securepayments.paypal.com Open in urlscan Pro
173.0.88.36  Public Scan

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

7 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	400 Bad Request	Primary Request Cookie set hostedSoleSolutionProcess Show response securepayments.paypal.com/webapps/HostedSoleSolutionApp/webflow/sparta/	2 KB 5 KB	1206ms 254ms	Document text/html	173.0.88.36 PAYPAL
General Check archive.org Show headers Download Go to Full URL https://securepayments.paypal.com/webapps/HostedSoleSolutionApp/webflow/sparta/hostedSoleSolutionProcess Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 173.0.88.36 , United States, ASN17012 (PAYPAL, US), Reverse DNS securepayments.paypal.com Software / Resource Hash 1c547cb186749febdd894b077f07084b5d283c7052a2e170ce8fcd1a7f1af308 Security Headers Name Value Content-Security-Policy default-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; script-src 'nonce-1ExrrcKgr2/gzQNEccVBs+rxSzVaf86v8a5C3V5kfGBQhJSg' 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-eval' 'unsafe-inline'; img-src https://*:* https://*.paypalobjects.com https://*.paypal.com:* http://*.paypal.com:* https://*.stats.paypal.com; frame-src 'self' https://*.cardinalcommerce.com https://*.paypalobjects.com https://*.paypal.com https://*.qualtrics.com; font-src 'self' ; style-src 'self' 'unsafe-inline' https://*.paypal.com https://*.paypalobjects.com; child-src 'self' https://*.paypal.com; base-uri 'self' https://*.paypal.com; object-src 'none'; block-all-mixed-content;; report-uri https://www.paypal.com/csplog/api/log/csp; connect-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline' https://*.qualtrics.com; X-Content-Type-Options nosniff X-Frame-Options ALLOWALL X-Xss-Protection 1; mode=block Request headers Host securepayments.paypal.com Connection keep-alive Pragma no-cache Cache-Control no-cache Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 Sec-Fetch-Site none Sec-Fetch-Mode navigate Sec-Fetch-User ?1 Sec-Fetch-Dest document Accept-Encoding gzip, deflate, br Accept-Language en-US Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers Access-Control-Allow-Credentials true Access-Control-Allow-Headers X-Requested-With Access-Control-Allow-Origin * Cache-Control max-age=0, no-cache, no-store, must-revalidate Content-Length 2065 Content-Security-Policy default-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; script-src 'nonce-1ExrrcKgr2/gzQNEccVBs+rxSzVaf86v8a5C3V5kfGBQhJSg' 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-eval' 'unsafe-inline'; img-src https://*:* https://*.paypalobjects.com https://*.paypal.com:* http://*.paypal.com:* https://*.stats.paypal.com; frame-src 'self' https://*.cardinalcommerce.com https://*.paypalobjects.com https://*.paypal.com https://*.qualtrics.com; font-src 'self' ; style-src 'self' 'unsafe-inline' https://*.paypal.com https://*.paypalobjects.com; child-src 'self' https://*.paypal.com; base-uri 'self' https://*.paypal.com; object-src 'none'; block-all-mixed-content;; report-uri https://www.paypal.com/csplog/api/log/csp; connect-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline' https://*.qualtrics.com; Content-Type text/html; charset=utf-8 Date Sun, 11 Apr 2021 21:11:06 GMT Etag W/"811-v6rvJCPd3o7KqZmSn6zD3BBOy/0" Paypal-Debug-Id 975d2cc2eb87d Set-Cookie enforce_policy=ccpa; Max-Age=31536000; Domain=.paypal.com; Path=/; Expires=Mon, 11 Apr 2022 21:11:06 GMT; Secure; SameSite=None LANG=en_US%3BUS; Max-Age=900; Domain=.paypal.com; Path=/; Expires=Sun, 11 Apr 2021 21:26:06 GMT; HttpOnly; Secure; SameSite=None tsrce=hostedpaymentnodeweb; Max-Age=259199; Domain=.paypal.com; Path=/; Expires=Wed, 14 Apr 2021 21:11:05 GMT; HttpOnly; Secure; SameSite=None x-pp-s=eyJ0IjoiMTYxODE3NTQ2NjkzNyIsImwiOiIwIiwibSI6IjAifQ; Domain=.paypal.com; Path=/; HttpOnly; Secure; SameSite=None nsid=s%3AMTRH0zrjw2dmpDqURicRuY0sbfU6ML6k.RVAukGVdrmEOkDObepqgfL40RkVJXmOHmOQKu9zPouw; Domain=.paypal.com; Path=/; HttpOnly; Secure l7_az=dcg15.slc; Path=/; Domain=paypal.com; Expires=Sun, 11 Apr 2021 21:41:06 GMT; HttpOnly; Secure; SameSite=None ts=vreXpYrS%3D1712869866%26vteXpYrS%3D1618177266%26vr%3Dc2c61d8c1780a311f9e1a46eff8a98d2%26vt%3Dc2c61d8c1780a311f9e1a46eff8a98d1%26vtyp%3Dnew; Path=/; Domain=paypal.com; Expires=Wed, 10 Apr 2024 21:11:06 GMT; HttpOnly; Secure; SameSite=None ts_c=vr%3Dc2c61d8c1780a311f9e1a46eff8a98d2%26vt%3Dc2c61d8c1780a311f9e1a46eff8a98d1; Path=/; Domain=paypal.com; Expires=Wed, 10 Apr 2024 21:11:06 GMT; Secure; SameSite=None X-Content-Type-Options nosniff X-Frame-Options ALLOWALL X-Xss-Protection 1; mode=block
