xt%3D145585%252C150948%252C104038%26link_ref%3Dwww.paypal.com_signin)%7Cplugins%3A(PDF%20Viewer%20%7C%20internal-pdf-viewer%20%7C%20Portable%20Document%20Format%20%7C
Source: global traffic	HTTP traffic detected: GET /web/res/5c0/6ee6d0880dac04be108377cc39752/js/view/pageView.js HTTP/1.1Host: www.paypalobjects.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.paypal.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /web/res/5c0/6ee6d0880dac04be108377cc39752/js/widgets/validation.js HTTP/1.1Host: www.paypalobjects.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.paypal.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /web/res/5c0/6ee6d0880dac04be108377cc39752/js/view/authcaptcha.js HTTP/1.1Host: www.paypalobjects.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /web/res/5c0/6ee6d0880dac04be108377cc39752/js/widgets/errorDisplay.js HTTP/1.1Host: www.paypalobjects.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.paypal.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /en_US/i/icon/pp_favicon_x.ico HTTP/1.1Host: www.paypalobjects.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /web/res/5c0/6ee6d0880dac04be108377cc39752/js/widgets/validation.js HTTP/1.1Host: www.paypalobjects.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /web/res/5c0/6ee6d0880dac04be108377cc39752/js/view/pageView.js HTTP/1.1Host: www.paypalobjects.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /web/res/5c0/6ee6d0880dac04be108377cc39752/js/widgets/errorDisplay.js HTTP/1.1Host: www.paypalobjects.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /platform/tealeaftarget HTTP/1.1Host: www.paypal.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: cookie_check=yes; d_id=c0c49a91e6384eadbaa4a565394e21da1733426393114; LANG=en_US%3BUS; nsid=s%3AGW_RscjBMue_uO0mnkc7Z8KQBUhwfX2j.FFWOARB2%2BuuO26tFpElNMknNGOEOXTm%2FpBrBjPfDp7c; ts_c=vr%3D9843afe81930ad103d1b5fc8f7399779%26vt%3D9843afe81930ad103d1b5fc8f7399778; tsrce=authchallengenodeweb; ddbc=1; TLTDID=24394070527605051854525965496125; datadome=bM~ynBB3bJdLhO16FWg6WKMgmd5XU0mXJDQI5ziGzzaWLLOXMcHObFQdtk_iaOLGL7P8__KdrpkLbWBika1h5rB8Gf~tT1jd~AoCxYQ2IGD0IVgVDDCNYZg3ZjqvvJUH; navcmd=_home; consumer_display=USER_HOMEPAGE%3d0%26USER_TARGETPAGE%3d0%26USER_FILTER_CHOICE%3d0%26BALANCE_MODULE_STATE%3d1%26GIFT_BALANCE_MODULE_STATE%3d1%26LAST_SELECTED_ALIAS_ID%3d0%26SELLING_GROUP%3d1%26PAYMENT_AND_RISK_GROUP%3d1%26SHIPPING_GROUP%3d1%26HOME_VERSION%3d1733512824%26MCE2_ELIGIBILITY%3d4294967295; KHcl0EuY7AKSMgfvHl7J5E7hPtK=e8Aybs6oslr-bMqe7Sys4NhzhKpzEuSdnyUDbASsROZPnCvHiWh4vm5ZjAaQ2Qpb8b_2_tcve-m3ViPb; navlns=0.0; cwrClyrK4LoCV1fydGbAxiNL6iG=HQRPk1eznmxkJQ0Lij4aVU8K90Nv6O0-kArU-_XmowhjYl5mYt3HUTkd0ay7I_f1ciUI1SfUoKw50iKNBv5Rl2kqO_s-CM6dnNSaks4pTUFS8MGhVTFs7J_1IBYCsQ5aTjQPX-StBUTbLtrsCh3ItqSKWS3iNKCbgnFtxxz6PzmZnnHcaii2Xn7VyMhjH0v5ruWAQpQSx6X7E968XSz_WjaowAUX_IdrkXB_yV3gI7YRCjpCWqDFCBWFv7yo6GRHz4HJq7bSJwdNF8bRLMBVk3Ve6sDnMdbC7e6SwgapT7n6qjQzmd1beuAYTrrp-srARyi-ZHfK45JC41xdeZidOAWgfKSVoH_Xl7XBd3GeycqlEQcHdQVzFS1hwZu0-9yp8tITGN-8qv21pRG0pekmR3BCek3-JYjRVSV97batBaqoPWnjuLGFUOPIaZe; x-pp-s=eyJ0IjoiMTczMzQyNjQyNDk1NiIsImwiOiIwIiwibSI6IjAifQ; l7_az=dcg01.phx; ts=vreXpYrS%3D1764962442%26vteXpYrS%3D1733428242%26vr%3D9843afe81930ad103d1b5fc8f7399779%26vt%3D9843afe81930ad103d1b5fc8f7399778%26vtyp%3Dnew
Source: global traffic	HTTP traffic detected: GET /error?code=404&ref=tealeaf HTTP/1.1Host: www.paypal.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: cookie_check=yes; d_id=c0c49a91e6384eadbaa4a565394e21da1733426393114; LANG=en_US%3BUS; nsid=s%3AGW_RscjBMue_uO0mnkc7Z8KQBUhwfX2j.FFWOARB2%2BuuO26tFpElNMknNGOEOXTm%2FpBrBjPfDp7c; ts_c=vr%3D9843afe81930ad103d1b5fc8f7399779%26vt%3D9843afe81930ad103d1b5fc8f7399778; tsrce=authchallengenodeweb; ddbc=1; TLTDID=24394070527605051854525965496125; datadome=bM~ynBB3bJdLhO16FWg6WKMgmd5XU0mXJDQI5ziGzzaWLLOXMcHObFQdtk_iaOLGL7P8__KdrpkLbWBika1h5rB8Gf~tT1jd~AoCxYQ2IGD0IVgVDDCNYZg3ZjqvvJUH; navcmd=_home; consumer_display=USER_HOMEPAGE%3d0%26USER_TARGETPAGE%3d0%26USER_FILTER_CHOICE%3d0%26BALANCE_MODULE_STATE%3d1%26GIFT_BALANCE_MODULE_STATE%3d1%26LAST_SELECTED_ALIAS_ID%3d0%26SELLING_GROUP%3d1%26PAYMENT_AND_RISK_GROUP%3d1%26SHIPPING_GROUP%3d1%26HOME_VERSION%3d1733512824%26MCE2_ELIGIBILITY%3d4294967295; KHcl0EuY7AKSMgfvHl7J5E7hPtK=e8Aybs6oslr-bMqe7Sys4NhzhKpzEuSdnyUDbASsROZPnCvHiWh4vm5ZjAaQ2Qpb8b_2_tcve-m3ViPb; navlns=0.0; cwrClyrK4LoCV1fydGbAxiNL6iG=HQRPk1eznmxkJQ0Lij4aVU8K90Nv6O0-kArU-_XmowhjYl5mYt3HUTkd0ay7I_f1ciUI1SfUoKw50iKNBv5Rl2kqO_s-CM6dnNSaks4pTUFS8MGhVTFs7J_1IBYCsQ5aTjQPX-StBUTbLtrsCh3ItqSKWS3iNKCbgnFtxxz6PzmZnnHcaii2Xn7VyMhjH0v5ruWAQpQSx6X7E968XSz_WjaowAUX_IdrkXB_yV3gI7YRCjpCWqDFCBWFv7yo6GRHz4HJq7bSJwdNF8bRLMBVk3Ve6sDnMdbC7e6SwgapT7n6qjQzmd1beuAYTrrp-srARyi-ZHfK45JC41xdeZidOAWgfKSVoH_Xl7XBd3GeycqlEQcHdQVzFS1hwZu0-9yp8tITGN-8qv21pRG0pekmR3BCek3-JYjRVSV97batBaqoPWnjuLGFUOPIaZe; x-pp-s=eyJ0IjoiMTczMzQyNjQyNDk1NiIsImwiOiIwIiwibSI6IjAifQ; l7_az=dcg01.phx; ts=vreXpYrS%3D1764962444%26vteXpYrS%3D1733428244%26vr%3D9843afe81930ad103d1b5fc8f7399779%26vt%3D9843afe81930ad103d1b5fc8f7399778%26vtyp%3Dnew

Source: chromecache_217.2.dr, chromecache_178.2.dr

String found in binary or memory: 'host': 'www.facebook.com', equals www.facebook.com (Facebook)

Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: www.paypal.com
Source: global traffic	DNS traffic detected: DNS query: ddbm2.paypal.com
Source: global traffic	DNS traffic detected: DNS query: www.paypalobjects.com
Source: global traffic	DNS traffic detected: DNS query: t.paypal.com
Source: global traffic	DNS traffic detected: DNS query: www.recaptcha.net
Source: global traffic	DNS traffic detected: DNS query: hcaptcha.paypal.com
Source: global traffic	DNS traffic detected: DNS query: newassets.hcaptcha.paypal.com

Source: unknown

HTTP traffic detected: POST /js/ HTTP/1.1Host: ddbm2.paypal.comConnection: keep-aliveContent-Length: 5845sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Content-type: application/x-www-form-urlencodedX-Requested-With: XMLHttpRequestsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Origin: https://www.paypal.comSec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.paypal.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenConnection: closeContent-Length: 708Content-Type: text/html;charset=utf-8Server: DataDomeX-DataDome: protectedAccept-CH: Sec-CH-UA,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-Arch,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Model,Sec-CH-Device-MemoryCharset: utf-8Cache-Control: max-age=0, private, no-cache, no-store, must-revalidatePragma: no-cacheAccess-Control-Allow-Credentials: trueAccess-Control-Expose-Headers: x-dd-b, x-set-cookieAccess-Control-Allow-Origin: *X-DataDome-CID: AHrlqAAAAAMAg8WuNM8BK3AACC575A==X-DD-B: 1Set-Cookie: datadome=2zSIQ6nLOyseIhoQRSN~ljKzrWXqLOG3PFrB4cQUzhceBqjeCfgVooetsKxKI34oWaTUvfSvwy_YOagypOlf4PEvJsYPbiciz7HvVuQJtF0E6p8pe5nWKIv_E8kuKWlq; Max-Age=2592000; Domain=.paypal.com; Path=/; Secure; SameSite=LaxAccept-Ranges: bytesDate: Thu, 05 Dec 2024 19:20:10 GMTVia: 1.1 varnishPaypal-Debug-Id: f9692415ad784Strict-Transport-Security: max-age=63072000; includeSubDomains; preloadX-Served-By: cache-nyc-kteb1890096-NYCX-Cache: MISSX-Cache-Hits: 0X-Timer: S1733426411.805358,VS0,VE18set-cookie: ddbc=1; secure; httponlyServer-Timing: content-encoding;desc="",x-cdn;desc="fastly"
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenConnection: closeContent-Length: 708Content-Type: text/html;charset=utf-8Server: DataDomeX-DataDome: protectedAccept-CH: Sec-CH-UA,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-Arch,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Model,Sec-CH-Device-MemoryCharset: utf-8Cache-Control: max-age=0, private, no-cache, no-store, must-revalidatePragma: no-cacheAccess-Control-Allow-Credentials: trueAccess-Control-Expose-Headers: x-dd-b, x-set-cookieAccess-Control-Allow-Origin: *X-DataDome-CID: AHrlqAAAAAMAg8WuNM8BK3AACC575A==X-DD-B: 1Set-Cookie: datadome=buJ29aABw9ywhcwsxLedKnsC4BAmLRyJrGVvMBQoK~J0j0xnjOkH7nUpkES4yULXec_bkkBjWn~DdWPkGMh7Bdg7HO475FpNdpN2VKAqG6qmkS5tul3JkYU8x_vn1Pe1; Max-Age=2592000; Domain=.paypal.com; Path=/; Secure; SameSite=LaxAccept-Ranges: bytesDate: Thu, 05 Dec 2024 19:20:16 GMTVia: 1.1 varnishPaypal-Debug-Id: f5324031bad47Strict-Transport-Security: max-age=63072000; includeSubDomains; preloadX-Served-By: cache-ewr-kewr1740058-EWRX-Cache: MISSX-Cache-Hits: 0X-Timer: S1733426417.544875,VS0,VE17Server-Timing: content-encoding;desc="",x-cdn;desc="fastly"
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenConnection: closeContent-Length: 708Content-Type: text/html;charset=utf-8Server: DataDomeX-DataDome: protectedAccept-CH: Sec-CH-UA,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-Arch,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Model,Sec-CH-Device-MemoryCharset: utf-8Cache-Control: max-age=0, private, no-cache, no-store, must-revalidatePragma: no-cacheAccess-Control-Allow-Credentials: trueAccess-Control-Expose-Headers: x-dd-b, x-set-cookieAccess-Control-Allow-Origin: *X-DataDome-CID: AHrlqAAAAAMAg8WuNM8BK3AACC575A==X-DD-B: 1Set-Cookie: datadome=zlCfnW4VK7jZ4nx3Wxq6AKd3Z_~7eyMfMhlNSkGMKu3K4trVcOiYHsbYXb5G7_4qFcXjIsA74xDGn6O_IMMYA5IGahByNnX~gFFzwtJcfNQpoB~xxgh~HvIFEFRl24fv; Max-Age=2592000; Domain=.paypal.com; Path=/; Secure; SameSite=LaxAccept-Ranges: bytesDate: Thu, 05 Dec 2024 19:20:20 GMTVia: 1.1 varnishPaypal-Debug-Id: f688039d0ca24Strict-Transport-Security: max-age=63072000; includeSubDomains; preloadX-Served-By: cache-nyc-kteb1890067-NYCX-Cache: MISSX-Cache-Hits: 0X-Timer: S1733426420.321786,VS0,VE34Server-Timing: content-encoding;desc="",x-cdn;desc="fastly"
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenConnection: closeContent-Length: 708Content-Type: text/html;charset=utf-8Server: DataDomeX-DataDome: protectedAccept-CH: Sec-CH-UA,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-Arch,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Model,Sec-CH-Device-MemoryCharset: utf-8Cache-Control: max-age=0, private, no-cache, no-store, must-revalidatePragma: no-cacheAccess-Control-Allow-Credentials: trueAccess-Control-Expose-Headers: x-dd-b, x-set-cookieAccess-Control-Allow-Origin: *X-DataDome-CID: AHrlqAAAAAMAg8WuNM8BK3AACC575A==X-DD-B: 1Set-Cookie: datadome=bM~ynBB3bJdLhO16FWg6WKMgmd5XU0mXJDQI5ziGzzaWLLOXMcHObFQdtk_iaOLGL7P8__KdrpkLbWBika1h5rB8Gf~tT1jd~AoCxYQ2IGD0IVgVDDCNYZg3ZjqvvJUH; Max-Age=2592000; Domain=.paypal.com; Path=/; Secure; SameSite=LaxAccept-Ranges: bytesDate: Thu, 05 Dec 2024 19:20:22 GMTVia: 1.1 varnishPaypal-Debug-Id: f180057d2a50eStrict-Transport-Security: max-age=63072000; includeSubDomains; preloadX-Served-By: cache-ewr-kewr1740055-EWRX-Cache: MISSX-Cache-Hits: 0X-Timer: S1733426422.093055,VS0,VE18Server-Timing: content-encoding;desc="",x-cdn;desc="fastly"
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closeAccept-Ch: Sec-CH-UA-FullCache-Control: max-age=0, no-cache, no-store, must-revalidateContent-Type: text/html; charset=UTF-8Origin-Trial: AmF3SS0NWoXo3HaojgmIVVXavukRnZH597u+xZNXRCiKWzSKzfNPHw9NC32GmblY12+HXpkCEYeYGyvRBNkkJg0AAABbeyJvcmlnaW4iOiJodHRwczovL3BheXBhbC5jb206NDQzIiwiZmVhdHVyZSI6IlRwY2QiLCJleHBpcnkiOjE3MzUzNDM5OTksImlzU3ViZG9tYWluIjp0cnVlfQ==Paypal-Debug-Id: f796849fa010aSet-Cookie: enforce_policy=; expires=Thu, 01 Jan 1970 00:00:00 GMT GMT; domain=.paypal.com; path=/; Secure; SameSite=NoneSet-Cookie: navcmd=_home; domain=.paypal.com; path=/; Secure; HttpOnly; SameSite=NoneSet-Cookie: consumer_display=USER_HOMEPAGE%3d0%26USER_TARGETPAGE%3d0%26USER_FILTER_CHOICE%3d0%26BALANCE_MODULE_STATE%3d1%26GIFT_BALANCE_MODULE_STATE%3d1%26LAST_SELECTED_ALIAS_ID%3d0%26SELLING_GROUP%3d1%26PAYMENT_AND_RISK_GROUP%3d1%26SHIPPING_GROUP%3d1%26HOME_VERSION%3d1733512824%26MCE2_ELIGIBILITY%3d4294967295; expires=Sat, 05 Dec 2026 19:20:24 GMT GMT; domain=.paypal.com; path=/; Secure; HttpOnly; SameSite=NoneSet-Cookie: KHcl0EuY7AKSMgfvHl7J5E7hPtK=e8Aybs6oslr-bMqe7Sys4NhzhKpzEuSdnyUDbASsROZPnCvHiWh4vm5ZjAaQ2Qpb8b_2_tcve-m3ViPb; expires=Sat, 05 Dec 2026 19:20:24 GMT GMT; domain=.paypal.com; path=/; Secure; HttpOnly; SameSite=None
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closeAccept-Ch: Sec-CH-UA-FullCache-Control: max-age=0, no-cache, no-store, must-revalidateContent-Type: text/html; charset=UTF-8Origin-Trial: AmF3SS0NWoXo3HaojgmIVVXavukRnZH597u+xZNXRCiKWzSKzfNPHw9NC32GmblY12+HXpkCEYeYGyvRBNkkJg0AAABbeyJvcmlnaW4iOiJodHRwczovL3BheXBhbC5jb206NDQzIiwiZmVhdHVyZSI6IlRwY2QiLCJleHBpcnkiOjE3MzUzNDM5OTksImlzU3ViZG9tYWluIjp0cnVlfQ==Paypal-Debug-Id: f97935413da6cSet-Cookie: enforce_policy=; expires=Thu, 01 Jan 1970 00:00:00 GMT GMT; domain=.paypal.com; path=/; Secure; SameSite=NoneSet-Cookie: navcmd=_home; domain=.paypal.com; path=/; Secure; HttpOnly; SameSite=NoneSet-Cookie: consumer_display=USER_HOMEPAGE%3d0%26USER_TARGETPAGE%3d0%26USER_FILTER_CHOICE%3d0%26BALANCE_MODULE_STATE%3d1%26GIFT_BALANCE_MODULE_STATE%3d1%26LAST_SELECTED_ALIAS_ID%3d0%26SELLING_GROUP%3d1%26PAYMENT_AND_RISK_GROUP%3d1%26SHIPPING_GROUP%3d1%26HOME_VERSION%3d1733512847%26MCE2_ELIGIBILITY%3d4294967295; expires=Sat, 05 Dec 2026 19:20:47 GMT GMT; domain=.paypal.com; path=/; Secure; HttpOnly; SameSite=NoneSet-Cookie: navlns=0.0; expires=Sat, 05 Dec 2026 19:20:47 GMT GMT; domain=.paypal.com; path=/; Secure; HttpOnly; SameSite=NoneSet-Cookie: x-pp-s=eyJ0IjoiMTczMzQyNjQ0NzYwOCIsImwiOiIwIiwibSI6IjAifQ; domain=.paypal.com; path=/; Secure; HttpOnly; SameSite=None

Source: chromecache_139.2.dr, chromecache_235.2.dr	String found in binary or memory: http://bugs.jquery.com/ticket/12359
Source: chromecache_139.2.dr, chromecache_235.2.dr	String found in binary or memory: http://bugs.jquery.com/ticket/13378
Source: chromecache_139.2.dr, chromecache_235.2.dr	String found in binary or memory: http://dev.w3.org/csswg/cssom/#resolved-values
Source: chromecache_202.2.dr, chromecache_231.2.dr	String found in binary or memory: http://dustjs.com/
Source: chromecache_139.2.dr, chromecache_235.2.dr	String found in binary or memory: http://erik.eae.net/archives/2007/07/27/18.54.15/#comment-102291
Source: chromecache_165.2.dr, chromecache_155.2.dr	String found in binary or memory: http://es5.github.com/#x15.4.4.18
Source: chromecache_139.2.dr, chromecache_235.2.dr	String found in binary or memory: http://fluidproject.org/blog/2008/01/09/getting-setting-and-removing-tabindex-values-with-javascript
Source: chromecache_196.2.dr, chromecache_142.2.dr, chromecache_197.2.dr, chromecache_184.2.dr	String found in binary or memory: http://github.com/jrburke/requirejs
Source: chromecache_177.2.dr	String found in binary or memory: http://icreatestuff.co.uk/blog/article/ie9-z-index-stacking-problem-or-something-stranger
Source: chromecache_139.2.dr, chromecache_235.2.dr	String found in binary or memory: http://javascript.nwbox.com/IEContentLoaded/
Source: chromecache_139.2.dr, chromecache_235.2.dr	String found in binary or memory: http://jquery.com/
Source: chromecache_139.2.dr, chromecache_235.2.dr	String found in binary or memory: http://jquery.org/license
Source: chromecache_139.2.dr, chromecache_235.2.dr	String found in binary or memory: http://jsperf.com/getall-vs-sizzle/2
Source: chromecache_156.2.dr, chromecache_208.2.dr	String found in binary or memory: http://jsperf.com/isobject-tests
Source: chromecache_139.2.dr, chromecache_235.2.dr	String found in binary or memory: http://jsperf.com/thor-indexof-vs-for/5
Source: chromecache_135.2.dr, chromecache_192.2.dr	String found in binary or memory: http://linkedin.github.io/dustjs/
Source: chromecache_213.2.dr, chromecache_203.2.dr	String found in binary or memory: http://modernizr.com/download/#-shiv-cssclasses
Source: chromecache_197.2.dr, chromecache_184.2.dr	String found in binary or memory: http://requirejs.org/docs/errors.html#
Source: chromecache_139.2.dr, chromecache_235.2.dr	String found in binary or memory: http://sizzlejs.com/
Source: chromecache_139.2.dr, chromecache_235.2.dr	String found in binary or memory: http://web.archive.org/web/20100324014747/http://blindsignals.com/index.php/2009/07/jquery-delay/
Source: chromecache_139.2.dr, chromecache_235.2.dr	String found in binary or memory: http://weblogs.java.net/blog/driscoll/archive/2009/09/08/eval-javascript-global-context
Source: chromecache_139.2.dr, chromecache_235.2.dr	String found in binary or memory: https://bugs.webkit.org/show_bug.cgi?id=136851
Source: chromecache_139.2.dr, chromecache_235.2.dr	String found in binary or memory: https://bugs.webkit.org/show_bug.cgi?id=29084
Source: chromecache_139.2.dr, chromecache_235.2.dr	String found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=491668
Source: chromecache_139.2.dr, chromecache_235.2.dr	String found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=649285
Source: chromecache_139.2.dr, chromecache_235.2.dr	String found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=687787
Source: chromecache_139.2.dr, chromecache_235.2.dr	String found in binary or memory: https://code.google.com/p/chromium/issues/detail?id=378607
Source: chromecache_139.2.dr, chromecache_235.2.dr	String found in binary or memory: https://code.google.com/p/chromium/issues/detail?id=449857
Source: chromecache_139.2.dr, chromecache_235.2.dr	String found in binary or memory: https://code.google.com/p/chromium/issues/detail?id=470258
Source: chromecache_188.2.dr, chromecache_169.2.dr	String found in binary or memory: https://datadome.co
Source: chromecache_171.2.dr, chromecache_137.2.dr	String found in binary or memory: https://developer.mozilla.org/docs/Web/JavaScript/Reference/Global_Objects/Object/assign)
Source: chromecache_139.2.dr, chromecache_235.2.dr	String found in binary or memory: https://developer.mozilla.org/en-US/docs/CSS/display
Source: chromecache_139.2.dr, chromecache_235.2.dr	String found in binary or memory: https://developer.mozilla.org/en/Security/CSP)
Source: chromecache_171.2.dr, chromecache_137.2.dr	String found in binary or memory: https://docs.python.org/library/functions.html#range).
Source: chromecache_139.2.dr, chromecache_235.2.dr	String found in binary or memory: https://github.com/jquery/jquery/pull/557)
Source: chromecache_139.2.dr, chromecache_235.2.dr	String found in binary or memory: https://github.com/jquery/jquery/pull/764
Source: chromecache_139.2.dr, chromecache_235.2.dr	String found in binary or memory: https://github.com/jquery/sizzle/pull/225
Source: chromecache_139.2.dr, chromecache_235.2.dr	String found in binary or memory: https://github.com/jrburke/requirejs/wiki/Updating-existing-libraries#wiki-anon
Source: chromecache_156.2.dr, chromecache_208.2.dr	String found in binary or memory: https://github.com/linkedin/dustjs-helpers
Source: chromecache_156.2.dr, chromecache_208.2.dr	String found in binary or memory: https://github.com/linkedin/dustjs-helpers/wiki/Deprecated-Features#
Source: chromecache_227.2.dr, chromecache_159.2.dr, chromecache_221.2.dr	String found in binary or memory: https://hcaptcha.com/license
Source: chromecache_139.2.dr, chromecache_235.2.dr	String found in binary or memory: https://html.spec.whatwg.org/#strip-and-collapse-whitespace
Source: chromecache_132.2.dr, chromecache_206.2.dr	String found in binary or memory: https://jquery.com/
Source: chromecache_132.2.dr, chromecache_206.2.dr	String found in binary or memory: https://jquery.org/license
Source: chromecache_145.2.dr	String found in binary or memory: https://js.hcaptcha.com/1/api.js?onload=hCaptchaCallback&render=explicit
Source: chromecache_177.2.dr	String found in binary or memory: https://mppnodeweb-staging-10.qa.paypal.com/us/webapps/mpp/fonts-setup#fonts-demo
Source: chromecache_171.2.dr, chromecache_137.2.dr	String found in binary or memory: https://people.mozilla.org/~jorendorff/es6-draft.html#sec-tolength
Source: chromecache_140.2.dr, chromecache_219.2.dr	String found in binary or memory: https://secure.opinionlab.com/ccc01/comment_card.asp?
Source: chromecache_171.2.dr, chromecache_137.2.dr	String found in binary or memory: https://underscorejs.org
Source: chromecache_171.2.dr, chromecache_137.2.dr	String found in binary or memory: https://wiki.ecmascript.org/doku.php?id=harmony:egal).
Source: chromecache_216.2.dr, chromecache_141.2.dr	String found in binary or memory: https://www.gstatic.com/recaptcha/releases/MskOi9BoTT5Vt82JMh92Dvhu/recaptcha__en.js
Source: chromecache_200.2.dr, chromecache_167.2.dr	String found in binary or memory: https://www.paypalobjects.com
Source: chromecache_177.2.dr	String found in binary or memory: https://www.paypalobjects.com/images/checkout/hermes/icon_ot_spin_lock_skinny.png)
Source: chromecache_177.2.dr	String found in binary or memory: https://www.paypalobjects.com/images/shared//sprite-browsers.png
Source: chromecache_177.2.dr	String found in binary or memory: https://www.paypalobjects.com/images/shared/icon-sprite2-1x.png
Source: chromecache_177.2.dr	String found in binary or memory: https://www.paypalobjects.com/images/shared/icon-sprite2-2x.png
Source: chromecache_177.2.dr	String found in binary or memory: https://www.paypalobjects.com/images/shared/icon-x.svg
Source: chromecache_177.2.dr, chromecache_195.2.dr	String found in binary or memory: https://www.paypalobjects.com/images/shared/icon_alert_sprite-2x.png
Source: chromecache_177.2.dr	String found in binary or memory: https://www.paypalobjects.com/images/shared/icon_profile_placeholder
Source: chromecache_177.2.dr	String found in binary or memory: https://www.paypalobjects.com/images/shared/lg-attention-warning.png
Source: chromecache_177.2.dr, chromecache_195.2.dr	String found in binary or memory: https://www.paypalobjects.com/images/shared/momgram
Source: chromecache_177.2.dr	String found in binary or memory: https://www.paypalobjects.com/images/shared/monogram-small
Source: chromecache_177.2.dr	String found in binary or memory: https://www.paypalobjects.com/images/shared/onetouch-desktop.png
Source: chromecache_177.2.dr	String found in binary or memory: https://www.paypalobjects.com/images/shared/onetouch-desktop_2x.png
Source: chromecache_177.2.dr	String found in binary or memory: https://www.paypalobjects.com/images/shared/onetouch-mobile.png
Source: chromecache_177.2.dr	String found in binary or memory: https://www.paypalobjects.com/images/shared/onetouch-mobile_2x.png
Source: chromecache_177.2.dr	String found in binary or memory: https://www.paypalobjects.com/images/shared/paypal-logo-129x32.png
Source: chromecache_177.2.dr	String found in binary or memory: https://www.paypalobjects.com/images/shared/paypal-logo-129x32.svg
Source: chromecache_177.2.dr	String found in binary or memory: https://www.paypalobjects.com/images/shared/remember-me-Interstitial-image.png
Source: chromecache_177.2.dr	String found in binary or memory: https://www.paypalobjects.com/images/shared/remember-me-Interstitial-image_2x.png
Source: chromecache_195.2.dr	String found in binary or memory: https://www.paypalobjects.com/images/shared/sprite_forms_1x.png
Source: chromecache_177.2.dr	String found in binary or memory: https://www.paypalobjects.com/images/shared/sprite_forms_2x.png
Source: chromecache_177.2.dr	String found in binary or memory: https://www.paypalobjects.com/images/shared/success-animation.gif
Source: chromecache_177.2.dr	String found in binary or memory: https://www.paypalobjects.com/images/shared/success-animation_2x.gif
Source: chromecache_177.2.dr	String found in binary or memory: https://www.paypalobjects.com/images/shared/successCheckmark.png
Source: chromecache_177.2.dr	String found in binary or memory: https://www.paypalobjects.com/images/shared/successCheckmark2x.png
Source: chromecache_217.2.dr, chromecache_178.2.dr	String found in binary or memory: https://www.paypalobjects.com/martech/tm/paypal/3pjs/adobe/alloy.min.js
Source: chromecache_217.2.dr, chromecache_178.2.dr	String found in binary or memory: https://www.paypalobjects.com/martech/tm/paypal/3pjs/gtag/ga4.js
Source: chromecache_217.2.dr, chromecache_178.2.dr	String found in binary or memory: https://www.paypalobjects.com/martech/tm/paypal/3pjs/gtag/gtag.js
Source: chromecache_217.2.dr, chromecache_178.2.dr	String found in binary or memory: https://www.paypalobjects.com/paypalmktg/pardot/pd.js
Source: chromecache_200.2.dr, chromecache_167.2.dr	String found in binary or memory: https://www.paypalobjects.com/webstatic
Source: chromecache_177.2.dr, chromecache_195.2.dr	String found in binary or memory: https://www.paypalobjects.com/webstatic/checkout/hermes/icon_loader_med.gif
Source: chromecache_177.2.dr	String found in binary or memory: https://www.paypalobjects.com/webstatic/fnt/cweb/paypal-icons_1-0-3/PayPalIcons-Regular.eot
Source: chromecache_177.2.dr	String found in binary or memory: https://www.paypalobjects.com/webstatic/fnt/cweb/paypal-icons_1-0-3/PayPalIcons-Regular.eot?#iefix
Source: chromecache_177.2.dr	String found in binary or memory: https://www.paypalobjects.com/webstatic/fnt/cweb/paypal-icons_1-0-3/PayPalIcons-Regular.svg#69ac2c9f
Source: chromecache_177.2.dr	String found in binary or memory: https://www.paypalobjects.com/webstatic/fnt/cweb/paypal-icons_1-0-3/PayPalIcons-Regular.ttf
Source: chromecache_177.2.dr	String found in binary or memory: https://www.paypalobjects.com/webstatic/fnt/cweb/paypal-icons_1-0-3/PayPalIcons-Regular.woff
Source: chromecache_177.2.dr, chromecache_195.2.dr	String found in binary or memory: https://www.paypalobjects.com/webstatic/i/consumer/onboarding/icon_PP_monogram_2x.png
Source: chromecache_177.2.dr, chromecache_195.2.dr	String found in binary or memory: https://www.paypalobjects.com/webstatic/i/consumer/onboarding/sprite_form_2x.png);
Source: chromecache_177.2.dr, chromecache_195.2.dr	String found in binary or memory: https://www.paypalobjects.com/webstatic/mktg/2014design/close_default.png
Source: chromecache_177.2.dr	String found in binary or memory: https://www.paypalobjects.com/webstatic/mktg/2014design/fonts/v1.1/PP-Utility-v1.1.eot?#iefix-acnm6v
Source: chromecache_177.2.dr	String found in binary or memory: https://www.paypalobjects.com/webstatic/mktg/2014design/fonts/v1.1/PP-Utility-v1.1.eot?-acnm6v&_=999
Source: chromecache_177.2.dr	String found in binary or memory: https://www.paypalobjects.com/webstatic/mktg/2014design/fonts/v1.1/PP-Utility-v1.1.svg?-acnm6v&_=999
Source: chromecache_177.2.dr	String found in binary or memory: https://www.paypalobjects.com/webstatic/mktg/2014design/fonts/v1.1/PP-Utility-v1.1.ttf?-acnm6v&_=999
Source: chromecache_177.2.dr	String found in binary or memory: https://www.paypalobjects.com/webstatic/mktg/2014design/fonts/v1.1/PP-Utility-v1.1.woff?-acnm6v&_=99
Source: chromecache_177.2.dr	String found in binary or memory: https://www.paypalobjects.com/webstatic/mktg/2014design/fonts/v1.1/PP-Web-v1.1.eot?#iefix-acnm6v
Source: chromecache_177.2.dr	String found in binary or memory: https://www.paypalobjects.com/webstatic/mktg/2014design/fonts/v1.1/PP-Web-v1.1.eot?-acnm6v&_=999999
Source: chromecache_177.2.dr	String found in binary or memory: https://www.paypalobjects.com/webstatic/mktg/2014design/fonts/v1.1/PP-Web-v1.1.svg?-acnm6v&_=999999#
Source: chromecache_177.2.dr	String found in binary or memory: https://www.paypalobjects.com/webstatic/mktg/2014design/fonts/v1.1/PP-Web-v1.1.ttf?-acnm6v&_=999999
Source: chromecache_177.2.dr	String found in binary or memory: https://www.paypalobjects.com/webstatic/mktg/2014design/fonts/v1.1/PP-Web-v1.1.woff?-acnm6v&_=999999
Source: chromecache_177.2.dr, chromecache_195.2.dr	String found in binary or memory: https://www.paypalobjects.com/webstatic/mktg/consumer/onboarding/ui-sprite.png
Source: chromecache_179.2.dr, chromecache_244.2.dr	String found in binary or memory: https://www.recaptcha.net/recaptcha/enterprise.js?onload=recaptchaEnterpriseCallback&render=explicit
Source: chromecache_180.2.dr	String found in binary or memory: https://www.recaptcha.net/recaptcha/enterprise.js?render=
Source: chromecache_216.2.dr, chromecache_141.2.dr	String found in binary or memory: https://www.recaptcha.net/recaptcha/enterprise/

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49865
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 49817 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49864
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49863
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49862
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49861
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49860
Source: unknown	Network traffic detected: HTTP traffic on port 49789 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49800 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49875 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49852 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49795 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49859
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49858
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49857
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49856
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49855
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 49841 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49854
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49853
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49852
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49851
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49850
Source: unknown	Network traffic detected: HTTP traffic on port 49812 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49858 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49784 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49806 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49823 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 49777 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49849
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49848
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49847
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49846
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 49790 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49845
Source: unknown	Network traffic detected: HTTP traffic on port 49869 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49844
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49843
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49842
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49841
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49840
Source: unknown	Network traffic detected: HTTP traffic on port 49834 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49828 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49805 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49839
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49838
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49837
Source: unknown	Network traffic detected: HTTP traffic on port 49847 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49836
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49835
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49834
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49832
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49831
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49830
Source: unknown	Network traffic detected: HTTP traffic on port 49839 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49864 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49822 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49870 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49853 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49796 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49829
Source: unknown	Network traffic detected: HTTP traffic on port 49811 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49828
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49827
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49826
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49825
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49824
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49823
Source: unknown	Network traffic detected: HTTP traffic on port 49771 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49822
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49788
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49787
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49785
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49784
Source: unknown	Network traffic detected: HTTP traffic on port 49813 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49783
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49782
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49781
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49780
Source: unknown	Network traffic detected: HTTP traffic on port 49836 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49785 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49807 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49776 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49845 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49791 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49868 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49779
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49778
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49777
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49776
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49775
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49774
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown	Network traffic detected: HTTP traffic on port 49862 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49780 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49802 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49851 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49830 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown	Network traffic detected: HTTP traffic on port 49863 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 49840 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49857 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49797 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49801 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49824 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49877
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49875
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49874
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49873
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49871
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49870
Source: unknown	Network traffic detected: HTTP traffic on port 49835 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49874 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49829 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49775 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 49846 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49869
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 49792 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49868
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49867
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49866
Source: unknown	Network traffic detected: HTTP traffic on port 49781 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49803 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49826 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49849 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49866 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49820 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49837 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49855 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49798 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49861 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49819 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49844 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49873 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49787 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49793 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49850 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49831 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49774 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49782 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49799
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49798
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49797
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49796
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49795
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49794
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49793
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49792
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49791
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49790
Source: unknown	Network traffic detected: HTTP traffic on port 49856 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49768 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49825 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49808 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49867 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49789
Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49821
Source: unknown	Network traffic detected: HTTP traffic on port 49865 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49820
Source: unknown	Network traffic detected: HTTP traffic on port 49842 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49779 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49859 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49871 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49819
Source: unknown	Network traffic detected: HTTP traffic on port 49799 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49810 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49817
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49816
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49815
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49813
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49812
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49811
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49810
Source: unknown	Network traffic detected: HTTP traffic on port 49816 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49788 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49794 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49827 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49809
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49808
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49807
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49806
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49805
Source: unknown	Network traffic detected: HTTP traffic on port 49848 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49804
Source: unknown	Network traffic detected: HTTP traffic on port 49773 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49803
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49802
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49801
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49800
Source: unknown	Network traffic detected: HTTP traffic on port 49783 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49838 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49821 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49815 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49877 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49854 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49809 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49860 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49778 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49843 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49804 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49832 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443

