urlscan.io logo urlscan.io
SecurityTrails logo

sso.paypalcorp.com Open in urlscan Pro
107.162.159.88  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://goto.my.salesforce.com/5002E000021sikM
Effective URL: https://sso.paypalcorp.com/idp/FrkofvQ1r3/resumeSAML20/idp/SSO.ping
Submission Tags: falconsandbox
Submission: On November 04 via api from US — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 2 IPs in 1 countries across 2 domains to perform 7 HTTP transactions. The main IP is 107.162.159.88, located in United States and belongs to DEFENSE-NET, US. The main domain is sso.paypalcorp.com.
TLS certificate: Issued by DigiCert SHA2 High Assurance Server CA on May 13th 2022. Valid for: a year.
This is the only time sso.paypalcorp.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
2 13.110.9.189 14340 (SALESFORCE)
1 6 107.162.159.88 55002 (DEFENSE-NET)
7 2
Apex Domain
Subdomains		 Transfer
6 paypalcorp.com
sso.paypalcorp.com
25 KB
2 salesforce.com
goto.my.salesforce.com — Cisco Umbrella Rank: 959296
6 KB
7 2
Domain Requested by
6 sso.paypalcorp.com 1 redirects sso.paypalcorp.com
2 goto.my.salesforce.com goto.my.salesforce.com
7 2

This site contains no links.

Subject Issuer Validity Valid
*.my.salesforce.com
DigiCert TLS RSA SHA256 2020 CA1		 2022-05-19 -
2023-05-17		 a year crt.sh
sso.paypalcorp.com
DigiCert SHA2 High Assurance Server CA		 2022-05-13 -
2023-06-04		 a year crt.sh

This page contains 1 frames:

Primary Page: https://sso.paypalcorp.com/idp/FrkofvQ1r3/resumeSAML20/idp/SSO.ping
Frame ID: F298D69E7CB98922B5C2628552F965E5
Requests: 7 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Sign On

Page URL History Show full URLs

  1. https://goto.my.salesforce.com/5002E000021sikM Page URL
  2. https://goto.my.salesforce.com/saml/authn-request.jsp?saml_request_id=_2CAAAAYTQtRo3MDAwMDAwMDAwMDAwMDAwAAA... Page URL
  3. https://sso.paypalcorp.com/idp/SSO.saml2 HTTP 302
    https://sso.paypalcorp.com/idp/FrkofvQ1r3/resumeSAML20/idp/SSO.ping Page URL
  4. https://sso.paypalcorp.com/idp/FrkofvQ1r3/resumeSAML20/idp/SSO.ping Page URL

Page Statistics

7
Requests

100 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

2
IPs

1
Countries

30 kB
Transfer

28 kB
Size

8
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://goto.my.salesforce.com/5002E000021sikM Page URL
  2. https://goto.my.salesforce.com/saml/authn-request.jsp?saml_request_id=_2CAAAAYTQtRo3MDAwMDAwMDAwMDAwMDAwAAAA8H2imvR40CXiEQLMAFvja5Y0oFZXhhQqZDyGHcjM5foKqWrO3sa6EzqzI9Jbk907vc4D4yUxY2WUAHOnKBKS_LGTCez43ZLo2zR4azn8IZ5nt8xStlQvhRXTyXT6jYiqvtfZZ5w2eA2-YkR3A9y68LPP9qttOvP-ofr4gjMPduPRW84czVaL17qrXAFFy2o0tRnM34jD5md_w__LTIt8EzjDxl8_WKsjX2CuYJ1rFKbs1b0sAYo0zfvTwLW7pgkdLw&saml_acs=https%3A%2F%2Fgoto.my.salesforce.com%3Fso%3D00D300000000LaY%26sc%3D0LE80000000TN2w&saml_binding_type=HttpPost&Issuer=https%3A%2F%2Fgoto.my.salesforce.com&samlSsoConfig=0LE80000000TN2w&RelayState=%2F5002E000021sikM Page URL
  3. https://sso.paypalcorp.com/idp/SSO.saml2 HTTP 302
    https://sso.paypalcorp.com/idp/FrkofvQ1r3/resumeSAML20/idp/SSO.ping Page URL
  4. https://sso.paypalcorp.com/idp/FrkofvQ1r3/resumeSAML20/idp/SSO.ping Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 2
  • https://sso.paypalcorp.com/idp/SSO.saml2 HTTP 302
  • https://sso.paypalcorp.com/idp/FrkofvQ1r3/resumeSAML20/idp/SSO.ping

