view.emails.paypal.com Open in urlscan Pro
13.110.203.71 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://view.emails.paypal.com/?qs=723049337a4f0e26896888d92dbd4406bd052ffee8956e9e7a485896e4d659ff9e265388e45d4b34399be55d27fa...
Submission: On September 29 via api (September 29th 2022, 10:24:06 pm UTC) from CA — Scanned from CA

Summary HTTP 8 Redirects Links 3 Behaviour Indicators

Summary

This website contacted 5 IPs in 1 countries across 4 domains to perform 8 HTTP transactions. The main IP is 13.110.203.71, located in United States and belongs to SALESFORCE, US. The main domain is view.emails.paypal.com.
TLS certificate: Issued by DigiCert TLS RSA SHA256 2020 CA1 on September 21st 2022. Valid for: a year.

This is the only time view.emails.paypal.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1	13.110.203.71 13.110.203.71	14340 (SALESFORCE) (SALESFORCE)
1	13.110.199.75 13.110.199.75	14340 (SALESFORCE) (SALESFORCE)
3	2600:9000:20e... 2600:9000:20ed:5a00:12:94b3:c380:93a1	16509 (AMAZON-02) (AMAZON-02)
1	18.210.55.148 18.210.55.148	14618 (AMAZON-AES) (AMAZON-AES)
2	151.101.2.133 151.101.2.133	54113 (FASTLY) (FASTLY)
8	5

1 13.110.203.71 (United States)

ASN14340 (SALESFORCE, US)
PTR: view.emails.paypal.com

view.emails.paypal.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.110.199.75 (United States)

ASN14340 (SALESFORCE, US)
PTR: click.emails.paypal.com

click.emails.paypal.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2600:9000:20ed:5a00:12:94b3:c380:93a1 (United States)

ASN16509 (AMAZON-02, US)

images.ctfassets.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.210.55.148 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-18-210-55-148.compute-1.amazonaws.com

pixel.app.returnpath.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 151.101.2.133 (United States)

ASN54113 (FASTLY, US)

www.paypalobjects.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
3	ctfassets.net images.ctfassets.net — Cisco Umbrella Rank: 3867	9 KB
2	paypalobjects.com www.paypalobjects.com — Cisco Umbrella Rank: 2301	96 KB
2	paypal.com view.emails.paypal.com click.emails.paypal.com — Cisco Umbrella Rank: 62382	33 KB
1	returnpath.net pixel.app.returnpath.net — Cisco Umbrella Rank: 10734
8	4

	Domain	Requested by
3	images.ctfassets.net	view.emails.paypal.com
2	www.paypalobjects.com	view.emails.paypal.com
1	pixel.app.returnpath.net	view.emails.paypal.com
1	click.emails.paypal.com	view.emails.paypal.com
1	view.emails.paypal.com
8	5

This site contains links to these domains. Also see Links.

Domain
click.emails.paypal.com

Subject Issuer	Validity	Valid
view.emails.paypal.com DigiCert TLS RSA SHA256 2020 CA1	`2022-09-21` - `2023-10-22`	a year	crt.sh
click.emails.paypal.com DigiCert TLS RSA SHA256 2020 CA1	`2022-09-21` - `2023-10-22`	a year	crt.sh
images.ctfassets.net Amazon	`2022-02-17` - `2023-03-18`	a year	crt.sh
*.app.returnpath.net Amazon	`2022-01-21` - `2023-02-19`	a year	crt.sh
www.paypal.com DigiCert SHA2 Extended Validation Server CA	`2022-04-12` - `2023-04-12`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://view.emails.paypal.com/?qs=723049337a4f0e26896888d92dbd4406bd052ffee8956e9e7a485896e4d659ff9e265388e45d4b34399be55d27fa0c0db45086a8ec982330e93a1e674faf465bb8058ed9013c22fbe120d5c3afd5f33d
Frame ID: A74699BEA6A6E843909994806742C5A1
Requests: 8 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

PayPal

Detected technologies

PayPal (Payment Processors) Expand

Overall confidence: 100%
Detected patterns

paypalobjects\.com

Page Statistics

8
Requests

100 %
HTTPS

20 %
IPv6

4
Domains

5
Subdomains

5
IPs

1
Countries

138 kB
Transfer

136 kB
Size

0
Cookies

3 Outgoing links

These are links going to different origins than the main page.