Source: classification engine

Classification label: mal48.win@21/183@34/8

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Jump to behavior

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 --field-trial-handle=1928,i,14656706162417554829,12577780559382963475,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://www.paypal.com/signin/?returnUri=%2Fmyaccount%2Ftransfer%2FpayRequest%2FU-09584045BD498740V%2FU-5R763959NX153980F%3FclassicUrl%3D%2FUS%2Fcgi-bin%2F%3Fcmd%3D_prq&id=OoO85MXTLVUkAlgY4sey9A8h.NxxqjO.iYbAWg&expId=p2p&onboardData=%7B%22signUpRequest%22%3A%7B%22method%22%3A%22get%22%2C%22url%22%3A%22https%3A%2F%2Fwww.paypal.com%2Fmyaccount%2Ftransfer%2FguestLogin%2FpayRequest%2FU-09584045BD498740V%2FU-5R763959NX153980F%3FclassicUrl%3D%2FUS%2Fcgi-bin%2F%3Fcmd%3D_prq%26id%3DOoO85MXTLVUkAlgY4sey9A8h.NxxqjO.iYbAWg%22%7D%7D&flowContextData=F7WdIOgJmH6-07KTJ7GpdWXhkdDQxLohB4l-G7vuWGaUsw9VWkH3unndZA7YlCRgtETWTIDn9hNnR_R_XfGvdxeCRkDmtXLc6qqtXR9sC3Gp-59lNBELQtpM5xEv0i4rCTpJiBcP2uf4VFrJLL1b5u1XG7JtP5TfW7CNqxSVOxEb9_duKrmtDgpztBtl32bVeoc8BgW5poXyk9lJHcKrYdvBHSdT0mosqrrmaGj2a5uNQdBK70Mwpn9Zddmj0KI1GIZrXWvFcpnuRbvbli2inkizkeV4nR1uyKnBSzFqdPDcK4t7K9B6YiFhb5sS8DaQd7F6oWzSe-J8gPxVURmdwwOxFn1ycN09t9caUdBz1XMuv96GDJywuv2feJdoAI73PNjro1a2cFEKAWnCgtoHqxdBD3A1mVV3OiytkjtEUDdvp0GL3CNOAV9zIrunX_DmbTO6KOe21dniBkeG&v=1&utm_source=unp&utm_medium=email&utm_campaign=RT000186&utm_unptid=09b8bd50-b31d-11ef-9fd6-7b2e619a4883&ppid=RT000186&cnac=US&rsta=en_US%28en-US%29&unptid=09b8bd50-b31d-11ef-9fd6-7b2e619a4883&calc=f8278373e34b4&unp_tpcid=requestmoney-notifications-requestee&page=main%3Aemail%3ART000186&pgrp=main%3Aemail&e=cl&mchn=em&s=ci&mail=sys&appVersion=1.294.0&tenant_name=&xt=145585%2C150948%2C104038&link_ref=www.paypal.com_signin"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5560 --field-trial-handle=1928,i,14656706162417554829,12577780559382963475,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5588 --field-trial-handle=1928,i,14656706162417554829,12577780559382963475,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 --field-trial-handle=1928,i,14656706162417554829,12577780559382963475,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5560 --field-trial-handle=1928,i,14656706162417554829,12577780559382963475,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5588 --field-trial-handle=1928,i,14656706162417554829,12577780559382963475,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Google Drive.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	Jump to behavior

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	1 Registry Run Keys / Startup Folder	1 Process Injection	1 Masquerading	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	1 Registry Run Keys / Startup Folder	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	4 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	5 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	3 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
https://www.paypal.com/signin/?returnUri=%2Fmyaccount%2Ftransfer%2FpayRequest%2FU-09584045BD498740V%2FU-5R763959NX153980F%3FclassicUrl%3D%2FUS%2Fcgi-bin%2F%3Fcmd%3D_prq&id=OoO85MXTLVUkAlgY4sey9A8h.NxxqjO.iYbAWg&expId=p2p&onboardData=%7B%22signUpRequest%22%3A%7B%22method%22%3A%22get%22%2C%22url%22%3A%22https%3A%2F%2Fwww.paypal.com%2Fmyaccount%2Ftransfer%2FguestLogin%2FpayRequest%2FU-09584045BD498740V%2FU-5R763959NX153980F%3FclassicUrl%3D%2FUS%2Fcgi-bin%2F%3Fcmd%3D_prq%26id%3DOoO85MXTLVUkAlgY4sey9A8h.NxxqjO.iYbAWg%22%7D%7D&flowContextData=F7WdIOgJmH6-07KTJ7GpdWXhkdDQxLohB4l-G7vuWGaUsw9VWkH3unndZA7YlCRgtETWTIDn9hNnR_R_XfGvdxeCRkDmtXLc6qqtXR9sC3Gp-59lNBELQtpM5xEv0i4rCTpJiBcP2uf4VFrJLL1b5u1XG7JtP5TfW7CNqxSVOxEb9_duKrmtDgpztBtl32bVeoc8BgW5poXyk9lJHcKrYdvBHSdT0mosqrrmaGj2a5uNQdBK70Mwpn9Zddmj0KI1GIZrXWvFcpnuRbvbli2inkizkeV4nR1uyKnBSzFqdPDcK4t7K9B6YiFhb5sS8DaQd7F6oWzSe-J8gPxVURmdwwOxFn1ycN09t9caUdBz1XMuv96GDJywuv2feJdoAI73PNjro1a2cFEKAWnCgtoHqxdBD3A1mVV3OiytkjtEUDdvp0GL3CNOAV9zIrunX_DmbTO6KOe21dniBkeG&v=1&utm_source=unp&utm_medium=email&utm_campaign=RT000186&utm_unptid=09b8bd50-b31d-11ef-9fd6-7b2e619a4883&ppid=RT000186&cnac=US&rsta=en_US%28en-US%29&unptid=09b8bd50-b31d-11ef-9fd6-7b2e619a4883&calc=f8278373e34b4&unp_tpcid=requestmoney-notifications-requestee&page=main%3Aemail%3ART000186&pgrp=main%3Aemail&e=cl&mchn=em&s=ci&mail=sys&appVersion=1.294.0&tenant_name=&xt=145585%2C150948%2C104038&link_ref=www.paypal.com_signin	0%	Avira URL Cloud	safe

Source	Detection	Scanner	Label
https://bugs.webkit.org/show_bug.cgi?id=29084	0%	Avira URL Cloud	safe
https://bugs.webkit.org/show_bug.cgi?id=136851	0%	Avira URL Cloud	safe
https://html.spec.whatwg.org/#strip-and-collapse-whitespace	0%	Avira URL Cloud	safe
http://sizzlejs.com/	0%	Avira URL Cloud	safe
http://fluidproject.org/blog/2008/01/09/getting-setting-and-removing-tabindex-values-with-javascript	0%	Avira URL Cloud	safe
http://dev.w3.org/csswg/cssom/#resolved-values	0%	Avira URL Cloud	safe
http://weblogs.java.net/blog/driscoll/archive/2009/09/08/eval-javascript-global-context	0%	Avira URL Cloud	safe
http://jsperf.com/getall-vs-sizzle/2	0%	Avira URL Cloud	safe
http://bugs.jquery.com/ticket/12359	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
paypal-dynamic-cdn.map.fastly.net	151.101.3.1	true	false	high
cs1150.wpc.betacdn.net	192.229.221.25	true	false	high
paypal-dynamic.map.fastly.net	151.101.1.21	true	false	high
www.recaptcha.net	172.217.19.195	true	false	high
www.google.com	172.217.21.36	true	false	high
ddbm2.paypal.com.first-party-js.datadome.co	18.66.161.81	true	false	high
newassets.hcaptcha.paypal.com	unknown	unknown	false	high
hcaptcha.paypal.com	unknown	unknown	false	high
ddbm2.paypal.com	unknown	unknown	false	high
t.paypal.com	unknown	unknown	false	high
www.paypalobjects.com	unknown	unknown	false	high
www.paypal.com	unknown	unknown	false	high

Contacted URLs

Name	Malicious	Reputation
https://www.paypalobjects.com/web/res/087/9f731d8bcedd5b7e7a3975c024278/js/lib/underscore-1.13.6.js	false	high
https://www.paypalobjects.com/martech/tm/paypal/mktconf.js	false	high
https://www.paypalobjects.com/web/res/5c0/6ee6d0880dac04be108377cc39752/hcaptcha/hcaptcha_fph.html?siteKey=bf07db68-5c2e-42e8-8779-ea8384890eea&locale.x=en_US&country.x=US&checkConnectionTimeout=10000&domain=hcaptcha.paypal.com&imgsDomain=imgs.hcaptcha.paypal.com&assetsDomain=newassets.hcaptcha.paypal.com&accountsDomain=accounts.hcaptcha.paypal.com&customDomains=	false	high
https://www.paypalobjects.com/web/res/087/9f731d8bcedd5b7e7a3975c024278/js/browser_modules/dust-makara-helpers/browser.amd.js	false	high
https://t.paypal.com/ts?v=1.9.5&t=1733426405531&g=300&pgrp=main%3Aunifiedlogin%3A%3A%3Alogin&page=main%3Aunifiedlogin%3A%3A%3Alogin%3Alegacy-web-dyn&pgst=1733426393098&calc=f2110553b2e4e&nsid=GW_RscjBMue_uO0mnkc7Z8KQBUhwfX2j&rsta=en_US&pgtf=Nodejs&env=live&s=ci&ccpg=US&csci=c0c49a91e6384eadbaa4a565394e21da&comp=unifiedloginnodeweb&tsrce=unifiedloginnodeweb&cu=0&ef_policy=ccpa&xe=100353%2C106885%2C105604%2C105604%2C105351%2C101126%2C100614%2C101257%2C102153%2C104200%2C104200%2C105352%2C109195%2C104458%2C104458%2C100364%2C105999%2C100885%2C109334%2C109334%2C101270%2C102557%2C102557%2C101408%2C101408%2C104227%2C104227%2C100644%2C105124%2C100391%2C102695%2C100263%2C101031%2C100267%2C108076%2C100527%2C106031%2C106031%2C107054%2C107054%2C106033%2C106033%2C106032%2C106032%2C105392%2C105392%2C106035%2C106035%2C106034%2C106034%2C106036%2C106036%2C105271%2C110648%2C101688%2C101821%2C101820%2C102208%2C105543%2C105544%2C105416%2C105416%2C101064%2C106058%2C104778%2C103119%2C100303%2C100942%2C105553%2C105553%2C105552%2C105552%2C100304%2C105554%2C105554%2C101334%2C100572%2C101215%2C101214%2C101470%2C101216%2C103648%2C101472%2C101090%2C105698%2C102629%2C101735%2C104039%2C104039%2C104038%2C104038%2C101736%2C109931%2C110442%2C108653%2C108652%2C100846%2C109040%2C105843%2C105843%2C101875%2C105845%2C105845%2C105844%2C105844%2C109047%2C102390%2C102390%2C104571%2C104571%2C105340%2C105340%2C107263%2C107263%2C109195%2C108076%2C109047&xt=100886%2C132008%2C124899%2C124899%2C123668%2C103409%2C101617%2C104043%2C107844%2C127485%2C127485%2C123683%2C144027%2C119355%2C119355%2C103733%2C127242%2C102543%2C144768%2C144768%2C106407%2C109630%2C109630%2C104576%2C104576%2C117999%2C117999%2C101702%2C122483%2C100984%2C110241%2C100632%2C102993%2C100641%2C138090%2C101405%2C127662%2C127662%2C132781%2C132781%2C127659%2C127659%2C127666%2C127666%2C123875%2C123875%2C127651%2C127651%2C127655%2C127655%2C127648%2C127648%2C123248%2C152289%2C105645%2C106327%2C106324%2C108106%2C124626%2C124629%2C123994%2C123994%2C103105%2C127563%2C121149%2C112308%2C100722%2C113529%2C124686%2C124686%2C124682%2C124682%2C100727%2C124696%2C124696%2C104357%2C101510%2C103848%2C103847%2C104754%2C103864%2C114559%2C104762%2C103240%2C125356%2C109962%2C105856%2C120731%2C120731%2C120736%2C120736%2C105858%2C147989%2C150775%2C141151%2C141149%2C102359%2C143321%2C126375%2C126375%2C106610%2C126401%2C126401%2C126385%2C126385%2C143343%2C108797%2C108797%2C119908%2C119908%2C123611%2C123611%2C133840%2C133840%2C144027%2C138090%2C143343&obex=p2p&userRedirected=true&post_login_redirect=returnUri&ret_url=%2Fmyaccount%2Ftransfer%2FpayRequest%2FU-09584045BD498740V%2FU-5R763959NX153980F&link=unifiedlogin-login-submit&pglk=main%3Aunifiedlogin%3A%3A%3Alogin%7CbtnLogin&pgln=main%3Aunifiedlogin%3A%3A%3Alogin%3Alegacy-web-dyn%7CbtnLogin&e=cl	false	high
https://www.paypalobjects.com/web/res/5c0/6ee6d0880dac04be108377cc39752/js/opinionLab/opinionLab.js	false	high
https://www.paypalobjects.com/web/res/087/9f731d8bcedd5b7e7a3975c024278/js/lib/jquery-3.7.0.js	false	high
https://www.paypalobjects.com/web/res/5c0/6ee6d0880dac04be108377cc39752/js/opinionLab/onlineOpinionPopup.js	false	high
https://www.paypalobjects.com/web/res/5c0/6ee6d0880dac04be108377cc39752/js/core/baseView.js	false	high
https://ddbm2.paypal.com/tags.js	false	high
https://www.paypal.com/signin	false	high
https://www.paypalobjects.com/web/res/087/9f731d8bcedd5b7e7a3975c024278/js/widgets/clientCalLogger.js	false	high
https://www.paypalobjects.com/web/res/5c0/6ee6d0880dac04be108377cc39752/js/router.js	false	high
https://www.paypalobjects.com/web/res/5c0/6ee6d0880dac04be108377cc39752/js/lib/dust-helpers.js	false	high
https://www.paypalobjects.com/web/res/5c0/6ee6d0880dac04be108377cc39752/js/core/nougat.js	false	high
https://www.paypalobjects.com/web/res/5c0/6ee6d0880dac04be108377cc39752/js/config.js	false	high
https://www.paypalobjects.com/web/res/5c0/6ee6d0880dac04be108377cc39752/js/lib/underscore-1.13.4.js	false	high
https://www.paypalobjects.com/webcaptcha/grcenterprise_v3_static.js	false	high
https://www.paypalobjects.com/web/res/5c0/6ee6d0880dac04be108377cc39752/js/view/pageView.js	false	high
https://www.paypalobjects.com/web/res/5c0/6ee6d0880dac04be108377cc39752/js/lib/backbone-1.5.0.min.js	false	high
https://www.paypalobjects.com/web/res/5c0/6ee6d0880dac04be108377cc39752/js/authchallenge.js	false	high
https://www.paypalobjects.com/web/res/087/9f731d8bcedd5b7e7a3975c024278/js/app.js	false	high
https://www.paypalobjects.com/web/res/5c0/6ee6d0880dac04be108377cc39752/js/widgets/analytics.js	false	high
https://www.paypalobjects.com/web/res/5c0/6ee6d0880dac04be108377cc39752/js/widgets/errorDisplay.js	false	high
https://www.paypalobjects.com/images/shared/momgram@2x.png	false	high
https://www.paypalobjects.com/web/res/5c0/6ee6d0880dac04be108377cc39752/js/view/authcaptcha.js	false	high
https://www.paypalobjects.com/web/res/087/9f731d8bcedd5b7e7a3975c024278/js/browser_modules/pulvus-provide/provide.js	false	high
https://www.paypalobjects.com/webcaptcha/ngrlCaptcha.min.js	false	high
https://www.paypalobjects.com/web/res/5c0/6ee6d0880dac04be108377cc39752/js/app.js	false	high
https://www.paypalobjects.com/web/res/5c0/6ee6d0880dac04be108377cc39752/js/lib/jquery-1.12.4.js	false	high
https://www.paypal.com/platform/tealeaftarget	false	high
https://www.paypalobjects.com/rdaAssets/fraudnet/sync/fn-sync-telemetry-min.js	false	high
https://www.paypalobjects.com/images/shared/paypal-logo-129x32.svg	false	high
https://www.paypalobjects.com/web/res/087/9f731d8bcedd5b7e7a3975c024278/js/widgets/analytics.js	false	high
https://www.paypalobjects.com/web/res/087/9f731d8bcedd5b7e7a3975c024278/js/lib/dustmotes-iterate.js	false	high
https://www.paypalobjects.com/web/res/5c0/6ee6d0880dac04be108377cc39752/js/lib/require.js	false	high
https://www.paypal.com/signin/client-log	false	high
https://newassets.hcaptcha.paypal.com/c/cc9cbcc44893d9601186ed793b76ac72a56a3e176be51252819b38f7d2f1f97c/hsw.js	false	high
https://t.paypal.com/ts?v=1.9.5&t=1733426395344&g=300&e=ac&tsrce=unp&ppid=RT000186&space_key=SKCPAD&utm_source=unp&utm_medium=email&utm_campaign=RT000186&utm_unptid=09b8bd50-b31d-11ef-9fd6-7b2e619a4883&cnac=US&rsta=en_US(en-US)&unptid=09b8bd50-b31d-11ef-9fd6-7b2e619a4883&calc=f8278373e34b4&unp_tpcid=requestmoney-notifications-requestee&page=main%3Aemail%3ART000186&pgrp=main%3Aemail&s=ci&mail=sys&appVersion=1.294.0&xt=145585%2C150948%2C104038&link_ref=www.paypal.com_signin&event_name=external_deep_link_processed	false	high
https://www.paypalobjects.com/web/res/087/9f731d8bcedd5b7e7a3975c024278/js/lib/modernizr-2.6.1.js	false	high
https://www.paypalobjects.com/web/res/087/9f731d8bcedd5b7e7a3975c024278/js/browser_modules/dustjs-helpers/dist/dust-helpers.js	false	high
https://www.paypalobjects.com/web/res/087/9f731d8bcedd5b7e7a3975c024278/js/core/nougat.js	false	high
https://newassets.hcaptcha.paypal.com/captcha/v1/d136a52/static/hcaptcha.html	false	high
https://www.paypalobjects.com/web/res/087/9f731d8bcedd5b7e7a3975c024278/js/view/mainContentView.js	false	high

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://www.paypalobjects.com/images/shared/icon-x.svg	chromecache_177.2.dr	false		high
https://www.paypalobjects.com/webstatic/fnt/cweb/paypal-icons_1-0-3/PayPalIcons-Regular.eot?#iefix	chromecache_177.2.dr	false		high
https://code.google.com/p/chromium/issues/detail?id=449857	chromecache_139.2.dr, chromecache_235.2.dr	false		high
https://www.paypalobjects.com/webstatic/mktg/2014design/fonts/v1.1/PP-Web-v1.1.eot?-acnm6v&_=999999	chromecache_177.2.dr	false		high
http://requirejs.org/docs/errors.html#	chromecache_197.2.dr, chromecache_184.2.dr	false		high
http://icreatestuff.co.uk/blog/article/ie9-z-index-stacking-problem-or-something-stranger	chromecache_177.2.dr	false		high
https://www.paypalobjects.com/images/shared/onetouch-mobile_2x.png	chromecache_177.2.dr	false		high
https://www.paypalobjects.com/images/shared/icon_profile_placeholder	chromecache_177.2.dr	false		high
https://code.google.com/p/chromium/issues/detail?id=378607	chromecache_139.2.dr, chromecache_235.2.dr	false		high
https://www.paypalobjects.com/webstatic/mktg/2014design/close_default.png	chromecache_177.2.dr, chromecache_195.2.dr	false		high
https://bugs.webkit.org/show_bug.cgi?id=29084	chromecache_139.2.dr, chromecache_235.2.dr	false	Avira URL Cloud: safe	unknown
http://dev.w3.org/csswg/cssom/#resolved-values	chromecache_139.2.dr, chromecache_235.2.dr	false	Avira URL Cloud: safe	unknown
http://github.com/jrburke/requirejs	chromecache_196.2.dr, chromecache_142.2.dr, chromecache_197.2.dr, chromecache_184.2.dr	false		high
https://datadome.co	chromecache_188.2.dr, chromecache_169.2.dr	false		high
https://github.com/linkedin/dustjs-helpers/wiki/Deprecated-Features#	chromecache_156.2.dr, chromecache_208.2.dr	false		high
https://www.paypalobjects.com/images/shared/paypal-logo-129x32.png	chromecache_177.2.dr	false		high
https://github.com/jrburke/requirejs/wiki/Updating-existing-libraries#wiki-anon	chromecache_139.2.dr, chromecache_235.2.dr	false		high
https://bugzilla.mozilla.org/show_bug.cgi?id=687787	chromecache_139.2.dr, chromecache_235.2.dr	false		high
http://es5.github.com/#x15.4.4.18	chromecache_165.2.dr, chromecache_155.2.dr	false		high
https://developer.mozilla.org/docs/Web/JavaScript/Reference/Global_Objects/Object/assign)	chromecache_171.2.dr, chromecache_137.2.dr	false		high
https://www.paypalobjects.com/martech/tm/paypal/3pjs/gtag/gtag.js	chromecache_217.2.dr, chromecache_178.2.dr	false		high
https://github.com/jquery/jquery/pull/764	chromecache_139.2.dr, chromecache_235.2.dr	false		high
https://wiki.ecmascript.org/doku.php?id=harmony:egal).	chromecache_171.2.dr, chromecache_137.2.dr	false		high
http://dustjs.com/	chromecache_202.2.dr, chromecache_231.2.dr	false		high
https://www.paypalobjects.com/webstatic	chromecache_200.2.dr, chromecache_167.2.dr	false		high
https://github.com/linkedin/dustjs-helpers	chromecache_156.2.dr, chromecache_208.2.dr	false		high
http://bugs.jquery.com/ticket/12359	chromecache_139.2.dr, chromecache_235.2.dr	false	Avira URL Cloud: safe	unknown
https://www.paypalobjects.com/images/shared/icon_alert_sprite-2x.png	chromecache_177.2.dr, chromecache_195.2.dr	false		high
https://hcaptcha.com/license	chromecache_227.2.dr, chromecache_159.2.dr, chromecache_221.2.dr	false		high
https://www.paypalobjects.com/webstatic/mktg/2014design/fonts/v1.1/PP-Web-v1.1.woff?-acnm6v&_=999999	chromecache_177.2.dr	false		high
https://bugzilla.mozilla.org/show_bug.cgi?id=649285	chromecache_139.2.dr, chromecache_235.2.dr	false		high
http://weblogs.java.net/blog/driscoll/archive/2009/09/08/eval-javascript-global-context	chromecache_139.2.dr, chromecache_235.2.dr	false	Avira URL Cloud: safe	unknown
https://developer.mozilla.org/en-US/docs/CSS/display	chromecache_139.2.dr, chromecache_235.2.dr	false		high
https://www.paypalobjects.com/images/shared/sprite_forms_2x.png	chromecache_177.2.dr	false		high
https://jquery.com/	chromecache_132.2.dr, chromecache_206.2.dr	false		high
https://developer.mozilla.org/en/Security/CSP)	chromecache_139.2.dr, chromecache_235.2.dr	false		high
https://www.paypalobjects.com/webstatic/mktg/2014design/fonts/v1.1/PP-Utility-v1.1.woff?-acnm6v&_=99	chromecache_177.2.dr	false		high
https://www.paypalobjects.com/images/shared/onetouch-desktop.png	chromecache_177.2.dr	false		high
https://www.paypalobjects.com/images/shared/remember-me-Interstitial-image_2x.png	chromecache_177.2.dr	false		high
https://www.paypalobjects.com/images/shared/remember-me-Interstitial-image.png	chromecache_177.2.dr	false		high
https://github.com/jquery/sizzle/pull/225	chromecache_139.2.dr, chromecache_235.2.dr	false		high
https://bugzilla.mozilla.org/show_bug.cgi?id=491668	chromecache_139.2.dr, chromecache_235.2.dr	false		high
https://code.google.com/p/chromium/issues/detail?id=470258	chromecache_139.2.dr, chromecache_235.2.dr	false		high
https://bugs.webkit.org/show_bug.cgi?id=136851	chromecache_139.2.dr, chromecache_235.2.dr	false	Avira URL Cloud: safe	unknown
https://www.paypalobjects.com/images/shared/onetouch-desktop_2x.png	chromecache_177.2.dr	false		high
http://jquery.org/license	chromecache_139.2.dr, chromecache_235.2.dr	false		high
https://www.paypalobjects.com/images/shared/icon-sprite2-1x.png	chromecache_177.2.dr	false		high
https://www.paypalobjects.com/webstatic/mktg/2014design/fonts/v1.1/PP-Web-v1.1.eot?#iefix-acnm6v	chromecache_177.2.dr	false		high
http://sizzlejs.com/	chromecache_139.2.dr, chromecache_235.2.dr	false	Avira URL Cloud: safe	unknown
https://html.spec.whatwg.org/#strip-and-collapse-whitespace	chromecache_139.2.dr, chromecache_235.2.dr	false	Avira URL Cloud: safe	unknown
https://www.paypalobjects.com/webstatic/fnt/cweb/paypal-icons_1-0-3/PayPalIcons-Regular.ttf	chromecache_177.2.dr	false		high
https://www.paypalobjects.com/webstatic/fnt/cweb/paypal-icons_1-0-3/PayPalIcons-Regular.woff	chromecache_177.2.dr	false		high
http://jsperf.com/getall-vs-sizzle/2	chromecache_139.2.dr, chromecache_235.2.dr	false	Avira URL Cloud: safe	unknown
http://fluidproject.org/blog/2008/01/09/getting-setting-and-removing-tabindex-values-with-javascript	chromecache_139.2.dr, chromecache_235.2.dr	false	Avira URL Cloud: safe	unknown
https://www.paypalobjects.com/webstatic/mktg/2014design/fonts/v1.1/PP-Web-v1.1.svg?-acnm6v&_=999999#	chromecache_177.2.dr	false		high
https://www.paypalobjects.com/images/shared/icon-sprite2-2x.png	chromecache_177.2.dr	false		high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
151.101.1.21	paypal-dynamic.map.fastly.net	United States	54113	FASTLYUS	false
192.229.221.25	cs1150.wpc.betacdn.net	United States	15133	EDGECASTUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
172.217.19.195	www.recaptcha.net	United States	15169	GOOGLEUS	false
151.101.3.1	paypal-dynamic-cdn.map.fastly.net	United States	54113	FASTLYUS	false
151.101.131.1	unknown	United States	54113	FASTLYUS	false
18.66.161.81	ddbm2.paypal.com.first-party-js.datadome.co	United States	3	MIT-GATEWAYSUS	false
172.217.21.36	www.google.com	United States	15169	GOOGLEUS	false

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1569539
Start date and time:	2024-12-05 20:18:49 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 3m 23s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	https://www.paypal.com/signin/?returnUri=%2Fmyaccount%2Ftransfer%2FpayRequest%2FU-09584045BD498740V%2FU-5R763959NX153980F%3FclassicUrl%3D%2FUS%2Fcgi-bin%2F%3Fcmd%3D_prq&id=OoO85MXTLVUkAlgY4sey9A8h.NxxqjO.iYbAWg&expId=p2p&onboardData=%7B%22signUpRequest%22%3A%7B%22method%22%3A%22get%22%2C%22url%22%3A%22https%3A%2F%2Fwww.paypal.com%2Fmyaccount%2Ftransfer%2FguestLogin%2FpayRequest%2FU-09584045BD498740V%2FU-5R763959NX153980F%3FclassicUrl%3D%2FUS%2Fcgi-bin%2F%3Fcmd%3D_prq%26id%3DOoO85MXTLVUkAlgY4sey9A8h.NxxqjO.iYbAWg%22%7D%7D&flowContextData=F7WdIOgJmH6-07KTJ7GpdWXhkdDQxLohB4l-G7vuWGaUsw9VWkH3unndZA7YlCRgtETWTIDn9hNnR_R_XfGvdxeCRkDmtXLc6qqtXR9sC3Gp-59lNBELQtpM5xEv0i4rCTpJiBcP2uf4VFrJLL1b5u1XG7JtP5TfW7CNqxSVOxEb9_duKrmtDgpztBtl32bVeoc8BgW5poXyk9lJHcKrYdvBHSdT0mosqrrmaGj2a5uNQdBK70Mwpn9Zddmj0KI1GIZrXWvFcpnuRbvbli2inkizkeV4nR1uyKnBSzFqdPDcK4t7K9B6YiFhb5sS8DaQd7F6oWzSe-J8gPxVURmdwwOxFn1ycN09t9caUdBz1XMuv96GDJywuv2feJdoAI73PNjro1a2cFEKAWnCgtoHqxdBD3A1mVV3OiytkjtEUDdvp0GL3CNOAV9zIrunX_DmbTO6KOe21dniBkeG&v=1&utm_source=unp&utm_medium=email&utm_campaign=RT000186&utm_unptid=09b8bd50-b31d-11ef-9fd6-7b2e619a4883&ppid=RT000186&cnac=US&rsta=en_US%28en-US%29&unptid=09b8bd50-b31d-11ef-9fd6-7b2e619a4883&calc=f8278373e34b4&unp_tpcid=requestmoney-notifications-requestee&page=main%3Aemail%3ART000186&pgrp=main%3Aemail&e=cl&mchn=em&s=ci&mail=sys&appVersion=1.294.0&tenant_name=&xt=145585%2C150948%2C104038&link_ref=www.paypal.com_signin
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	10
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal48.win@21/183@34/8
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, SIHClient.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 172.217.21.35, 64.233.161.84, 172.217.19.238, 142.250.181.142, 172.217.17.78, 142.250.181.138, 172.217.17.42, 142.250.181.74, 172.217.19.202, 216.58.208.234, 172.217.21.42, 172.217.19.170, 172.217.19.234, 142.250.181.10, 142.250.181.42, 172.217.17.74, 142.250.181.106, 172.217.17.67
Excluded domains from analysis (whitelisted): fs.microsoft.com, accounts.google.com, content-autofill.googleapis.com, slscr.update.microsoft.com, clientservices.googleapis.com, fe3cr.delivery.mp.microsoft.com, clients2.google.com, ocsp.digicert.com, edgedl.me.gvt1.com, redirector.gvt1.com, update.googleapis.com, clients.l.google.com, www.gstatic.com
Not all processes where analyzed, report is missing behavior information
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
VT rate limit hit for: https://www.paypal.com/signin/?returnUri=%2Fmyaccount%2Ftransfer%2FpayRequest%2FU-09584045BD498740V%2FU-5R763959NX153980F%3FclassicUrl%3D%2FUS%2Fcgi-bin%2F%3Fcmd%3D_prq&id=OoO85MXTLVUkAlgY4sey9A8h.NxxqjO.iYbAWg&expId=p2p&onboardData=%7B%22signUpRequest%22%3A%7B%22method%22%3A%22get%22%2C%22url%22%3A%22https%3A%2F%2Fwww.paypal.com%2Fmyaccount%2Ftransfer%2FguestLogin%2FpayRequest%2FU-09584045BD498740V%2FU-5R763959NX153980F%3FclassicUrl%3D%2FUS%2Fcgi-bin%2F%3Fcmd%3D_prq%26id%3DOoO85MXTLVUkAlgY4sey9A8h.NxxqjO.iYbAWg%22%7D%7D&flowContextData=F7WdIOgJmH6-07KTJ7GpdWXhkdDQxLohB4l-G7vuWGaUsw9VWkH3unndZA7YlCRgtETWTIDn9hNnR_R_XfGvdxeCRkDmtXLc6qqtXR9sC3Gp-59lNBELQtpM5xEv0i4rCTpJiBcP2uf4VFrJLL1b5u1XG7JtP5TfW7CNqxSVOxEb9_duKrmtDgpztBtl32bVeoc8BgW5poXyk9lJHcKrYdvBHSdT0mosqrrmaGj2a5uNQdBK70Mwpn9Zddmj0KI1GIZrXWvFcpnuRbvbli2inkizkeV4nR1uyKnBSzFqdPDcK4t7K9B6YiFhb5sS8DaQd7F6oWzSe-J8gPxVURmdwwOxFn1ycN09t9caUdBz1XMuv96GDJywuv2feJdoAI73PNjro1a2cFEKAWnCgtoHqxdBD3A1mVV3OiytkjtEUDdvp0GL3CNOAV9zIrunX_DmbTO6KOe21

Input	Output
URL: https://www.paypal.com Model: Joe Sandbox AI	{ "typosquatting": false, "unusual_query_string": false, "suspicious_tld": false, "ip_in_url": false, "long_subdomain": false, "malicious_keywords": false, "encoded_characters": false, "redirection": false, "contains_email_address": false, "known_domain": true, "brand_spoofing_attempt": false, "third_party_hosting": false }
URL: https://www.paypal.com
URL: https://www.paypal.com/signin/?returnUri=%2Fmyaccount%2Ftransfer%2FpayRequest%2FU-09584045BD498740V%2FU-5R763959NX153980F%3FclassicUrl%3D%2FUS%2Fcgi-bin%2F%3Fcmd%3D_prq&id=OoO85MXTLVUkAlgY4sey9A8h.NxxqjO.iYbAWg&expId=p2p&onboardData=%7B%22signUpRequest%22 Model: Joe Sandbox AI	{ "contains_trigger_text": true, "trigger_text": "Don't recognize the seller? Please contact Pay...", "prominent_button_name": "Log In to Pay", "text_input_field_labels": [ "Email", "Password" ], "pdf_icon_visible": false, "has_visible_captcha": false, "has_urgent_text": false, "has_visible_qrcode": false, "contains_chinese_text": false }

URL: https://www.paypal.com/signin/?returnUri=%2Fmyaccount%2Ftransfer%2FpayRequest%2FU-09584045BD498740V%2FU-5R763959NX153980F%3FclassicUrl%3D%2FUS%2Fcgi-bin%2F%3Fcmd%3D_prq&id=OoO85MXTLVUkAlgY4sey9A8h.NxxqjO.iYbAWg&expId=p2p&onboardData=%7B%22signUpRequest%22 Model: Joe Sandbox AI	{ "brands": [ "PayPal" ] }
	{ "brands": [ "PayPal" ] }
URL: https://www.paypal.com/signin/?returnUri=%2Fmyaccount%2Ftransfer%2FpayRequest%2FU-09584045BD498740V%2FU-5R763959NX153980F%3FclassicUrl%3D%2FUS%2Fcgi-bin%2F%3Fcmd%3D_prq&id=OoO85MXTLVUkAlgY4sey9A8h.NxxqjO.iYbAWg&expId=p2p&onboardData=%7B%22signUpRequest%22 Model: Joe Sandbox AI	{ "contains_trigger_text": true, "trigger_text": "Don't recognize the seller? Please contact Pay...", "prominent_button_name": "Log In to Pay", "text_input_field_labels": [ "t1osqn@xbkd.org", "************" ], "pdf_icon_visible": false, "has_visible_captcha": false, "has_urgent_text": false, "has_visible_qrcode": false, "contains_chinese_text": false }

URL: https://www.paypal.com/signin/?returnUri=%2Fmyaccount%2Ftransfer%2FpayRequest%2FU-09584045BD498740V%2FU-5R763959NX153980F%3FclassicUrl%3D%2FUS%2Fcgi-bin%2F%3Fcmd%3D_prq&id=OoO85MXTLVUkAlgY4sey9A8h.NxxqjO.iYbAWg&expId=p2p&onboardData=%7B%22signUpRequest%22 Model: Joe Sandbox AI	{ "brands": [ "PayPal" ] }
	{ "brands": [ "PayPal" ] }
URL: https://www.paypal.com/signin/?returnUri=%2Fmyaccount%2Ftransfer%2FpayRequest%2FU-09584045BD498740V%2FU-5R763959NX153980F%3FclassicUrl%3D%2FUS%2Fcgi-bin%2F%3Fcmd%3D_prq&id=OoO85MXTLVUkAlgY4sey9A8h.NxxqjO.iYbAWg&expId=p2p&onboardData=%7B%22signUpRequest%22 Model: Joe Sandbox AI	```json{ "legit_domain": "paypal.com", "classification": "wellknown", "reasons": [ "The URL 'www.paypal.com' matches the legitimate domain name for the brand PayPal.", "PayPal is a well-known brand with a strong online presence.", "There are no suspicious elements in the URL such as misspellings, extra characters, or unusual domain extensions.", "The domain is fully matching with the legitimate domain associated with PayPal." ], "riskscore": 1}
URL: www.paypal.com Brands: PayPal Input Fields: t1osqn@xbkd.org, ************
URL: https://www.paypal.com/signin Model: Joe Sandbox AI	{ "contains_trigger_text": true, "trigger_text": "Security Challenge", "prominent_button_name": "I am human", "text_input_field_labels": "unknown", "pdf_icon_visible": false, "has_visible_captcha": true, "has_urgent_text": false, "has_visible_qrcode": false, "contains_chinese_text": false }

URL: https://www.paypal.com/signin Model: Joe Sandbox AI	{ "brands": [ "PayPal" ] }
	{ "brands": [ "PayPal" ] }
URL: https://www.paypal.com/signin Model: Joe Sandbox AI	```json{ "legit_domain": "paypal.com", "classification": "wellknown", "reasons": [ "The URL 'www.paypal.com' matches the legitimate domain name for PayPal.", "PayPal is a well-known brand with a strong online presence.", "There are no suspicious elements in the URL such as misspellings, extra characters, or unusual domain extensions.", "The URL does not contain any additional words or hyphens that could indicate phishing." ], "riskscore": 1}
URL: www.paypal.com Brands: PayPal Input Fields: unknown