GET H2	200	400.css www.paypalobjects.com/webstatic/hostedsolutions/CSS/v1/	16 KB 4 KB	216ms 106ms	Stylesheet text/css	104.111.228.123 AKAMAI-AS
General Check archive.org Show headers Download Go to Full URL https://www.paypalobjects.com/webstatic/hostedsolutions/CSS/v1/400.css Requested by Host: securepayments.paypal.com URL: https://securepayments.paypal.com/webapps/HostedSoleSolutionApp/webflow/sparta/hostedSoleSolutionProcess Protocol H2 Security TLS 1.3, , AES_256_GCM Server 104.111.228.123 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US), Reverse DNS a104-111-228-123.deploy.static.akamaitechnologies.com Software / Resource Hash a6121b1b1c73f8e4ab57d62841f91949586f8907c85b1d817462b9bf41bc2672 Security Headers Name Value Strict-Transport-Security max-age=31536000 X-Content-Type-Options nosniff Request headers Referer https://securepayments.paypal.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Sun, 11 Apr 2021 21:11:07 GMT content-encoding gzip x-content-type-options nosniff last-modified Tue, 11 Apr 2017 04:23:32 GMT etag W/"58ec5a44-3e7c" surrogate-control max-age=31536000 vary Accept-Encoding content-type text/css paypal-debug-id cdd06758e846a cache-control public, max-age=3600 strict-transport-security max-age=31536000 dc ccg11-origin-www-1.paypal.com content-length 3515 expires Sun, 11 Apr 2021 22:11:07 GMT
GET H2	200	modernizr-2.6.1.js Show response www.paypalobjects.com/webstatic/hostedsolutions/js/v1/	4 KB 2 KB	217ms 108ms	Script application/javascript	104.111.228.123 AKAMAI-AS
General Check archive.org Show headers Download Go to Full URL https://www.paypalobjects.com/webstatic/hostedsolutions/js/v1/modernizr-2.6.1.js Requested by Host: securepayments.paypal.com URL: https://securepayments.paypal.com/webapps/HostedSoleSolutionApp/webflow/sparta/hostedSoleSolutionProcess Protocol H2 Security TLS 1.3, , AES_256_GCM Server 104.111.228.123 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US), Reverse DNS a104-111-228-123.deploy.static.akamaitechnologies.com Software / Resource Hash a2cfdf37fcc4c98586995b978cb4ea9a0f2c6a123ae767db6de50d9d024106cf Security Headers Name Value Strict-Transport-Security max-age=31536000 X-Content-Type-Options nosniff Request headers Referer https://securepayments.paypal.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Sun, 11 Apr 2021 21:11:07 GMT content-encoding gzip x-content-type-options nosniff last-modified Fri, 08 Sep 2017 04:18:13 GMT cache-control public, max-age=3600 etag W/"59b21a05-f4d" surrogate-control max-age=31536000 vary Accept-Encoding content-type application/javascript access-control-allow-origin * paypal-debug-id 4e771e3dc4d4b strict-transport-security max-age=31536000 dc phx-origin-www-1.paypal.com content-length 1869 expires Sun, 11 Apr 2021 22:11:07 GMT
GET H2	200	Error400.css www.paypalobjects.com/webstatic/hostedsolutions/CSS/v1/	13 KB 3 KB	216ms 107ms	Stylesheet text/css	104.111.228.123 AKAMAI-AS
General Check archive.org Show headers Download Go to Full URL https://www.paypalobjects.com/webstatic/hostedsolutions/CSS/v1/Error400.css Requested by Host: securepayments.paypal.com URL: https://securepayments.paypal.com/webapps/HostedSoleSolutionApp/webflow/sparta/hostedSoleSolutionProcess Protocol H2 Security TLS 1.3, , AES_256_GCM Server 104.111.228.123 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US), Reverse DNS a104-111-228-123.deploy.static.akamaitechnologies.com Software / Resource Hash 57c16868e7bb48dc6732b6f66548965a16bddc5fe2b515c1a6581019a28db477 Security Headers Name Value Strict-Transport-Security max-age=31536000 X-Content-Type-Options nosniff Request headers Referer https://securepayments.paypal.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Sun, 11 Apr 2021 21:11:07 GMT content-encoding gzip x-content-type-options nosniff last-modified Tue, 11 Apr 2017 04:23:32 GMT etag W/"58ec5a44-3315" surrogate-control max-age=31536000 vary Accept-Encoding content-type text/css paypal-debug-id 81376c0c21255 cache-control public, max-age=3600 strict-transport-security max-age=31536000 dc phx-origin-www-2.paypal.com content-length 2880 expires Sun, 11 Apr 2021 22:11:07 GMT