7 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
5002E000021sikM
goto.my.salesforce.com/ 		2 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://goto.my.salesforce.com/5002E000021sikM
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
13.110.9.189 , United States, ASN14340 (SALESFORCE, US),
Reverse DNS
dcl4-ncg0-iad3.na91-ia2.my.salesforce.com
Software
/
Resource Hash
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Cache-Control
must-revalidate,no-cache,no-store
Connection
close
Content-Encoding
gzip
Content-Security-Policy
upgrade-insecure-requests
Content-Security-Policy-Report-Only
default-src https:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; img-src https: data: blob: file:; frame-ancestors 'self' *.salesforce.com *.force.com *.visualforce.com *.documentforce.com; font-src https: data: blob: file:; connect-src 'self' https:; report-uri https://csp-report.force.com/_/ContentDomainCSPNoAuth?type=mydomain
Content-Type
text/html; charset=UTF-8
Referrer-Policy
origin-when-cross-origin
Strict-Transport-Security
max-age=63072000; includeSubDomains
Vary
Accept-Encoding
X-Content-Type-Options
nosniff
X-Robots-Tag
none
X-XSS-Protection
1; mode=block
authn-request.jsp
goto.my.salesforce.com/saml/ 		6 KB
4 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://goto.my.salesforce.com/saml/authn-request.jsp?saml_request_id=_2CAAAAYTQtRo3MDAwMDAwMDAwMDAwMDAwAAAA8H2imvR40CXiEQLMAFvja5Y0oFZXhhQqZDyGHcjM5foKqWrO3sa6EzqzI9Jbk907vc4D4yUxY2WUAHOnKBKS_LGTCez43ZLo2zR4azn8IZ5nt8xStlQvhRXTyXT6jYiqvtfZZ5w2eA2-YkR3A9y68LPP9qttOvP-ofr4gjMPduPRW84czVaL17qrXAFFy2o0tRnM34jD5md_w__LTIt8EzjDxl8_WKsjX2CuYJ1rFKbs1b0sAYo0zfvTwLW7pgkdLw&saml_acs=https%3A%2F%2Fgoto.my.salesforce.com%3Fso%3D00D300000000LaY%26sc%3D0LE80000000TN2w&saml_binding_type=HttpPost&Issuer=https%3A%2F%2Fgoto.my.salesforce.com&samlSsoConfig=0LE80000000TN2w&RelayState=%2F5002E000021sikM
Requested by
Host: goto.my.salesforce.com
URL: https://goto.my.salesforce.com/5002E000021sikM
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
13.110.9.189 , United States, ASN14340 (SALESFORCE, US),
Reverse DNS
dcl4-ncg0-iad3.na91-ia2.my.salesforce.com
Software
/
Resource Hash
0f6ba6975dd5e7473112ee34412d7d44dce1aefdefc9eff0363c19112f44c23e
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://goto.my.salesforce.com/5002E000021sikM
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Cache-Control
no-cache,must-revalidate,max-age=0,no-store,private
Content-Encoding
gzip
Content-Security-Policy
upgrade-insecure-requests
Content-Type
text/html;charset=UTF-8
Date
Fri, 04 Nov 2022 02:40:40 GMT
Pragma
no-cache
Referrer-Policy
origin-when-cross-origin
Strict-Transport-Security
max-age=63072000; includeSubDomains
Transfer-Encoding
chunked
Vary
Accept-Encoding
X-Content-Type-Options
nosniff
X-Robots-Tag
none
X-XSS-Protection
1; mode=block
SSO.ping
sso.paypalcorp.com/idp/FrkofvQ1r3/resumeSAML20/idp/
Redirect Chain
  • https://sso.paypalcorp.com/idp/SSO.saml2
  • https://sso.paypalcorp.com/idp/FrkofvQ1r3/resumeSAML20/idp/SSO.ping
316 B
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://sso.paypalcorp.com/idp/FrkofvQ1r3/resumeSAML20/idp/SSO.ping
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
107.162.159.88 , United States, ASN55002 (DEFENSE-NET, US),
Reverse DNS
Software
/
Resource Hash
493d04e44c370ecf8f591b6cab9a973f6d886c461fa2910f4682efd782d1cb6d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Content-Type
application/x-www-form-urlencoded
Origin
https://goto.my.salesforce.com
Referer
https://goto.my.salesforce.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Cache-Control
no-cache, no-store
Content-Length
316
Content-Type
text/html;charset=utf-8
Date
Fri, 04 Nov 2022 02:40:41 GMT
Expires
Thu, 01 Jan 1970 00:00:00 GMT
Pragma
no-cache
Referrer-Policy
origin
Strict-Transport-Security
max-age=31536000
Via
1.1 fra1-bit12043
WWW-Authenticate
Negotiate