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Dec 5 18:19:47 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2677
Entropy (8bit):	3.9862657946947873
Encrypted:	false
SSDEEP:	48:8R0ddjT9lpfHpidAKZdA1oehwiZUklqehSy+3:8RuLs1y
MD5:	094C8E3D1B3B1322CE9FC15F3B064F56
SHA1:	ED8119849030A83B3CF29F0604AD12FE0033FA19
SHA-256:	E5F823FB44250C656A0DA63F50694FA3978696A8BB88C35BA74D3548F8039B2E
SHA-512:	C550A480FB70D1031E461CE3A1189D9BA4C1C27C4B88003875CAE596A59BE7F13622E9E47916CADC53ABD5E38637C969447D4AC79D631845EF9DAE84CB777C14
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,.....m.JG..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....EW)C..PROGRA~1..t......O.I.Yv.....B...............J.....V...P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Yv.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Yv.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Yv............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.Yx............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Dec 5, 2024 20:19:46.079622030 CET	53	58393	1.1.1.1	192.168.2.8
Dec 5, 2024 20:19:46.138506889 CET	53	55230	1.1.1.1	192.168.2.8
Dec 5, 2024 20:19:48.930295944 CET	53	57723	1.1.1.1	192.168.2.8
Dec 5, 2024 20:19:50.597596884 CET	65053	53	192.168.2.8	1.1.1.1
Dec 5, 2024 20:19:50.597862005 CET	65220	53	192.168.2.8	1.1.1.1
Dec 5, 2024 20:19:50.740906000 CET	53	65053	1.1.1.1	192.168.2.8
Dec 5, 2024 20:19:50.740930080 CET	53	65220	1.1.1.1	192.168.2.8
Dec 5, 2024 20:19:51.333468914 CET	58192	53	192.168.2.8	1.1.1.1
Dec 5, 2024 20:19:51.333638906 CET	58584	53	192.168.2.8	1.1.1.1
Dec 5, 2024 20:19:51.471452951 CET	53	58192	1.1.1.1	192.168.2.8
Dec 5, 2024 20:19:51.550128937 CET	53	58584	1.1.1.1	192.168.2.8
Dec 5, 2024 20:19:53.402610064 CET	58999	53	192.168.2.8	1.1.1.1
Dec 5, 2024 20:19:53.402776003 CET	54540	53	192.168.2.8	1.1.1.1
Dec 5, 2024 20:19:53.403743029 CET	59856	53	192.168.2.8	1.1.1.1
Dec 5, 2024 20:19:53.404089928 CET	64280	53	192.168.2.8	1.1.1.1
Dec 5, 2024 20:19:53.540734053 CET	53	59856	1.1.1.1	192.168.2.8
Dec 5, 2024 20:19:53.542359114 CET	53	64280	1.1.1.1	192.168.2.8
Dec 5, 2024 20:19:53.807339907 CET	53	54540	1.1.1.1	192.168.2.8
Dec 5, 2024 20:19:53.808336973 CET	53	58999	1.1.1.1	192.168.2.8
Dec 5, 2024 20:19:55.928752899 CET	53111	53	192.168.2.8	1.1.1.1
Dec 5, 2024 20:19:55.928961039 CET	61363	53	192.168.2.8	1.1.1.1
Dec 5, 2024 20:19:56.067091942 CET	53	53111	1.1.1.1	192.168.2.8
Dec 5, 2024 20:19:56.067397118 CET	53	61363	1.1.1.1	192.168.2.8
Dec 5, 2024 20:19:58.621710062 CET	61675	53	192.168.2.8	1.1.1.1
Dec 5, 2024 20:19:58.622164965 CET	61090	53	192.168.2.8	1.1.1.1
Dec 5, 2024 20:19:58.691481113 CET	53	63276	1.1.1.1	192.168.2.8
Dec 5, 2024 20:19:58.976051092 CET	53	61675	1.1.1.1	192.168.2.8
Dec 5, 2024 20:19:58.994942904 CET	53	61090	1.1.1.1	192.168.2.8
Dec 5, 2024 20:20:00.689496994 CET	55647	53	192.168.2.8	1.1.1.1
Dec 5, 2024 20:20:00.689704895 CET	54027	53	192.168.2.8	1.1.1.1
Dec 5, 2024 20:20:00.828630924 CET	53	54027	1.1.1.1	192.168.2.8
Dec 5, 2024 20:20:00.831379890 CET	53	55647	1.1.1.1	192.168.2.8
Dec 5, 2024 20:20:00.922395945 CET	60644	53	192.168.2.8	1.1.1.1
Dec 5, 2024 20:20:00.922672987 CET	59515	53	192.168.2.8	1.1.1.1
Dec 5, 2024 20:20:01.065911055 CET	53	60644	1.1.1.1	192.168.2.8
Dec 5, 2024 20:20:01.066247940 CET	53	59515	1.1.1.1	192.168.2.8
Dec 5, 2024 20:20:01.073296070 CET	58193	53	192.168.2.8	1.1.1.1
Dec 5, 2024 20:20:01.073676109 CET	60408	53	192.168.2.8	1.1.1.1
Dec 5, 2024 20:20:01.218240976 CET	53	58193	1.1.1.1	192.168.2.8
Dec 5, 2024 20:20:01.219510078 CET	53	60408	1.1.1.1	192.168.2.8
Dec 5, 2024 20:20:04.313290119 CET	55114	53	192.168.2.8	1.1.1.1
Dec 5, 2024 20:20:04.313563108 CET	56559	53	192.168.2.8	1.1.1.1
Dec 5, 2024 20:20:04.454058886 CET	53	55114	1.1.1.1	192.168.2.8
Dec 5, 2024 20:20:04.463184118 CET	53	56559	1.1.1.1	192.168.2.8
Dec 5, 2024 20:20:05.988204002 CET	53	63944	1.1.1.1	192.168.2.8
Dec 5, 2024 20:20:07.222943068 CET	50657	53	192.168.2.8	1.1.1.1
Dec 5, 2024 20:20:07.223192930 CET	56302	53	192.168.2.8	1.1.1.1
Dec 5, 2024 20:20:07.359977961 CET	53	50657	1.1.1.1	192.168.2.8
Dec 5, 2024 20:20:07.360610962 CET	53	56302	1.1.1.1	192.168.2.8
Dec 5, 2024 20:20:07.371521950 CET	56415	53	192.168.2.8	1.1.1.1
Dec 5, 2024 20:20:07.371642113 CET	59100	53	192.168.2.8	1.1.1.1
Dec 5, 2024 20:20:07.510065079 CET	53	56415	1.1.1.1	192.168.2.8
Dec 5, 2024 20:20:07.510585070 CET	53	59100	1.1.1.1	192.168.2.8
Dec 5, 2024 20:20:12.540399075 CET	55465	53	192.168.2.8	1.1.1.1
Dec 5, 2024 20:20:12.540564060 CET	49511	53	192.168.2.8	1.1.1.1
Dec 5, 2024 20:20:12.838218927 CET	53	49511	1.1.1.1	192.168.2.8
Dec 5, 2024 20:20:12.850043058 CET	53	55465	1.1.1.1	192.168.2.8
Dec 5, 2024 20:20:15.208626032 CET	60546	53	192.168.2.8	1.1.1.1
Dec 5, 2024 20:20:15.208761930 CET	64661	53	192.168.2.8	1.1.1.1
Dec 5, 2024 20:20:15.237277985 CET	59767	53	192.168.2.8	1.1.1.1
Dec 5, 2024 20:20:15.237422943 CET	59982	53	192.168.2.8	1.1.1.1
Dec 5, 2024 20:20:15.346478939 CET	53	64661	1.1.1.1	192.168.2.8
Dec 5, 2024 20:20:15.349735975 CET	53	60546	1.1.1.1	192.168.2.8
Dec 5, 2024 20:20:15.595943928 CET	53	59767	1.1.1.1	192.168.2.8
Dec 5, 2024 20:20:15.608580112 CET	53	59982	1.1.1.1	192.168.2.8
Dec 5, 2024 20:20:18.518512964 CET	63495	53	192.168.2.8	1.1.1.1
Dec 5, 2024 20:20:18.518744946 CET	57118	53	192.168.2.8	1.1.1.1
Dec 5, 2024 20:20:18.656955004 CET	53	63495	1.1.1.1	192.168.2.8
Dec 5, 2024 20:20:18.657118082 CET	53	57118	1.1.1.1	192.168.2.8
Dec 5, 2024 20:20:23.661653042 CET	56046	53	192.168.2.8	1.1.1.1
Dec 5, 2024 20:20:23.661812067 CET	57363	53	192.168.2.8	1.1.1.1
Dec 5, 2024 20:20:23.801697016 CET	53	57363	1.1.1.1	192.168.2.8
Dec 5, 2024 20:20:23.801721096 CET	53	56046	1.1.1.1	192.168.2.8
Dec 5, 2024 20:20:24.679533958 CET	53	65120	1.1.1.1	192.168.2.8
Dec 5, 2024 20:20:46.017492056 CET	53	49611	1.1.1.1	192.168.2.8
Dec 5, 2024 20:20:47.715704918 CET	53	62075	1.1.1.1	192.168.2.8

Timestamp	Bytes transferred	Direction	Data
2024-12-05 19:19:52 UTC	2066	OUT	GET /signin/?returnUri=%2Fmyaccount%2Ftransfer%2FpayRequest%2FU-09584045BD498740V%2FU-5R763959NX153980F%3FclassicUrl%3D%2FUS%2Fcgi-bin%2F%3Fcmd%3D_prq&id=OoO85MXTLVUkAlgY4sey9A8h.NxxqjO.iYbAWg&expId=p2p&onboardData=%7B%22signUpRequest%22%3A%7B%22method%22%3A%22get%22%2C%22url%22%3A%22https%3A%2F%2Fwww.paypal.com%2Fmyaccount%2Ftransfer%2FguestLogin%2FpayRequest%2FU-09584045BD498740V%2FU-5R763959NX153980F%3FclassicUrl%3D%2FUS%2Fcgi-bin%2F%3Fcmd%3D_prq%26id%3DOoO85MXTLVUkAlgY4sey9A8h.NxxqjO.iYbAWg%22%7D%7D&flowContextData=F7WdIOgJmH6-07KTJ7GpdWXhkdDQxLohB4l-G7vuWGaUsw9VWkH3unndZA7YlCRgtETWTIDn9hNnR_R_XfGvdxeCRkDmtXLc6qqtXR9sC3Gp-59lNBELQtpM5xEv0i4rCTpJiBcP2uf4VFrJLL1b5u1XG7JtP5TfW7CNqxSVOxEb9_duKrmtDgpztBtl32bVeoc8BgW5poXyk9lJHcKrYdvBHSdT0mosqrrmaGj2a5uNQdBK70Mwpn9Zddmj0KI1GIZrXWvFcpnuRbvbli2inkizkeV4nR1uyKnBSzFqdPDcK4t7K9B6YiFhb5sS8DaQd7F6oWzSe-J8gPxVURmdwwOxFn1ycN09t9caUdBz1XMuv96GDJywuv2feJdoAI73PNjro1a2cFEKAWnCgtoHqxdBD3A1mVV3OiytkjtEUDdvp0GL3CNOAV9zIrunX_DmbTO6KOe21dniBkeG&v=1&utm_source=unp&utm_medium=emai [TRUNCATED] Host: www.paypal.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-12-05 19:19:53 UTC	299	IN	HTTP/1.1 200 OK Connection: close Content-Length: 22671 Accept-Ch: sec-ch-ua-full, sec-ch-ua-arch, sec-ch-ua-model, sec-ch-ua-platform-version, sec-ch-ua-full-version, sec-ch-ua-full-version-list, sec-ch-ua-bitness, sec-ch-ua-wow64 Cache-Control: max-age=0, no-cache, no-store, must-revalidate
2024-12-05 19:19:53 UTC	2385	IN	Data Raw: 43 6f 6e 74 65 6e 74 2d 53 65 63 75 72 69 74 79 2d 50 6f 6c 69 63 79 3a 20 64 65 66 61 75 6c 74 2d 73 72 63 20 27 73 65 6c 66 27 20 68 74 74 70 73 3a 2f 2f 2a 2e 70 61 79 70 61 6c 2e 63 6f 6d 20 68 74 74 70 73 3a 2f 2f 2a 2e 70 61 79 70 61 6c 2e 63 6e 20 68 74 74 70 73 3a 2f 2f 2a 2e 70 61 79 70 61 6c 6f 62 6a 65 63 74 73 2e 63 6f 6d 20 68 74 74 70 73 3a 2f 2f 6f 62 6a 65 63 74 73 2e 70 61 79 70 61 6c 2e 63 6e 20 27 75 6e 73 61 66 65 2d 69 6e 6c 69 6e 65 27 3b 20 73 63 72 69 70 74 2d 73 72 63 20 27 6e 6f 6e 63 65 2d 59 57 57 2b 6f 64 54 6e 36 68 6f 31 4d 73 46 56 2b 30 36 4a 4b 33 77 68 43 69 4c 48 47 4a 38 75 57 4b 51 7a 33 71 6d 45 35 33 79 32 2b 55 54 45 27 20 27 73 65 6c 66 27 20 68 74 74 70 73 3a 2f 2f 2a 2e 70 61 79 70 61 6c 2e 63 6f 6d 20 68 74 74 Data Ascii: Content-Security-Policy: default-src 'self' https://.paypal.com https://.paypal.cn https://.paypalobjects.com https://objects.paypal.cn 'unsafe-inline'; script-src 'nonce-YWW+odTn6ho1MsFV+06JK3whCiLHGJ8uWKQz3qmE53y2+UTE' 'self' https://.paypal.com htt
2024-12-05 19:19:53 UTC	1447	IN	Data Raw: 53 65 74 2d 43 6f 6f 6b 69 65 3a 20 64 5f 69 64 3d 63 30 63 34 39 61 39 31 65 36 33 38 34 65 61 64 62 61 61 34 61 35 36 35 33 39 34 65 32 31 64 61 31 37 33 33 34 32 36 33 39 33 31 31 34 3b 20 4d 61 78 2d 41 67 65 3d 33 31 35 35 33 32 37 39 39 3b 20 44 6f 6d 61 69 6e 3d 2e 70 61 79 70 61 6c 2e 63 6f 6d 3b 20 50 61 74 68 3d 2f 3b 20 45 78 70 69 72 65 73 3d 54 75 65 2c 20 30 35 20 44 65 63 20 32 30 33 34 20 31 39 3a 31 39 3a 35 32 20 47 4d 54 3b 20 48 74 74 70 4f 6e 6c 79 3b 20 53 65 63 75 72 65 3b 20 53 61 6d 65 53 69 74 65 3d 4e 6f 6e 65 0d 0a 53 65 74 2d 43 6f 6f 6b 69 65 3a 20 4c 41 4e 47 3d 65 6e 5f 55 53 25 33 42 55 53 3b 20 4d 61 78 2d 41 67 65 3d 33 31 35 35 36 3b 20 44 6f 6d 61 69 6e 3d 2e 70 61 79 70 61 6c 2e 63 6f 6d 3b 20 50 61 74 68 3d 2f 3b 20 Data Ascii: Set-Cookie: d_id=c0c49a91e6384eadbaa4a565394e21da1733426393114; Max-Age=315532799; Domain=.paypal.com; Path=/; Expires=Tue, 05 Dec 2034 19:19:52 GMT; HttpOnly; Secure; SameSite=NoneSet-Cookie: LANG=en_US%3BUS; Max-Age=31556; Domain=.paypal.com; Path=/;
2024-12-05 19:19:53 UTC	645	IN	Data Raw: 54 72 61 63 65 70 61 72 65 6e 74 3a 20 30 30 2d 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 66 32 31 31 30 35 35 33 62 32 65 34 65 2d 39 61 61 32 63 37 34 31 39 33 66 61 33 64 62 37 2d 30 31 0d 0a 58 2d 43 6f 6e 74 65 6e 74 2d 54 79 70 65 2d 4f 70 74 69 6f 6e 73 3a 20 6e 6f 73 6e 69 66 66 0d 0a 58 2d 46 72 61 6d 65 2d 4f 70 74 69 6f 6e 73 3a 20 53 41 4d 45 4f 52 49 47 49 4e 0d 0a 58 2d 58 73 73 2d 50 72 6f 74 65 63 74 69 6f 6e 3a 20 31 3b 20 6d 6f 64 65 3d 62 6c 6f 63 6b 0d 0a 44 43 3a 20 63 63 67 31 31 2d 6f 72 69 67 69 6e 2d 77 77 77 2d 31 2e 70 61 79 70 61 6c 2e 63 6f 6d 0d 0a 41 63 63 65 70 74 2d 52 61 6e 67 65 73 3a 20 62 79 74 65 73 0d 0a 56 69 61 3a 20 31 2e 31 20 76 61 72 6e 69 73 68 2c 20 31 2e 31 20 76 61 72 6e 69 73 68 2c 20 31 2e Data Ascii: Traceparent: 00-0000000000000000000f2110553b2e4e-9aa2c74193fa3db7-01X-Content-Type-Options: nosniffX-Frame-Options: SAMEORIGINX-Xss-Protection: 1; mode=blockDC: ccg11-origin-www-1.paypal.comAccept-Ranges: bytesVia: 1.1 varnish, 1.1 varnish, 1.
2024-12-05 19:19:53 UTC	1378	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 21 2d 2d 5b 69 66 20 6c 74 20 49 45 20 39 5d 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 6c 6f 63 61 6c 65 3d 22 65 6e 5f 55 53 22 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 6c 6f 77 65 72 2d 74 68 61 6e 2d 69 65 39 20 69 65 20 64 65 73 6b 74 6f 70 22 20 64 61 74 61 2d 6c 61 6e 67 70 61 63 6b 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 70 61 79 70 61 6c 6f 62 6a 65 63 74 73 2e 63 6f 6d 2f 77 65 62 2f 72 65 73 2f 30 38 37 2f 39 66 37 33 31 64 38 62 63 65 64 64 35 62 37 65 37 61 33 39 37 35 63 30 32 34 32 37 38 2f 65 6e 2d 55 53 2f 5f 6c 61 6e 67 75 61 67 65 70 61 63 6b 22 3e 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 3c 21 2d 2d 5b 69 66 20 6c 74 20 49 45 20 31 30 5d 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e Data Ascii: <!DOCTYPE html>...[if lt IE 9]><html lang="en" locale="en_US" class="no-js lower-than-ie9 ie desktop" data-langpack="https://www.paypalobjects.com/web/res/087/9f731d8bcedd5b7e7a3975c024278/en-US/_languagepack"><![endif]-->...[if lt IE 10]><html lang="en
2024-12-05 19:19:53 UTC	1378	IN	Data Raw: 6e 71 61 61 51 68 4c 6e 2f 6e 6d 57 54 38 63 53 55 6a 4f 78 38 39 38 71 6f 59 5a 30 4b 43 68 36 2f 68 32 4f 4e 30 71 59 46 4a 38 37 61 68 54 57 61 49 70 4f 37 70 77 78 76 34 6f 4e 5a 47 37 4a 75 56 72 30 54 4a 67 20 72 6c 6f 67 69 64 20 3a 20 72 5a 4a 76 6e 71 61 61 51 68 4c 6e 25 32 46 6e 6d 57 54 38 63 53 55 6f 74 53 79 6c 4d 47 4f 54 47 6b 52 55 4d 44 70 6d 55 54 76 62 58 64 76 65 76 75 4d 4d 46 41 66 63 38 43 4d 4b 39 63 68 34 4c 59 5a 70 7a 43 76 71 61 4a 38 58 4c 35 6a 5a 70 34 76 51 30 77 42 62 6f 70 70 72 76 77 79 57 30 36 5f 31 39 33 39 38 34 33 62 30 30 61 20 2d 2d 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 3c 74 69 74 6c 65 3e 3c 2f 74 69 74 6c 65 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e Data Ascii: nqaaQhLn/nmWT8cSUjOx898qoYZ0KCh6/h2ON0qYFJ87ahTWaIpO7pwxv4oNZG7JuVr0TJg rlogid : rZJvnqaaQhLn%2FnmWT8cSUotSylMGOTGkRUMDpmUTvbXdvevuMMFAfc8CMK9ch4LYZpzCvqaJ8XL5jZp4vQ0wBbopprvwyW06_1939843b00a --><meta charset="utf-8" /><title></title><meta http-equiv="con
2024-12-05 19:19:53 UTC	1378	IN	Data Raw: 61 6c 61 62 6c 65 3d 79 65 73 22 20 2f 3e 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 69 6d 61 67 65 22 20 63 6f 6e 74 65 6e 74 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 70 61 79 70 61 6c 6f 62 6a 65 63 74 73 2e 63 6f 6d 2f 77 65 62 73 74 61 74 69 63 2f 69 63 6f 6e 2f 70 70 32 35 38 2e 70 6e 67 22 20 2f 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 69 6e 64 65 78 22 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 70 61 79 70 61 6c 6f 62 6a 65 63 74 73 2e 63 6f 6d 2f 77 65 62 2f 72 65 73 2f 30 38 37 2f 39 66 37 33 31 64 38 62 63 65 64 64 35 62 37 65 37 61 33 39 37 35 63 30 32 34 32 37 38 2f 63 73 73 2f 61 70 70 2e 63 Data Ascii: alable=yes" /><meta property="og:image" content="https://www.paypalobjects.com/webstatic/icon/pp258.png" /><meta name="robots" content="noindex"><link rel="stylesheet" href="https://www.paypalobjects.com/web/res/087/9f731d8bcedd5b7e7a3975c024278/css/app.c
2024-12-05 19:19:53 UTC	1378	IN	Data Raw: 2d 70 61 74 68 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 70 61 79 70 61 6c 6f 62 6a 65 63 74 73 2e 63 6f 6d 2f 77 65 62 2f 72 65 73 2f 30 38 37 2f 39 66 37 33 31 64 38 62 63 65 64 64 35 62 37 65 37 61 33 39 37 35 63 30 32 34 32 37 38 2f 6a 73 2f 74 65 6d 70 6c 61 74 65 73 2f 25 73 22 64 61 74 61 2d 65 6e 61 62 6c 65 2d 63 6c 69 65 6e 74 2d 63 61 6c 2d 6c 6f 67 67 69 6e 67 3d 22 74 72 75 65 22 64 61 74 61 2d 63 6f 72 72 65 6c 61 74 69 6f 6e 2d 69 64 3d 22 66 32 31 31 30 35 35 33 62 32 65 34 65 22 64 61 74 61 2d 63 6c 69 65 6e 74 2d 6e 61 6d 65 3d 22 75 6c 22 64 61 74 61 2d 65 6e 61 62 6c 65 2d 66 6e 2d 62 65 61 63 6f 6e 2d 6f 6e 2d 77 65 62 2d 76 69 65 77 73 3d 22 74 72 75 65 22 64 61 74 61 2d 6e 6f 6e 63 65 3d 22 59 57 57 2b 6f 64 54 6e 36 68 6f 31 4d 73 Data Ascii: -path="https://www.paypalobjects.com/web/res/087/9f731d8bcedd5b7e7a3975c024278/js/templates/%s"data-enable-client-cal-logging="true"data-correlation-id="f2110553b2e4e"data-client-name="ul"data-enable-fn-beacon-on-web-views="true"data-nonce="YWW+odTn6ho1Ms
2024-12-05 19:19:53 UTC	1378	IN	Data Raw: 20 37 31 30 2d 35 36 31 32 20 28 54 6f 6c 6c 20 46 72 65 65 29 2e 20 49 66 20 79 6f 75 20 64 6f 20 6e 6f 74 20 72 65 61 63 68 20 6f 75 74 2c 20 77 65 20 77 69 6c 6c 20 70 72 6f 63 65 65 64 20 77 69 74 68 20 74 68 65 20 74 72 61 6e 73 61 63 74 69 6f 6e 2e 3c 2f 73 70 61 6e 3e 3c 2f 64 69 76 3e 3c 2f 68 31 3e 3c 64 69 76 20 69 64 3d 22 6e 6f 74 69 66 69 63 61 74 69 6f 6e 73 22 20 63 6c 61 73 73 3d 22 6e 6f 74 69 66 69 63 61 74 69 6f 6e 73 22 3e 3c 2f 64 69 76 3e 3c 66 6f 72 6d 20 61 63 74 69 6f 6e 3d 22 2f 73 69 67 6e 69 6e 22 20 6d 65 74 68 6f 64 3d 22 70 6f 73 74 22 20 63 6c 61 73 73 3d 22 70 72 6f 63 65 65 64 20 6d 61 73 6b 61 62 6c 65 22 20 61 75 74 6f 63 6f 6d 70 6c 65 74 65 3d 22 6f 66 66 22 20 6e 61 6d 65 3d 22 6c 6f 67 69 6e 22 20 6e 6f 76 61 6c 69 Data Ascii: 710-5612 (Toll Free). If you do not reach out, we will proceed with the transaction.</span></div></h1><div id="notifications" class="notifications"></div><form action="/signin" method="post" class="proceed maskable" autocomplete="off" name="login" novali
2024-12-05 19:19:53 UTC	1378	IN	Data Raw: 6e 5f 65 6d 61 69 6c 22 74 79 70 65 3d 22 65 6d 61 69 6c 22 63 6c 61 73 73 3d 22 68 61 73 48 65 6c 70 20 20 76 61 6c 69 64 61 74 65 45 6d 70 74 79 20 20 20 22 76 61 6c 75 65 3d 22 22 09 09 61 75 74 6f 63 6f 6d 70 6c 65 74 65 3d 09 22 75 73 65 72 6e 61 6d 65 22 09 09 09 70 6c 61 63 65 68 6f 6c 64 65 72 3d 09 22 45 6d 61 69 6c 22 09 09 61 72 69 61 2d 64 65 73 63 72 69 62 65 64 62 79 3d 22 65 6d 61 69 6c 45 72 72 6f 72 4d 65 73 73 61 67 65 22 2f 3e 3c 6c 61 62 65 6c 20 66 6f 72 3d 22 65 6d 61 69 6c 22 20 63 6c 61 73 73 3d 22 66 69 65 6c 64 4c 61 62 65 6c 22 3e 45 6d 61 69 6c 3c 2f 6c 61 62 65 6c 3e 3c 2f 64 69 76 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22 65 72 72 6f 72 4d 65 73 73 61 67 65 22 69 64 3d 22 65 6d 61 69 6c 45 72 72 6f 72 4d 65 73 73 61 67 65 22 20 Data Ascii: n_email"type="email"class="hasHelp validateEmpty "value=""autocomplete="username"placeholder="Email"aria-describedby="emailErrorMessage"/><label for="email" class="fieldLabel">Email</label></div><div class="errorMessage"id="emailErrorMessage"
2024-12-05 19:19:53 UTC	1378	IN	Data Raw: 20 49 6e 20 74 6f 20 50 61 79 3c 2f 62 75 74 74 6f 6e 3e 3c 2f 64 69 76 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22 66 6f 72 67 6f 74 4c 69 6e 6b 22 3e 3c 61 20 68 72 65 66 3d 22 2f 61 75 74 68 66 6c 6f 77 2f 70 61 73 73 77 6f 72 64 2d 72 65 63 6f 76 65 72 79 2f 3f 72 65 64 69 72 65 63 74 55 72 69 3d 25 32 35 32 46 73 69 67 6e 69 6e 25 32 35 32 46 25 32 35 33 46 72 65 74 75 72 6e 55 72 69 25 32 35 33 44 25 32 35 32 35 32 46 6d 79 61 63 63 6f 75 6e 74 25 32 35 32 35 32 46 74 72 61 6e 73 66 65 72 25 32 35 32 35 32 46 70 61 79 52 65 71 75 65 73 74 25 32 35 32 35 32 46 55 2d 30 39 35 38 34 30 34 35 42 44 34 39 38 37 34 30 56 25 32 35 32 35 32 46 55 2d 35 52 37 36 33 39 35 39 4e 58 31 35 33 39 38 30 46 25 32 35 32 35 33 46 63 6c 61 73 73 69 63 55 72 6c 25 32 35 32 Data Ascii: In to Pay</button></div><div class="forgotLink"><a href="/authflow/password-recovery/?redirectUri=%252Fsignin%252F%253FreturnUri%253D%25252Fmyaccount%25252Ftransfer%25252FpayRequest%25252FU-09584045BD498740V%25252FU-5R763959NX153980F%25253FclassicUrl%252

Timestamp	Bytes transferred	Direction	Data
2024-12-05 19:19:55 UTC	586	OUT	GET /web/res/087/9f731d8bcedd5b7e7a3975c024278/css/app.css HTTP/1.1 Host: www.paypalobjects.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: text/css,/;q=0.1 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: style Referer: https://www.paypal.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-12-05 19:19:55 UTC	779	IN	HTTP/1.1 200 OK Access-Control-Allow-Headers: x-csrf-token Access-Control-Allow-Methods: GET Access-Control-Allow-Origin: * Cache-Control: max-age=31536000, s-maxage=31536000 Content-Type: text/css Date: Thu, 05 Dec 2024 19:19:55 GMT DC: ccg11-origin-www-1.paypal.com Etag: W/"6737ef0a-1278c" Expires: Fri, 05 Dec 2025 19:19:55 GMT Last-Modified: Sat, 16 Nov 2024 01:02:02 GMT Paypal-Debug-Id: bd5c98c08d7b7 Server: ECAcc (lhd/35CF) Strict-Transport-Security: max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: https://www.paypal.com,https://www.sandbox.paypal.com Traceparent: 00-0000000000000000000bd5c98c08d7b7-ae5d808507650231-01 Vary: Accept-Encoding X-Cache: HIT X-Content-Type-Options: nosniff Content-Length: 75660 Connection: close
2024-12-05 19:19:56 UTC	16383	IN	Data Raw: 2f 2a 2a 20 6d 65 74 68 6f 64 20 72 65 73 70 6f 6e 73 69 62 6c 65 20 66 6f 72 20 6c 6f 61 64 69 6e 67 20 74 68 65 20 62 61 63 6b 67 72 6f 75 6e 64 20 69 6d 61 67 65 20 73 65 74 20 69 6e 20 43 53 53 20 2a 2a 2f 0a 40 2d 77 65 62 6b 69 74 2d 6b 65 79 66 72 61 6d 65 73 20 72 6f 74 61 74 69 6f 6e 20 7b 0a 20 20 66 72 6f 6d 20 7b 0a 20 20 20 20 2d 77 65 62 6b 69 74 2d 74 72 61 6e 73 66 6f 72 6d 3a 20 72 6f 74 61 74 65 28 30 64 65 67 29 3b 0a 20 20 20 20 74 72 61 6e 73 66 6f 72 6d 3a 20 72 6f 74 61 74 65 28 30 64 65 67 29 3b 0a 20 20 7d 0a 20 20 74 6f 20 7b 0a 20 20 20 20 2d 77 65 62 6b 69 74 2d 74 72 61 6e 73 66 6f 72 6d 3a 20 72 6f 74 61 74 65 28 33 35 39 64 65 67 29 3b 0a 20 20 20 20 74 72 61 6e 73 66 6f 72 6d 3a 20 72 6f 74 61 74 65 28 33 35 39 64 65 67 29 Data Ascii: / method responsible for loading the background image set in CSS /@-webkit-keyframes rotation { from { -webkit-transform: rotate(0deg); transform: rotate(0deg); } to { -webkit-transform: rotate(359deg); transform: rotate(359deg)
2024-12-05 19:19:56 UTC	16383	IN	Data Raw: 66 6c 6f 77 3a 20 76 69 73 69 62 6c 65 3b 0a 20 20 62 6f 72 64 65 72 3a 20 30 3b 0a 20 20 70 61 64 64 69 6e 67 3a 20 30 3b 0a 20 20 62 61 63 6b 67 72 6f 75 6e 64 3a 20 6e 6f 6e 65 3b 0a 20 20 63 6f 6c 6f 72 3a 20 23 30 30 37 30 62 61 3b 0a 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 48 65 6c 76 65 74 69 63 61 4e 65 75 65 2d 4d 65 64 69 75 6d 2c 20 22 48 65 6c 76 65 74 69 63 61 20 4e 65 75 65 20 4d 65 64 69 75 6d 22 2c 20 48 65 6c 76 65 74 69 63 61 4e 65 75 65 2c 20 22 48 65 6c 76 65 74 69 63 61 20 4e 65 75 65 22 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 41 72 69 61 6c 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 65 6d 3b 0a 20 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 6c 65 66 74 3b 0a 20 20 74 65 78 74 2d 64 65 63 6f 72 Data Ascii: flow: visible; border: 0; padding: 0; background: none; color: #0070ba; font-family: HelveticaNeue-Medium, "Helvetica Neue Medium", HelveticaNeue, "Helvetica Neue", Helvetica, Arial, sans-serif; font-size: 1em; text-align: left; text-decor
2024-12-05 19:19:56 UTC	16383	IN	Data Raw: 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 74 6f 20 72 69 67 68 74 2c 20 23 43 42 44 32 44 36 20 35 30 25 2c 20 72 67 62 61 28 32 35 35 2c 20 32 35 35 2c 20 32 35 35 2c 20 30 29 20 34 30 25 29 3b 0a 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 70 6f 73 69 74 69 6f 6e 3a 20 74 6f 70 3b 0a 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 73 69 7a 65 3a 20 33 70 78 20 31 70 78 3b 0a 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 72 65 70 65 61 74 3a 20 72 65 70 65 61 74 2d 78 3b 0a 20 20 68 65 69 67 68 74 3a 20 31 70 78 3b 0a 20 20 62 6f 72 64 65 72 3a 20 30 3b 0a 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 7d 0a 2e 73 65 6e 74 4d 65 73 73 61 67 65 20 7b 0a 20 20 63 6f 6c 6f 72 3a 20 23 31 62 39 65 31 62 3b 0a 7d 0a 2e 63 61 70 74 63 68 61 2d 63 6f 6e 74 61 69 6e 65 72 20 7b 0a 20 20 Data Ascii: inear-gradient(to right, #CBD2D6 50%, rgba(255, 255, 255, 0) 40%); background-position: top; background-size: 3px 1px; background-repeat: repeat-x; height: 1px; border: 0; margin: 0;}.sentMessage { color: #1b9e1b;}.captcha-container {
2024-12-05 19:19:56 UTC	3	IN	Data Raw: 7d 0a 2e Data Ascii: }.
2024-12-05 19:19:56 UTC	16383	IN	Data Raw: 6f 6e 65 54 6f 75 63 68 52 6d 20 2e 73 74 65 70 73 20 2e 73 74 65 70 73 2d 69 63 6f 6e 2e 69 63 6f 6e 2d 31 20 7b 0a 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 70 6f 73 69 74 69 6f 6e 3a 20 30 20 2d 34 38 70 78 3b 0a 7d 0a 2e 6f 6e 65 54 6f 75 63 68 52 6d 20 2e 73 74 65 70 73 20 2e 73 74 65 70 73 2d 69 63 6f 6e 2e 69 63 6f 6e 2d 32 20 7b 0a 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 70 6f 73 69 74 69 6f 6e 3a 20 30 20 2d 39 30 70 78 3b 0a 7d 0a 2e 6f 6e 65 54 6f 75 63 68 52 6d 20 2e 72 65 61 73 73 75 72 65 20 7b 0a 20 20 6d 61 72 67 69 6e 3a 20 31 35 70 78 20 30 3b 0a 7d 0a 2e 6f 6e 65 54 6f 75 63 68 52 6d 20 2e 73 65 63 6f 6e 64 61 72 79 4c 69 6e 6b 20 7b 0a 20 20 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 31 32 70 78 3b 0a 7d 0a 2f 2a 2a 0a 2a 20 53 68 61 72 65 64 20 Data Ascii: oneTouchRm .steps .steps-icon.icon-1 { background-position: 0 -48px;}.oneTouchRm .steps .steps-icon.icon-2 { background-position: 0 -90px;}.oneTouchRm .reassure { margin: 15px 0;}.oneTouchRm .secondaryLink { margin-top: 12px;}/*** Shared
2024-12-05 19:19:56 UTC	10125	IN	Data Raw: 2f 69 6d 61 67 65 73 2f 73 68 61 72 65 64 2f 73 75 63 63 65 73 73 2d 61 6e 69 6d 61 74 69 6f 6e 5f 32 78 2e 67 69 66 22 29 20 6e 6f 2d 72 65 70 65 61 74 20 74 6f 70 20 63 65 6e 74 65 72 3b 0a 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 73 69 7a 65 3a 20 31 30 30 70 78 3b 0a 20 20 7d 0a 7d 0a 2e 67 72 65 79 4f 75 74 2c 0a 61 2e 67 72 65 79 4f 75 74 3a 68 6f 76 65 72 2c 0a 61 2e 67 72 65 79 4f 75 74 3a 6c 69 6e 6b 2c 0a 61 2e 67 72 65 79 4f 75 74 3a 76 69 73 69 74 65 64 2c 0a 61 2e 67 72 65 79 4f 75 74 3a 66 6f 63 75 73 20 7b 0a 20 20 63 6f 6c 6f 72 3a 20 23 64 64 64 3b 0a 7d 0a 2e 67 72 65 79 42 61 63 6b 67 72 6f 75 6e 64 20 7b 0a 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 64 64 64 3b 0a 7d 0a 62 75 74 74 6f 6e 2e 67 72 65 79 42 61 63 Data Ascii: /images/shared/success-animation_2x.gif") no-repeat top center; background-size: 100px; }}.greyOut,a.greyOut:hover,a.greyOut:link,a.greyOut:visited,a.greyOut:focus { color: #ddd;}.greyBackground { background-color: #ddd;}button.greyBac