GET H2	200	2a4e97db1d8f93624075ad1af11320.js Show response www.paypalobjects.com/eboxapps/js/1d/	97 KB 35 KB	165ms 57ms	Script application/javascript	104.111.228.123 AKAMAI-AS
General Check archive.org Show headers Download Go to Full URL https://www.paypalobjects.com/eboxapps/js/1d/2a4e97db1d8f93624075ad1af11320.js Requested by Host: securepayments.paypal.com URL: https://securepayments.paypal.com/webapps/HostedSoleSolutionApp/webflow/sparta/hostedSoleSolutionProcess Protocol H2 Security TLS 1.3, , AES_256_GCM Server 104.111.228.123 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US), Reverse DNS a104-111-228-123.deploy.static.akamaitechnologies.com Software / Resource Hash 11496855d5acf52b2d63b1cecf418a4b819eb3eee2734da642580f0b130ed952 Security Headers Name Value Strict-Transport-Security max-age=31536000 X-Content-Type-Options nosniff Request headers Referer https://securepayments.paypal.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Sun, 11 Apr 2021 21:11:07 GMT content-encoding gzip x-content-type-options nosniff last-modified Wed, 21 Sep 2016 11:49:37 GMT cache-control public, max-age=3600 etag W/"57e273d1-1851a" surrogate-control max-age=31536000 vary Accept-Encoding content-type application/javascript access-control-allow-origin * paypal-debug-id 1b4602c1ce674 strict-transport-security max-age=31536000 dc ccg11-origin-www-1.paypal.com content-length 35427 expires Sun, 11 Apr 2021 22:11:07 GMT
GET H2	200	8e74f386e67255b4b8d5ea294a6b1f.js Show response www.paypalobjects.com/eboxapps/js/1b/	5 KB 2 KB	212ms 105ms	Script application/javascript	104.111.228.123 AKAMAI-AS
General Check archive.org Show headers Download Go to Full URL https://www.paypalobjects.com/eboxapps/js/1b/8e74f386e67255b4b8d5ea294a6b1f.js Requested by Host: securepayments.paypal.com URL: https://securepayments.paypal.com/webapps/HostedSoleSolutionApp/webflow/sparta/hostedSoleSolutionProcess Protocol H2 Security TLS 1.3, , AES_256_GCM Server 104.111.228.123 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US), Reverse DNS a104-111-228-123.deploy.static.akamaitechnologies.com Software / Resource Hash 6d6abb6933af5cc494c2def3343e8cdc7af83462c14aed5565d44cad0683df35 Security Headers Name Value Strict-Transport-Security max-age=31536000 X-Content-Type-Options nosniff Request headers Referer https://securepayments.paypal.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Sun, 11 Apr 2021 21:11:07 GMT content-encoding gzip x-content-type-options nosniff last-modified Wed, 21 Sep 2016 11:49:35 GMT cache-control public, max-age=3600 etag W/"57e273cf-127c" surrogate-control max-age=31536000 vary Accept-Encoding content-type application/javascript access-control-allow-origin * paypal-debug-id 76ced84f971e strict-transport-security max-age=31536000 dc phx-origin-www-2.paypal.com content-length 1622 expires Sun, 11 Apr 2021 22:11:07 GMT
GET H2	200	icon_alert_24wx24h.gif www.paypalobjects.com/en_US/i/icon/	368 B 647 B	55ms 54ms	Image image/webp	104.111.228.123 AKAMAI-AS
