sso.paypalcorp.com
Open in
urlscan Pro
107.162.159.88
Public Scan
Effective URL: https://sso.paypalcorp.com/idp/FrkofvQ1r3/resumeSAML20/idp/SSO.ping
Submission Tags: falconsandbox
Submission: On November 04 via api from US — Scanned from DE
Summary
TLS certificate: Issued by DigiCert SHA2 High Assurance Server CA on May 13th 2022. Valid for: a year.
This is the only time sso.paypalcorp.com was scanned on urlscan.io!
urlscan.io Verdict: No classification
Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
2 | 13.110.9.189 13.110.9.189 | 14340 (SALESFORCE) (SALESFORCE) | |
1 6 | 107.162.159.88 107.162.159.88 | 55002 (DEFENSE-NET) (DEFENSE-NET) | |
7 | 2 |
ASN14340 (SALESFORCE, US)
PTR: dcl4-ncg0-iad3.na91-ia2.my.salesforce.com
goto.my.salesforce.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
6 |
paypalcorp.com
1 redirects
sso.paypalcorp.com |
25 KB |
2 |
salesforce.com
goto.my.salesforce.com — Cisco Umbrella Rank: 959296 |
6 KB |
7 | 2 |
Domain | Requested by | |
---|---|---|
6 | sso.paypalcorp.com |
1 redirects
sso.paypalcorp.com
|
2 | goto.my.salesforce.com |
goto.my.salesforce.com
|
7 | 2 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
*.my.salesforce.com DigiCert TLS RSA SHA256 2020 CA1 |
2022-05-19 - 2023-05-17 |
a year | crt.sh |
sso.paypalcorp.com DigiCert SHA2 High Assurance Server CA |
2022-05-13 - 2023-06-04 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://sso.paypalcorp.com/idp/FrkofvQ1r3/resumeSAML20/idp/SSO.ping
Frame ID: F298D69E7CB98922B5C2628552F965E5
Requests: 7 HTTP requests in this frame
Screenshot
Page Title
Sign OnPage URL History Show full URLs
- https://goto.my.salesforce.com/5002E000021sikM Page URL
- https://goto.my.salesforce.com/saml/authn-request.jsp?saml_request_id=_2CAAAAYTQtRo3MDAwMDAwMDAwMDAwMDAwAAA... Page URL
-
https://sso.paypalcorp.com/idp/SSO.saml2
HTTP 302
https://sso.paypalcorp.com/idp/FrkofvQ1r3/resumeSAML20/idp/SSO.ping Page URL
- https://sso.paypalcorp.com/idp/FrkofvQ1r3/resumeSAML20/idp/SSO.ping Page URL
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
- https://goto.my.salesforce.com/5002E000021sikM Page URL
- https://goto.my.salesforce.com/saml/authn-request.jsp?saml_request_id=_2CAAAAYTQtRo3MDAwMDAwMDAwMDAwMDAwAAAA8H2imvR40CXiEQLMAFvja5Y0oFZXhhQqZDyGHcjM5foKqWrO3sa6EzqzI9Jbk907vc4D4yUxY2WUAHOnKBKS_LGTCez43ZLo2zR4azn8IZ5nt8xStlQvhRXTyXT6jYiqvtfZZ5w2eA2-YkR3A9y68LPP9qttOvP-ofr4gjMPduPRW84czVaL17qrXAFFy2o0tRnM34jD5md_w__LTIt8EzjDxl8_WKsjX2CuYJ1rFKbs1b0sAYo0zfvTwLW7pgkdLw&saml_acs=https%3A%2F%2Fgoto.my.salesforce.com%3Fso%3D00D300000000LaY%26sc%3D0LE80000000TN2w&saml_binding_type=HttpPost&Issuer=https%3A%2F%2Fgoto.my.salesforce.com&samlSsoConfig=0LE80000000TN2w&RelayState=%2F5002E000021sikM Page URL
-
https://sso.paypalcorp.com/idp/SSO.saml2
HTTP 302
https://sso.paypalcorp.com/idp/FrkofvQ1r3/resumeSAML20/idp/SSO.ping Page URL
- https://sso.paypalcorp.com/idp/FrkofvQ1r3/resumeSAML20/idp/SSO.ping Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 2- https://sso.paypalcorp.com/idp/SSO.saml2 HTTP 302