Timestamp	Bytes transferred	Direction	Data
2024-12-05 19:19:55 UTC	567	OUT	GET /rdaAssets/fraudnet/sync/fn-sync-telemetry-min.js HTTP/1.1 Host: www.paypalobjects.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://www.paypal.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-12-05 19:19:55 UTC	754	IN	HTTP/1.1 200 OK Access-Control-Allow-Methods: GET Access-Control-Allow-Origin: * Cache-Control: s-maxage=31536000, public,max-age=3600 Content-Type: application/javascript Date: Thu, 05 Dec 2024 19:19:55 GMT DC: ccg11-origin-www-1.paypal.com Etag: "67230a66-19a5+ident" Expires: Thu, 05 Dec 2024 20:19:55 GMT Last-Modified: Thu, 31 Oct 2024 04:41:10 GMT Paypal-Debug-Id: 672801e377ba4 Server: ECAcc (lhd/35BC) Strict-Transport-Security: max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: https://www.paypal.com,https://www.sandbox.paypal.com Traceparent: 00-0000000000000000000672801e377ba4-3e2623f270924a3d-01 Vary: Accept-Encoding X-Cache: HIT X-Content-Type-Options: nosniff Content-Length: 6565 Connection: close
2024-12-05 19:19:55 UTC	6565	IN	Data Raw: 76 61 72 20 50 41 59 50 41 4c 3d 77 69 6e 64 6f 77 2e 50 41 59 50 41 4c 7c 7c 7b 7d 3b 21 66 75 6e 63 74 69 6f 6e 28 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 76 61 72 20 74 3d 66 75 6e 63 74 69 6f 6e 28 74 29 7b 76 61 72 20 65 3d 66 75 6e 63 74 69 6f 6e 28 74 2c 65 2c 6e 29 7b 6e 5b 30 5d 3d 28 32 35 35 26 28 30 7c 74 5b 65 5d 29 29 3c 3c 32 34 7c 28 32 35 35 26 28 30 7c 74 5b 65 2b 31 5d 29 29 3c 3c 31 36 7c 28 32 35 35 26 28 30 7c 74 5b 65 2b 32 5d 29 29 3c 3c 38 7c 32 35 35 26 28 30 7c 74 5b 65 2b 33 5d 29 7c 30 2c 6e 5b 31 5d 3d 28 32 35 35 26 28 30 7c 74 5b 65 2b 34 5d 29 29 3c 3c 32 34 7c 28 32 35 35 26 28 30 7c 74 5b 65 2b 35 5d 29 29 3c 3c 31 36 7c 28 32 35 35 26 28 30 7c 74 5b 65 2b 36 5d 29 29 3c 3c 38 7c 32 35 35 26 28 30 7c 74 5b 65 2b 37 Data Ascii: var PAYPAL=window.PAYPAL\|\|{};!function(){"use strict";var t=function(t){var e=function(t,e,n){n[0]=(255&(0\|t[e]))<<24\|(255&(0\|t[e+1]))<<16\|(255&(0\|t[e+2]))<<8\|255&(0\|t[e+3])\|0,n[1]=(255&(0\|t[e+4]))<<24\|(255&(0\|t[e+5]))<<16\|(255&(0\|t[e+6]))<<8\|255&(0\|t[e+7

Timestamp	Bytes transferred	Direction	Data
2024-12-05 19:19:55 UTC	534	OUT	GET /pa/js/min/pa.js HTTP/1.1 Host: www.paypalobjects.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://www.paypal.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-12-05 19:19:56 UTC	800	IN	HTTP/1.1 200 OK Access-Control-Allow-Headers: x-csrf-token Access-Control-Allow-Methods: GET Access-Control-Allow-Origin: * Cache-Control: s-maxage=31536000, public,max-age=3600 Content-Type: application/javascript Date: Thu, 05 Dec 2024 19:19:55 GMT DC: ccg11-origin-www-1.paypal.com Etag: "6735ac2d-11212+ident" Expires: Thu, 05 Dec 2024 20:19:55 GMT Last-Modified: Thu, 14 Nov 2024 07:52:13 GMT Paypal-Debug-Id: f898c5a52e3d2 Server: ECAcc (lhd/35DA) Strict-Transport-Security: max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: https://www.paypal.com,https://www.sandbox.paypal.com Traceparent: 00-0000000000000000000f898c5a52e3d2-b1bb2e86a5e09a5f-01 Vary: Accept-Encoding X-Cache: HIT X-Content-Type-Options: nosniff Content-Length: 70162 Connection: close
2024-12-05 19:19:56 UTC	16383	IN	Data Raw: 2f 2a 40 20 32 30 32 34 20 50 61 79 50 61 6c 20 28 76 31 2e 39 2e 35 29 20 2a 2f 0a 21 66 75 6e 63 74 69 6f 6e 28 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 66 75 6e 63 74 69 6f 6e 20 72 28 74 2c 65 2c 6e 29 7b 28 65 3d 66 75 6e 63 74 69 6f 6e 28 74 29 7b 74 3d 66 75 6e 63 74 69 6f 6e 28 74 2c 65 29 7b 69 66 28 22 6f 62 6a 65 63 74 22 21 3d 74 79 70 65 6f 66 20 74 7c 7c 21 74 29 72 65 74 75 72 6e 20 74 3b 76 61 72 20 6e 3d 74 5b 53 79 6d 62 6f 6c 2e 74 6f 50 72 69 6d 69 74 69 76 65 5d 3b 69 66 28 76 6f 69 64 20 30 3d 3d 3d 6e 29 72 65 74 75 72 6e 28 22 73 74 72 69 6e 67 22 3d 3d 3d 65 3f 53 74 72 69 6e 67 3a 4e 75 6d 62 65 72 29 28 74 29 3b 74 3d 6e 2e 63 61 6c 6c 28 74 2c 65 7c 7c 22 64 65 66 61 75 6c 74 22 29 3b 69 66 28 22 6f 62 6a 65 63 74 22 21 3d Data Ascii: /@ 2024 PayPal (v1.9.5) /!function(){"use strict";function r(t,e,n){(e=function(t){t=function(t,e){if("object"!=typeof t\|\|!t)return t;var n=t[Symbol.toPrimitive];if(void 0===n)return("string"===e?String:Number)(t);t=n.call(t,e\|\|"default");if("object"!=
2024-12-05 19:19:56 UTC	1	IN	Data Raw: 20 Data Ascii:
2024-12-05 19:19:56 UTC	16383	IN	Data Raw: 22 2b 74 5b 72 5d 2e 74 72 69 6d 28 29 2c 72 21 3d 3d 74 2e 6c 65 6e 67 74 68 2d 31 26 26 28 6e 2b 3d 22 2c 20 22 29 7d 65 6c 73 65 20 6e 3d 74 3b 72 65 74 75 72 6e 20 6e 7d 76 61 72 20 5f 65 3d 7b 70 70 3a 2f 5c 2e 70 61 79 70 61 6c 5c 2e 63 6f 6d 24 2f 2c 61 6c 6c 3a 48 7d 3b 66 75 6e 63 74 69 6f 6e 20 50 65 28 74 2c 65 29 7b 76 61 72 20 6e 3d 21 31 2c 65 3d 65 7c 7c 71 3b 72 65 74 75 72 6e 20 6e 3d 5f 65 5b 74 3d 74 7c 7c 22 61 6c 6c 22 5d 2e 74 65 73 74 28 65 29 3f 21 30 3a 6e 7d 66 75 6e 63 74 69 6f 6e 20 45 28 74 2c 65 2c 6e 29 7b 74 72 79 7b 76 61 72 20 72 3d 65 2e 72 65 70 6c 61 63 65 28 22 5b 22 2c 22 2e 22 29 2e 72 65 70 6c 61 63 65 28 22 5d 22 2c 22 22 29 2e 73 70 6c 69 74 28 22 2e 22 29 2e 72 65 64 75 63 65 28 66 75 6e 63 74 69 6f 6e 28 74 2c Data Ascii: "+t[r].trim(),r!==t.length-1&&(n+=", ")}else n=t;return n}var _e={pp:/\.paypal\.com$/,all:H};function Pe(t,e){var n=!1,e=e\|\|q;return n=_e[t=t\|\|"all"].test(e)?!0:n}function E(t,e,n){try{var r=e.replace("[",".").replace("]","").split(".").reduce(function(t,
2024-12-05 19:19:56 UTC	16383	IN	Data Raw: 2c 6f 3d 30 3b 6f 3c 61 2e 6c 65 6e 67 74 68 3b 6f 2b 2b 29 66 6f 72 28 76 61 72 20 63 3d 61 5b 6f 5d 2c 75 3d 6b 65 28 22 69 6e 70 75 74 22 2c 63 29 2c 73 3d 75 2e 6c 65 6e 67 74 68 2c 6c 3d 30 3b 6c 3c 73 3b 6c 2b 2b 29 21 66 75 6e 63 74 69 6f 6e 28 74 2c 65 29 7b 68 28 65 2c 22 66 6f 63 75 73 22 2c 66 75 6e 63 74 69 6f 6e 28 29 7b 72 2e 5f 6c 61 73 74 46 6f 72 6d 3d 74 2c 72 2e 5f 6c 61 73 74 49 6e 70 75 74 3d 65 2c 72 2e 5f 74 72 61 63 6b 69 6e 67 46 41 7c 7c 28 72 2e 5f 74 72 61 63 6b 69 6e 67 46 41 3d 21 30 2c 22 62 65 66 6f 72 65 75 6e 6c 6f 61 64 2c 68 61 73 68 63 68 61 6e 67 65 22 2e 73 70 6c 69 74 28 22 2c 22 29 2e 66 6f 72 45 61 63 68 28 66 75 6e 63 74 69 6f 6e 28 74 29 7b 68 28 77 69 6e 64 6f 77 2c 74 2c 66 75 6e 63 74 69 6f 6e 28 29 7b 6e 75 Data Ascii: ,o=0;o<a.length;o++)for(var c=a[o],u=ke("input",c),s=u.length,l=0;l<s;l++)!function(t,e){h(e,"focus",function(){r._lastForm=t,r._lastInput=e,r._trackingFA\|\|(r._trackingFA=!0,"beforeunload,hashchange".split(",").forEach(function(t){h(window,t,function(){nu
2024-12-05 19:19:56 UTC	16383	IN	Data Raw: 6c 6f 61 64 56 65 6e 64 6f 72 44 65 66 61 75 6c 74 28 74 2e 6e 61 6d 65 29 7c 7c 7b 7d 2c 74 29 3b 62 72 28 74 29 26 26 28 6d 72 26 26 76 72 5b 65 5d 26 26 2d 31 21 3d 3d 76 72 5b 65 5d 2e 69 6e 64 65 78 4f 66 28 74 2e 6e 61 6d 65 29 3f 75 5b 65 5d 3d 21 31 3a 6e 2e 70 75 73 68 28 74 29 29 7d 29 2c 6e 2e 6c 65 6e 67 74 68 29 26 26 28 69 3d 7b 69 64 3a 65 2c 74 72 69 67 67 65 72 3a 6f 2e 74 72 69 67 67 65 72 2c 63 61 70 74 75 72 65 3a 6f 2e 63 61 70 74 75 72 65 2c 76 65 6e 64 6f 72 73 3a 6e 7d 2c 6f 3d 50 41 59 50 41 4c 2e 61 6e 61 6c 79 74 69 63 73 2e 6c 6f 67 4a 53 45 72 72 6f 72 2c 74 3d 69 2e 74 72 69 67 67 65 72 2e 74 79 70 65 2c 61 3d 69 2e 74 72 69 67 67 65 72 2e 63 6f 6e 64 69 74 69 6f 6e 2c 69 2e 74 72 69 67 67 65 72 2e 68 61 73 4f 77 6e 50 72 6f Data Ascii: loadVendorDefault(t.name)\|\|{},t);br(t)&&(mr&&vr[e]&&-1!==vr[e].indexOf(t.name)?u[e]=!1:n.push(t))}),n.length)&&(i={id:e,trigger:o.trigger,capture:o.capture,vendors:n},o=PAYPAL.analytics.logJSError,t=i.trigger.type,a=i.trigger.condition,i.trigger.hasOwnPro
2024-12-05 19:19:56 UTC	4629	IN	Data Raw: 26 28 61 2e 76 61 6c 75 65 3d 4d 61 74 68 2e 6d 61 78 28 74 2e 73 74 61 72 74 54 69 6d 65 2d 6e 69 28 29 2c 30 29 2c 61 2e 65 6e 74 72 69 65 73 3d 5b 74 5d 2c 6e 28 29 29 7d 29 3b 74 26 26 28 6e 3d 52 28 6f 2c 61 2c 42 69 2c 63 2e 72 65 70 6f 72 74 41 6c 6c 43 68 61 6e 67 65 73 29 2c 72 3d 6f 69 28 66 75 6e 63 74 69 6f 6e 28 29 7b 7a 69 5b 61 2e 69 64 5d 7c 7c 28 65 28 74 2e 74 61 6b 65 52 65 63 6f 72 64 73 28 29 29 2c 74 2e 64 69 73 63 6f 6e 6e 65 63 74 28 29 2c 7a 69 5b 61 2e 69 64 5d 3d 21 30 2c 6e 28 21 30 29 29 7d 29 2c 5b 22 6b 65 79 64 6f 77 6e 22 2c 22 63 6c 69 63 6b 22 5d 2e 66 6f 72 45 61 63 68 28 66 75 6e 63 74 69 6f 6e 28 74 29 7b 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 74 2c 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 73 Data Ascii: &(a.value=Math.max(t.startTime-ni(),0),a.entries=[t],n())});t&&(n=R(o,a,Bi,c.reportAllChanges),r=oi(function(){zi[a.id]\|\|(e(t.takeRecords()),t.disconnect(),zi[a.id]=!0,n(!0))}),["keydown","click"].forEach(function(t){addEventListener(t,function(){return s

Timestamp	Bytes transferred	Direction	Data
2024-12-05 19:19:57 UTC	590	OUT	GET /web/res/087/9f731d8bcedd5b7e7a3975c024278/js/widgets/clientCalLogger.js HTTP/1.1 Host: www.paypalobjects.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://www.paypal.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-12-05 19:19:58 UTC	790	IN	HTTP/1.1 200 OK Access-Control-Allow-Headers: x-csrf-token Access-Control-Allow-Methods: GET Access-Control-Allow-Origin: * Cache-Control: max-age=31536000, s-maxage=31536000 Content-Type: application/javascript Date: Thu, 05 Dec 2024 19:19:58 GMT DC: ccg11-origin-www-1.paypal.com Etag: W/"6737ef1a-519" Expires: Fri, 05 Dec 2025 19:19:58 GMT Last-Modified: Sat, 16 Nov 2024 01:02:18 GMT Paypal-Debug-Id: 6240ddfabb5ae Server: ECAcc (lhd/35B2) Strict-Transport-Security: max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: https://www.paypal.com,https://www.sandbox.paypal.com Traceparent: 00-00000000000000000006240ddfabb5ae-45725653d5931af3-01 Vary: Accept-Encoding X-Cache: HIT X-Content-Type-Options: nosniff Content-Length: 1305 Connection: close
2024-12-05 19:19:58 UTC	1305	IN	Data Raw: 28 66 75 6e 63 74 69 6f 6e 28 29 7b 66 75 6e 63 74 69 6f 6e 20 66 28 74 29 7b 78 68 72 3d 6e 65 77 20 58 4d 4c 48 74 74 70 52 65 71 75 65 73 74 2c 78 68 72 2e 6f 70 65 6e 28 22 50 4f 53 54 22 2c 22 2f 73 69 67 6e 69 6e 2f 63 6c 69 65 6e 74 2d 6c 6f 67 22 2c 21 30 29 2c 78 68 72 2e 73 65 74 52 65 71 75 65 73 74 48 65 61 64 65 72 28 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6a 73 6f 6e 3b 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 29 3b 74 72 79 7b 78 68 72 2e 73 65 6e 64 28 4a 53 4f 4e 2e 73 74 72 69 6e 67 69 66 79 28 74 29 29 2c 65 2e 75 6c 44 61 74 61 2e 6c 6f 67 52 65 63 6f 72 64 73 3d 5b 5d 7d 63 61 74 63 68 28 6e 29 7b 7d 7d 66 75 6e 63 74 69 6f 6e 20 6c 28 29 7b 76 61 72 20 65 3d 7b 75 6c 43 6f 72 72 65 6c 61 Data Ascii: (function(){function f(t){xhr=new XMLHttpRequest,xhr.open("POST","/signin/client-log",!0),xhr.setRequestHeader("Content-Type","application/json;charset=UTF-8");try{xhr.send(JSON.stringify(t)),e.ulData.logRecords=[]}catch(n){}}function l(){var e={ulCorrela

Timestamp	Bytes transferred	Direction	Data
2024-12-05 19:19:57 UTC	675	OUT	GET /images/shared/paypal-logo-129x32.svg HTTP/1.1 Host: www.paypalobjects.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://www.paypalobjects.com/web/res/087/9f731d8bcedd5b7e7a3975c024278/css/app.css Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-12-05 19:19:58 UTC	706	IN	HTTP/1.1 200 OK Access-Control-Allow-Origin: * Cache-Control: s-maxage=31536000, public,max-age=3600 Content-Type: image/svg+xml Date: Thu, 05 Dec 2024 19:19:58 GMT DC: ccg11-origin-www-1.paypal.com Etag: W/"544ad849-1351" Expires: Thu, 05 Dec 2024 20:19:58 GMT Last-Modified: Fri, 24 Oct 2014 22:52:57 GMT Paypal-Debug-Id: a9274e1a826b2 Server: ECAcc (lhd/3598) Strict-Transport-Security: max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: https://www.paypal.com,https://www.sandbox.paypal.com Traceparent: 00-0000000000000000000a9274e1a826b2-d020aa44b15f9c8c-01 Vary: Accept-Encoding X-Cache: HIT X-Content-Type-Options: nosniff Content-Length: 4945 Connection: close
2024-12-05 19:19:58 UTC	4945	IN	Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 21 2d 2d 20 47 65 6e 65 72 61 74 6f 72 3a 20 41 64 6f 62 65 20 49 6c 6c 75 73 74 72 61 74 6f 72 20 31 36 2e 30 2e 30 2c 20 53 56 47 20 45 78 70 6f 72 74 20 50 6c 75 67 2d 49 6e 20 2e 20 53 56 47 20 56 65 72 73 69 6f 6e 3a 20 36 2e 30 30 20 42 75 69 6c 64 20 30 29 20 20 2d 2d 3e 0d 0a 3c 21 44 4f 43 54 59 50 45 20 73 76 67 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 53 56 47 20 31 2e 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 47 72 61 70 68 69 63 73 2f 53 56 47 2f 31 2e 31 2f 44 54 44 2f 73 76 67 31 31 2e 64 74 64 22 3e 0d 0a 3c 73 76 67 20 76 65 72 73 69 6f 6e 3d 22 31 2e 31 22 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?>... Generator: Adobe Illustrator 16.0.0, SVG Export Plug-In . SVG Version: 6.00 Build 0) --><!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd"><svg version="1.1"

Timestamp	Bytes transferred	Direction	Data
2024-12-05 19:19:58 UTC	966	OUT	GET /tags.js HTTP/1.1 Host: ddbm2.paypal.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: same-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://www.paypal.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: enforce_policy=ccpa; cookie_check=yes; d_id=c0c49a91e6384eadbaa4a565394e21da1733426393114; LANG=en_US%3BUS; tsrce=unifiedloginnodeweb; x-pp-s=eyJ0IjoiMTczMzQyNjM5MzE1OSIsImwiOiIwIiwibSI6IjAifQ; l7_az=dcg15.slc; ts=vreXpYrS%3D1764962393%26vteXpYrS%3D1733428193%26vr%3D9843afe81930ad103d1b5fc8f7399779%26vt%3D9843afe81930ad103d1b5fc8f7399778%26vtyp%3Dnew; ts_c=vr%3D9843afe81930ad103d1b5fc8f7399779%26vt%3D9843afe81930ad103d1b5fc8f7399778
2024-12-05 19:19:59 UTC	708	IN	HTTP/1.1 200 OK Content-Type: text/javascript Content-Length: 177743 Connection: close Last-Modified: Wed, 04 Dec 2024 11:03:19 GMT x-amz-server-side-encryption: AES256 x-amz-version-id: fRdxQZTwv7aUXeF3zxmAg.EIiFr7SoNp Accept-Ranges: bytes Server: AmazonS3 Date: Thu, 05 Dec 2024 19:20:00 GMT Cache-Control: max-age=3600, public ETag: "b4f2edbea31dcec5c70f4f1bf574b162" X-Cache: RefreshHit from cloudfront Via: 1.1 91c765f98e441d70899402f8a830d8b2.cloudfront.net (CloudFront) X-Amz-Cf-Pop: BAH52-C1 X-Amz-Cf-Id: JMaSDwkUeXp4MSPTSGuDX4efRl_rmRrTTZaqzvq1kAd9w9cRPZxjLw== X-Content-Type-Options: nosniff Strict-Transport-Security: max-age=63072000; includeSubDomains; preload Vary: Origin
2024-12-05 19:19:59 UTC	16384	IN	Data Raw: 2f 2a 2a 20 44 61 74 61 44 6f 6d 65 20 69 73 20 61 20 63 79 62 65 72 73 65 63 75 72 69 74 79 20 73 6f 6c 75 74 69 6f 6e 20 74 6f 20 64 65 74 65 63 74 20 62 6f 74 20 61 63 74 69 76 69 74 79 20 68 74 74 70 73 3a 2f 2f 64 61 74 61 64 6f 6d 65 2e 63 6f 20 28 76 65 72 73 69 6f 6e 20 34 2e 33 38 2e 30 29 20 2a 2f 20 0a 21 66 75 6e 63 74 69 6f 6e 20 65 28 74 2c 6e 2c 6f 29 7b 66 75 6e 63 74 69 6f 6e 20 69 28 72 2c 73 29 7b 69 66 28 21 6e 5b 72 5d 29 7b 69 66 28 21 74 5b 72 5d 29 7b 76 61 72 20 64 3d 27 5c 78 36 36 5c 78 37 35 5c 78 36 65 5c 78 36 33 5c 78 37 34 5c 78 36 39 5c 78 36 66 5c 78 36 65 27 3d 3d 74 79 70 65 6f 66 20 72 65 71 75 69 72 65 26 26 72 65 71 75 69 72 65 3b 69 66 28 21 73 26 26 64 29 72 65 74 75 72 6e 20 64 28 72 2c 21 30 29 3b 69 66 28 61 29 Data Ascii: /** DataDome is a cybersecurity solution to detect bot activity https://datadome.co (version 4.38.0) */ !function e(t,n,o){function i(r,s){if(!n[r]){if(!t[r]){var d='\x66\x75\x6e\x63\x74\x69\x6f\x6e'==typeof require&&require;if(!s&&d)return d(r,!0);if(a)
2024-12-05 19:20:00 UTC	9200	IN	Data Raw: 6e 2c 6f 29 7b 65 5b 5b 27 5c 78 37 32 5c 78 36 35 5c 78 36 64 5c 78 36 66 5c 78 37 36 5c 78 36 35 5c 78 34 35 5c 78 37 36 5c 78 36 35 5c 78 36 65 5c 78 37 34 5c 78 34 63 5c 78 36 39 5c 78 37 33 5c 78 37 34 5c 78 36 35 5c 78 36 65 5c 78 36 35 5c 78 37 32 27 5d 5d 3f 65 5b 5b 27 5c 78 37 32 5c 78 36 35 5c 78 36 64 5c 78 36 66 5c 78 37 36 5c 78 36 35 5c 78 34 35 5c 78 37 36 5c 78 36 35 5c 78 36 65 5c 78 37 34 5c 78 34 63 5c 78 36 39 5c 78 37 33 5c 78 37 34 5c 78 36 35 5c 78 36 65 5c 78 36 35 5c 78 37 32 27 5d 5d 28 74 2c 6e 2c 6f 29 3a 65 5b 5b 27 5c 78 36 34 5c 78 36 35 5c 78 37 34 5c 78 36 31 5c 78 36 33 5c 78 36 38 5c 78 34 35 5c 78 37 36 5c 78 36 35 5c 78 36 65 5c 78 37 34 27 5d 5d 26 26 65 5b 5b 27 5c 78 36 34 5c 78 36 35 5c 78 37 34 5c 78 36 31 5c 78 Data Ascii: n,o){e[['\x72\x65\x6d\x6f\x76\x65\x45\x76\x65\x6e\x74\x4c\x69\x73\x74\x65\x6e\x65\x72']]?e[['\x72\x65\x6d\x6f\x76\x65\x45\x76\x65\x6e\x74\x4c\x69\x73\x74\x65\x6e\x65\x72']](t,n,o):e[['\x64\x65\x74\x61\x63\x68\x45\x76\x65\x6e\x74']]&&e[['\x64\x65\x74\x61\x
2024-12-05 19:20:00 UTC	16384	IN	Data Raw: 78 33 61 5c 78 32 66 5c 78 32 66 27 3b 72 65 74 75 72 6e 27 5c 78 37 33 5c 78 37 34 5c 78 37 32 5c 78 36 39 5c 78 36 65 5c 78 36 37 27 21 3d 74 79 70 65 6f 66 20 65 7c 7c 30 21 3d 3d 65 5b 5b 27 5c 78 36 39 5c 78 36 65 5c 78 36 34 5c 78 36 35 5c 78 37 38 5c 78 34 66 5c 78 36 36 27 5d 5d 28 74 29 3f 27 27 3a 65 5b 5b 27 5c 78 37 32 5c 78 36 35 5c 78 37 30 5c 78 36 63 5c 78 36 31 5c 78 36 33 5c 78 36 35 27 5d 5d 28 74 2c 27 27 29 5b 5b 27 5c 78 37 33 5c 78 37 30 5c 78 36 63 5c 78 36 39 5c 78 37 34 27 5d 5d 28 27 5c 78 32 66 27 29 5b 30 5d 3b 7d 2c 73 68 6f 75 6c 64 43 68 65 63 6b 46 70 4f 72 69 67 69 6e 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 72 65 74 75 72 6e 20 64 5b 5b 27 5c 78 36 39 5c 78 36 65 5c 78 36 34 5c 78 36 35 5c 78 37 38 5c 78 34 66 5c 78 36 36 Data Ascii: x3a\x2f\x2f';return'\x73\x74\x72\x69\x6e\x67'!=typeof e\|\|0!==e[['\x69\x6e\x64\x65\x78\x4f\x66']](t)?'':e[['\x72\x65\x70\x6c\x61\x63\x65']](t,'')[['\x73\x70\x6c\x69\x74']]('\x2f')[0];},shouldCheckFpOrigin:function(e){return d[['\x69\x6e\x64\x65\x78\x4f\x66
2024-12-05 19:20:00 UTC	16384	IN	Data Raw: 5c 78 37 32 5c 78 34 63 5c 78 37 32 5c 78 37 37 5c 78 35 38 5c 78 34 63 5c 78 34 32 5c 78 37 37 5c 78 37 36 5c 78 35 35 5c 78 34 34 5c 78 36 31 27 2c 27 5c 78 37 61 5c 78 36 37 5c 78 33 39 5c 78 34 61 5c 78 34 34 5c 78 37 37 5c 78 33 31 5c 78 34 63 5c 78 34 32 5c 78 34 65 5c 78 37 31 27 2c 27 5c 78 37 39 5c 78 37 37 5c 78 37 32 5c 78 34 62 5c 78 37 32 5c 78 37 38 5c 78 37 61 5c 78 34 63 5c 78 34 32 5c 78 34 65 5c 78 37 32 5c 78 36 64 5c 78 34 31 5c 78 37 38 5c 78 36 65 5c 78 33 30 5c 78 37 61 5c 78 37 37 5c 78 33 35 5c 78 34 63 5c 78 34 33 5c 78 34 37 27 2c 27 5c 78 34 31 5c 78 36 37 5c 78 36 65 5c 78 35 36 5c 78 34 34 5c 78 34 64 5c 78 37 32 5c 78 35 39 5c 78 36 64 5c 78 34 37 27 2c 27 5c 78 34 33 5c 78 36 37 5c 78 35 38 5c 78 34 65 5c 78 37 61 5c 78 33 Data Ascii: \x72\x4c\x72\x77\x58\x4c\x42\x77\x76\x55\x44\x61','\x7a\x67\x39\x4a\x44\x77\x31\x4c\x42\x4e\x71','\x79\x77\x72\x4b\x72\x78\x7a\x4c\x42\x4e\x72\x6d\x41\x78\x6e\x30\x7a\x77\x35\x4c\x43\x47','\x41\x67\x6e\x56\x44\x4d\x72\x59\x6d\x47','\x43\x67\x58\x4e\x7a\x3
2024-12-05 19:20:00 UTC	6249	IN	Data Raw: 5c 78 34 34 5c 78 35 66 5c 78 35 36 5c 78 34 35 5c 78 34 65 5c 78 34 34 5c 78 34 66 5c 78 35 32 5c 78 35 66 5c 78 35 37 5c 78 34 35 5c 78 34 32 5c 78 34 37 5c 78 34 63 5c 78 32 63 5c 78 36 35 5c 78 32 65 5c 78 35 35 5c 78 34 65 5c 78 34 64 5c 78 34 31 5c 78 35 33 5c 78 34 62 5c 78 34 35 5c 78 34 34 5c 78 35 66 5c 78 35 32 5c 78 34 35 5c 78 34 65 5c 78 34 34 5c 78 34 35 5c 78 35 32 5c 78 34 35 5c 78 35 32 5c 78 35 66 5c 78 35 37 5c 78 34 35 5c 78 34 32 5c 78 34 37 5c 78 34 63 5c 78 32 39 5c 78 32 63 5c 78 37 34 5c 78 32 65 5c 78 37 36 5c 78 36 34 5c 78 33 64 5c 78 37 32 5c 78 32 65 5c 78 36 37 5c 78 36 35 5c 78 37 34 5c 78 35 30 5c 78 36 31 5c 78 37 32 5c 78 36 31 5c 78 36 64 5c 78 36 35 5c 78 37 34 5c 78 36 35 5c 78 37 32 5c 78 32 38 5c 78 36 31 5c 78 32 Data Ascii: \x44\x5f\x56\x45\x4e\x44\x4f\x52\x5f\x57\x45\x42\x47\x4c\x2c\x65\x2e\x55\x4e\x4d\x41\x53\x4b\x45\x44\x5f\x52\x45\x4e\x44\x45\x52\x45\x52\x5f\x57\x45\x42\x47\x4c\x29\x2c\x74\x2e\x76\x64\x3d\x72\x2e\x67\x65\x74\x50\x61\x72\x61\x6d\x65\x74\x65\x72\x28\x61\x2
2024-12-05 19:20:00 UTC	16384	IN	Data Raw: 34 5c 78 35 66 5c 78 36 32 27 5d 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 65 3d 74 2c 6e 3d 64 6f 63 75 6d 65 6e 74 5b 27 5c 78 36 33 5c 78 37 32 5c 78 36 35 5c 78 36 31 5c 78 37 34 5c 78 36 35 5c 78 34 35 5c 78 36 63 5c 78 36 35 5c 78 36 64 5c 78 36 35 5c 78 36 65 5c 78 37 34 27 5d 28 27 5c 78 36 39 5c 78 36 36 5c 78 37 32 5c 78 36 31 5c 78 36 64 5c 78 36 35 27 29 3b 6e 5b 27 5c 78 37 33 5c 78 37 32 5c 78 36 33 5c 78 36 34 5c 78 36 66 5c 78 36 33 27 5d 3d 65 28 35 30 38 29 2c 6e 5b 65 28 36 38 35 29 5d 5b 65 28 36 36 31 29 5d 3d 27 5c 78 36 65 5c 78 36 66 5c 78 36 65 5c 78 36 35 27 2c 64 6f 63 75 6d 65 6e 74 26 26 64 6f 63 75 6d 65 6e 74 5b 65 28 36 32 35 29 5d 26 26 28 64 6f 63 75 6d 65 6e 74 5b 65 28 36 32 35 29 5d 5b 27 5c 78 36 31 5c 78 37 30 Data Ascii: 4\x5f\x62']=function(){var e=t,n=document['\x63\x72\x65\x61\x74\x65\x45\x6c\x65\x6d\x65\x6e\x74']('\x69\x66\x72\x61\x6d\x65');n['\x73\x72\x63\x64\x6f\x63']=e(508),n[e(685)][e(661)]='\x6e\x6f\x6e\x65',document&&document[e(625)]&&(document[e(625)]['\x61\x70
2024-12-05 19:20:00 UTC	16384	IN	Data Raw: 5c 78 36 33 5c 78 36 64 5c 78 37 30 5c 78 33 33 27 5d 3d 6f 5b 6e 28 34 35 35 29 5d 28 6e 28 34 39 36 29 29 2c 65 5b 27 5c 78 36 31 5c 78 36 33 5c 78 36 64 5c 78 37 30 5c 78 33 33 5c 78 37 34 5c 78 37 33 27 5d 3d 69 5b 6e 28 36 33 37 29 5d 28 6e 28 34 39 36 29 29 2c 65 5b 27 5c 78 36 31 5c 78 36 33 5c 78 37 37 5c 78 36 64 27 5d 3d 6f 5b 27 5c 78 36 33 5c 78 36 31 5c 78 36 65 5c 78 35 30 5c 78 36 63 5c 78 36 31 5c 78 37 39 5c 78 35 34 5c 78 37 39 5c 78 37 30 5c 78 36 35 27 5d 28 6e 28 36 35 36 29 29 2c 65 5b 27 5c 78 36 31 5c 78 36 33 5c 78 37 37 5c 78 36 64 5c 78 37 34 5c 78 37 33 27 5d 3d 69 5b 6e 28 36 33 37 29 5d 28 6e 28 36 35 36 29 29 2c 65 5b 27 5c 78 36 66 5c 78 36 33 5c 78 37 30 5c 78 37 34 27 5d 3d 2d 31 3d 3d 3d 6f 5b 27 5c 78 36 33 5c 78 36 31 Data Ascii: \x63\x6d\x70\x33']=o[n(455)](n(496)),e['\x61\x63\x6d\x70\x33\x74\x73']=i[n(637)](n(496)),e['\x61\x63\x77\x6d']=o['\x63\x61\x6e\x50\x6c\x61\x79\x54\x79\x70\x65'](n(656)),e['\x61\x63\x77\x6d\x74\x73']=i[n(637)](n(656)),e['\x6f\x63\x70\x74']=-1===o['\x63\x61
2024-12-05 19:20:00 UTC	16384	IN	Data Raw: 30 3b 75 3c 68 5b 27 5c 78 36 63 5c 78 36 35 5c 78 36 65 5c 78 36 37 5c 78 37 34 5c 78 36 38 27 5d 3b 75 2b 2b 29 7b 73 3d 68 5b 75 5d 2c 64 3d 76 6f 69 64 20 30 2c 6e 5b 28 64 3d 6f 29 28 36 38 35 29 5d 5b 27 5c 78 36 36 5c 78 36 66 5c 78 36 65 5c 78 37 34 5c 78 34 36 5c 78 36 31 5c 78 36 64 5c 78 36 39 5c 78 36 63 5c 78 37 39 27 5d 3d 73 2b 27 5c 78 32 63 5c 78 32 30 27 2b 69 2c 6e 5b 64 28 34 39 35 29 5d 21 3d 61 26 26 28 6c 2b 3d 75 2b 27 5c 78 32 63 27 29 3b 7d 63 3d 6f 2c 64 6f 63 75 6d 65 6e 74 5b 27 5c 78 36 32 5c 78 36 66 5c 78 36 34 5c 78 37 39 27 5d 5b 63 28 36 36 35 29 5d 28 6e 29 2c 65 5b 27 5c 78 36 39 5c 78 36 36 5c 78 37 34 5c 78 37 33 27 5d 3d 6c 3b 7d 2c 74 68 69 73 5b 27 5c 78 36 34 5c 78 36 34 5c 78 35 66 5c 78 36 31 5c 78 36 65 27 5d Data Ascii: 0;u<h['\x6c\x65\x6e\x67\x74\x68'];u++){s=h[u],d=void 0,n[(d=o)(685)]['\x66\x6f\x6e\x74\x46\x61\x6d\x69\x6c\x79']=s+'\x2c\x20'+i,n[d(495)]!=a&&(l+=u+'\x2c');}c=o,document['\x62\x6f\x64\x79'][c(665)](n),e['\x69\x66\x74\x73']=l;},this['\x64\x64\x5f\x61\x6e']
2024-12-05 19:20:00 UTC	14808	IN	Data Raw: 64 27 29 2c 6f 3d 65 5b 5b 27 5c 78 36 33 5c 78 36 66 5c 78 36 66 5c 78 36 62 5c 78 36 39 5c 78 36 35 27 5d 5d 5b 5b 27 5c 78 36 39 5c 78 36 65 5c 78 36 34 5c 78 36 35 5c 78 37 38 5c 78 34 66 5c 78 36 36 27 5d 5d 28 27 5c 78 35 30 5c 78 36 31 5c 78 37 34 5c 78 36 38 5c 78 33 64 27 29 2c 69 3d 65 5b 5b 27 5c 78 36 33 5c 78 36 66 5c 78 36 66 5c 78 36 62 5c 78 36 39 5c 78 36 35 27 5d 5d 5b 5b 27 5c 78 37 33 5c 78 36 63 5c 78 36 39 5c 78 36 33 5c 78 36 35 27 5d 5d 28 6e 2b 27 5c 78 34 34 5c 78 36 66 5c 78 36 64 5c 78 36 31 5c 78 36 39 5c 78 36 65 5c 78 33 64 27 5b 5b 27 5c 78 36 63 5c 78 36 35 5c 78 36 65 5c 78 36 37 5c 78 37 34 5c 78 36 38 27 5d 5d 2c 6f 2d 27 5c 78 33 62 5c 78 32 30 27 5b 5b 27 5c 78 36 63 5c 78 36 35 5c 78 36 65 5c 78 36 37 5c 78 37 34 5c Data Ascii: d'),o=e[['\x63\x6f\x6f\x6b\x69\x65']][['\x69\x6e\x64\x65\x78\x4f\x66']]('\x50\x61\x74\x68\x3d'),i=e[['\x63\x6f\x6f\x6b\x69\x65']][['\x73\x6c\x69\x63\x65']](n+'\x44\x6f\x6d\x61\x69\x6e\x3d'[['\x6c\x65\x6e\x67\x74\x68']],o-'\x3b\x20'[['\x6c\x65\x6e\x67\x74\
2024-12-05 19:20:00 UTC	1576	IN	Data Raw: 78 36 66 5c 78 37 33 5c 78 37 34 5c 78 34 64 5c 78 36 35 5c 78 37 33 5c 78 37 33 5c 78 36 31 5c 78 36 37 5c 78 36 35 27 5d 5d 28 74 5b 5b 27 5c 78 36 35 5c 78 37 36 5c 78 36 35 5c 78 36 65 5c 78 37 34 5c 78 34 65 5c 78 36 31 5c 78 36 64 5c 78 36 35 5c 78 37 33 27 5d 5d 5b 5b 27 5c 78 36 33 5c 78 36 31 5c 78 37 30 5c 78 37 34 5c 78 36 33 5c 78 36 38 5c 78 36 31 5c 78 35 30 5c 78 36 31 5c 78 37 33 5c 78 37 33 5c 78 36 35 5c 78 36 34 27 5d 5d 2c 77 69 6e 64 6f 77 5b 5b 27 5c 78 36 66 5c 78 37 32 5c 78 36 39 5c 78 36 37 5c 78 36 39 5c 78 36 65 27 5d 5d 29 2c 73 26 26 74 5b 5b 27 5c 78 36 34 5c 78 36 39 5c 78 37 33 5c 78 37 30 5c 78 36 31 5c 78 37 34 5c 78 36 33 5c 78 36 38 5c 78 34 35 5c 78 37 36 5c 78 36 35 5c 78 36 65 5c 78 37 34 27 5d 5d 28 74 5b 5b 27 5c Data Ascii: x6f\x73\x74\x4d\x65\x73\x73\x61\x67\x65']](t[['\x65\x76\x65\x6e\x74\x4e\x61\x6d\x65\x73']][['\x63\x61\x70\x74\x63\x68\x61\x50\x61\x73\x73\x65\x64']],window[['\x6f\x72\x69\x67\x69\x6e']]),s&&t[['\x64\x69\x73\x70\x61\x74\x63\x68\x45\x76\x65\x6e\x74']](t[['\