URL: https://click.emails.paypal.com/?qs=a60da3099068ff2e50086f86cfe84d65458fc14271bba7dbaefcb35bb45bbecc31ec120197216ec00f82391669f5f24d61857ab6aed243838d0fcdbc6334db4c

Search URL Search Domain Scan URL

URL: https://click.emails.paypal.com/?qs=a60da3099068ff2e883f68ac1c42164c5c6d9491055c94e8829bafe69a4980fadcd52ac42d77205b8974be8ed0b1e0eaa9bc9d7872deb50ac039a112ab55077e
Title: Policy Updates page

Search URL Search Domain Scan URL

URL: https://click.emails.paypal.com/?qs=e1b0b3c42c42044789de998ab8c1b3ba02169664f32d7419945358e28e16984e78ed3509f21a02ce5a4bcd096aa05590216343beaba13982ff82831691ca16ad
Title: get in touch

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

8 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request / Show response
view.emails.paypal.com/ 33 KB
33 KB 230ms
121ms Document
text/html 13.110.203.71
SALESFORCE

General

Check archive.org

Show headers Download Go to

Full URL: https://view.emails.paypal.com/?qs=723049337a4f0e26896888d92dbd4406bd052ffee8956e9e7a485896e4d659ff9e265388e45d4b34399be55d27fa0c0db45086a8ec982330e93a1e674faf465bb8058ed9013c22fbe120d5c3afd5f33d
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 13.110.203.71 , United States, ASN14340 (SALESFORCE, US),
Reverse DNS: view.emails.paypal.com
Software: /
Resource Hash: b90781c7be1ef6d4bd5a5f73fad51c0f97793bc6a53ff663053e0185ee45bcf2

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

Cache-Control: private
Connection: close
Content-Length: 33340
Content-Type: text/html; charset=utf-8
Date: Thu, 29 Sep 2022 22:24:01 GMT

GET
H/1.1 200
OK open.aspx
click.emails.paypal.com/ 43 B
199 B 150ms
42ms Image
image/gif 13.110.199.75
SALESFORCE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://click.emails.paypal.com/open.aspx?ffcb10-fef21073716d0d-fe2217727361027a701374-fe3611727364047f721671-ffc912-fe2210737c6405747c1777-ff2d1171716c&d=120006&bmt=0
Requested by: Host: view.emails.paypal.com
URL: https://view.emails.paypal.com/?qs=723049337a4f0e26896888d92dbd4406bd052ffee8956e9e7a485896e4d659ff9e265388e45d4b34399be55d27fa0c0db45086a8ec982330e93a1e674faf465bb8058ed9013c22fbe120d5c3afd5f33d
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 13.110.199.75 , United States, ASN14340 (SALESFORCE, US),
Reverse DNS: click.emails.paypal.com
Software: /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: en-CA,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

Date: Thu, 29 Sep 2022 22:24:01 GMT
Cache-Control: no-cache; max-age=0
Connection: close
Content-Length: 43
Content-Type: image/gif

GET
H2 200 PayPal_logo_blue.png
images.ctfassets.net/7rifqg28wcbd/52UVBwiCFFmTktrlmJYRAr/3adedd4218c0ccb648245e74761fb336/ 5 KB
6 KB 142ms
34ms Image
image/png 2600:9000:20ed:5a00:12:94b3:c380:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.ctfassets.net/7rifqg28wcbd/52UVBwiCFFmTktrlmJYRAr/3adedd4218c0ccb648245e74761fb336/PayPal_logo_blue.png
Requested by: Host: view.emails.paypal.com
URL: https://view.emails.paypal.com/?qs=723049337a4f0e26896888d92dbd4406bd052ffee8956e9e7a485896e4d659ff9e265388e45d4b34399be55d27fa0c0db45086a8ec982330e93a1e674faf465bb8058ed9013c22fbe120d5c3afd5f33d
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:20ed:5a00:12:94b3:c380:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: Contentful Images API /
Resource Hash: 96a6c012d122b61f9009756b4092b984fe9e33286c7deed6eb7b2a173035313a