General Check archive.org Show headers Download Go to Show image Full URL https://www.paypalobjects.com/en_US/i/icon/icon_alert_24wx24h.gif Requested by Host: www.paypalobjects.com URL: https://www.paypalobjects.com/webstatic/hostedsolutions/CSS/v1/400.css Protocol H2 Security TLS 1.3, , AES_256_GCM Server 104.111.228.123 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US), Reverse DNS a104-111-228-123.deploy.static.akamaitechnologies.com Software Akamai Image Manager / Resource Hash 592fbcce0f3c5cacac360ee07f7f0286d546bebb3340b67b934d87fac42c79c9 Security Headers Name Value Strict-Transport-Security max-age=31536000 X-Content-Type-Options nosniff Request headers Referer https://www.paypalobjects.com/webstatic/hostedsolutions/CSS/v1/400.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Sun, 11 Apr 2021 21:11:07 GMT x-content-type-options nosniff x-check-cacheable YES x-serial 448 etag "bVjaJ7pmCdQAIT0h74yNmMipwOokcZTJhrxiXq3enbg" strict-transport-security max-age=31536000 content-type image/webp cache-control private, no-transform, max-age=43200 last-modified Sun, 28 Mar 2021 01:42:14 GMT content-length 368 server Akamai Image Manager expires Mon, 12 Apr 2021 09:11:07 GMT

50 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| cookieStore function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker object| trustedTypes boolean| crossOriginIsolated object| html5 object| Modernizr object| antiClickjack object| PAYPAL undefined| custom_var string| _sp string| _rp number| _poE number| _poX number| _sH object| _doc object| _w string| _ht string| _hr number| _tm number| _kp number| _sW undefined| baseurl undefined| sitefb_plus_icon function| O_LC function| PP_O_LC function| _fPe function| _fPx function| O_GoT function| PP_O_GoT function| Mini_O_GoT function| siteFeedBackImage function| $ function| jQuery function| assignSiteCatalystVars function| PayPalURL undefined| url_var undefined| url_var_temp undefined| paypal_url undefined| _ht_temp undefined| _hr_temp undefined| custom_var_temp undefined| ppbce number| getOpinionLabURL function| OpinionLabOnCloseEvent function| showpopup

8 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			.paypal.com/	1970-01-20 19:46:23	Name: ts_c Value: vr%3Dc2c61d8c1780a311f9e1a46eff8a98d2%26vt%3Dc2c61d8c1780a311f9e1a46eff8a98d1
			.paypal.com/	1970-01-19 17:29:37	Name: l7_az Value: dcg15.slc
			.paypal.com/	1969-12-31 23:59:59	Name: nsid Value: s%3AMTRH0zrjw2dmpDqURicRuY0sbfU6ML6k.RVAukGVdrmEOkDObepqgfL40RkVJXmOHmOQKu9zPouw
			.paypal.com/	1970-01-20 19:46:23	Name: ts Value: vreXpYrS%3D1712869866%26vteXpYrS%3D1618177266%26vr%3Dc2c61d8c1780a311f9e1a46eff8a98d2%26vt%3Dc2c61d8c1780a311f9e1a46eff8a98d1%26vtyp%3Dnew
			.paypal.com/	1969-12-31 23:59:59	Name: x-pp-s Value: eyJ0IjoiMTYxODE3NTQ2NjkzNyIsImwiOiIwIiwibSI6IjAifQ
			.paypal.com/	1970-01-19 17:33:54	Name: tsrce Value: hostedpaymentnodeweb
			.paypal.com/	1970-01-19 17:29:36	Name: LANG Value: en_US%3BUS
			.paypal.com/	1970-01-20 02:15:11	Name: enforce_policy Value: ccpa

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	default-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; script-src 'nonce-1ExrrcKgr2/gzQNEccVBs+rxSzVaf86v8a5C3V5kfGBQhJSg' 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-eval' 'unsafe-inline'; img-src https://*:* https://*.paypalobjects.com https://*.paypal.com:* http://*.paypal.com:* https://*.stats.paypal.com; frame-src 'self' https://*.cardinalcommerce.com https://*.paypalobjects.com https://*.paypal.com https://*.qualtrics.com; font-src 'self' ; style-src 'self' 'unsafe-inline' https://*.paypal.com https://*.paypalobjects.com; child-src 'self' https://*.paypal.com; base-uri 'self' https://*.paypal.com; object-src 'none'; block-all-mixed-content;; report-uri https://www.paypal.com/csplog/api/log/csp; connect-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline' https://*.qualtrics.com;
X-Content-Type-Options	nosniff
X-Frame-Options	ALLOWALL
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

securepayments.paypal.com
www.paypalobjects.com
104.111.228.123
173.0.88.36
11496855d5acf52b2d63b1cecf418a4b819eb3eee2734da642580f0b130ed952
1c547cb186749febdd894b077f07084b5d283c7052a2e170ce8fcd1a7f1af308
57c16868e7bb48dc6732b6f66548965a16bddc5fe2b515c1a6581019a28db477
592fbcce0f3c5cacac360ee07f7f0286d546bebb3340b67b934d87fac42c79c9
6d6abb6933af5cc494c2def3343e8cdc7af83462c14aed5565d44cad0683df35
a2cfdf37fcc4c98586995b978cb4ea9a0f2c6a123ae767db6de50d9d024106cf
a6121b1b1c73f8e4ab57d62841f91949586f8907c85b1d817462b9bf41bc2672