Timestamp	Bytes transferred	Direction	Data
2024-12-05 19:19:58 UTC	548	OUT	GET /webcaptcha/ngrlCaptcha.min.js HTTP/1.1 Host: www.paypalobjects.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://www.paypal.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-12-05 19:19:59 UTC	684	IN	HTTP/1.1 200 OK Cache-Control: s-maxage=31536000, public,max-age=3600 Content-Type: application/javascript Date: Thu, 05 Dec 2024 19:19:59 GMT DC: ccg11-origin-www-1.paypal.com Etag: W/"6697f682-5a55" Expires: Thu, 05 Dec 2024 20:19:59 GMT Last-Modified: Wed, 17 Jul 2024 16:51:14 GMT Paypal-Debug-Id: 12e4091c01e73 Server: ECAcc (lhd/3597) Strict-Transport-Security: max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: https://www.paypal.com,https://www.sandbox.paypal.com Traceparent: 00-000000000000000000012e4091c01e73-51d8654737e0dd92-01 Vary: Accept-Encoding X-Cache: HIT X-Content-Type-Options: nosniff Content-Length: 23125 Connection: close
2024-12-05 19:19:59 UTC	16383	IN	Data Raw: 21 66 75 6e 63 74 69 6f 6e 28 65 29 7b 76 61 72 20 74 3d 7b 7d 3b 66 75 6e 63 74 69 6f 6e 20 6e 28 72 29 7b 69 66 28 74 5b 72 5d 29 72 65 74 75 72 6e 20 74 5b 72 5d 2e 65 78 70 6f 72 74 73 3b 76 61 72 20 61 3d 74 5b 72 5d 3d 7b 69 3a 72 2c 6c 3a 21 31 2c 65 78 70 6f 72 74 73 3a 7b 7d 7d 3b 72 65 74 75 72 6e 20 65 5b 72 5d 2e 63 61 6c 6c 28 61 2e 65 78 70 6f 72 74 73 2c 61 2c 61 2e 65 78 70 6f 72 74 73 2c 6e 29 2c 61 2e 6c 3d 21 30 2c 61 2e 65 78 70 6f 72 74 73 7d 6e 2e 6d 3d 65 2c 6e 2e 63 3d 74 2c 6e 2e 64 3d 66 75 6e 63 74 69 6f 6e 28 65 2c 74 2c 72 29 7b 6e 2e 6f 28 65 2c 74 29 7c 7c 4f 62 6a 65 63 74 2e 64 65 66 69 6e 65 50 72 6f 70 65 72 74 79 28 65 2c 74 2c 7b 65 6e 75 6d 65 72 61 62 6c 65 3a 21 30 2c 67 65 74 3a 72 7d 29 7d 2c 6e 2e 72 3d 66 75 6e Data Ascii: !function(e){var t={};function n(r){if(t[r])return t[r].exports;var a=t[r]={i:r,l:!1,exports:{}};return e[r].call(a.exports,a,a.exports,n),a.l=!0,a.exports}n.m=e,n.c=t,n.d=function(e,t,r){n.o(e,t)\|\|Object.defineProperty(e,t,{enumerable:!0,get:r})},n.r=fun
2024-12-05 19:19:59 UTC	6742	IN	Data Raw: 6c 65 64 3d 21 30 29 7d 22 75 6e 64 65 66 69 6e 65 64 22 21 3d 74 79 70 65 6f 66 20 61 75 74 6f 73 75 62 6d 69 74 26 26 21 30 3d 3d 3d 61 75 74 6f 73 75 62 6d 69 74 3f 28 61 2e 74 72 69 67 67 65 72 43 75 73 74 6f 6d 54 72 61 63 6b 69 6e 67 28 7b 61 64 73 43 61 70 74 63 68 61 3a 22 73 69 6c 65 6e 74 22 7d 29 2c 6e 28 29 29 3a 28 68 3f 65 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 22 63 6c 69 63 6b 22 2c 66 75 6e 63 74 69 6f 6e 28 65 29 7b 65 2e 70 72 65 76 65 6e 74 44 65 66 61 75 6c 74 28 29 2c 61 2e 74 72 69 67 67 65 72 43 75 73 74 6f 6d 54 72 61 63 6b 69 6e 67 28 7b 61 64 73 43 61 70 74 63 68 61 3a 22 72 65 63 61 70 74 63 68 61 22 7d 29 2c 6e 28 29 2c 74 2e 6f 6e 28 22 63 68 61 6c 6c 65 6e 67 65 53 6f 6c 76 65 64 22 2c 66 75 6e 63 74 69 6f 6e Data Ascii: led=!0)}"undefined"!=typeof autosubmit&&!0===autosubmit?(a.triggerCustomTracking({adsCaptcha:"silent"}),n()):(h?e.addEventListener("click",function(e){e.preventDefault(),a.triggerCustomTracking({adsCaptcha:"recaptcha"}),n(),t.on("challengeSolved",function

Timestamp	Bytes transferred	Direction	Data
2024-12-05 19:20:00 UTC	2919	OUT	GET /ts?v=1.9.5&t=1733426395344&g=300&e=ac&tsrce=unp&ppid=RT000186&space_key=SKCPAD&utm_source=unp&utm_medium=email&utm_campaign=RT000186&utm_unptid=09b8bd50-b31d-11ef-9fd6-7b2e619a4883&cnac=US&rsta=en_US(en-US)&unptid=09b8bd50-b31d-11ef-9fd6-7b2e619a4883&calc=f8278373e34b4&unp_tpcid=requestmoney-notifications-requestee&page=main%3Aemail%3ART000186&pgrp=main%3Aemail&s=ci&mail=sys&appVersion=1.294.0&xt=145585%2C150948%2C104038&link_ref=www.paypal.com_signin&event_name=external_deep_link_processed HTTP/1.1 Host: t.paypal.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://www.paypal.com/signin/?returnUri=%2Fmyaccount%2Ftransfer%2FpayRequest%2FU-09584045BD498740V%2FU-5R763959NX153980F%3FclassicUrl%3D%2FUS%2Fcgi-bin%2F%3Fcmd%3D_prq&id=OoO85MXTLVUkAlgY4sey9A8h.NxxqjO.iYbAWg&expId=p2p&onboardData=%7B%22signUpRequest%22%3A%7B%22method%22%3A%22get%22%2C%22url%22%3A%22https%3A%2F%2Fwww.paypal.com%2Fmyaccount%2Ftransfer%2FguestLogin%2FpayRequest%2FU-09584045BD498740V%2FU-5R763959NX153980F%3FclassicUrl%3D%2FUS%2Fcgi-bin%2F%3Fcmd%3D_prq%26id%3DOoO85MXTLVUkAlgY4sey9A8h.NxxqjO.iYbAWg%22%7D%7D&flowContextData=F7WdIOgJmH6-07KTJ7GpdWXhkdDQxLohB4l-G7vuWGaUsw9VWkH3unndZA7YlCRgtETWTIDn9hNnR_R_XfGvdxeCRkDmtXLc6qqtXR9sC3Gp-59lNBELQtpM5xEv0i4rCTpJiBcP2uf4VFrJLL1b5u1XG7JtP5TfW7CNqxSVOxEb9_duKrmtDgpztBtl32bVeoc8BgW5poXyk9lJHcKrYdvBHSdT0mosqrrmaGj2a5uNQdBK70Mwpn9Zddmj0KI1GIZrXWvFcpnuRbvbli2inkizkeV4nR1uyKnBSzFqdPDcK4t7K9B6YiFhb5sS8DaQd7F6oWzSe-J8gPxVURmdwwOxFn1ycN09t9caUdBz1XMuv96GDJywuv2feJdoAI73PNjro1a2cFEKAWnCgtoHqxdBD3A1mVV3OiytkjtEUDdvp0GL3CNOAV9zIrunX_DmbTO6KOe21dniBkeG&v=1&utm [TRUNCATED] Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: enforce_policy=ccpa; cookie_check=yes; d_id=c0c49a91e6384eadbaa4a565394e21da1733426393114; LANG=en_US%3BUS; tsrce=unifiedloginnodeweb; x-pp-s=eyJ0IjoiMTczMzQyNjM5MzE1OSIsImwiOiIwIiwibSI6IjAifQ; l7_az=dcg15.slc; ts=vreXpYrS%3D1764962393%26vteXpYrS%3D1733428193%26vr%3D9843afe81930ad103d1b5fc8f7399779%26vt%3D9843afe81930ad103d1b5fc8f7399778%26vtyp%3Dnew; ts_c=vr%3D9843afe81930ad103d1b5fc8f7399779%26vt%3D9843afe81930ad103d1b5fc8f7399778
2024-12-05 19:20:00 UTC	1360	IN	HTTP/1.1 200 OK Connection: close Access-Control-Expose-Headers: Server-Timing CORRELATION-ID: 5c4738879ab7f Cache-Control: max-age=0, no-cache, no-store, must-revalidate Content-Type: image/gif Expires: Thu, 05 Dec 2024 19:20:00 GMT P3p: CP="CAO IND OUR SAM UNI STA COR COM" Paypal-Debug-Id: 5c4738879ab7f Pragma: no-cache Set-Cookie: ts=vreXpYrS%3D1764962400%26vteXpYrS%3D1733428200%26vr%3D9843afe81930ad103d1b5fc8f7399779%26vt%3D9843afe81930ad103d1b5fc8f7399778%26vtyp%3Dnew;Expires=Fri, 05 Dec 2025 19:20:00 GMT;domain=.paypal.com;path=/;secure;HttpOnly;SameSite=None; Set-Cookie: ts_c=vr%3D9843afe81930ad103d1b5fc8f7399779%26vt%3D9843afe81930ad103d1b5fc8f7399778;Expires=Fri, 05 Dec 2025 19:20:00 GMT;domain=.paypal.com;path=/;secure;SameSite=None; Traceparent: 00-00000000000000000005c4738879ab7f-f23971465d606b30-01 Accept-Ranges: bytes Via: 1.1 varnish, 1.1 varnish Date: Thu, 05 Dec 2024 19:20:00 GMT Strict-Transport-Security: max-age=63072000; includeSubDomains; preload X-Served-By: cache-iad-kcgs7200099-IAD, cache-ewr-kewr1740039-EWR X-Cache: MISS, MISS X-Cache-Hits: 0, 0 X-Timer: S1733426401.646699,VS0,VE94 vary: Accept-Encoding Server-Timing: "traceparent;desc="00-00000000000000000005c4738879ab7f-435e33195972f7ae-01"";content-encoding;desc="",x-cdn;desc="fastly" Timing-Allow-Origin: * transfer-encoding: chunked
2024-12-05 19:20:00 UTC	4	IN	Data Raw: 32 61 0d 0a Data Ascii: 2a
2024-12-05 19:20:00 UTC	42	IN	Data Raw: 47 49 46 38 39 61 01 00 01 00 80 ff 00 c0 c0 c0 00 00 00 21 f9 04 01 00 00 00 00 2c 00 00 00 00 01 00 01 00 00 01 01 32 00 3b Data Ascii: GIF89a!,2;
2024-12-05 19:20:00 UTC	7	IN	Data Raw: 0d 0a 30 0d 0a 0d 0a Data Ascii: 0

Timestamp	Bytes transferred	Direction	Data
2024-12-05 19:20:00 UTC	556	OUT	GET /webcaptcha/grcenterprise_v3_static.js HTTP/1.1 Host: www.paypalobjects.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://www.paypal.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-12-05 19:20:00 UTC	683	IN	HTTP/1.1 200 OK Cache-Control: s-maxage=31536000, public,max-age=3600 Content-Type: application/javascript Date: Thu, 05 Dec 2024 19:20:00 GMT DC: ccg11-origin-www-1.paypal.com Etag: W/"65f1e42c-180e" Expires: Thu, 05 Dec 2024 20:20:00 GMT Last-Modified: Wed, 13 Mar 2024 17:36:44 GMT Paypal-Debug-Id: b3ccb366af5af Server: ECAcc (lhd/35E9) Strict-Transport-Security: max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: https://www.paypal.com,https://www.sandbox.paypal.com Traceparent: 00-0000000000000000000b3ccb366af5af-57e51581fae364c4-01 Vary: Accept-Encoding X-Cache: HIT X-Content-Type-Options: nosniff Content-Length: 6158 Connection: close
2024-12-05 19:20:01 UTC	6158	IN	Data Raw: 22 75 73 65 20 73 74 72 69 63 74 22 3b 0a 0a 66 75 6e 63 74 69 6f 6e 20 69 6e 69 74 28 29 20 7b 0a 20 20 20 20 63 6f 6e 73 74 20 6b 65 79 20 3d 20 67 65 74 4c 69 73 74 65 6e 65 72 53 65 61 72 63 68 4b 65 79 28 27 64 61 74 61 2d 6b 65 79 27 29 3b 0a 20 20 20 20 63 6f 6e 73 74 20 73 65 73 73 69 6f 6e 49 64 20 3d 20 67 65 74 4c 69 73 74 65 6e 65 72 53 65 61 72 63 68 4b 65 79 28 27 64 61 74 61 2d 73 65 73 73 69 6f 6e 49 64 27 29 3b 0a 20 20 20 20 63 6f 6e 73 74 20 63 73 72 66 20 3d 20 67 65 74 4c 69 73 74 65 6e 65 72 53 65 61 72 63 68 4b 65 79 28 27 64 61 74 61 2d 63 73 72 66 27 29 3b 0a 20 20 20 20 63 6f 6e 73 74 20 61 63 74 69 6f 6e 20 3d 20 67 65 74 4c 69 73 74 65 6e 65 72 53 65 61 72 63 68 4b 65 79 28 27 64 61 74 61 2d 61 63 74 69 6f 6e 27 29 3b 0a 20 20 Data Ascii: "use strict";function init() { const key = getListenerSearchKey('data-key'); const sessionId = getListenerSearchKey('data-sessionId'); const csrf = getListenerSearchKey('data-csrf'); const action = getListenerSearchKey('data-action');

Timestamp	Bytes transferred	Direction	Data
2024-12-05 19:20:00 UTC	583	OUT	GET /martech/tm/paypal/mktgtagmanager.js HTTP/1.1 Host: www.paypalobjects.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Origin: https://www.paypal.com sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: script Referer: https://www.paypal.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-12-05 19:20:01 UTC	795	IN	HTTP/1.1 200 OK Access-Control-Allow-Headers: x-csrf-token Access-Control-Allow-Methods: GET Access-Control-Allow-Origin: * Cache-Control: s-maxage=31536000, public,max-age=3600 Content-Type: application/javascript Date: Thu, 05 Dec 2024 19:20:00 GMT DC: ccg11-origin-www-1.paypal.com Etag: W/"67042d91-3eb4" Expires: Thu, 05 Dec 2024 20:20:00 GMT Last-Modified: Mon, 07 Oct 2024 18:50:57 GMT Paypal-Debug-Id: 43977cf5beaba Server: ECAcc (lhd/35D1) Strict-Transport-Security: max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: https://www.paypal.com,https://www.sandbox.paypal.com Traceparent: 00-000000000000000000043977cf5beaba-bf7373f9bbb8911f-01 Vary: Accept-Encoding X-Cache: HIT X-Content-Type-Options: nosniff Content-Length: 16052 Connection: close
2024-12-05 19:20:01 UTC	16052	IN	Data Raw: 2f 2a 40 20 32 30 32 34 20 50 61 79 50 61 6c 20 28 76 31 2e 30 2e 31 29 20 2a 2f 0a 21 66 75 6e 63 74 69 6f 6e 28 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 66 75 6e 63 74 69 6f 6e 20 66 28 74 29 7b 69 66 28 21 74 7c 7c 74 2e 63 6f 6e 73 74 72 75 63 74 6f 72 21 3d 3d 4f 62 6a 65 63 74 26 26 74 2e 63 6f 6e 73 74 72 75 63 74 6f 72 21 3d 3d 41 72 72 61 79 29 72 65 74 75 72 6e 20 74 3b 76 61 72 20 65 2c 6e 3d 74 2e 63 6f 6e 73 74 72 75 63 74 6f 72 28 29 3b 66 6f 72 28 65 20 69 6e 20 74 29 6e 5b 65 5d 3d 66 28 74 5b 65 5d 29 3b 72 65 74 75 72 6e 20 6e 7d 66 75 6e 63 74 69 6f 6e 20 73 28 74 2c 65 29 7b 76 61 72 20 6e 3b 72 65 74 75 72 6e 20 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 74 26 26 28 6e 3d 74 2e 61 70 70 6c 79 28 65 7c 7c 74 68 69 73 2c Data Ascii: /@ 2024 PayPal (v1.0.1) /!function(){"use strict";function f(t){if(!t\|\|t.constructor!==Object&&t.constructor!==Array)return t;var e,n=t.constructor();for(e in t)n[e]=f(t[e]);return n}function s(t,e){var n;return function(){return t&&(n=t.apply(e\|\|this,

Timestamp	Bytes transferred	Direction	Data
2024-12-05 19:20:00 UTC	572	OUT	GET /pa/mi/paypal/latmconf.js HTTP/1.1 Host: www.paypalobjects.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Origin: https://www.paypal.com sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: script Referer: https://www.paypal.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-12-05 19:20:01 UTC	799	IN	HTTP/1.1 200 OK Access-Control-Allow-Headers: x-csrf-token Access-Control-Allow-Methods: GET Access-Control-Allow-Origin: * Cache-Control: s-maxage=31536000, public,max-age=3600 Content-Type: application/javascript Date: Thu, 05 Dec 2024 19:20:00 GMT DC: ccg11-origin-www-1.paypal.com Etag: "6735ac2d-3ac5+ident" Expires: Thu, 05 Dec 2024 20:20:00 GMT Last-Modified: Thu, 14 Nov 2024 07:52:13 GMT Paypal-Debug-Id: 8ca3f04ae1eca Server: ECAcc (lhd/35E2) Strict-Transport-Security: max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: https://www.paypal.com,https://www.sandbox.paypal.com Traceparent: 00-00000000000000000008ca3f04ae1eca-7b6be631e999b634-01 Vary: Accept-Encoding X-Cache: HIT X-Content-Type-Options: nosniff Content-Length: 15045 Connection: close
2024-12-05 19:20:01 UTC	15045	IN	Data Raw: 2f 2a 21 20 32 30 32 34 20 64 6c 2d 70 70 2d 6c 61 74 6d 40 70 61 79 70 61 6c 2e 63 6f 6d 20 76 65 72 28 35 2e 31 2e 31 29 20 2a 2f 0a 21 66 75 6e 63 74 69 6f 6e 28 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 21 66 75 6e 63 74 69 6f 6e 28 29 7b 66 75 6e 63 74 69 6f 6e 20 65 28 65 2c 6e 29 7b 28 6e 75 6c 6c 3d 3d 6e 7c 7c 6e 3e 65 2e 6c 65 6e 67 74 68 29 26 26 28 6e 3d 65 2e 6c 65 6e 67 74 68 29 3b 66 6f 72 28 76 61 72 20 6f 3d 30 2c 61 3d 41 72 72 61 79 28 6e 29 3b 6f 3c 6e 3b 6f 2b 2b 29 61 5b 6f 5d 3d 65 5b 6f 5d 3b 72 65 74 75 72 6e 20 61 7d 66 75 6e 63 74 69 6f 6e 20 6e 28 6e 2c 6f 29 7b 72 65 74 75 72 6e 20 66 75 6e 63 74 69 6f 6e 28 65 29 7b 69 66 28 41 72 72 61 79 2e 69 73 41 72 72 61 79 28 65 29 29 72 65 74 75 72 6e 20 65 7d 28 6e 29 7c 7c 66 75 Data Ascii: /! 2024 dl-pp-latm@paypal.com ver(5.1.1) /!function(){"use strict";!function(){function e(e,n){(null==n\|\|n>e.length)&&(n=e.length);for(var o=0,a=Array(n);o<n;o++)a[o]=e[o];return a}function n(n,o){return function(e){if(Array.isArray(e))return e}(n)\|\|fu

Timestamp	Bytes transferred	Direction	Data
2024-12-05 19:20:01 UTC	573	OUT	GET /web/res/087/9f731d8bcedd5b7e7a3975c024278/js/router.js HTTP/1.1 Host: www.paypalobjects.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://www.paypal.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-12-05 19:20:02 UTC	790	IN	HTTP/1.1 200 OK Access-Control-Allow-Headers: x-csrf-token Access-Control-Allow-Methods: GET Access-Control-Allow-Origin: * Cache-Control: max-age=31536000, s-maxage=31536000 Content-Type: application/javascript Date: Thu, 05 Dec 2024 19:20:01 GMT DC: ccg11-origin-www-1.paypal.com Etag: W/"6737ef17-4cc" Expires: Fri, 05 Dec 2025 19:20:01 GMT Last-Modified: Sat, 16 Nov 2024 01:02:15 GMT Paypal-Debug-Id: 60ef7b5f28cf2 Server: ECAcc (lhd/35FB) Strict-Transport-Security: max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: https://www.paypal.com,https://www.sandbox.paypal.com Traceparent: 00-000000000000000000060ef7b5f28cf2-18d543d6ddf101d6-01 Vary: Accept-Encoding X-Cache: HIT X-Content-Type-Options: nosniff Content-Length: 1228 Connection: close
2024-12-05 19:20:02 UTC	1228	IN	Data Raw: 64 65 66 69 6e 65 28 5b 22 6e 65 77 67 61 74 22 2c 22 6a 71 75 65 72 79 22 2c 22 62 61 63 6b 62 6f 6e 65 22 5d 2c 66 75 6e 63 74 69 6f 6e 28 65 2c 74 2c 6e 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 76 61 72 20 72 3d 5b 22 69 6e 6a 65 63 74 49 66 72 61 6d 65 54 65 73 74 22 5d 2c 69 2c 73 2c 6f 2c 75 3b 72 65 74 75 72 6e 20 69 3d 6e 2e 52 6f 75 74 65 72 2e 65 78 74 65 6e 64 28 7b 72 6f 75 74 65 73 3a 7b 22 22 3a 22 73 68 6f 77 4c 61 6e 64 69 6e 67 22 2c 22 3f 2a 71 75 65 72 79 53 74 72 69 6e 67 22 3a 22 73 68 6f 77 4c 61 6e 64 69 6e 67 22 2c 22 69 6e 6a 65 63 74 2f 2a 71 75 65 72 79 53 74 72 69 6e 67 22 3a 22 73 68 6f 77 4c 61 6e 64 69 6e 67 22 2c 61 75 74 68 6f 72 69 7a 65 3a 22 73 68 6f 77 4c 61 6e 64 69 6e 67 22 2c 22 61 75 74 68 6f 72 69 7a 65 3f 2a Data Ascii: define(["newgat","jquery","backbone"],function(e,t,n){"use strict";var r=["injectIframeTest"],i,s,o,u;return i=n.Router.extend({routes:{"":"showLanding","?queryString":"showLanding","inject/queryString":"showLanding",authorize:"showLanding","authorize?*

Timestamp	Bytes transferred	Direction	Data
2024-12-05 19:20:02 UTC	1277	OUT	GET /ts?v=1.9.5&t=1733426395344&g=300&e=ac&tsrce=unp&ppid=RT000186&space_key=SKCPAD&utm_source=unp&utm_medium=email&utm_campaign=RT000186&utm_unptid=09b8bd50-b31d-11ef-9fd6-7b2e619a4883&cnac=US&rsta=en_US(en-US)&unptid=09b8bd50-b31d-11ef-9fd6-7b2e619a4883&calc=f8278373e34b4&unp_tpcid=requestmoney-notifications-requestee&page=main%3Aemail%3ART000186&pgrp=main%3Aemail&s=ci&mail=sys&appVersion=1.294.0&xt=145585%2C150948%2C104038&link_ref=www.paypal.com_signin&event_name=external_deep_link_processed HTTP/1.1 Host: t.paypal.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: enforce_policy=ccpa; cookie_check=yes; d_id=c0c49a91e6384eadbaa4a565394e21da1733426393114; LANG=en_US%3BUS; tsrce=unifiedloginnodeweb; x-pp-s=eyJ0IjoiMTczMzQyNjM5MzE1OSIsImwiOiIwIiwibSI6IjAifQ; l7_az=dcg15.slc; ts_c=vr%3D9843afe81930ad103d1b5fc8f7399779%26vt%3D9843afe81930ad103d1b5fc8f7399778; ts=vreXpYrS%3D1764962400%26vteXpYrS%3D1733428200%26vr%3D9843afe81930ad103d1b5fc8f7399779%26vt%3D9843afe81930ad103d1b5fc8f7399778%26vtyp%3Dnew
2024-12-05 19:20:03 UTC	1360	IN	HTTP/1.1 200 OK Connection: close Access-Control-Expose-Headers: Server-Timing CORRELATION-ID: 072dc2869de7a Cache-Control: max-age=0, no-cache, no-store, must-revalidate Content-Type: image/gif Expires: Thu, 05 Dec 2024 19:20:02 GMT P3p: CP="CAO IND OUR SAM UNI STA COR COM" Paypal-Debug-Id: 072dc2869de7a Pragma: no-cache Set-Cookie: ts=vreXpYrS%3D1764962402%26vteXpYrS%3D1733428202%26vr%3D9843afe81930ad103d1b5fc8f7399779%26vt%3D9843afe81930ad103d1b5fc8f7399778%26vtyp%3Dnew;Expires=Fri, 05 Dec 2025 19:20:02 GMT;domain=.paypal.com;path=/;secure;HttpOnly;SameSite=None; Set-Cookie: ts_c=vr%3D9843afe81930ad103d1b5fc8f7399779%26vt%3D9843afe81930ad103d1b5fc8f7399778;Expires=Fri, 05 Dec 2025 19:20:02 GMT;domain=.paypal.com;path=/;secure;SameSite=None; Traceparent: 00-0000000000000000000072dc2869de7a-27588f18006a1df2-01 Accept-Ranges: bytes Via: 1.1 varnish, 1.1 varnish Date: Thu, 05 Dec 2024 19:20:02 GMT Strict-Transport-Security: max-age=63072000; includeSubDomains; preload X-Served-By: cache-iad-kcgs7200099-IAD, cache-nyc-kteb1890070-NYC X-Cache: MISS, MISS X-Cache-Hits: 0, 0 X-Timer: S1733426403.876466,VS0,VE83 vary: Accept-Encoding Server-Timing: "traceparent;desc="00-0000000000000000000072dc2869de7a-41b9f3e066db89bc-01"";content-encoding;desc="",x-cdn;desc="fastly" Timing-Allow-Origin: * transfer-encoding: chunked
2024-12-05 19:20:03 UTC	4	IN	Data Raw: 32 61 0d 0a Data Ascii: 2a
2024-12-05 19:20:03 UTC	42	IN	Data Raw: 47 49 46 38 39 61 01 00 01 00 80 ff 00 c0 c0 c0 00 00 00 21 f9 04 01 00 00 00 00 2c 00 00 00 00 01 00 01 00 00 01 01 32 00 3b Data Ascii: GIF89a!,2;
2024-12-05 19:20:03 UTC	7	IN	Data Raw: 0d 0a 30 0d 0a 0d 0a Data Ascii: 0

Timestamp	Bytes transferred	Direction	Data
2024-12-05 19:20:03 UTC	584	OUT	GET /web/res/087/9f731d8bcedd5b7e7a3975c024278/js/widgets/analytics.js HTTP/1.1 Host: www.paypalobjects.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://www.paypal.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-12-05 19:20:04 UTC	796	IN	HTTP/1.1 200 OK Access-Control-Allow-Headers: x-csrf-token Access-Control-Allow-Methods: GET Access-Control-Allow-Origin: * Cache-Control: max-age=31536000, s-maxage=31536000 Content-Type: application/javascript Date: Thu, 05 Dec 2024 19:20:03 GMT DC: ccg11-origin-www-1.paypal.com Etag: "6737ef1a-3d5+br+ident" Expires: Fri, 05 Dec 2025 19:20:03 GMT Last-Modified: Sat, 16 Nov 2024 01:02:18 GMT Paypal-Debug-Id: a1053b5757c62 Server: ECAcc (lhd/3585) Strict-Transport-Security: max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: https://www.paypal.com,https://www.sandbox.paypal.com Traceparent: 00-0000000000000000000a1053b5757c62-38fa3fd4665235ef-01 Vary: Accept-Encoding X-Cache: HIT X-Content-Type-Options: nosniff Content-Length: 981 Connection: close
2024-12-05 19:20:04 UTC	981	IN	Data Raw: 64 65 66 69 6e 65 28 5b 22 6a 71 75 65 72 79 22 2c 22 42 61 73 65 56 69 65 77 22 2c 22 6e 65 77 67 61 74 22 5d 2c 66 75 6e 63 74 69 6f 6e 28 65 2c 74 2c 6e 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 76 61 72 20 72 3d 74 2e 65 78 74 65 6e 64 28 7b 65 6c 3a 22 62 6f 64 79 22 2c 65 76 65 6e 74 73 3a 7b 22 63 6c 69 63 6b 20 61 5b 64 61 74 61 2d 70 61 67 65 6e 61 6d 65 5d 2c 20 69 6e 70 75 74 5b 64 61 74 61 2d 70 61 67 65 6e 61 6d 65 5d 2c 20 6c 61 62 65 6c 5b 64 61 74 61 2d 70 61 67 65 6e 61 6d 65 5d 22 3a 22 74 72 61 63 6b 4c 69 6e 6b 22 7d 2c 74 72 61 63 6b 4c 69 6e 6b 3a 66 75 6e 63 74 69 6f 6e 28 74 29 7b 76 61 72 20 6e 3d 65 28 74 2e 63 75 72 72 65 6e 74 54 61 72 67 65 74 29 2c 72 3d 6e 2e 61 74 74 72 28 22 64 61 74 61 2d 70 61 67 65 6e 61 6d 65 22 29 Data Ascii: define(["jquery","BaseView","newgat"],function(e,t,n){"use strict";var r=t.extend({el:"body",events:{"click a[data-pagename], input[data-pagename], label[data-pagename]":"trackLink"},trackLink:function(t){var n=e(t.currentTarget),r=n.attr("data-pagename")

Timestamp	Bytes transferred	Direction	Data
2024-12-05 19:20:03 UTC	505	OUT	OPTIONS /js/ HTTP/1.1 Host: ddbm2.paypal.com Connection: keep-alive Accept: / Access-Control-Request-Method: POST Access-Control-Request-Headers: x-requested-with Origin: https://www.paypal.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Sec-Fetch-Mode: cors Sec-Fetch-Site: same-site Sec-Fetch-Dest: empty Referer: https://www.paypal.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-12-05 19:20:04 UTC	602	IN	HTTP/1.1 200 OK Content-Length: 0 Connection: close Date: Thu, 05 Dec 2024 19:20:04 GMT X-Cache: Miss from cloudfront Via: 1.1 f6cdebe4ad9c464f69da269c3379dd86.cloudfront.net (CloudFront) X-Amz-Cf-Pop: BAH52-C1 X-Amz-Cf-Id: RfSbyaCMq114n-E5hCJHADdvaJpfHe9v4llq1x99ietW5j1QJfiQTA== X-Content-Type-Options: nosniff Strict-Transport-Security: max-age=63072000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: POST Vary: Access-Control-Request-Method Vary: Access-Control-Request-Headers Access-Control-Max-Age: 600 Access-Control-Allow-Headers: *

Timestamp	Bytes transferred	Direction	Data
2024-12-05 19:20:04 UTC	439	OUT	GET /web/res/087/9f731d8bcedd5b7e7a3975c024278/js/browser_modules/dustjs-linkedin/dist/dust-full.js HTTP/1.1 Host: www.paypalobjects.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-12-05 19:20:05 UTC	792	IN	HTTP/1.1 200 OK Access-Control-Allow-Headers: x-csrf-token Access-Control-Allow-Methods: GET Access-Control-Allow-Origin: * Cache-Control: max-age=31536000, s-maxage=31536000 Content-Type: application/javascript Date: Thu, 05 Dec 2024 19:20:05 GMT DC: ccg11-origin-www-1.paypal.com Etag: W/"6737ef18-9b8c" Expires: Fri, 05 Dec 2025 19:20:05 GMT Last-Modified: Sat, 16 Nov 2024 01:02:16 GMT Paypal-Debug-Id: 02b62f46403a9 Server: ECAcc (lhd/35F9) Strict-Transport-Security: max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: https://www.paypal.com,https://www.sandbox.paypal.com Traceparent: 00-000000000000000000002b62f46403a9-f37761ce0b0bcd6f-01 Vary: Accept-Encoding X-Cache: HIT X-Content-Type-Options: nosniff Content-Length: 39820 Connection: close
2024-12-05 19:20:05 UTC	16383	IN	Data Raw: 2f 2a 21 20 64 75 73 74 6a 73 2d 6c 69 6e 6b 65 64 69 6e 20 2d 20 76 33 2e 30 2e 30 0a 2a 20 68 74 74 70 3a 2f 2f 64 75 73 74 6a 73 2e 63 6f 6d 2f 0a 2a 20 43 6f 70 79 72 69 67 68 74 20 28 63 29 20 32 30 32 31 20 41 6c 65 6b 73 61 6e 64 65 72 20 57 69 6c 6c 69 61 6d 73 3b 20 52 65 6c 65 61 73 65 64 20 75 6e 64 65 72 20 74 68 65 20 4d 49 54 20 4c 69 63 65 6e 73 65 20 2a 2f 0a 0a 28 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 74 79 70 65 6f 66 20 64 65 66 69 6e 65 3d 3d 22 66 75 6e 63 74 69 6f 6e 22 26 26 64 65 66 69 6e 65 2e 61 6d 64 26 26 64 65 66 69 6e 65 2e 61 6d 64 2e 64 75 73 74 3d 3d 3d 21 30 3f 64 65 66 69 6e 65 28 22 64 75 73 74 2e 63 6f 72 65 22 2c 5b 5d 2c 74 29 3a 74 79 70 65 6f 66 20 65 78 70 6f 72 74 73 3d 3d 22 6f 62 6a 65 63 74 22 3f 6d 6f 64 Data Ascii: /! dustjs-linkedin - v3.0.0 http://dustjs.com/* Copyright (c) 2021 Aleksander Williams; Released under the MIT License */(function(e,t){typeof define=="function"&&define.amd&&define.amd.dust===!0?define("dust.core",[],t):typeof exports=="object"?mod
2024-12-05 19:20:05 UTC	16383	IN	Data Raw: 3a 28 4c 6e 3d 74 2c 74 3d 69 29 29 3a 28 4c 6e 3d 74 2c 74 3d 69 29 7d 65 6c 73 65 20 4c 6e 3d 74 2c 74 3d 69 3b 69 66 28 74 3d 3d 3d 69 29 7b 74 3d 4c 6e 2c 6e 3d 24 6e 28 29 3b 69 66 28 6e 21 3d 3d 69 29 7b 72 3d 5b 5d 2c 73 3d 4e 72 28 29 3b 77 68 69 6c 65 28 73 21 3d 3d 69 29 72 2e 70 75 73 68 28 73 29 2c 73 3d 4e 72 28 29 3b 72 21 3d 3d 69 3f 28 65 2e 63 68 61 72 43 6f 64 65 41 74 28 4c 6e 29 3d 3d 3d 34 37 3f 28 73 3d 63 2c 4c 6e 2b 2b 29 3a 28 73 3d 69 2c 44 6e 3d 3d 3d 30 26 26 52 6e 28 68 29 29 2c 73 21 3d 3d 69 3f 28 6f 3d 45 72 28 29 2c 6f 21 3d 3d 69 3f 28 41 6e 3d 74 2c 6e 3d 70 28 6e 29 2c 74 3d 6e 29 3a 28 4c 6e 3d 74 2c 74 3d 69 29 29 3a 28 4c 6e 3d 74 2c 74 3d 69 29 29 3a 28 4c 6e 3d 74 2c 74 3d 69 29 7d 65 6c 73 65 20 4c 6e 3d 74 2c 74 Data Ascii: :(Ln=t,t=i)):(Ln=t,t=i)}else Ln=t,t=i;if(t===i){t=Ln,n=$n();if(n!==i){r=[],s=Nr();while(s!==i)r.push(s),s=Nr();r!==i?(e.charCodeAt(Ln)===47?(s=c,Ln++):(s=i,Dn===0&&Rn(h)),s!==i?(o=Er(),o!==i?(An=t,n=p(n),t=n):(Ln=t,t=i)):(Ln=t,t=i)):(Ln=t,t=i)}else Ln=t,t
2024-12-05 19:20:05 UTC	7054	IN	Data Raw: 6c 22 2c 76 61 6c 75 65 3a 22 7b 21 22 2c 64 65 73 63 72 69 70 74 69 6f 6e 3a 27 22 7b 21 22 27 7d 2c 6e 6e 3d 22 21 7d 22 2c 72 6e 3d 7b 74 79 70 65 3a 22 6c 69 74 65 72 61 6c 22 2c 76 61 6c 75 65 3a 22 21 7d 22 2c 64 65 73 63 72 69 70 74 69 6f 6e 3a 27 22 21 7d 22 27 7d 2c 73 6e 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 72 65 74 75 72 6e 20 6b 72 28 5b 22 63 6f 6d 6d 65 6e 74 22 2c 65 2e 6a 6f 69 6e 28 22 22 29 5d 29 7d 2c 6f 6e 3d 2f 5e 5b 23 3f 5c 5e 3e 3c 2b 25 3a 40 5c 2f 7e 25 5d 2f 2c 75 6e 3d 7b 74 79 70 65 3a 22 63 6c 61 73 73 22 2c 76 61 6c 75 65 3a 22 5b 23 3f 5e 3e 3c 2b 25 3a 40 2f 7e 25 5d 22 2c 64 65 73 63 72 69 70 74 69 6f 6e 3a 22 5b 23 3f 5e 3e 3c 2b 25 3a 40 2f 7e 25 5d 22 7d 2c 61 6e 3d 22 7b 22 2c 66 6e 3d 7b 74 79 70 65 3a 22 6c 69 74 Data Ascii: l",value:"{!",description:'"{!"'},nn="!}",rn={type:"literal",value:"!}",description:'"!}"'},sn=function(e){return kr(["comment",e.join("")])},on=/^[#?\^><+%:@\/~%]/,un={type:"class",value:"[#?^><+%:@/~%]",description:"[#?^><+%:@/~%]"},an="{",fn={type:"lit