Redirect headers

Cache-Control
no-cache, no-store
Content-Length
0
Content-Type
text/html;charset=utf-8
Date
Fri, 04 Nov 2022 02:40:41 GMT
Expires
Thu, 01 Jan 1970 00:00:00 GMT
Location
https://sso.paypalcorp.com/idp/FrkofvQ1r3/resumeSAML20/idp/SSO.ping
Pragma
no-cache
Referrer-Policy
origin
Strict-Transport-Security
max-age=31536000
Via
1.1 fra1-bit12043
Primary Request SSO.ping
sso.paypalcorp.com/idp/FrkofvQ1r3/resumeSAML20/idp/ 		7 KB
8 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://sso.paypalcorp.com/idp/FrkofvQ1r3/resumeSAML20/idp/SSO.ping
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
107.162.159.88 , United States, ASN55002 (DEFENSE-NET, US),
Reverse DNS
Software
/
Resource Hash
5a65eda36768e3920b19e0f0fdc959b2ce546b3ce914333110634acc9fdc05cc
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Referer
https://sso.paypalcorp.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Cache-Control
no-cache, no-store
Content-Length
7077
Content-Type
text/html;charset=utf-8
Date
Fri, 04 Nov 2022 02:40:42 GMT
Expires
Thu, 01 Jan 1970 00:00:00 GMT
Pragma
no-cache
Referrer-Policy
origin
Strict-Transport-Security
max-age=31536000
Via
1.1 fra1-bit12043
layout.css
sso.paypalcorp.com/assets/css/ 		1 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://sso.paypalcorp.com/assets/css/layout.css
Requested by
Host: sso.paypalcorp.com
URL: https://sso.paypalcorp.com/idp/FrkofvQ1r3/resumeSAML20/idp/SSO.ping
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
107.162.159.88 , United States, ASN55002 (DEFENSE-NET, US),
Reverse DNS
Software
/
Resource Hash
40bf9eda16c493020efb401c99271261a3f9b2beb12623e0b98fb7846ec6fa39
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://sso.paypalcorp.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

Date
Fri, 04 Nov 2022 02:40:42 GMT
Strict-Transport-Security
max-age=31536000
Referrer-Policy
origin
Last-Modified
Thu, 01 Sep 2022 23:18:19 GMT
Via
1.1 fra1-bit12043
Content-Type
text/css
Cache-Control
max-age=0, must-revalidate
Content-Length
1250
ebaystyle.css
sso.paypalcorp.com/assets/css/ 		3 KB
4 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://sso.paypalcorp.com/assets/css/ebaystyle.css
Requested by
Host: sso.paypalcorp.com
URL: https://sso.paypalcorp.com/idp/FrkofvQ1r3/resumeSAML20/idp/SSO.ping
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
107.162.159.88 , United States, ASN55002 (DEFENSE-NET, US),
Reverse DNS
Software
/
Resource Hash
8ff5837b594f7bf62706dbbfe16141d8def1ecaf16da40ded65e36534fcf4966
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://sso.paypalcorp.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