- https://sso.paypalcorp.com/idp/FrkofvQ1r3/resumeSAML20/idp/SSO.ping
7 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
5002E000021sikM
goto.my.salesforce.com/ |
2 KB 2 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
authn-request.jsp
goto.my.salesforce.com/saml/ |
6 KB 4 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
SSO.ping
sso.paypalcorp.com/idp/FrkofvQ1r3/resumeSAML20/idp/ Redirect Chain
|
316 B 1 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Primary Request
SSO.ping
sso.paypalcorp.com/idp/FrkofvQ1r3/resumeSAML20/idp/ |
7 KB 8 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
layout.css
sso.paypalcorp.com/assets/css/ |
1 KB 2 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
ebaystyle.css
sso.paypalcorp.com/assets/css/ |
3 KB 4 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
paypal_logo.png
sso.paypalcorp.com/assets/images/ |
9 KB 9 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
21 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onbeforeinput object| oncontextlost object| oncontextrestored function| structuredClone object| launchQueue object| onbeforematch function| getScreenDetails function| queryLocalFonts object| navigation function| postOk function| postCancel function| postOnReturn function| setFocus function| showDefaultUsername function| trimUsername function| cleanUsername function| setMobile function| getScreenWidth object| bodyTag number| width function| cleanPassword8 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
goto.my.salesforce.com/ | Name: CookieConsentPolicy Value: 0:1 |
|
goto.my.salesforce.com/ | Name: LSKey-c$CookieConsentPolicy Value: 0:1 |
|
.salesforce.com/ | Name: BrowserId Value: Ej7k71vqEe2BWwVMQ7qLXQ |
|
.salesforce.com/ | Name: BrowserId_sec Value: Ej7k71vqEe2BWwVMQ7qLXQ |
|
sso.paypalcorp.com/ | Name: pfbrowserid Value: 3fOud6vqCnCEr9F1rYvc |
|
sso.paypalcorp.com/ | Name: pp-ssoprod-stickyw Value: 3052854794.47873.0000 |
|
sso.paypalcorp.com/ | Name: PF Value: 0hHAymUddbClhfuD0Xg8ckTqNLsME5aIaTHfRJ6UUZ4R |
|
sso.paypalcorp.com/ | Name: TS01b10454 Value: 01c23221cbb05a6984abedbc0db00e5b6d92fb8a05db95406dbd176a34c8b50ceb9e0787f75c0814b0a969e2b6db5bdd56e086b77f51733e9d87bc5c0c43b34398f61500ee0a753c5953b83c4eed11ea1b1110fa866d1881f9150fef0eff99afa111b0d51e |
2 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
Content-Security-Policy | upgrade-insecure-requests |
Strict-Transport-Security | max-age=63072000; includeSubDomains |
X-Content-Type-Options | nosniff |
X-Xss-Protection | 1; mode=block |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
goto.my.salesforce.com
sso.paypalcorp.com
107.162.159.88
13.110.9.189
0f6ba6975dd5e7473112ee34412d7d44dce1aefdefc9eff0363c19112f44c23e
40bf9eda16c493020efb401c99271261a3f9b2beb12623e0b98fb7846ec6fa39
493d04e44c370ecf8f591b6cab9a973f6d886c461fa2910f4682efd782d1cb6d
5a65eda36768e3920b19e0f0fdc959b2ce546b3ce914333110634acc9fdc05cc
8fa1a9066e9159e38cbea27df7cefabd1db811dc594eee603d7f59f45827975f
8ff5837b594f7bf62706dbbfe16141d8def1ecaf16da40ded65e36534fcf4966