Timestamp	Bytes transferred	Direction	Data
2024-12-05 19:20:05 UTC	399	OUT	GET /web/res/087/9f731d8bcedd5b7e7a3975c024278/js/router.js HTTP/1.1 Host: www.paypalobjects.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-12-05 19:20:06 UTC	790	IN	HTTP/1.1 200 OK Access-Control-Allow-Headers: x-csrf-token Access-Control-Allow-Methods: GET Access-Control-Allow-Origin: * Cache-Control: max-age=31536000, s-maxage=31536000 Content-Type: application/javascript Date: Thu, 05 Dec 2024 19:20:05 GMT DC: ccg11-origin-www-1.paypal.com Etag: W/"6737ef17-4cc" Expires: Fri, 05 Dec 2025 19:20:05 GMT Last-Modified: Sat, 16 Nov 2024 01:02:15 GMT Paypal-Debug-Id: 60ef7b5f28cf2 Server: ECAcc (lhd/35FB) Strict-Transport-Security: max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: https://www.paypal.com,https://www.sandbox.paypal.com Traceparent: 00-000000000000000000060ef7b5f28cf2-18d543d6ddf101d6-01 Vary: Accept-Encoding X-Cache: HIT X-Content-Type-Options: nosniff Content-Length: 1228 Connection: close
2024-12-05 19:20:06 UTC	1228	IN	Data Raw: 64 65 66 69 6e 65 28 5b 22 6e 65 77 67 61 74 22 2c 22 6a 71 75 65 72 79 22 2c 22 62 61 63 6b 62 6f 6e 65 22 5d 2c 66 75 6e 63 74 69 6f 6e 28 65 2c 74 2c 6e 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 76 61 72 20 72 3d 5b 22 69 6e 6a 65 63 74 49 66 72 61 6d 65 54 65 73 74 22 5d 2c 69 2c 73 2c 6f 2c 75 3b 72 65 74 75 72 6e 20 69 3d 6e 2e 52 6f 75 74 65 72 2e 65 78 74 65 6e 64 28 7b 72 6f 75 74 65 73 3a 7b 22 22 3a 22 73 68 6f 77 4c 61 6e 64 69 6e 67 22 2c 22 3f 2a 71 75 65 72 79 53 74 72 69 6e 67 22 3a 22 73 68 6f 77 4c 61 6e 64 69 6e 67 22 2c 22 69 6e 6a 65 63 74 2f 2a 71 75 65 72 79 53 74 72 69 6e 67 22 3a 22 73 68 6f 77 4c 61 6e 64 69 6e 67 22 2c 61 75 74 68 6f 72 69 7a 65 3a 22 73 68 6f 77 4c 61 6e 64 69 6e 67 22 2c 22 61 75 74 68 6f 72 69 7a 65 3f 2a Data Ascii: define(["newgat","jquery","backbone"],function(e,t,n){"use strict";var r=["injectIframeTest"],i,s,o,u;return i=n.Router.extend({routes:{"":"showLanding","?queryString":"showLanding","inject/queryString":"showLanding",authorize:"showLanding","authorize?*

Timestamp	Bytes transferred	Direction	Data
2024-12-05 19:20:05 UTC	576	OUT	GET /pa/3pjs/tl/6.4.65/patleaf.js HTTP/1.1 Host: www.paypalobjects.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Origin: https://www.paypal.com sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: script Referer: https://www.paypal.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-12-05 19:20:06 UTC	801	IN	HTTP/1.1 200 OK Access-Control-Allow-Headers: x-csrf-token Access-Control-Allow-Methods: GET Access-Control-Allow-Origin: * Cache-Control: s-maxage=31536000, public,max-age=3600 Content-Type: application/javascript Date: Thu, 05 Dec 2024 19:20:05 GMT DC: ccg11-origin-www-1.paypal.com Etag: "6735ac2d-267db+ident" Expires: Thu, 05 Dec 2024 20:20:05 GMT Last-Modified: Thu, 14 Nov 2024 07:52:13 GMT Paypal-Debug-Id: 00ad561ff8f4d Server: ECAcc (lhd/35C9) Strict-Transport-Security: max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: https://www.paypal.com,https://www.sandbox.paypal.com Traceparent: 00-000000000000000000000ad561ff8f4d-9cda0a0444205ecc-01 Vary: Accept-Encoding X-Cache: HIT X-Content-Type-Options: nosniff Content-Length: 157659 Connection: close
2024-12-05 19:20:06 UTC	16383	IN	Data Raw: 69 66 28 66 75 6e 63 74 69 6f 6e 28 74 29 7b 77 69 6e 64 6f 77 2e 70 61 6b 6f 3d 74 28 29 7d 28 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 66 75 6e 63 74 69 6f 6e 20 69 28 73 2c 68 2c 6c 29 7b 66 75 6e 63 74 69 6f 6e 20 6f 28 65 2c 74 29 7b 69 66 28 21 68 5b 65 5d 29 7b 69 66 28 21 73 5b 65 5d 29 7b 76 61 72 20 72 3d 22 66 75 6e 63 74 69 6f 6e 22 3d 3d 74 79 70 65 6f 66 20 72 65 71 75 69 72 65 26 26 72 65 71 75 69 72 65 3b 69 66 28 21 74 26 26 72 29 72 65 74 75 72 6e 20 72 28 65 2c 21 30 29 3b 69 66 28 5f 29 72 65 74 75 72 6e 20 5f 28 65 2c 21 30 29 3b 74 68 72 6f 77 28 72 3d 6e 65 77 20 45 72 72 6f 72 28 22 43 61 6e 6e 6f 74 20 66 69 6e 64 20 6d 6f 64 75 6c 65 20 27 22 2b 65 2b 22 27 22 29 29 2e 63 6f 64 65 3d 22 4d 4f 44 55 4c 45 5f 4e 4f 54 Data Ascii: if(function(t){window.pako=t()}(function(){return function i(s,h,l){function o(e,t){if(!h[e]){if(!s[e]){var r="function"==typeof require&&require;if(!t&&r)return r(e,!0);if(_)return _(e,!0);throw(r=new Error("Cannot find module '"+e+"'")).code="MODULE_NOT
2024-12-05 19:20:06 UTC	16383	IN	Data Raw: 77 72 61 70 3c 3d 30 29 26 26 28 32 3d 3d 3d 6e 2e 77 72 61 70 3f 28 4c 28 6e 2c 32 35 35 26 74 2e 61 64 6c 65 72 29 2c 4c 28 6e 2c 74 2e 61 64 6c 65 72 3e 3e 38 26 32 35 35 29 2c 4c 28 6e 2c 74 2e 61 64 6c 65 72 3e 3e 31 36 26 32 35 35 29 2c 4c 28 6e 2c 74 2e 61 64 6c 65 72 3e 3e 32 34 26 32 35 35 29 2c 4c 28 6e 2c 32 35 35 26 74 2e 74 6f 74 61 6c 5f 69 6e 29 2c 4c 28 6e 2c 74 2e 74 6f 74 61 6c 5f 69 6e 3e 3e 38 26 32 35 35 29 2c 4c 28 6e 2c 74 2e 74 6f 74 61 6c 5f 69 6e 3e 3e 31 36 26 32 35 35 29 2c 4c 28 6e 2c 74 2e 74 6f 74 61 6c 5f 69 6e 3e 3e 32 34 26 32 35 35 29 29 3a 28 4e 28 6e 2c 74 2e 61 64 6c 65 72 3e 3e 3e 31 36 29 2c 4e 28 6e 2c 36 35 35 33 35 26 74 2e 61 64 6c 65 72 29 29 2c 71 28 74 29 2c 30 3c 6e 2e 77 72 61 70 26 26 28 6e 2e 77 72 61 70 Data Ascii: wrap<=0)&&(2===n.wrap?(L(n,255&t.adler),L(n,t.adler>>8&255),L(n,t.adler>>16&255),L(n,t.adler>>24&255),L(n,255&t.total_in),L(n,t.total_in>>8&255),L(n,t.total_in>>16&255),L(n,t.total_in>>24&255)):(N(n,t.adler>>>16),N(n,65535&t.adler)),q(t),0<n.wrap&&(n.wrap
2024-12-05 19:20:06 UTC	2	IN	Data Raw: 65 22 Data Ascii: e"
2024-12-05 19:20:06 UTC	16383	IN	Data Raw: 29 3b 72 65 74 75 72 6e 20 75 2e 67 65 74 28 65 29 2e 73 65 74 28 74 2c 6e 29 2c 63 2e 67 65 74 28 65 29 2e 70 75 73 68 28 74 29 2c 6e 7d 28 6e 2c 65 29 29 7d 29 2c 69 2e 69 6e 73 65 72 74 42 65 66 6f 72 65 28 74 2c 6e 75 6c 6c 29 2c 6f 2e 6f 62 73 65 72 76 65 28 69 2c 70 29 2c 6e 2e 66 6f 72 45 61 63 68 28 66 75 6e 63 74 69 6f 6e 28 74 29 7b 4f 28 74 2c 78 28 74 2c 65 29 29 7d 29 7d 66 75 6e 63 74 69 6f 6e 20 52 28 74 29 7b 76 61 72 20 6e 3d 74 68 69 73 3b 6e 2e 73 68 65 65 74 73 3d 5b 5d 2c 68 2e 73 65 74 28 6e 2c 74 29 2c 6d 2e 73 65 74 28 6e 2c 5b 5d 29 2c 79 2e 73 65 74 28 6e 2c 6e 65 77 20 4d 75 74 61 74 69 6f 6e 4f 62 73 65 72 76 65 72 28 66 75 6e 63 74 69 6f 6e 28 74 2c 6f 29 7b 64 6f 63 75 6d 65 6e 74 3f 74 2e 66 6f 72 45 61 63 68 28 66 75 6e 63 Data Ascii: );return u.get(e).set(t,n),c.get(e).push(t),n}(n,e))}),i.insertBefore(t,null),o.observe(i,p),n.forEach(function(t){O(t,x(t,e))})}function R(t){var n=this;n.sheets=[],h.set(n,t),m.set(n,[]),y.set(n,new MutationObserver(function(t,o){document?t.forEach(func
2024-12-05 19:20:06 UTC	16383	IN	Data Raw: 6c 28 65 29 3b 66 6f 72 28 74 3d 30 2c 6f 3d 69 3f 69 2e 6c 65 6e 67 74 68 3a 30 3b 74 3c 6f 3b 74 2b 3d 31 29 69 66 28 69 5b 74 5d 26 26 69 5b 74 5d 3d 3d 3d 45 29 7b 68 3d 21 30 3b 62 72 65 61 6b 7d 7d 29 29 2c 21 68 29 29 26 26 28 6b 2e 69 73 55 6e 6c 6f 61 64 28 65 29 26 26 28 78 3d 22 75 6e 6c 6f 61 64 69 6e 67 22 29 2c 22 63 68 61 6e 67 65 22 21 3d 3d 65 2e 74 79 70 65 7c 7c 21 64 2e 69 73 4c 65 67 61 63 79 49 45 7c 7c 22 63 68 65 63 6b 62 6f 78 22 21 3d 3d 65 2e 74 61 72 67 65 74 2e 65 6c 65 6d 65 6e 74 2e 74 79 70 65 26 26 22 72 61 64 69 6f 22 21 3d 3d 65 2e 74 61 72 67 65 74 2e 65 6c 65 6d 65 6e 74 2e 74 79 70 65 29 29 7b 69 66 28 22 70 72 6f 70 65 72 74 79 63 68 61 6e 67 65 22 3d 3d 3d 65 2e 74 79 70 65 29 7b 69 66 28 22 63 68 65 63 6b 65 64 22 Data Ascii: l(e);for(t=0,o=i?i.length:0;t<o;t+=1)if(i[t]&&i[t]===E){h=!0;break}})),!h))&&(k.isUnload(e)&&(x="unloading"),"change"!==e.type\|\|!d.isLegacyIE\|\|"checkbox"!==e.target.element.type&&"radio"!==e.target.element.type)){if("propertychange"===e.type){if("checked"
2024-12-05 19:20:06 UTC	16383	IN	Data Raw: 72 69 65 6e 74 61 74 69 6f 6e 29 7b 63 61 73 65 22 6c 61 6e 64 73 63 61 70 65 2d 70 72 69 6d 61 72 79 22 3a 63 61 73 65 22 6c 61 6e 64 73 63 61 70 65 2d 73 65 63 6f 6e 64 61 72 79 22 3a 65 3d 39 30 3b 62 72 65 61 6b 3b 64 65 66 61 75 6c 74 3a 65 3d 30 7d 72 65 74 75 72 6e 20 65 7d 2c 63 6c 6f 67 3a 28 77 69 6e 64 6f 77 2c 66 75 6e 63 74 69 6f 6e 28 29 7b 7d 29 2c 74 72 69 6d 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 72 65 74 75 72 6e 20 65 26 26 65 2e 74 6f 53 74 72 69 6e 67 3f 65 2e 74 72 69 6d 3f 65 2e 74 72 69 6d 28 29 3a 65 2e 74 6f 53 74 72 69 6e 67 28 29 2e 72 65 70 6c 61 63 65 28 2f 5e 5c 73 2b 7c 5c 73 2b 24 2f 67 2c 22 22 29 3a 65 7d 2c 6c 74 72 69 6d 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 72 65 74 75 72 6e 20 65 26 26 65 2e 74 6f 53 74 72 69 6e 67 Data Ascii: rientation){case"landscape-primary":case"landscape-secondary":e=90;break;default:e=0}return e},clog:(window,function(){}),trim:function(e){return e&&e.toString?e.trim?e.trim():e.toString().replace(/^\s+\|\s+$/g,""):e},ltrim:function(e){return e&&e.toString
2024-12-05 19:20:06 UTC	16383	IN	Data Raw: 74 54 6f 50 61 72 65 6e 74 4c 69 6e 6b 22 2c 21 30 29 2c 75 3d 6e 2e 67 65 74 56 61 6c 75 65 28 61 2c 22 6c 6f 67 41 74 74 72 69 62 75 74 65 73 22 2c 5b 5d 29 7d 66 75 6e 63 74 69 6f 6e 20 6d 28 65 2c 74 29 7b 6c 65 74 20 6e 2c 6f 2c 69 3b 69 66 28 21 65 29 72 65 74 75 72 6e 20 6e 75 6c 6c 3b 69 66 28 21 28 69 3d 76 6f 69 64 20 30 21 3d 3d 74 3f 74 3a 65 2e 69 64 29 7c 7c 22 73 74 72 69 6e 67 22 21 3d 74 79 70 65 6f 66 20 69 29 72 65 74 75 72 6e 20 6e 75 6c 6c 3b 66 6f 72 28 6e 3d 30 2c 6f 3d 73 2e 6c 65 6e 67 74 68 3b 6e 3c 6f 3b 6e 2b 3d 31 29 69 66 28 22 73 74 72 69 6e 67 22 3d 3d 74 79 70 65 6f 66 20 73 5b 6e 5d 29 7b 69 66 28 69 3d 3d 3d 73 5b 6e 5d 29 72 65 74 75 72 6e 20 6e 75 6c 6c 7d 65 6c 73 65 20 69 66 28 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 Data Ascii: tToParentLink",!0),u=n.getValue(a,"logAttributes",[])}function m(e,t){let n,o,i;if(!e)return null;if(!(i=void 0!==t?t:e.id)\|\|"string"!=typeof i)return null;for(n=0,o=s.length;n<o;n+=1)if("string"==typeof s[n]){if(i===s[n])return null}else if("object"==typ
2024-12-05 19:20:06 UTC	16383	IN	Data Raw: 72 67 65 74 28 73 29 3a 73 3d 6e 75 6c 6c 29 2c 65 2e 61 74 74 72 69 62 75 74 65 73 3d 5b 7b 6e 61 6d 65 3a 63 2c 6f 6c 64 56 61 6c 75 65 3a 74 2e 6f 6c 64 56 61 6c 75 65 2c 76 61 6c 75 65 3a 73 3f 73 2e 63 75 72 72 53 74 61 74 65 2e 76 61 6c 75 65 3a 74 2e 74 61 72 67 65 74 2e 67 65 74 41 74 74 72 69 62 75 74 65 28 63 29 7d 5d 3b 76 61 72 20 75 3d 65 2e 61 74 74 72 69 62 75 74 65 73 5b 30 5d 3b 69 66 28 75 2e 6f 6c 64 56 61 6c 75 65 21 3d 3d 75 2e 76 61 6c 75 65 29 7b 66 6f 72 28 6f 3d 30 2c 69 3d 79 2e 6c 65 6e 67 74 68 2c 61 3d 21 31 3b 6f 3c 69 3b 6f 2b 3d 31 29 69 66 28 73 3d 79 5b 6f 5d 2c 65 2e 69 73 53 61 6d 65 28 73 29 29 7b 73 2e 61 74 74 72 69 62 75 74 65 73 3d 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 6c 65 74 20 6e 2c 6f 2c 69 2c 72 3b 66 6f Data Ascii: rget(s):s=null),e.attributes=[{name:c,oldValue:t.oldValue,value:s?s.currState.value:t.target.getAttribute(c)}];var u=e.attributes[0];if(u.oldValue!==u.value){for(o=0,i=y.length,a=!1;o<i;o+=1)if(s=y[o],e.isSame(s)){s.attributes=function(e,t){let n,o,i,r;fo
2024-12-05 19:20:06 UTC	16383	IN	Data Raw: 6c 65 6e 67 74 68 3b 74 3c 6f 3b 74 2b 3d 31 29 6c 5b 74 5d 2e 72 6f 6f 74 26 26 28 63 2b 3d 6c 5b 74 5d 2e 72 6f 6f 74 2e 6c 65 6e 67 74 68 29 7d 72 65 74 75 72 6e 20 63 7d 28 61 29 29 3e 74 2e 6d 61 78 4c 65 6e 67 74 68 26 26 28 61 3d 7b 65 72 72 6f 72 43 6f 64 65 3a 31 30 31 2c 65 72 72 6f 72 3a 22 43 61 70 74 75 72 65 64 20 6c 65 6e 67 74 68 20 28 22 2b 73 2b 22 29 20 65 78 63 65 65 64 65 64 20 6c 69 6d 69 74 20 28 22 2b 74 2e 6d 61 78 4c 65 6e 67 74 68 2b 22 29 2e 22 7d 29 7d 72 65 74 75 72 6e 20 61 7d 7d 7d 29 2c 54 4c 54 2e 61 64 64 53 65 72 76 69 63 65 28 22 65 6e 63 6f 64 65 72 22 2c 66 75 6e 63 74 69 6f 6e 28 65 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 6c 65 74 20 74 3d 7b 7d 2c 6e 3d 6e 75 6c 6c 2c 6f 3d 6e 75 6c 6c 2c 69 3d 21 31 3b 66 75 Data Ascii: length;t<o;t+=1)l[t].root&&(c+=l[t].root.length)}return c}(a))>t.maxLength&&(a={errorCode:101,error:"Captured length ("+s+") exceeded limit ("+t.maxLength+")."})}return a}}}),TLT.addService("encoder",function(e){"use strict";let t={},n=null,o=null,i=!1;fu
2024-12-05 19:20:06 UTC	16383	IN	Data Raw: 3a 28 6c 3d 74 2e 6c 65 6e 67 74 68 2c 76 28 65 2c 74 29 29 7d 2c 65 29 7d 28 32 35 2c 65 29 7d 2c 33 30 30 29 7d 29 3a 22 6f 62 6a 65 63 74 22 21 3d 74 79 70 65 6f 66 20 65 7c 7c 41 72 72 61 79 2e 69 73 41 72 72 61 79 28 65 29 7c 7c 6e 75 6c 6c 3d 3d 3d 65 7c 7c 6e 65 77 20 50 72 6f 78 79 28 65 2c 7b 73 65 74 3a 66 75 6e 63 74 69 6f 6e 28 65 2c 74 2c 6e 29 7b 72 65 74 75 72 6e 20 79 28 29 2c 21 30 7d 7d 29 26 26 79 28 29 29 7d 72 65 74 75 72 6e 7b 69 6e 69 74 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 69 66 28 74 3d 65 2e 67 65 74 43 6f 6e 66 69 67 28 29 2c 6f 3d 21 30 2c 61 3d 5b 5d 2c 74 2e 64 61 74 61 4f 62 6a 65 63 74 73 29 66 6f 72 28 63 6f 6e 73 74 20 65 20 6f 66 20 61 3d 74 2e 64 61 74 61 4f 62 6a 65 63 74 73 29 69 66 28 65 2e 72 75 6c 65 73 26 26 65 2e Data Ascii: :(l=t.length,v(e,t))},e)}(25,e)},300)}):"object"!=typeof e\|\|Array.isArray(e)\|\|null===e\|\|new Proxy(e,{set:function(e,t,n){return y(),!0}})&&y())}return{init:function(){if(t=e.getConfig(),o=!0,a=[],t.dataObjects)for(const e of a=t.dataObjects)if(e.rules&&e.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

Phishing

Networking

System Summary

Boot Survival

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

LLM Input / Output

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Chrome Cache Entry: 129

Chrome Cache Entry: 130

Chrome Cache Entry: 131

Chrome Cache Entry: 132

Chrome Cache Entry: 133

Chrome Cache Entry: 134

Chrome Cache Entry: 135

Chrome Cache Entry: 136

Chrome Cache Entry: 137

Chrome Cache Entry: 138

Chrome Cache Entry: 139

Chrome Cache Entry: 140

Chrome Cache Entry: 141

Chrome Cache Entry: 142

Chrome Cache Entry: 143

Chrome Cache Entry: 144

Chrome Cache Entry: 145

Chrome Cache Entry: 146

Chrome Cache Entry: 147

Chrome Cache Entry: 148

Chrome Cache Entry: 149

Chrome Cache Entry: 150

Chrome Cache Entry: 151

Chrome Cache Entry: 152

Timestamp	Bytes transferred	Direction	Data
2024-12-05 19:20:06 UTC	576	OUT	GET /martech/tm/paypal/mktconf.js HTTP/1.1 Host: www.paypalobjects.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Origin: https://www.paypal.com sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: script Referer: https://www.paypal.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-12-05 19:20:06 UTC	797	IN	HTTP/1.1 200 OK Access-Control-Allow-Headers: x-csrf-token Access-Control-Allow-Methods: GET Access-Control-Allow-Origin: * Cache-Control: s-maxage=31536000, public,max-age=3600 Content-Type: application/javascript Date: Thu, 05 Dec 2024 19:20:06 GMT DC: ccg11-origin-www-1.paypal.com Etag: W/"673b68e7-8e2a9" Expires: Thu, 05 Dec 2024 20:20:06 GMT Last-Modified: Mon, 18 Nov 2024 16:18:47 GMT Paypal-Debug-Id: 5a5b15fcc5fdc Server: ECAcc (lhd/3586) Strict-Transport-Security: max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: https://www.paypal.com,https://www.sandbox.paypal.com Traceparent: 00-00000000000000000005a5b15fcc5fdc-4fc7c3425c896b48-01 Vary: Accept-Encoding X-Cache: HIT X-Content-Type-Options: nosniff Content-Length: 582313 Connection: close
2024-12-05 19:20:06 UTC	16383	IN	Data Raw: 2f 2a 21 20 32 30 32 34 20 64 6c 2d 70 70 2d 6c 61 74 6d 40 70 61 79 70 61 6c 2e 63 6f 6d 20 76 65 72 28 31 2e 31 2e 30 29 20 2a 2f 0a 2f 2a 0a 2a 20 6d 6b 74 63 6f 6e 66 2e 6a 73 20 76 31 2e 31 2e 30 20 2d 20 31 31 2d 31 38 2d 32 30 32 34 0a 2a 20 43 6f 70 79 72 69 67 68 74 20 28 63 29 20 32 30 32 34 20 64 6c 2d 70 70 2d 6c 61 74 6d 40 70 61 79 70 61 6c 2e 63 6f 6d 0a 2a 2f 0a 28 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 0a 20 20 20 20 27 75 73 65 20 73 74 72 69 63 74 27 3b 0a 0a 20 20 20 20 28 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 0a 0a 20 20 20 20 20 20 66 75 6e 63 74 69 6f 6e 20 5f 69 74 65 72 61 62 6c 65 54 6f 41 72 72 61 79 4c 69 6d 69 74 28 61 72 72 2c 20 69 29 20 7b 0a 20 20 20 20 20 20 20 20 76 61 72 20 5f 69 20 3d 20 6e 75 6c 6c 20 3d 3d 20 61 72 Data Ascii: /! 2024 dl-pp-latm@paypal.com ver(1.1.0) //** mktconf.js v1.1.0 - 11-18-2024* Copyright (c) 2024 dl-pp-latm@paypal.com*/(function () { 'use strict'; (function () { function _iterableToArrayLimit(arr, i) { var _i = null == ar
2024-12-05 19:20:06 UTC	16383	IN	Data Raw: 64 7c 69 6e 7c 6a 70 7c 6b 72 7c 6d 79 7c 6e 7a 7c 70 68 7c 73 67 7c 74 68 7c 74 77 7c 76 6e 27 2c 20 27 66 65 74 63 68 43 6f 75 6e 74 72 79 27 5d 0a 20 20 20 20 20 20 20 20 20 20 7d 2c 0a 20 20 20 20 20 20 20 20 20 20 27 76 61 72 73 27 3a 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 27 73 65 6e 64 5f 74 6f 27 3a 20 27 41 57 2d 39 36 35 33 35 32 38 36 30 2f 6c 46 56 39 43 4f 65 34 76 39 67 42 45 4a 79 37 71 4d 77 44 27 0a 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 7d 2c 20 7b 0a 20 20 20 20 20 20 20 20 20 20 27 6e 61 6d 65 27 3a 20 27 67 61 27 2c 0a 20 20 20 20 20 20 20 20 20 20 27 76 61 72 73 27 3a 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 27 73 65 6e 64 5f 74 6f 27 3a 20 27 55 41 2d 35 33 33 38 39 37 31 38 2d 31 32 27 2c 0a 20 20 20 Data Ascii: d\|in\|jp\|kr\|my\|nz\|ph\|sg\|th\|tw\|vn', 'fetchCountry'] }, 'vars': { 'send_to': 'AW-965352860/lFV9COe4v9gBEJy7qMwD' } }, { 'name': 'ga', 'vars': { 'send_to': 'UA-53389718-12',
2024-12-05 19:20:06 UTC	16383	IN	Data Raw: 20 20 20 20 20 27 64 65 66 61 75 6c 74 56 61 6c 27 3a 20 27 27 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 27 65 76 65 6e 74 5f 6c 61 62 65 6c 27 3a 20 27 73 74 65 70 20 37 3a 20 65 6e 74 65 72 20 70 65 72 73 6f 6e 61 6c 20 69 6e 66 6f 27 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 27 70 61 67 65 5f 70 61 74 68 27 3a 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 27 74 79 70 65 27 3a 20 27 76 61 72 27 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 27 70 61 74 68 27 3a 20 27 6c 6f 63 61 74 69 6f 6e 2e 70 61 74 68 6e 61 6d 65 27 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 27 64 65 66 61 75 6c 74 56 61 6c 27 3a 20 27 27 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 27 70 61 Data Ascii: 'defaultVal': '' }, 'event_label': 'step 7: enter personal info', 'page_path': { 'type': 'var', 'path': 'location.pathname', 'defaultVal': '' }, 'pa
2024-12-05 19:20:06 UTC	3	IN	Data Raw: 73 6f 6e Data Ascii: son
2024-12-05 19:20:06 UTC	16383	IN	Data Raw: 61 6c 3a 70 72 6f 64 75 63 74 3a 64 69 67 69 74 61 6c 2d 77 61 6c 6c 65 74 2d 73 65 6e 64 2d 72 65 63 65 69 76 65 2d 6d 6f 6e 65 79 2f 73 74 61 72 74 2d 73 65 6c 6c 69 6e 67 3a 3a 3a 7c 6d 61 69 6e 3a 6d 6b 74 67 3a 70 65 72 73 6f 6e 61 6c 3a 70 72 6f 64 75 63 74 3a 64 69 67 69 74 61 6c 2d 77 61 6c 6c 65 74 2d 6d 61 6e 61 67 65 2d 6d 6f 6e 65 79 3a 3a 3a 7c 6d 61 69 6e 3a 6d 6b 74 67 3a 70 65 72 73 6f 6e 61 6c 3a 70 72 6f 64 75 63 74 3a 64 69 67 69 74 61 6c 2d 77 61 6c 6c 65 74 2d 77 61 79 73 2d 74 6f 2d 70 61 79 2f 61 64 64 2d 70 61 79 6d 65 6e 74 2d 6d 65 74 68 6f 64 3a 3a 3a 7c 6d 61 69 6e 3a 6d 6b 74 67 3a 70 65 72 73 6f 6e 61 6c 3a 73 65 63 75 72 69 74 79 3a 64 69 67 69 74 61 6c 2d 77 61 6c 6c 65 74 2d 73 65 63 75 72 69 74 79 2d 61 6e 64 2d 70 72 6f Data Ascii: al:product:digital-wallet-send-receive-money/start-selling:::\|main:mktg:personal:product:digital-wallet-manage-money:::\|main:mktg:personal:product:digital-wallet-ways-to-pay/add-payment-method:::\|main:mktg:personal:security:digital-wallet-security-and-pro
2024-12-05 19:20:07 UTC	16383	IN	Data Raw: 20 20 20 20 27 64 65 66 61 75 6c 74 56 61 6c 27 3a 20 27 27 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 7d 2c 20 7b 0a 20 20 20 20 20 20 20 20 20 20 27 6e 61 6d 65 27 3a 20 27 67 61 27 2c 0a 20 20 20 20 20 20 20 20 20 20 27 76 61 72 73 27 3a 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 27 73 65 6e 64 5f 74 6f 27 3a 20 27 55 41 2d 35 33 33 38 39 37 31 38 2d 31 32 27 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 27 68 69 74 54 79 70 65 27 3a 20 27 65 76 65 6e 74 27 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 27 65 76 65 6e 74 5f 63 61 74 65 67 6f 72 79 27 3a 20 27 63 6f 6e 73 75 6d 65 72 20 63 72 65 64 69 74 27 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 27 65 76 65 6e 74 5f 61 63 74 69 6f 6e 27 3a 20 27 Data Ascii: 'defaultVal': '' } } }, { 'name': 'ga', 'vars': { 'send_to': 'UA-53389718-12', 'hitType': 'event', 'event_category': 'consumer credit', 'event_action': '
2024-12-05 19:20:07 UTC	16383	IN	Data Raw: 20 27 74 79 70 65 27 3a 20 27 66 6e 27 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 27 6e 61 6d 65 27 3a 20 27 63 6f 6e 64 69 74 69 6f 6e 61 6c 56 61 6c 75 65 27 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 27 61 72 67 73 27 3a 20 5b 27 61 75 7c 63 32 7c 63 6e 7c 68 6b 7c 69 64 7c 69 6e 7c 6a 70 7c 6b 72 7c 6d 79 7c 6e 7a 7c 70 68 7c 73 67 7c 74 68 7c 74 77 7c 76 6e 27 2c 20 27 66 65 74 63 68 43 6f 75 6e 74 72 79 27 5d 0a 20 20 20 20 20 20 20 20 20 20 7d 2c 0a 20 20 20 20 20 20 20 20 20 20 27 76 61 72 73 27 3a 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 27 73 65 6e 64 5f 74 6f 27 3a 20 27 41 57 2d 39 36 35 33 35 32 38 36 30 2f 59 49 52 42 43 4b 6a 70 36 2d 41 42 45 4a 79 37 71 4d 77 44 27 0a 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 7d 2c 20 Data Ascii: 'type': 'fn', 'name': 'conditionalValue', 'args': ['au\|c2\|cn\|hk\|id\|in\|jp\|kr\|my\|nz\|ph\|sg\|th\|tw\|vn', 'fetchCountry'] }, 'vars': { 'send_to': 'AW-965352860/YIRBCKjp6-ABEJy7qMwD' } },
2024-12-05 19:20:07 UTC	16383	IN	Data Raw: 64 6d 7c 64 6f 7c 65 63 7c 66 6b 7c 67 64 7c 67 74 7c 67 79 7c 68 6e 7c 6a 6d 7c 6b 6e 7c 6b 79 7c 6c 63 7c 6d 73 7c 6d 78 7c 6e 69 7c 70 61 7c 70 65 7c 70 79 7c 73 72 7c 73 76 7c 74 63 7c 74 74 7c 75 79 7c 76 63 7c 76 65 7c 76 67 27 2c 20 27 66 65 74 63 68 43 6f 75 6e 74 72 79 27 5d 0a 20 20 20 20 20 20 20 20 20 20 7d 2c 0a 20 20 20 20 20 20 20 20 20 20 27 76 61 72 73 27 3a 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 27 73 65 6e 64 5f 74 6f 27 3a 20 27 41 57 2d 39 39 33 37 30 31 30 34 35 2f 46 76 37 37 43 49 33 6e 32 70 63 59 45 4c 58 5a 36 74 6b 44 27 0a 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 7d 2c 20 7b 0a 20 20 20 20 20 20 20 20 20 20 27 6e 61 6d 65 27 3a 20 27 67 61 64 73 27 2c 0a 20 20 20 20 20 20 20 20 20 20 27 65 6e 61 62 6c Data Ascii: dm\|do\|ec\|fk\|gd\|gt\|gy\|hn\|jm\|kn\|ky\|lc\|ms\|mx\|ni\|pa\|pe\|py\|sr\|sv\|tc\|tt\|uy\|vc\|ve\|vg', 'fetchCountry'] }, 'vars': { 'send_to': 'AW-993701045/Fv77CI3n2pcYELXZ6tkD' } }, { 'name': 'gads', 'enabl
2024-12-05 19:20:07 UTC	16383	IN	Data Raw: 20 20 20 20 20 20 20 20 20 27 76 61 72 73 27 3a 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 27 73 65 6e 64 5f 74 6f 27 3a 20 27 41 57 2d 39 39 33 37 30 31 30 34 35 2f 58 68 49 34 43 4d 62 51 36 49 41 43 45 4c 58 5a 36 74 6b 44 27 0a 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 7d 2c 20 7b 0a 20 20 20 20 20 20 20 20 20 20 27 6e 61 6d 65 27 3a 20 27 67 61 64 73 27 2c 0a 20 20 20 20 20 20 20 20 20 20 27 65 6e 61 62 6c 65 27 3a 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 27 74 79 70 65 27 3a 20 27 66 6e 27 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 27 6e 61 6d 65 27 3a 20 27 63 6f 6e 64 69 74 69 6f 6e 61 6c 56 61 6c 75 65 27 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 27 61 72 67 73 27 3a 20 5b 27 61 64 7c 61 65 7c 61 66 7c 61 6c 7c 61 6d 7c 61 Data Ascii: 'vars': { 'send_to': 'AW-993701045/XhI4CMbQ6IACELXZ6tkD' } }, { 'name': 'gads', 'enable': { 'type': 'fn', 'name': 'conditionalValue', 'args': ['ad\|ae\|af\|al\|am\|a
2024-12-05 19:20:07 UTC	16383	IN	Data Raw: 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 27 73 65 6e 64 5f 74 6f 27 3a 20 27 55 41 2d 35 33 33 38 39 37 31 38 2d 31 32 27 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 27 68 69 74 54 79 70 65 27 3a 20 27 65 76 65 6e 74 27 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 27 65 76 65 6e 74 5f 63 61 74 65 67 6f 72 79 27 3a 20 27 44 43 4d 3a 20 50 50 43 72 65 64 69 74 41 70 70 46 69 6e 44 65 63 6c 69 6e 65 64 27 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 27 65 76 65 6e 74 5f 61 63 74 69 6f 6e 27 3a 20 27 66 69 6e 69 73 68 20 64 65 63 6c 69 6e 65 64 27 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 27 65 76 65 6e 74 5f 6c 61 62 65 6c 27 3a 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 27 74 79 70 65 27 3a 20 27 76 61 72 27 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 Data Ascii: { 'send_to': 'UA-53389718-12', 'hitType': 'event', 'event_category': 'DCM: PPCreditAppFinDeclined', 'event_action': 'finish declined', 'event_label': { 'type': 'var',