Date
Fri, 04 Nov 2022 02:40:43 GMT
Strict-Transport-Security
max-age=31536000
Referrer-Policy
origin
Last-Modified
Thu, 01 Sep 2022 23:18:19 GMT
Via
1.1 fra1-bit12043
Content-Type
text/css
Cache-Control
max-age=0, must-revalidate
Content-Length
3119
paypal_logo.png
sso.paypalcorp.com/assets/images/ 		9 KB
9 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sso.paypalcorp.com/assets/images/paypal_logo.png
Requested by
Host: sso.paypalcorp.com
URL: https://sso.paypalcorp.com/idp/FrkofvQ1r3/resumeSAML20/idp/SSO.ping
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
107.162.159.88 , United States, ASN55002 (DEFENSE-NET, US),
Reverse DNS
Software
/
Resource Hash
8fa1a9066e9159e38cbea27df7cefabd1db811dc594eee603d7f59f45827975f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://sso.paypalcorp.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

Date
Fri, 04 Nov 2022 02:40:43 GMT
Strict-Transport-Security
max-age=31536000
Referrer-Policy
origin
Last-Modified
Thu, 01 Sep 2022 23:18:19 GMT
Via
1.1 fra1-bit12043
Content-Type
image/png
Cache-Control
max-age=0, must-revalidate
Content-Length
8746

Verdicts & Comments Add Verdict or Comment

21 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onbeforeinput object| oncontextlost object| oncontextrestored function| structuredClone object| launchQueue object| onbeforematch function| getScreenDetails function| queryLocalFonts object| navigation function| postOk function| postCancel function| postOnReturn function| setFocus function| showDefaultUsername function| trimUsername function| cleanUsername function| setMobile function| getScreenWidth object| bodyTag number| width function| cleanPassword

8 Cookies

Domain/Path Name / Value
goto.my.salesforce.com/ Name: CookieConsentPolicy
Value: 0:1
goto.my.salesforce.com/ Name: LSKey-c$CookieConsentPolicy
Value: 0:1
.salesforce.com/ Name: BrowserId
Value: Ej7k71vqEe2BWwVMQ7qLXQ
.salesforce.com/ Name: BrowserId_sec
Value: Ej7k71vqEe2BWwVMQ7qLXQ
sso.paypalcorp.com/ Name: pfbrowserid
Value: 3fOud6vqCnCEr9F1rYvc
sso.paypalcorp.com/ Name: pp-ssoprod-stickyw
Value: 3052854794.47873.0000
sso.paypalcorp.com/ Name: PF
Value: 0hHAymUddbClhfuD0Xg8ckTqNLsME5aIaTHfRJ6UUZ4R
sso.paypalcorp.com/ Name: TS01b10454
Value: 01c23221cbb05a6984abedbc0db00e5b6d92fb8a05db95406dbd176a34c8b50ceb9e0787f75c0814b0a969e2b6db5bdd56e086b77f51733e9d87bc5c0c43b34398f61500ee0a753c5953b83c4eed11ea1b1110fa866d1881f9150fef0eff99afa111b0d51e

2 Console Messages

Source Level URL
Text
network error URL: https://sso.paypalcorp.com/idp/FrkofvQ1r3/resumeSAML20/idp/SSO.ping
Message:
Failed to load resource: the server responded with a status of 401 (Unauthorized)
network error URL: https://sso.paypalcorp.com/idp/FrkofvQ1r3/resumeSAML20/idp/SSO.ping
Message:
Failed to load resource: the server responded with a status of 401 (Unauthorized)

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block