Timestamp	Bytes transferred	Direction	Data
2024-12-05 19:20:06 UTC	650	OUT	POST /js/ HTTP/1.1 Host: ddbm2.paypal.com Connection: keep-alive Content-Length: 5845 sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Content-type: application/x-www-form-urlencoded X-Requested-With: XMLHttpRequest sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Origin: https://www.paypal.com Sec-Fetch-Site: same-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://www.paypal.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-12-05 19:20:06 UTC	5845	OUT	Data Raw: 6a 73 44 61 74 61 3d 25 37 42 25 32 32 74 74 73 74 25 32 32 25 33 41 31 32 2e 32 39 39 39 39 39 39 39 39 39 35 39 32 35 35 25 32 43 25 32 32 69 66 6f 76 25 32 32 25 33 41 66 61 6c 73 65 25 32 43 25 32 32 62 72 5f 68 25 32 32 25 33 41 39 30 37 25 32 43 25 32 32 62 72 5f 77 25 32 32 25 33 41 31 32 38 30 25 32 43 25 32 32 69 73 66 25 32 32 25 33 41 66 61 6c 73 65 25 32 43 25 32 32 6e 64 64 63 25 32 32 25 33 41 30 25 32 43 25 32 32 72 73 5f 68 25 32 32 25 33 41 31 30 32 34 25 32 43 25 32 32 72 73 5f 77 25 32 32 25 33 41 31 32 38 30 25 32 43 25 32 32 72 73 5f 63 64 25 32 32 25 33 41 32 34 25 32 43 25 32 32 70 68 65 25 32 32 25 33 41 66 61 6c 73 65 25 32 43 25 32 32 6e 6d 25 32 32 25 33 41 66 61 6c 73 65 25 32 43 25 32 32 6a 73 66 25 32 32 25 33 41 66 61 6c 73 Data Ascii: jsData=%7B%22ttst%22%3A12.299999999959255%2C%22ifov%22%3Afalse%2C%22br_h%22%3A907%2C%22br_w%22%3A1280%2C%22isf%22%3Afalse%2C%22nddc%22%3A0%2C%22rs_h%22%3A1024%2C%22rs_w%22%3A1280%2C%22rs_cd%22%3A24%2C%22phe%22%3Afalse%2C%22nm%22%3Afalse%2C%22jsf%22%3Afals
2024-12-05 19:20:06 UTC	577	IN	HTTP/1.1 200 OK Content-Type: application/json;charset=utf-8 Content-Length: 230 Connection: close Date: Thu, 05 Dec 2024 19:20:06 GMT Strict-Transport-Security: max-age=63072000; includeSubDomains; preload Server: DataDome Pragma: no-cache Cache-Control: no-cache, no-store, must-revalidate Expires: 0 X-Cache: Miss from cloudfront Via: 1.1 b4620d66a028319b68950536b2441dc8.cloudfront.net (CloudFront) X-Amz-Cf-Pop: BAH52-C1 X-Amz-Cf-Id: TsyLnO6XJ7-H6vMkPcjW9R3grqQsX7FxVYay9vG6adxvWg5Yk2Eq1g== X-Content-Type-Options: nosniff Access-Control-Allow-Origin: *
2024-12-05 19:20:06 UTC	230	IN	Data Raw: 7b 22 73 74 61 74 75 73 22 3a 32 30 30 2c 22 63 6f 6f 6b 69 65 22 3a 22 64 61 74 61 64 6f 6d 65 3d 32 45 6d 74 51 71 6a 59 4a 69 6c 55 7e 44 58 79 6d 56 4d 47 4d 30 50 53 54 6a 37 78 50 67 36 78 70 78 6e 4d 69 66 6f 41 78 62 32 65 43 41 66 4f 55 39 7e 78 72 4b 43 48 77 30 51 42 48 4c 4e 56 38 30 5a 58 47 4e 6f 41 6b 4c 57 55 58 6a 58 6a 78 56 48 53 6d 4a 5a 37 62 4e 35 4e 67 4b 66 78 55 57 7e 7a 73 66 73 34 48 69 61 68 75 34 65 6c 6b 77 6d 68 55 70 70 31 4c 70 76 70 39 35 56 63 3b 20 4d 61 78 2d 41 67 65 3d 32 35 39 32 30 30 30 3b 20 44 6f 6d 61 69 6e 3d 2e 70 61 79 70 61 6c 2e 63 6f 6d 3b 20 50 61 74 68 3d 2f 3b 20 53 65 63 75 72 65 3b 20 53 61 6d 65 53 69 74 65 3d 4c 61 78 22 7d Data Ascii: {"status":200,"cookie":"datadome=2EmtQqjYJilU~DXymVMGM0PSTj7xPg6xpxnMifoAxb2eCAfOU9~xrKCHw0QBHLNV80ZXGNoAkLWUXjXjxVHSmJZ7bN5NgKfxUW~zsfs4Hiahu4elkwmhUpp1Lpvp95Vc; Max-Age=2592000; Domain=.paypal.com; Path=/; Secure; SameSite=Lax"}

Timestamp	Bytes transferred	Direction	Data
2024-12-05 19:20:06 UTC	599	OUT	GET /recaptcha/enterprise.js?render=6LdCCOUUAAAAAHTE-Snr6hi4HJGtJk_d1_ce-gWB&hl=en HTTP/1.1 Host: www.recaptcha.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://www.paypalobjects.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-12-05 19:20:07 UTC	749	IN	HTTP/1.1 200 OK Content-Type: text/javascript; charset=utf-8 Expires: Thu, 05 Dec 2024 19:20:06 GMT Date: Thu, 05 Dec 2024 19:20:06 GMT Cache-Control: private, max-age=300 Cross-Origin-Resource-Policy: cross-origin Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="coop_38fac9d5b82543fc4729580d18ff2d3d" Report-To: {"group":"coop_38fac9d5b82543fc4729580d18ff2d3d","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/38fac9d5b82543fc4729580d18ff2d3d"}]} Server: ESF X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN X-Content-Type-Options: nosniff Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2024-12-05 19:20:07 UTC	641	IN	Data Raw: 37 38 62 0d 0a 2f 2a 20 50 4c 45 41 53 45 20 44 4f 20 4e 4f 54 20 43 4f 50 59 20 41 4e 44 20 50 41 53 54 45 20 54 48 49 53 20 43 4f 44 45 2e 20 2a 2f 28 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 77 3d 77 69 6e 64 6f 77 2c 43 3d 27 5f 5f 5f 67 72 65 63 61 70 74 63 68 61 5f 63 66 67 27 2c 63 66 67 3d 77 5b 43 5d 3d 77 5b 43 5d 7c 7c 7b 7d 2c 4e 3d 27 67 72 65 63 61 70 74 63 68 61 27 3b 76 61 72 20 45 3d 27 65 6e 74 65 72 70 72 69 73 65 27 2c 61 3d 77 5b 4e 5d 3d 77 5b 4e 5d 7c 7c 7b 7d 2c 67 72 3d 61 5b 45 5d 3d 61 5b 45 5d 7c 7c 7b 7d 3b 67 72 2e 72 65 61 64 79 3d 67 72 2e 72 65 61 64 79 7c 7c 66 75 6e 63 74 69 6f 6e 28 66 29 7b 28 63 66 67 5b 27 66 6e 73 27 5d 3d 63 66 67 5b 27 66 6e 73 27 5d 7c 7c 5b 5d 29 2e 70 75 73 68 28 66 29 3b 7d 3b 77 5b 27 5f Data Ascii: 78b/* PLEASE DO NOT COPY AND PASTE THIS CODE. */(function(){var w=window,C='___grecaptcha_cfg',cfg=w[C]=w[C]\|\|{},N='grecaptcha';var E='enterprise',a=w[N]=w[N]\|\|{},gr=a[E]=a[E]\|\|{};gr.ready=gr.ready\|\|function(f){(cfg['fns']=cfg['fns']\|\|[]).push(f);};w['_
2024-12-05 19:20:07 UTC	1297	IN	Data Raw: 63 68 61 72 73 65 74 3d 27 75 74 66 2d 38 27 3b 76 61 72 20 76 3d 77 2e 6e 61 76 69 67 61 74 6f 72 2c 6d 3d 64 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 27 6d 65 74 61 27 29 3b 6d 2e 68 74 74 70 45 71 75 69 76 3d 27 6f 72 69 67 69 6e 2d 74 72 69 61 6c 27 3b 6d 2e 63 6f 6e 74 65 6e 74 3d 27 41 37 75 78 74 6a 33 2b 68 4a 6d 4f 63 5a 46 6f 6f 46 54 30 50 73 32 37 36 50 75 4f 71 47 6e 4d 31 6a 66 6f 50 62 46 76 78 57 70 37 33 56 43 36 30 4c 6e 59 47 7a 61 79 48 56 76 63 46 65 45 69 46 30 71 72 77 79 37 66 51 41 4c 2b 67 47 56 58 55 2b 66 39 49 51 63 41 41 41 43 54 65 79 4a 76 63 6d 6c 6e 61 57 34 69 4f 69 4a 6f 64 48 52 77 63 7a 6f 76 4c 33 4a 6c 59 32 46 77 64 47 4e 6f 59 53 35 75 5a 58 51 36 4e 44 51 7a 49 69 77 69 5a 6d 56 68 64 48 56 79 5a 53 49 36 49 Data Ascii: charset='utf-8';var v=w.navigator,m=d.createElement('meta');m.httpEquiv='origin-trial';m.content='A7uxtj3+hJmOcZFooFT0Ps276PuOqGnM1jfoPbFvxWp73VC60LnYGzayHVvcFeEiF0qrwy7fQAL+gGVXU+f9IQcAAACTeyJvcmlnaW4iOiJodHRwczovL3JlY2FwdGNoYS5uZXQ6NDQzIiwiZmVhdHVyZSI6I
2024-12-05 19:20:07 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Timestamp	Bytes transferred	Direction	Data
2024-12-05 19:20:06 UTC	2950	OUT	POST /signin/client-log HTTP/1.1 Host: www.paypal.com Connection: keep-alive Content-Length: 1697 sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-arch: "x86" Content-Type: application/json;charset=UTF-8 sec-ch-ua-full-version: "117.0.5938.132" sec-ch-ua-platform-version: "10.0.0" X-Requested-With: XMLHttpRequest sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132" sec-ch-ua-bitness: "64" sec-ch-ua-model: "" sec-ch-ua-wow64: ?0 sec-ch-ua-platform: "Windows" Accept: / Origin: https://www.paypal.com Sec-Fetch-Site: same-origin Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://www.paypal.com/signin/?returnUri=%2Fmyaccount%2Ftransfer%2FpayRequest%2FU-09584045BD498740V%2FU-5R763959NX153980F%3FclassicUrl%3D%2FUS%2Fcgi-bin%2F%3Fcmd%3D_prq&id=OoO85MXTLVUkAlgY4sey9A8h.NxxqjO.iYbAWg&expId=p2p&onboardData=%7B%22signUpRequest%22%3A%7B%22method%22%3A%22get%22%2C%22url%22%3A%22https%3A%2F%2Fwww.paypal.com%2Fmyaccount%2Ftransfer%2FguestLogin%2FpayRequest%2FU-09584045BD498740V%2FU-5R763959NX153980F%3FclassicUrl%3D%2FUS%2Fcgi-bin%2F%3Fcmd%3D_prq%26id%3DOoO85MXTLVUkAlgY4sey9A8h.NxxqjO.iYbAWg%22%7D%7D&flowContextData=F7WdIOgJmH6-07KTJ7GpdWXhkdDQxLohB4l-G7vuWGaUsw9VWkH3unndZA7YlCRgtETWTIDn9hNnR_R_XfGvdxeCRkDmtXLc6qqtXR9sC3Gp-59lNBELQtpM5xEv0i4rCTpJiBcP2uf4VFrJLL1b5u1XG7JtP5TfW7CNqxSVOxEb9_duKrmtDgpztBtl32bVeoc8BgW5poXyk9lJHcKrYdvBHSdT0mosqrrmaGj2a5uNQdBK70Mwpn9Zddmj0KI1GIZrXWvFcpnuRbvbli2inkizkeV4nR1uyKnBSzFqdPDcK4t7K9B6YiFhb5sS8DaQd7F6oWzSe-J8gPxVURmdwwOxFn1ycN09t9caUdBz1XMuv96GDJywuv2feJdoAI73PNjro1a2cFEKAWnCgtoHqxdBD3A1mVV3OiytkjtEUDdvp0GL3CNOAV9zIrunX_DmbTO6KOe21dniBkeG&v=1&utm [TRUNCATED] Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: enforce_policy=ccpa; cookie_check=yes; d_id=c0c49a91e6384eadbaa4a565394e21da1733426393114; LANG=en_US%3BUS; tsrce=unifiedloginnodeweb; x-pp-s=eyJ0IjoiMTczMzQyNjM5MzE1OSIsImwiOiIwIiwibSI6IjAifQ; nsid=s%3AGW_RscjBMue_uO0mnkc7Z8KQBUhwfX2j.FFWOARB2%2BuuO26tFpElNMknNGOEOXTm%2FpBrBjPfDp7c; l7_az=dcg15.slc; ts_c=vr%3D9843afe81930ad103d1b5fc8f7399779%26vt%3D9843afe81930ad103d1b5fc8f7399778; ts=vreXpYrS%3D1764962402%26vteXpYrS%3D1733428202%26vr%3D9843afe81930ad103d1b5fc8f7399779%26vt%3D9843afe81930ad103d1b5fc8f7399778%26vtyp%3Dnew; tcs=main%3Aunifiedlogin%3A%3A%3Alogin%7CbtnLogin
2024-12-05 19:20:06 UTC	1697	OUT	Data Raw: 7b 22 63 75 72 72 65 6e 74 55 72 6c 22 3a 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 70 61 79 70 61 6c 2e 63 6f 6d 2f 73 69 67 6e 69 6e 2f 3f 72 65 74 75 72 6e 55 72 69 3d 25 32 46 6d 79 61 63 63 6f 75 6e 74 25 32 46 74 72 61 6e 73 66 65 72 25 32 46 70 61 79 52 65 71 75 65 73 74 25 32 46 55 2d 30 39 35 38 34 30 34 35 42 44 34 39 38 37 34 30 56 25 32 46 55 2d 35 52 37 36 33 39 35 39 4e 58 31 35 33 39 38 30 46 25 33 46 63 6c 61 73 73 69 63 55 72 6c 25 33 44 25 32 46 55 53 25 32 46 63 67 69 2d 62 69 6e 25 32 46 25 33 46 63 6d 64 25 33 44 5f 70 72 71 26 69 64 3d 4f 6f 4f 38 35 4d 58 54 4c 56 55 6b 41 6c 67 59 34 73 65 79 39 41 38 68 2e 4e 78 78 71 6a 4f 2e 69 59 62 41 57 67 26 65 78 70 49 64 3d 70 32 70 26 6f 6e 62 6f 61 72 64 44 61 74 61 3d 25 37 42 25 32 32 73 Data Ascii: {"currentUrl":"https://www.paypal.com/signin/?returnUri=%2Fmyaccount%2Ftransfer%2FpayRequest%2FU-09584045BD498740V%2FU-5R763959NX153980F%3FclassicUrl%3D%2FUS%2Fcgi-bin%2F%3Fcmd%3D_prq&id=OoO85MXTLVUkAlgY4sey9A8h.NxxqjO.iYbAWg&expId=p2p&onboardData=%7B%22s
2024-12-05 19:20:07 UTC	298	IN	HTTP/1.1 200 OK Connection: close Content-Length: 1852 Accept-Ch: sec-ch-ua-full, sec-ch-ua-arch, sec-ch-ua-model, sec-ch-ua-platform-version, sec-ch-ua-full-version, sec-ch-ua-full-version-list, sec-ch-ua-bitness, sec-ch-ua-wow64 Cache-Control: max-age=0, no-cache, no-store, must-revalidate
2024-12-05 19:20:07 UTC	2386	IN	Data Raw: 43 6f 6e 74 65 6e 74 2d 53 65 63 75 72 69 74 79 2d 50 6f 6c 69 63 79 3a 20 64 65 66 61 75 6c 74 2d 73 72 63 20 27 73 65 6c 66 27 20 68 74 74 70 73 3a 2f 2f 2a 2e 70 61 79 70 61 6c 2e 63 6f 6d 20 68 74 74 70 73 3a 2f 2f 2a 2e 70 61 79 70 61 6c 2e 63 6e 20 68 74 74 70 73 3a 2f 2f 2a 2e 70 61 79 70 61 6c 6f 62 6a 65 63 74 73 2e 63 6f 6d 20 68 74 74 70 73 3a 2f 2f 6f 62 6a 65 63 74 73 2e 70 61 79 70 61 6c 2e 63 6e 20 27 75 6e 73 61 66 65 2d 69 6e 6c 69 6e 65 27 3b 20 73 63 72 69 70 74 2d 73 72 63 20 27 6e 6f 6e 63 65 2d 6c 43 35 71 63 63 70 4a 55 72 65 46 38 78 54 41 53 68 32 65 6f 76 64 4f 38 51 78 66 49 2f 5a 56 53 41 2b 52 6f 76 4e 53 5a 36 68 2b 48 52 78 55 27 20 27 73 65 6c 66 27 20 68 74 74 70 73 3a 2f 2f 2a 2e 70 61 79 70 61 6c 2e 63 6f 6d 20 68 74 74 Data Ascii: Content-Security-Policy: default-src 'self' https://.paypal.com https://.paypal.cn https://.paypalobjects.com https://objects.paypal.cn 'unsafe-inline'; script-src 'nonce-lC5qccpJUreF8xTASh2eovdO8QxfI/ZVSA+RovNSZ6h+HRxU' 'self' https://.paypal.com htt
2024-12-05 19:20:07 UTC	1344	IN	Data Raw: 53 65 74 2d 43 6f 6f 6b 69 65 3a 20 78 2d 70 70 2d 73 3d 65 79 4a 30 49 6a 6f 69 4d 54 63 7a 4d 7a 51 79 4e 6a 51 77 4e 7a 45 31 4d 69 49 73 49 6d 77 69 4f 69 49 77 49 69 77 69 62 53 49 36 49 6a 41 69 66 51 3b 20 44 6f 6d 61 69 6e 3d 2e 70 61 79 70 61 6c 2e 63 6f 6d 3b 20 50 61 74 68 3d 2f 3b 20 48 74 74 70 4f 6e 6c 79 3b 20 53 65 63 75 72 65 3b 20 53 61 6d 65 53 69 74 65 3d 4e 6f 6e 65 0d 0a 53 65 74 2d 43 6f 6f 6b 69 65 3a 20 6c 37 5f 61 7a 3d 64 63 67 31 35 2e 73 6c 63 3b 20 50 61 74 68 3d 2f 3b 20 44 6f 6d 61 69 6e 3d 70 61 79 70 61 6c 2e 63 6f 6d 3b 20 45 78 70 69 72 65 73 3d 54 68 75 2c 20 30 35 20 44 65 63 20 32 30 32 34 20 31 39 3a 35 30 3a 30 37 20 47 4d 54 3b 20 48 74 74 70 4f 6e 6c 79 3b 20 53 65 63 75 72 65 3b 20 53 61 6d 65 53 69 74 65 3d 4e Data Ascii: Set-Cookie: x-pp-s=eyJ0IjoiMTczMzQyNjQwNzE1MiIsImwiOiIwIiwibSI6IjAifQ; Domain=.paypal.com; Path=/; HttpOnly; Secure; SameSite=NoneSet-Cookie: l7_az=dcg15.slc; Path=/; Domain=paypal.com; Expires=Thu, 05 Dec 2024 19:50:07 GMT; HttpOnly; Secure; SameSite=N
2024-12-05 19:20:07 UTC	1378	IN	Data Raw: 7b 22 63 64 6e 48 6f 73 74 4e 61 6d 65 22 3a 22 77 77 77 2e 70 61 79 70 61 6c 6f 62 6a 65 63 74 73 2e 63 6f 6d 22 2c 22 70 61 79 70 61 6c 44 6f 6d 61 69 6e 22 3a 22 70 61 79 70 61 6c 2e 63 6f 6d 22 2c 22 6c 61 79 6f 75 74 22 3a 22 6c 61 79 6f 75 74 73 2f 65 6d 70 74 79 22 2c 22 73 79 73 22 3a 7b 22 6c 69 6e 6b 73 22 3a 7b 22 6a 73 42 61 73 65 55 72 6c 22 3a 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 70 61 79 70 61 6c 6f 62 6a 65 63 74 73 2e 63 6f 6d 2f 77 65 62 2f 72 65 73 2f 30 38 37 2f 39 66 37 33 31 64 38 62 63 65 64 64 35 62 37 65 37 61 33 39 37 35 63 30 32 34 32 37 38 2f 6a 73 22 2c 22 63 73 73 42 61 73 65 55 72 6c 22 3a 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 70 61 79 70 61 6c 6f 62 6a 65 63 74 73 2e 63 6f 6d 2f 77 65 62 2f 72 65 73 2f 30 38 37 2f 39 66 Data Ascii: {"cdnHostName":"www.paypalobjects.com","paypalDomain":"paypal.com","layout":"layouts/empty","sys":{"links":{"jsBaseUrl":"https://www.paypalobjects.com/web/res/087/9f731d8bcedd5b7e7a3975c024278/js","cssBaseUrl":"https://www.paypalobjects.com/web/res/087/9f
2024-12-05 19:20:07 UTC	474	IN	Data Raw: 64 77 69 64 65 3c 2f 61 3e 22 7d 7d 2c 22 74 72 61 63 6b 69 6e 67 22 3a 7b 22 66 70 74 69 22 3a 7b 22 6e 61 6d 65 22 3a 22 70 74 61 22 2c 22 6a 73 55 52 4c 22 3a 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 70 61 79 70 61 6c 6f 62 6a 65 63 74 73 2e 63 6f 6d 22 2c 22 73 65 72 76 65 72 55 52 4c 22 3a 22 68 74 74 70 73 3a 2f 2f 74 2e 70 61 79 70 61 6c 2e 63 6f 6d 2f 74 73 22 2c 22 64 61 74 61 53 74 72 69 6e 67 22 3a 22 70 67 72 70 3d 75 6e 69 66 69 65 64 6c 6f 67 69 6e 6e 6f 64 65 77 65 62 25 32 46 2e 64 75 73 74 26 70 61 67 65 3d 75 6e 69 66 69 65 64 6c 6f 67 69 6e 6e 6f 64 65 77 65 62 25 32 46 2e 64 75 73 74 26 70 67 73 74 3d 31 37 33 33 34 32 36 34 30 37 31 31 36 26 63 61 6c 63 3d 66 32 33 31 37 33 38 62 66 37 36 66 63 26 6e 73 69 64 3d 47 57 5f 52 73 63 6a 42 Data Ascii: dwide</a>"}},"tracking":{"fpti":{"name":"pta","jsURL":"https://www.paypalobjects.com","serverURL":"https://t.paypal.com/ts","dataString":"pgrp=unifiedloginnodeweb%2F.dust&page=unifiedloginnodeweb%2F.dust&pgst=1733426407116&calc=f231738bf76fc&nsid=GW_RscjB

Timestamp	Bytes transferred	Direction	Data
2024-12-05 19:20:08 UTC	3122	OUT	POST /signin HTTP/1.1 Host: www.paypal.com Connection: keep-alive Content-Length: 823 Cache-Control: max-age=0 sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-full-version: "117.0.5938.132" sec-ch-ua-arch: "x86" sec-ch-ua-platform: "Windows" sec-ch-ua-platform-version: "10.0.0" sec-ch-ua-model: "" sec-ch-ua-bitness: "64" sec-ch-ua-wow64: ?0 sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132" Upgrade-Insecure-Requests: 1 Origin: https://www.paypal.com Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Referer: https://www.paypal.com/signin/?returnUri=%2Fmyaccount%2Ftransfer%2FpayRequest%2FU-09584045BD498740V%2FU-5R763959NX153980F%3FclassicUrl%3D%2FUS%2Fcgi-bin%2F%3Fcmd%3D_prq&id=OoO85MXTLVUkAlgY4sey9A8h.NxxqjO.iYbAWg&expId=p2p&onboardData=%7B%22signUpRequest%22%3A%7B%22method%22%3A%22get%22%2C%22url%22%3A%22https%3A%2F%2Fwww.paypal.com%2Fmyaccount%2Ftransfer%2FguestLogin%2FpayRequest%2FU-09584045BD498740V%2FU-5R763959NX153980F%3FclassicUrl%3D%2FUS%2Fcgi-bin%2F%3Fcmd%3D_prq%26id%3DOoO85MXTLVUkAlgY4sey9A8h.NxxqjO.iYbAWg%22%7D%7D&flowContextData=F7WdIOgJmH6-07KTJ7GpdWXhkdDQxLohB4l-G7vuWGaUsw9VWkH3unndZA7YlCRgtETWTIDn9hNnR_R_XfGvdxeCRkDmtXLc6qqtXR9sC3Gp-59lNBELQtpM5xEv0i4rCTpJiBcP2uf4VFrJLL1b5u1XG7JtP5TfW7CNqxSVOxEb9_duKrmtDgpztBtl32bVeoc8BgW5poXyk9lJHcKrYdvBHSdT0mosqrrmaGj2a5uNQdBK70Mwpn9Zddmj0KI1GIZrXWvFcpnuRbvbli2inkizkeV4nR1uyKnBSzFqdPDcK4t7K9B6YiFhb5sS8DaQd7F6oWzSe-J8gPxVURmdwwOxFn1ycN09t9caUdBz1XMuv96GDJywuv2feJdoAI73PNjro1a2cFEKAWnCgtoHqxdBD3A1mVV3OiytkjtEUDdvp0GL3CNOAV9zIrunX_DmbTO6KOe21dniBkeG&v=1&utm [TRUNCATED] Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: enforce_policy=ccpa; cookie_check=yes; d_id=c0c49a91e6384eadbaa4a565394e21da1733426393114; LANG=en_US%3BUS; tsrce=unifiedloginnodeweb; x-pp-s=eyJ0IjoiMTczMzQyNjM5MzE1OSIsImwiOiIwIiwibSI6IjAifQ; nsid=s%3AGW_RscjBMue_uO0mnkc7Z8KQBUhwfX2j.FFWOARB2%2BuuO26tFpElNMknNGOEOXTm%2FpBrBjPfDp7c; l7_az=dcg15.slc; ts_c=vr%3D9843afe81930ad103d1b5fc8f7399779%26vt%3D9843afe81930ad103d1b5fc8f7399778; ts=vreXpYrS%3D1764962402%26vteXpYrS%3D1733428202%26vr%3D9843afe81930ad103d1b5fc8f7399779%26vt%3D9843afe81930ad103d1b5fc8f7399778%26vtyp%3Dnew; tcs=main%3Aunifiedlogin%3A%3A%3Alogin%7CbtnLogin
2024-12-05 19:20:08 UTC	823	OUT	Data Raw: 5f 63 73 72 66 3d 31 4f 4a 61 61 74 61 71 52 79 72 31 78 53 71 32 38 74 74 33 62 57 57 39 39 6a 25 32 42 31 76 65 50 52 4a 49 75 6d 41 25 33 44 26 6c 6f 63 61 6c 65 2e 78 3d 65 6e 5f 55 53 26 70 72 6f 63 65 73 73 53 69 67 6e 69 6e 3d 6d 61 69 6e 26 66 6c 6f 77 4e 61 6d 65 3d 70 32 70 26 66 6c 6f 77 43 6f 6e 74 65 78 74 44 61 74 61 3d 46 37 57 64 49 4f 67 4a 6d 48 36 2d 30 37 4b 54 4a 37 47 70 64 57 58 68 6b 64 44 51 78 4c 6f 68 42 34 6c 2d 47 37 76 75 57 47 61 55 73 77 39 56 57 6b 48 33 75 6e 6e 64 5a 41 37 59 6c 43 52 67 74 45 54 57 54 49 44 6e 39 68 4e 6e 52 5f 52 5f 58 66 47 76 64 78 65 43 52 6b 44 6d 74 58 4c 63 36 71 71 74 58 52 39 73 43 33 47 70 2d 35 39 6c 4e 42 45 4c 51 74 70 4d 35 78 45 76 30 69 34 72 43 54 70 4a 69 42 63 50 32 75 66 34 56 46 72 Data Ascii: _csrf=1OJaataqRyr1xSq28tt3bWW99j%2B1vePRJIumA%3D&locale.x=en_US&processSignin=main&flowName=p2p&flowContextData=F7WdIOgJmH6-07KTJ7GpdWXhkdDQxLohB4l-G7vuWGaUsw9VWkH3unndZA7YlCRgtETWTIDn9hNnR_R_XfGvdxeCRkDmtXLc6qqtXR9sC3Gp-59lNBELQtpM5xEv0i4rCTpJiBcP2uf4VFr
2024-12-05 19:20:08 UTC	344	IN	HTTP/1.1 200 OK Connection: close Content-Length: 7053 Accept-Ch: sec-ch-ua-full, sec-ch-ua-arch, sec-ch-ua-model, sec-ch-ua-platform-version, sec-ch-ua-full-version, sec-ch-ua-full-version-list, sec-ch-ua-bitness, sec-ch-ua-wow64 Access-Control-Expose-Headers: Server-Timing Cache-Control: max-age=0, no-cache, no-store, must-revalidate
2024-12-05 19:20:08 UTC	2106	IN	Data Raw: 43 6f 6e 74 65 6e 74 2d 53 65 63 75 72 69 74 79 2d 50 6f 6c 69 63 79 3a 20 64 65 66 61 75 6c 74 2d 73 72 63 20 27 73 65 6c 66 27 20 68 74 74 70 73 3a 2f 2f 2a 2e 70 61 79 70 61 6c 2e 63 6f 6d 20 68 74 74 70 73 3a 2f 2f 2a 2e 70 61 79 70 61 6c 2e 63 6e 20 68 74 74 70 73 3a 2f 2f 2a 2e 70 61 79 70 61 6c 6f 62 6a 65 63 74 73 2e 63 6f 6d 20 68 74 74 70 73 3a 2f 2f 6f 62 6a 65 63 74 73 2e 70 61 79 70 61 6c 2e 63 6e 3b 20 73 63 72 69 70 74 2d 73 72 63 20 27 6e 6f 6e 63 65 2d 6c 61 66 63 66 70 46 53 4c 32 51 2f 63 78 6f 44 71 64 36 2b 6f 6c 35 46 6e 4f 62 34 30 6f 4b 47 35 73 59 47 43 73 76 30 48 69 74 33 57 4d 49 72 27 20 27 73 65 6c 66 27 20 68 74 74 70 73 3a 2f 2f 2a 2e 70 61 79 70 61 6c 2e 63 6f 6d 20 68 74 74 70 73 3a 2f 2f 2a 2e 70 61 79 70 61 6c 2e 63 6e Data Ascii: Content-Security-Policy: default-src 'self' https://.paypal.com https://.paypal.cn https://.paypalobjects.com https://objects.paypal.cn; script-src 'nonce-lafcfpFSL2Q/cxoDqd6+ol5FnOb40oKG5sYGCsv0Hit3WMIr' 'self' https://.paypal.com https://*.paypal.cn
2024-12-05 19:20:08 UTC	1658	IN	Data Raw: 50 65 72 6d 69 73 73 69 6f 6e 73 2d 50 6f 6c 69 63 79 3a 20 63 68 2d 75 61 2d 70 6c 61 74 66 6f 72 6d 2d 76 65 72 73 69 6f 6e 3d 28 73 65 6c 66 20 22 68 74 74 70 73 3a 2f 2f 63 2e 70 61 79 70 61 6c 2e 63 6f 6d 22 29 2c 63 68 2d 75 61 2d 61 72 63 68 3d 28 73 65 6c 66 20 22 68 74 74 70 73 3a 2f 2f 63 2e 70 61 79 70 61 6c 2e 63 6f 6d 22 29 2c 63 68 2d 75 61 2d 77 6f 77 36 34 3d 28 73 65 6c 66 20 22 68 74 74 70 73 3a 2f 2f 63 2e 70 61 79 70 61 6c 2e 63 6f 6d 22 29 2c 63 68 2d 75 61 2d 6d 6f 64 65 6c 3d 28 73 65 6c 66 20 22 68 74 74 70 73 3a 2f 2f 63 2e 70 61 79 70 61 6c 2e 63 6f 6d 22 29 2c 63 68 2d 75 61 2d 62 69 74 6e 65 73 73 3d 28 73 65 6c 66 20 22 68 74 74 70 73 3a 2f 2f 63 2e 70 61 79 70 61 6c 2e 63 6f 6d 22 29 2c 63 68 2d 75 61 2d 66 75 6c 6c 2d 76 65 Data Ascii: Permissions-Policy: ch-ua-platform-version=(self "https://c.paypal.com"),ch-ua-arch=(self "https://c.paypal.com"),ch-ua-wow64=(self "https://c.paypal.com"),ch-ua-model=(self "https://c.paypal.com"),ch-ua-bitness=(self "https://c.paypal.com"),ch-ua-full-ve
2024-12-05 19:20:08 UTC	623	IN	Data Raw: 58 2d 43 6f 6e 74 65 6e 74 2d 54 79 70 65 2d 4f 70 74 69 6f 6e 73 3a 20 6e 6f 73 6e 69 66 66 0d 0a 58 2d 58 73 73 2d 50 72 6f 74 65 63 74 69 6f 6e 3a 20 31 3b 20 6d 6f 64 65 3d 62 6c 6f 63 6b 0d 0a 44 43 3a 20 63 63 67 31 31 2d 6f 72 69 67 69 6e 2d 77 77 77 2d 31 2e 70 61 79 70 61 6c 2e 63 6f 6d 0d 0a 41 63 63 65 70 74 2d 52 61 6e 67 65 73 3a 20 62 79 74 65 73 0d 0a 56 69 61 3a 20 31 2e 31 20 76 61 72 6e 69 73 68 2c 20 31 2e 31 20 76 61 72 6e 69 73 68 2c 20 31 2e 31 20 76 61 72 6e 69 73 68 0d 0a 44 61 74 65 3a 20 54 68 75 2c 20 30 35 20 44 65 63 20 32 30 32 34 20 31 39 3a 32 30 3a 30 38 20 47 4d 54 0d 0a 53 74 72 69 63 74 2d 54 72 61 6e 73 70 6f 72 74 2d 53 65 63 75 72 69 74 79 3a 20 6d 61 78 2d 61 67 65 3d 36 33 30 37 32 30 30 30 3b 20 69 6e 63 6c 75 64 Data Ascii: X-Content-Type-Options: nosniffX-Xss-Protection: 1; mode=blockDC: ccg11-origin-www-1.paypal.comAccept-Ranges: bytesVia: 1.1 varnish, 1.1 varnish, 1.1 varnishDate: Thu, 05 Dec 2024 19:20:08 GMTStrict-Transport-Security: max-age=63072000; includ
2024-12-05 19:20:08 UTC	1378	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 21 2d 2d 5b 69 66 20 6c 74 20 49 45 20 39 5d 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 6c 6f 77 65 72 2d 74 68 61 6e 2d 69 65 39 22 20 3e 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 6c 74 20 49 45 20 31 30 5d 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 6c 6f 77 65 72 2d 74 68 61 6e 2d 69 65 31 30 22 20 3e 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 21 49 45 5d 3e 2d 2d 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 22 20 3e 3c 21 2d 2d 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 20 20 20 20 0a 20 Data Ascii: <!DOCTYPE html>...[if lt IE 9]><html lang="en" class="no-js lower-than-ie9" ><![endif]-->...[if lt IE 10]><html lang="en" class="no-js lower-than-ie10" ><![endif]-->...[if !IE]>--><html lang="en" class="no-js" >...<![endif]--> <head>
2024-12-05 19:20:08 UTC	1378	IN	Data Raw: 37 33 33 34 32 36 34 30 38 34 33 34 26 63 61 6c 63 3d 66 38 37 36 38 30 39 63 66 62 66 32 38 26 6e 73 69 64 3d 47 57 5f 52 73 63 6a 42 4d 75 65 5f 75 4f 30 6d 6e 6b 63 37 5a 38 4b 51 42 55 68 77 66 58 32 6a 26 72 73 74 61 3d 65 6e 5f 55 53 26 70 67 74 66 3d 4e 6f 64 65 6a 73 26 65 6e 76 3d 6c 69 76 65 26 73 3d 63 69 26 63 63 70 67 3d 55 53 26 63 73 63 69 3d 35 35 66 33 65 66 36 63 38 62 63 34 34 65 38 34 62 37 62 33 35 39 31 61 62 38 39 63 63 36 34 37 26 63 6f 6d 70 3d 61 75 74 68 63 68 61 6c 6c 65 6e 67 65 6e 6f 64 65 77 65 62 26 74 73 72 63 65 3d 75 6e 69 66 69 65 64 6c 6f 67 69 6e 6e 6f 64 65 77 65 62 26 63 75 3d 30 26 65 66 5f 70 6f 6c 69 63 79 3d 63 63 70 61 26 78 65 3d 31 30 39 35 34 31 25 32 43 31 30 37 35 38 35 26 78 74 3d 31 34 35 38 33 35 25 32 Data Ascii: 733426408434&calc=f876809cfbf28&nsid=GW_RscjBMue_uO0mnkc7Z8KQBUhwfX2j&rsta=en_US&pgtf=Nodejs&env=live&s=ci&ccpg=US&csci=55f3ef6c8bc44e84b7b3591ab89cc647&comp=authchallengenodeweb&tsrce=unifiedloginnodeweb&cu=0&ef_policy=ccpa&xe=109541%2C107585&xt=145835%2
2024-12-05 19:20:08 UTC	1378	IN	Data Raw: 65 6e 74 3d 22 6e 61 6d 65 3d 52 65 71 75 65 73 74 20 4d 6f 6e 65 79 3b 61 63 74 69 6f 6e 2d 75 72 69 3d 68 74 74 70 73 3a 2f 2f 70 65 72 73 6f 6e 61 6c 2e 70 61 79 70 61 6c 2e 63 6f 6d 2f 63 67 69 2d 62 69 6e 2f 3f 63 6d 64 3d 5f 72 65 6e 64 65 72 2d 63 6f 6e 74 65 6e 74 26 61 6d 70 3b 63 6f 6e 74 65 6e 74 5f 49 44 3d 6d 61 72 6b 65 74 69 6e 67 5f 75 73 2f 72 65 71 75 65 73 74 5f 6d 6f 6e 65 79 3b 69 63 6f 6e 2d 75 72 69 3d 68 74 74 70 3a 2f 2f 77 77 77 2e 70 61 79 70 61 6c 6f 62 6a 65 63 74 73 2e 63 6f 6d 2f 65 6e 5f 55 53 2f 69 2f 69 63 6f 6e 2f 70 70 5f 66 61 76 69 63 6f 6e 5f 78 2e 69 63 6f 22 20 2f 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e 74 3d 22 74 72 61 6e 73 66 65 72 20 6d 6f 6e 65 79 2c 20 65 6d 61 Data Ascii: ent="name=Request Money;action-uri=https://personal.paypal.com/cgi-bin/?cmd=_render-content&content_ID=marketing_us/request_money;icon-uri=http://www.paypalobjects.com/en_US/i/icon/pp_favicon_x.ico" /><meta name="keywords" content="transfer money, ema
2024-12-05 19:20:08 UTC	1378	IN	Data Raw: 31 30 38 33 37 37 63 63 33 39 37 35 32 2f 74 65 6d 70 6c 61 74 65 73 2f 55 53 2f 65 6e 2f 25 73 2e 6a 73 22 0a 20 20 20 20 64 61 74 61 2d 63 73 72 66 2d 74 6f 6b 65 6e 3d 22 75 75 75 73 65 69 42 62 6a 79 33 42 43 75 2f 48 72 65 73 45 34 6a 31 71 6d 75 48 63 33 45 4b 48 71 58 46 55 73 3d 22 20 20 0a 20 20 20 20 64 61 74 61 2d 6c 6f 63 61 6c 65 3d 22 65 6e 5f 55 53 22 3e 0a 20 20 20 20 20 20 20 20 3c 6e 6f 73 63 72 69 70 74 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 70 20 63 6c 61 73 73 3d 22 6e 6f 6e 6a 73 41 6c 65 72 74 22 20 72 6f 6c 65 3d 22 61 6c 65 72 74 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 4e 4f 54 45 3a 20 4d 61 6e 79 20 66 65 61 74 75 72 65 73 20 6f 6e 20 74 68 65 20 50 61 79 50 61 6c 20 57 65 62 20 73 69 74 65 20 72 65 71 75 Data Ascii: 108377cc39752/templates/US/en/%s.js" data-csrf-token="uuuseiBbjy3BCu/HresE4j1qmuHc3EKHqXFUs=" data-locale="en_US"> <noscript> <p class="nonjsAlert" role="alert"> NOTE: Many features on the PayPal Web site requ
2024-12-05 19:20:08 UTC	1378	IN	Data Raw: 79 70 61 6c 2e 63 6f 6d 26 61 63 63 6f 75 6e 74 73 44 6f 6d 61 69 6e 3d 61 63 63 6f 75 6e 74 73 2e 68 63 61 70 74 63 68 61 2e 70 61 79 70 61 6c 2e 63 6f 6d 26 63 75 73 74 6f 6d 44 6f 6d 61 69 6e 73 3d 22 20 68 65 69 67 68 74 3d 22 35 30 30 22 20 77 69 64 74 68 3d 22 31 30 30 25 32 35 22 20 6e 61 6d 65 3d 22 72 65 63 61 70 74 63 68 61 22 20 61 6c 69 67 6e 3d 22 6d 69 64 64 6c 65 22 20 66 72 61 6d 65 62 6f 72 64 65 72 3d 22 30 22 20 73 61 6e 64 62 6f 78 3d 22 61 6c 6c 6f 77 2d 73 63 72 69 70 74 73 20 61 6c 6c 6f 77 2d 73 61 6d 65 2d 6f 72 69 67 69 6e 20 61 6c 6c 6f 77 2d 70 6f 70 75 70 73 20 61 6c 6c 6f 77 2d 66 6f 72 6d 73 22 3e 3c 2f 69 66 72 61 6d 65 3e 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 61 63 74 69 6f 6e 73 22 3e 3c 62 75 74 74 6f 6e 20 63 6c 61 Data Ascii: ypal.com&accountsDomain=accounts.hcaptcha.paypal.com&customDomains=" height="500" width="100%25" name="recaptcha" align="middle" frameborder="0" sandbox="allow-scripts allow-same-origin allow-popups allow-forms"></iframe> <div class="actions"><button cla
2024-12-05 19:20:08 UTC	163	IN	Data Raw: 30 34 62 65 31 30 38 33 37 37 63 63 33 39 37 35 32 2f 6a 73 2f 63 6f 6e 66 69 67 22 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 70 61 79 70 61 6c 6f 62 6a 65 63 74 73 2e 63 6f 6d 2f 77 65 62 2f 72 65 73 2f 35 63 30 2f 36 65 65 36 64 30 38 38 30 64 61 63 30 34 62 65 31 30 38 33 37 37 63 63 33 39 37 35 32 2f 6a 73 2f 6c 69 62 2f 72 65 71 75 69 72 65 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0a 20 20 20 20 20 20 20 0a 3c 2f 68 74 6d 6c 3e 0a Data Ascii: 04be108377cc39752/js/config" src="https://www.paypalobjects.com/web/res/5c0/6ee6d0880dac04be108377cc39752/js/lib/require.js"></script> </body> </html>

Timestamp	Bytes transferred	Direction	Data
2024-12-05 19:20:08 UTC	928	OUT	GET /js/ HTTP/1.1 Host: ddbm2.paypal.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: enforce_policy=ccpa; cookie_check=yes; d_id=c0c49a91e6384eadbaa4a565394e21da1733426393114; LANG=en_US%3BUS; tsrce=unifiedloginnodeweb; x-pp-s=eyJ0IjoiMTczMzQyNjM5MzE1OSIsImwiOiIwIiwibSI6IjAifQ; l7_az=dcg15.slc; ts_c=vr%3D9843afe81930ad103d1b5fc8f7399779%26vt%3D9843afe81930ad103d1b5fc8f7399778; ts=vreXpYrS%3D1764962402%26vteXpYrS%3D1733428202%26vr%3D9843afe81930ad103d1b5fc8f7399779%26vt%3D9843afe81930ad103d1b5fc8f7399778%26vtyp%3Dnew; datadome=2EmtQqjYJilU~DXymVMGM0PSTj7xPg6xpxnMifoAxb2eCAfOU9~xrKCHw0QBHLNV80ZXGNoAkLWUXjXjxVHSmJZ7bN5NgKfxUW~zsfs4Hiahu4elkwmhUpp1Lpvp95Vc
2024-12-05 19:20:09 UTC	524	IN	HTTP/1.1 405 Method Not Allowed Content-Type: text/html;charset=iso-8859-1 Content-Length: 319 Connection: close Date: Thu, 05 Dec 2024 19:20:08 GMT Cache-Control: must-revalidate,no-cache,no-store X-Cache: Error from cloudfront Via: 1.1 82fec2aceb4f253124bcc9517017dc20.cloudfront.net (CloudFront) X-Amz-Cf-Pop: BAH52-C1 X-Amz-Cf-Id: RLEh1BqgRCYlj1jcbrj2QYDLZgRRPJ0KjR1qvPrTiMIuUJG26ARilw== X-Content-Type-Options: nosniff Strict-Transport-Security: max-age=63072000; includeSubDomains; preload Vary: Origin
2024-12-05 19:20:09 UTC	319	IN	Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 2f 3e 0a 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 35 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 3c 68 32 3e 48 54 54 50 20 45 52 52 4f 52 20 34 30 35 3c 2f 68 32 3e 0a 3c 70 3e 50 72 6f 62 6c 65 6d 20 61 63 63 65 73 73 69 6e 67 20 74 68 69 73 20 72 65 73 6f 75 72 63 65 2e 20 52 65 61 73 6f 6e 3a 0a 3c 70 72 65 3e 20 20 20 20 48 54 54 50 20 6d 65 74 68 6f 64 20 47 45 54 20 69 73 20 6e 6f 74 20 73 75 70 70 6f 72 74 65 64 20 62 79 20 74 68 69 73 20 55 52 4c 3c 2f 70 72 Data Ascii: <html><head><meta http-equiv="Content-Type" content="text/html;charset=utf-8"/><title>Error 405</title></title></head><body><h2>HTTP ERROR 405</h2><p>Problem accessing this resource. Reason:<pre> HTTP method GET is not supported by this URL</pr

Timestamp	Bytes transferred	Direction	Data
2024-12-05 19:20:08 UTC	5481	OUT	GET /ts?v=1.9.5&t=1733426405534&g=300&pgrp=main%3Aunifiedlogin%3A%3A%3Alogin&page=main%3Aunifiedlogin%3A%3A%3Alogin%3Alegacy-web-dyn&pgst=1733426393098&calc=f2110553b2e4e&nsid=GW_RscjBMue_uO0mnkc7Z8KQBUhwfX2j&rsta=en_US&pgtf=Nodejs&env=live&s=ci&ccpg=US&csci=c0c49a91e6384eadbaa4a565394e21da&comp=unifiedloginnodeweb&tsrce=unifiedloginnodeweb&cu=0&ef_policy=ccpa&xe=100353%2C106885%2C105604%2C105604%2C105351%2C101126%2C100614%2C101257%2C102153%2C104200%2C104200%2C105352%2C109195%2C104458%2C104458%2C100364%2C105999%2C100885%2C109334%2C109334%2C101270%2C102557%2C102557%2C101408%2C101408%2C104227%2C104227%2C100644%2C105124%2C100391%2C102695%2C100263%2C101031%2C100267%2C108076%2C100527%2C106031%2C106031%2C107054%2C107054%2C106033%2C106033%2C106032%2C106032%2C105392%2C105392%2C106035%2C106035%2C106034%2C106034%2C106036%2C106036%2C105271%2C110648%2C101688%2C101821%2C101820%2C102208%2C105543%2C105544%2C105416%2C105416%2C101064%2C106058%2C104778%2C103119%2C100303%2C100942%2C105553%2C105553%2C105552%2C105552%2C100304%2C1 [TRUNCATED] Host: t.paypal.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Cache-Control: max-age=0 sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: same-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty Referer: https://www.paypal.com/signin/?returnUri=%2Fmyaccount%2Ftransfer%2FpayRequest%2FU-09584045BD498740V%2FU-5R763959NX153980F%3FclassicUrl%3D%2FUS%2Fcgi-bin%2F%3Fcmd%3D_prq&id=OoO85MXTLVUkAlgY4sey9A8h.NxxqjO.iYbAWg&expId=p2p&onboardData=%7B%22signUpRequest%22%3A%7B%22method%22%3A%22get%22%2C%22url%22%3A%22https%3A%2F%2Fwww.paypal.com%2Fmyaccount%2Ftransfer%2FguestLogin%2FpayRequest%2FU-09584045BD498740V%2FU-5R763959NX153980F%3FclassicUrl%3D%2FUS%2Fcgi-bin%2F%3Fcmd%3D_prq%26id%3DOoO85MXTLVUkAlgY4sey9A8h.NxxqjO.iYbAWg%22%7D%7D&flowContextData=F7WdIOgJmH6-07KTJ7GpdWXhkdDQxLohB4l-G7vuWGaUsw9VWkH3unndZA7YlCRgtETWTIDn9hNnR_R_XfGvdxeCRkDmtXLc6qqtXR9sC3Gp-59lNBELQtpM5xEv0i4rCTpJiBcP2uf4VFrJLL1b5u1XG7JtP5TfW7CNqxSVOxEb9_duKrmtDgpztBtl32bVeoc8BgW5poXyk9lJHcKrYdvBHSdT0mosqrrmaGj2a5uNQdBK70Mwpn9Zddmj0KI1GIZrXWvFcpnuRbvbli2inkizkeV4nR1uyKnBSzFqdPDcK4t7K9B6YiFhb5sS8DaQd7F6oWzSe-J8gPxVURmdwwOxFn1ycN09t9caUdBz1XMuv96GDJywuv2feJdoAI73PNjro1a2cFEKAWnCgtoHqxdBD3A1mVV3OiytkjtEUDdvp0GL3CNOAV9zIrunX_DmbTO6KOe21dniBkeG&v=1&utm [TRUNCATED] Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: enforce_policy=ccpa; cookie_check=yes; d_id=c0c49a91e6384eadbaa4a565394e21da1733426393114; LANG=en_US%3BUS; tsrce=unifiedloginnodeweb; l7_az=dcg15.slc; ts_c=vr%3D9843afe81930ad103d1b5fc8f7399779%26vt%3D9843afe81930ad103d1b5fc8f7399778; datadome=2EmtQqjYJilU~DXymVMGM0PSTj7xPg6xpxnMifoAxb2eCAfOU9~xrKCHw0QBHLNV80ZXGNoAkLWUXjXjxVHSmJZ7bN5NgKfxUW~zsfs4Hiahu4elkwmhUpp1Lpvp95Vc; x-pp-s=eyJ0IjoiMTczMzQyNjQwNzE1MiIsImwiOiIwIiwibSI6IjAifQ; ts=vreXpYrS%3D1764962407%26vteXpYrS%3D1733428207%26vr%3D9843afe81930ad103d1b5fc8f7399779%26vt%3D9843afe81930ad103d1b5fc8f7399778%26vtyp%3Dnew
2024-12-05 19:20:09 UTC	1361	IN	HTTP/1.1 200 OK Connection: close Access-Control-Expose-Headers: Server-Timing CORRELATION-ID: d9943bd72874b Cache-Control: max-age=0, no-cache, no-store, must-revalidate Content-Type: image/gif Expires: Thu, 05 Dec 2024 19:20:08 GMT P3p: CP="CAO IND OUR SAM UNI STA COR COM" Paypal-Debug-Id: d9943bd72874b Pragma: no-cache Set-Cookie: ts=vreXpYrS%3D1764962408%26vteXpYrS%3D1733428208%26vr%3D9843afe81930ad103d1b5fc8f7399779%26vt%3D9843afe81930ad103d1b5fc8f7399778%26vtyp%3Dnew;Expires=Fri, 05 Dec 2025 19:20:08 GMT;domain=.paypal.com;path=/;secure;HttpOnly;SameSite=None; Set-Cookie: ts_c=vr%3D9843afe81930ad103d1b5fc8f7399779%26vt%3D9843afe81930ad103d1b5fc8f7399778;Expires=Fri, 05 Dec 2025 19:20:08 GMT;domain=.paypal.com;path=/;secure;SameSite=None; Traceparent: 00-0000000000000000000d9943bd72874b-25e8d702cf6b0912-01 Accept-Ranges: bytes Via: 1.1 varnish, 1.1 varnish Date: Thu, 05 Dec 2024 19:20:08 GMT Strict-Transport-Security: max-age=63072000; includeSubDomains; preload X-Served-By: cache-iad-kcgs7200053-IAD, cache-nyc-kteb1890038-NYC X-Cache: MISS, MISS X-Cache-Hits: 0, 0 X-Timer: S1733426409.863538,VS0,VE101 vary: Accept-Encoding Server-Timing: "traceparent;desc="00-0000000000000000000d9943bd72874b-f825c1c5b4f79875-01"";content-encoding;desc="",x-cdn;desc="fastly" Timing-Allow-Origin: * transfer-encoding: chunked
2024-12-05 19:20:09 UTC	4	IN	Data Raw: 32 61 0d 0a Data Ascii: 2a
2024-12-05 19:20:09 UTC	42	IN	Data Raw: 47 49 46 38 39 61 01 00 01 00 80 ff 00 c0 c0 c0 00 00 00 21 f9 04 01 00 00 00 00 2c 00 00 00 00 01 00 01 00 00 01 01 32 00 3b Data Ascii: GIF89a!,2;
2024-12-05 19:20:09 UTC	7	IN	Data Raw: 0d 0a 30 0d 0a 0d 0a Data Ascii: 0

Timestamp	Bytes transferred	Direction	Data
2024-12-05 19:20:08 UTC	1081	OUT	GET /signin/client-log HTTP/1.1 Host: www.paypal.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: enforce_policy=ccpa; cookie_check=yes; d_id=c0c49a91e6384eadbaa4a565394e21da1733426393114; LANG=en_US%3BUS; tsrce=unifiedloginnodeweb; nsid=s%3AGW_RscjBMue_uO0mnkc7Z8KQBUhwfX2j.FFWOARB2%2BuuO26tFpElNMknNGOEOXTm%2FpBrBjPfDp7c; l7_az=dcg15.slc; ts_c=vr%3D9843afe81930ad103d1b5fc8f7399779%26vt%3D9843afe81930ad103d1b5fc8f7399778; tcs=main%3Aunifiedlogin%3A%3A%3Alogin%7CbtnLogin; datadome=2EmtQqjYJilU~DXymVMGM0PSTj7xPg6xpxnMifoAxb2eCAfOU9~xrKCHw0QBHLNV80ZXGNoAkLWUXjXjxVHSmJZ7bN5NgKfxUW~zsfs4Hiahu4elkwmhUpp1Lpvp95Vc; x-pp-s=eyJ0IjoiMTczMzQyNjQwNzE1MiIsImwiOiIwIiwibSI6IjAifQ; ts=vreXpYrS%3D1764962407%26vteXpYrS%3D1733428207%26vr%3D9843afe81930ad103d1b5fc8f7399779%26vt%3D9843afe81930ad103d1b5fc8f7399778%26vtyp%3Dnew
2024-12-05 19:20:09 UTC	299	IN	HTTP/1.1 302 Found Connection: close Content-Length: 29 Accept-Ch: sec-ch-ua-full, sec-ch-ua-arch, sec-ch-ua-model, sec-ch-ua-platform-version, sec-ch-ua-full-version, sec-ch-ua-full-version-list, sec-ch-ua-bitness, sec-ch-ua-wow64 Cache-Control: max-age=0, no-cache, no-store, must-revalidate
2024-12-05 19:20:09 UTC	2356	IN	Data Raw: 43 6f 6e 74 65 6e 74 2d 53 65 63 75 72 69 74 79 2d 50 6f 6c 69 63 79 3a 20 64 65 66 61 75 6c 74 2d 73 72 63 20 27 73 65 6c 66 27 20 68 74 74 70 73 3a 2f 2f 2a 2e 70 61 79 70 61 6c 2e 63 6f 6d 20 68 74 74 70 73 3a 2f 2f 2a 2e 70 61 79 70 61 6c 2e 63 6e 20 68 74 74 70 73 3a 2f 2f 2a 2e 70 61 79 70 61 6c 6f 62 6a 65 63 74 73 2e 63 6f 6d 20 68 74 74 70 73 3a 2f 2f 6f 62 6a 65 63 74 73 2e 70 61 79 70 61 6c 2e 63 6e 20 27 75 6e 73 61 66 65 2d 69 6e 6c 69 6e 65 27 3b 20 73 63 72 69 70 74 2d 73 72 63 20 27 6e 6f 6e 63 65 2d 49 71 41 32 47 33 45 68 6e 61 37 76 57 57 76 7a 51 78 77 2f 4e 45 49 2b 79 63 7a 57 72 64 2f 64 66 79 5a 52 74 61 50 6f 50 68 30 49 4e 6a 48 67 27 20 27 73 65 6c 66 27 20 68 74 74 70 73 3a 2f 2f 2a 2e 70 61 79 70 61 6c 2e 63 6f 6d 20 68 74 74 Data Ascii: Content-Security-Policy: default-src 'self' https://.paypal.com https://.paypal.cn https://.paypalobjects.com https://objects.paypal.cn 'unsafe-inline'; script-src 'nonce-IqA2G3Ehna7vWWvzQxw/NEI+yczWrd/dfyZRtaPoPh0INjHg' 'self' https://.paypal.com htt
2024-12-05 19:20:09 UTC	1321	IN	Data Raw: 53 65 74 2d 43 6f 6f 6b 69 65 3a 20 78 2d 70 70 2d 73 3d 65 79 4a 30 49 6a 6f 69 4d 54 63 7a 4d 7a 51 79 4e 6a 51 77 4f 54 41 34 4d 69 49 73 49 6d 77 69 4f 69 49 77 49 69 77 69 62 53 49 36 49 6a 41 69 66 51 3b 20 44 6f 6d 61 69 6e 3d 2e 70 61 79 70 61 6c 2e 63 6f 6d 3b 20 50 61 74 68 3d 2f 3b 20 48 74 74 70 4f 6e 6c 79 3b 20 53 65 63 75 72 65 3b 20 53 61 6d 65 53 69 74 65 3d 4e 6f 6e 65 0d 0a 53 65 74 2d 43 6f 6f 6b 69 65 3a 20 6c 37 5f 61 7a 3d 64 63 67 31 35 2e 73 6c 63 3b 20 50 61 74 68 3d 2f 3b 20 44 6f 6d 61 69 6e 3d 70 61 79 70 61 6c 2e 63 6f 6d 3b 20 45 78 70 69 72 65 73 3d 54 68 75 2c 20 30 35 20 44 65 63 20 32 30 32 34 20 31 39 3a 35 30 3a 30 39 20 47 4d 54 3b 20 48 74 74 70 4f 6e 6c 79 3b 20 53 65 63 75 72 65 3b 20 53 61 6d 65 53 69 74 65 3d 4e Data Ascii: Set-Cookie: x-pp-s=eyJ0IjoiMTczMzQyNjQwOTA4MiIsImwiOiIwIiwibSI6IjAifQ; Domain=.paypal.com; Path=/; HttpOnly; Secure; SameSite=NoneSet-Cookie: l7_az=dcg15.slc; Path=/; Domain=paypal.com; Expires=Thu, 05 Dec 2024 19:50:09 GMT; HttpOnly; Secure; SameSite=N
2024-12-05 19:20:09 UTC	29	IN	Data Raw: 46 6f 75 6e 64 2e 20 52 65 64 69 72 65 63 74 69 6e 67 20 74 6f 20 2f 73 69 67 6e 69 6e Data Ascii: Found. Redirecting to /signin

Timestamp	Bytes transferred	Direction	Data
2024-12-05 19:20:08 UTC	586	OUT	GET /web/res/5c0/6ee6d0880dac04be108377cc39752/css/app.css HTTP/1.1 Host: www.paypalobjects.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: text/css,/;q=0.1 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: style Referer: https://www.paypal.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-12-05 19:20:09 UTC	778	IN	HTTP/1.1 200 OK Access-Control-Allow-Headers: x-csrf-token Access-Control-Allow-Methods: GET Access-Control-Allow-Origin: * Cache-Control: max-age=31536000, s-maxage=31536000 Content-Type: text/css Date: Thu, 05 Dec 2024 19:20:09 GMT DC: ccg11-origin-www-1.paypal.com Etag: W/"6736db9f-82ea" Expires: Fri, 05 Dec 2025 19:20:09 GMT Last-Modified: Fri, 15 Nov 2024 05:26:55 GMT Paypal-Debug-Id: 414af756eff5e Server: ECAcc (lhd/35D0) Strict-Transport-Security: max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: https://www.paypal.com,https://www.sandbox.paypal.com Traceparent: 00-0000000000000000000414af756eff5e-f68c17da8c00886f-01 Vary: Accept-Encoding X-Cache: HIT X-Content-Type-Options: nosniff Content-Length: 33514 Connection: close
2024-12-05 19:20:09 UTC	16383	IN	Data Raw: 2f 2a 2a 20 6d 65 74 68 6f 64 20 72 65 73 70 6f 6e 73 69 62 6c 65 20 66 6f 72 20 6c 6f 61 64 69 6e 67 20 74 68 65 20 62 61 63 6b 67 72 6f 75 6e 64 20 69 6d 61 67 65 20 73 65 74 20 69 6e 20 43 53 53 20 2a 2a 2f 0a 40 2d 77 65 62 6b 69 74 2d 6b 65 79 66 72 61 6d 65 73 20 72 6f 74 61 74 69 6f 6e 20 7b 0a 20 20 66 72 6f 6d 20 7b 0a 20 20 20 20 2d 77 65 62 6b 69 74 2d 74 72 61 6e 73 66 6f 72 6d 3a 20 72 6f 74 61 74 65 28 30 64 65 67 29 3b 0a 20 20 20 20 74 72 61 6e 73 66 6f 72 6d 3a 20 72 6f 74 61 74 65 28 30 64 65 67 29 3b 0a 20 20 7d 0a 20 20 74 6f 20 7b 0a 20 20 20 20 2d 77 65 62 6b 69 74 2d 74 72 61 6e 73 66 6f 72 6d 3a 20 72 6f 74 61 74 65 28 33 35 39 64 65 67 29 3b 0a 20 20 20 20 74 72 61 6e 73 66 6f 72 6d 3a 20 72 6f 74 61 74 65 28 33 35 39 64 65 67 29 Data Ascii: / method responsible for loading the background image set in CSS /@-webkit-keyframes rotation { from { -webkit-transform: rotate(0deg); transform: rotate(0deg); } to { -webkit-transform: rotate(359deg); transform: rotate(359deg)
2024-12-05 19:20:09 UTC	1	IN	Data Raw: 0a Data Ascii:
2024-12-05 19:20:09 UTC	16383	IN	Data Raw: 7d 0a 2f 2a 20 4c 41 50 20 2d 20 6d 65 64 69 75 6d 20 2a 2f 0a 2e 6a 73 20 2e 6c 61 70 20 2e 74 65 78 74 49 6e 70 75 74 2e 6d 65 64 69 75 6d 2c 0a 2e 6a 73 20 64 69 76 2e 6c 61 70 2e 74 65 78 74 49 6e 70 75 74 2e 6d 65 64 69 75 6d 20 7b 0a 20 20 70 61 64 64 69 6e 67 3a 20 30 3b 0a 20 20 70 6f 73 69 74 69 6f 6e 3a 20 72 65 6c 61 74 69 76 65 3b 0a 7d 0a 2e 6a 73 20 2e 6c 61 70 20 2e 74 65 78 74 49 6e 70 75 74 2e 6d 65 64 69 75 6d 20 6c 61 62 65 6c 2e 66 6f 63 75 73 2c 0a 2e 6a 73 20 2e 66 6f 72 6d 4d 65 64 69 75 6d 20 64 69 76 2e 6c 61 70 2e 74 65 78 74 49 6e 70 75 74 2e 6d 65 64 69 75 6d 20 6c 61 62 65 6c 2e 66 6f 63 75 73 20 7b 0a 20 20 63 6f 6c 6f 72 3a 20 23 62 33 62 33 62 33 3b 0a 7d 0a 2e 6a 73 20 2e 6c 61 70 20 2e 74 65 78 74 49 6e 70 75 74 2e 6d 65 Data Ascii: }/* LAP - medium */.js .lap .textInput.medium,.js div.lap.textInput.medium { padding: 0; position: relative;}.js .lap .textInput.medium label.focus,.js .formMedium div.lap.textInput.medium label.focus { color: #b3b3b3;}.js .lap .textInput.me
2024-12-05 19:20:09 UTC	747	IN	Data Raw: 77 69 64 74 68 3a 20 37 36 37 70 78 29 20 7b 0a 20 20 2e 69 64 65 6e 74 69 74 79 46 6f 6f 74 65 72 20 7b 0a 20 20 20 20 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 35 30 70 78 3b 0a 20 20 7d 0a 7d 0a 2f 2a 20 70 61 67 65 20 2a 2f 0a 2f 2a 20 50 61 67 65 20 73 70 65 63 69 66 69 63 20 43 53 53 20 66 69 6c 65 73 20 2a 2f 0a 23 6c 6f 67 69 6e 20 2e 66 6f 72 67 6f 74 4c 69 6e 6b 20 7b 0a 20 20 6d 61 72 67 69 6e 3a 20 32 35 70 78 20 61 75 74 6f 20 33 30 70 78 3b 0a 20 20 70 61 64 64 69 6e 67 2d 62 6f 74 74 6f 6d 3a 20 32 35 70 78 3b 0a 20 20 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 3a 20 31 70 78 20 73 6f 6c 69 64 20 23 43 42 44 32 44 36 3b 0a 7d 0a 2f 2a 20 6d 6f 62 69 6c 65 20 2d 2d 2d 2d 20 2a 2f 0a 40 6d 65 64 69 61 20 61 6c 6c 20 61 6e 64 20 28 6d 61 78 2d 77 69 64 Data Ascii: width: 767px) { .identityFooter { margin-top: 50px; }}/* page // Page specific CSS files /#login .forgotLink { margin: 25px auto 30px; padding-bottom: 25px; border-bottom: 1px solid #CBD2D6;}/ mobile ---- */@media all and (max-wid

Timestamp	Bytes transferred	Direction	Data
2024-12-05 19:20:09 UTC	530	OUT	GET /pa/js/pa.js HTTP/1.1 Host: www.paypalobjects.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://www.paypal.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-12-05 19:20:09 UTC	800	IN	HTTP/1.1 200 OK Access-Control-Allow-Headers: x-csrf-token Access-Control-Allow-Methods: GET Access-Control-Allow-Origin: * Cache-Control: s-maxage=31536000, public,max-age=3600 Content-Type: application/javascript Date: Thu, 05 Dec 2024 19:20:09 GMT DC: ccg11-origin-www-1.paypal.com Etag: "6735ac2d-11212+ident" Expires: Thu, 05 Dec 2024 20:20:09 GMT Last-Modified: Thu, 14 Nov 2024 07:52:13 GMT Paypal-Debug-Id: a700c3e2ec03a Server: ECAcc (lhd/35C1) Strict-Transport-Security: max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: https://www.paypal.com,https://www.sandbox.paypal.com Traceparent: 00-0000000000000000000a700c3e2ec03a-a040008f3221dba8-01 Vary: Accept-Encoding X-Cache: HIT X-Content-Type-Options: nosniff Content-Length: 70162 Connection: close
2024-12-05 19:20:09 UTC	16383	IN	Data Raw: 2f 2a 40 20 32 30 32 34 20 50 61 79 50 61 6c 20 28 76 31 2e 39 2e 35 29 20 2a 2f 0a 21 66 75 6e 63 74 69 6f 6e 28 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 66 75 6e 63 74 69 6f 6e 20 72 28 74 2c 65 2c 6e 29 7b 28 65 3d 66 75 6e 63 74 69 6f 6e 28 74 29 7b 74 3d 66 75 6e 63 74 69 6f 6e 28 74 2c 65 29 7b 69 66 28 22 6f 62 6a 65 63 74 22 21 3d 74 79 70 65 6f 66 20 74 7c 7c 21 74 29 72 65 74 75 72 6e 20 74 3b 76 61 72 20 6e 3d 74 5b 53 79 6d 62 6f 6c 2e 74 6f 50 72 69 6d 69 74 69 76 65 5d 3b 69 66 28 76 6f 69 64 20 30 3d 3d 3d 6e 29 72 65 74 75 72 6e 28 22 73 74 72 69 6e 67 22 3d 3d 3d 65 3f 53 74 72 69 6e 67 3a 4e 75 6d 62 65 72 29 28 74 29 3b 74 3d 6e 2e 63 61 6c 6c 28 74 2c 65 7c 7c 22 64 65 66 61 75 6c 74 22 29 3b 69 66 28 22 6f 62 6a 65 63 74 22 21 3d Data Ascii: /@ 2024 PayPal (v1.9.5) /!function(){"use strict";function r(t,e,n){(e=function(t){t=function(t,e){if("object"!=typeof t\|\|!t)return t;var n=t[Symbol.toPrimitive];if(void 0===n)return("string"===e?String:Number)(t);t=n.call(t,e\|\|"default");if("object"!=
2024-12-05 19:20:09 UTC	16383	IN	Data Raw: 20 22 2b 74 5b 72 5d 2e 74 72 69 6d 28 29 2c 72 21 3d 3d 74 2e 6c 65 6e 67 74 68 2d 31 26 26 28 6e 2b 3d 22 2c 20 22 29 7d 65 6c 73 65 20 6e 3d 74 3b 72 65 74 75 72 6e 20 6e 7d 76 61 72 20 5f 65 3d 7b 70 70 3a 2f 5c 2e 70 61 79 70 61 6c 5c 2e 63 6f 6d 24 2f 2c 61 6c 6c 3a 48 7d 3b 66 75 6e 63 74 69 6f 6e 20 50 65 28 74 2c 65 29 7b 76 61 72 20 6e 3d 21 31 2c 65 3d 65 7c 7c 71 3b 72 65 74 75 72 6e 20 6e 3d 5f 65 5b 74 3d 74 7c 7c 22 61 6c 6c 22 5d 2e 74 65 73 74 28 65 29 3f 21 30 3a 6e 7d 66 75 6e 63 74 69 6f 6e 20 45 28 74 2c 65 2c 6e 29 7b 74 72 79 7b 76 61 72 20 72 3d 65 2e 72 65 70 6c 61 63 65 28 22 5b 22 2c 22 2e 22 29 2e 72 65 70 6c 61 63 65 28 22 5d 22 2c 22 22 29 2e 73 70 6c 69 74 28 22 2e 22 29 2e 72 65 64 75 63 65 28 66 75 6e 63 74 69 6f 6e 28 74 Data Ascii: "+t[r].trim(),r!==t.length-1&&(n+=", ")}else n=t;return n}var _e={pp:/\.paypal\.com$/,all:H};function Pe(t,e){var n=!1,e=e\|\|q;return n=_e[t=t\|\|"all"].test(e)?!0:n}function E(t,e,n){try{var r=e.replace("[",".").replace("]","").split(".").reduce(function(t
2024-12-05 19:20:09 UTC	16383	IN	Data Raw: 29 2c 6f 3d 30 3b 6f 3c 61 2e 6c 65 6e 67 74 68 3b 6f 2b 2b 29 66 6f 72 28 76 61 72 20 63 3d 61 5b 6f 5d 2c 75 3d 6b 65 28 22 69 6e 70 75 74 22 2c 63 29 2c 73 3d 75 2e 6c 65 6e 67 74 68 2c 6c 3d 30 3b 6c 3c 73 3b 6c 2b 2b 29 21 66 75 6e 63 74 69 6f 6e 28 74 2c 65 29 7b 68 28 65 2c 22 66 6f 63 75 73 22 2c 66 75 6e 63 74 69 6f 6e 28 29 7b 72 2e 5f 6c 61 73 74 46 6f 72 6d 3d 74 2c 72 2e 5f 6c 61 73 74 49 6e 70 75 74 3d 65 2c 72 2e 5f 74 72 61 63 6b 69 6e 67 46 41 7c 7c 28 72 2e 5f 74 72 61 63 6b 69 6e 67 46 41 3d 21 30 2c 22 62 65 66 6f 72 65 75 6e 6c 6f 61 64 2c 68 61 73 68 63 68 61 6e 67 65 22 2e 73 70 6c 69 74 28 22 2c 22 29 2e 66 6f 72 45 61 63 68 28 66 75 6e 63 74 69 6f 6e 28 74 29 7b 68 28 77 69 6e 64 6f 77 2c 74 2c 66 75 6e 63 74 69 6f 6e 28 29 7b 6e Data Ascii: ),o=0;o<a.length;o++)for(var c=a[o],u=ke("input",c),s=u.length,l=0;l<s;l++)!function(t,e){h(e,"focus",function(){r._lastForm=t,r._lastInput=e,r._trackingFA\|\|(r._trackingFA=!0,"beforeunload,hashchange".split(",").forEach(function(t){h(window,t,function(){n
2024-12-05 19:20:10 UTC	16383	IN	Data Raw: 2e 6c 6f 61 64 56 65 6e 64 6f 72 44 65 66 61 75 6c 74 28 74 2e 6e 61 6d 65 29 7c 7c 7b 7d 2c 74 29 3b 62 72 28 74 29 26 26 28 6d 72 26 26 76 72 5b 65 5d 26 26 2d 31 21 3d 3d 76 72 5b 65 5d 2e 69 6e 64 65 78 4f 66 28 74 2e 6e 61 6d 65 29 3f 75 5b 65 5d 3d 21 31 3a 6e 2e 70 75 73 68 28 74 29 29 7d 29 2c 6e 2e 6c 65 6e 67 74 68 29 26 26 28 69 3d 7b 69 64 3a 65 2c 74 72 69 67 67 65 72 3a 6f 2e 74 72 69 67 67 65 72 2c 63 61 70 74 75 72 65 3a 6f 2e 63 61 70 74 75 72 65 2c 76 65 6e 64 6f 72 73 3a 6e 7d 2c 6f 3d 50 41 59 50 41 4c 2e 61 6e 61 6c 79 74 69 63 73 2e 6c 6f 67 4a 53 45 72 72 6f 72 2c 74 3d 69 2e 74 72 69 67 67 65 72 2e 74 79 70 65 2c 61 3d 69 2e 74 72 69 67 67 65 72 2e 63 6f 6e 64 69 74 69 6f 6e 2c 69 2e 74 72 69 67 67 65 72 2e 68 61 73 4f 77 6e 50 72 Data Ascii: .loadVendorDefault(t.name)\|\|{},t);br(t)&&(mr&&vr[e]&&-1!==vr[e].indexOf(t.name)?u[e]=!1:n.push(t))}),n.length)&&(i={id:e,trigger:o.trigger,capture:o.capture,vendors:n},o=PAYPAL.analytics.logJSError,t=i.trigger.type,a=i.trigger.condition,i.trigger.hasOwnPr
2024-12-05 19:20:10 UTC	4630	IN	Data Raw: 26 26 28 61 2e 76 61 6c 75 65 3d 4d 61 74 68 2e 6d 61 78 28 74 2e 73 74 61 72 74 54 69 6d 65 2d 6e 69 28 29 2c 30 29 2c 61 2e 65 6e 74 72 69 65 73 3d 5b 74 5d 2c 6e 28 29 29 7d 29 3b 74 26 26 28 6e 3d 52 28 6f 2c 61 2c 42 69 2c 63 2e 72 65 70 6f 72 74 41 6c 6c 43 68 61 6e 67 65 73 29 2c 72 3d 6f 69 28 66 75 6e 63 74 69 6f 6e 28 29 7b 7a 69 5b 61 2e 69 64 5d 7c 7c 28 65 28 74 2e 74 61 6b 65 52 65 63 6f 72 64 73 28 29 29 2c 74 2e 64 69 73 63 6f 6e 6e 65 63 74 28 29 2c 7a 69 5b 61 2e 69 64 5d 3d 21 30 2c 6e 28 21 30 29 29 7d 29 2c 5b 22 6b 65 79 64 6f 77 6e 22 2c 22 63 6c 69 63 6b 22 5d 2e 66 6f 72 45 61 63 68 28 66 75 6e 63 74 69 6f 6e 28 74 29 7b 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 74 2c 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 Data Ascii: &&(a.value=Math.max(t.startTime-ni(),0),a.entries=[t],n())});t&&(n=R(o,a,Bi,c.reportAllChanges),r=oi(function(){zi[a.id]\|\|(e(t.takeRecords()),t.disconnect(),zi[a.id]=!0,n(!0))}),["keydown","click"].forEach(function(t){addEventListener(t,function(){return