Request headers

accept-language: en-CA,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date: Thu, 29 Sep 2022 12:01:51 GMT
via: 1.1 9a4c760031a0dcc526cc9dcd0d0940ea.cloudfront.net (CloudFront)
last-modified: Mon, 12 Oct 2020 10:48:01 GMT
server: Contentful Images API
x-amz-cf-pop: PHL50-C1
age: 37332
etag: "467da77f9fc09880d929dadead17ab87"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=31536000
content-length: 5625
x-amz-cf-id: UWr-Ic46ZzfXaGbMIsdWkhgICldN_mrFR3NLY87b_I-9HHoFmi27CQ==

GET
H2 200 headergrad_onwhite.jpg
images.ctfassets.net/7rifqg28wcbd/1tFsF7cjjNpwaLC3AKwtu7/3709b2fab644d1c377323faf87f300f9/ 1 KB
2 KB 143ms
35ms Image
image/jpeg 2600:9000:20ed:5a00:12:94b3:c380:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.ctfassets.net/7rifqg28wcbd/1tFsF7cjjNpwaLC3AKwtu7/3709b2fab644d1c377323faf87f300f9/headergrad_onwhite.jpg
Requested by: Host: view.emails.paypal.com
URL: https://view.emails.paypal.com/?qs=723049337a4f0e26896888d92dbd4406bd052ffee8956e9e7a485896e4d659ff9e265388e45d4b34399be55d27fa0c0db45086a8ec982330e93a1e674faf465bb8058ed9013c22fbe120d5c3afd5f33d
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:20ed:5a00:12:94b3:c380:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: Contentful Images API /
Resource Hash: 35f062a41a05f7c303a45a27451bc038588515374fb7079ecfdb5d960943271c

Request headers

accept-language: en-CA,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date: Thu, 29 Sep 2022 15:50:17 GMT
via: 1.1 9a4c760031a0dcc526cc9dcd0d0940ea.cloudfront.net (CloudFront)
last-modified: Mon, 12 Oct 2020 10:53:10 GMT
server: Contentful Images API
x-amz-cf-pop: PHL50-C1
age: 23635
etag: "44e7cb43eea9db0af392380f78ef0d56"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=31536000
content-length: 1311
x-amz-cf-id: 82eAHLxWa0lVxCE-ucSiTdyxa-WLLPFM_ODQ5uDlvtJmPDvWPVix_g==

GET
H2 200 spacer.gif
images.ctfassets.net/7rifqg28wcbd/6Xa3RLs8deEywtgXmAo9JV/61b1ee3576f0473ea04f86166fc8f4b1/ 1 KB
2 KB 142ms
35ms Image
image/gif 2600:9000:20ed:5a00:12:94b3:c380:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.ctfassets.net/7rifqg28wcbd/6Xa3RLs8deEywtgXmAo9JV/61b1ee3576f0473ea04f86166fc8f4b1/spacer.gif
Requested by: Host: view.emails.paypal.com
URL: https://view.emails.paypal.com/?qs=723049337a4f0e26896888d92dbd4406bd052ffee8956e9e7a485896e4d659ff9e265388e45d4b34399be55d27fa0c0db45086a8ec982330e93a1e674faf465bb8058ed9013c22fbe120d5c3afd5f33d
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:20ed:5a00:12:94b3:c380:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: Contentful Images API /
Resource Hash: dea668f585bdc0e57147e8425862f42ec31188b27225c6ae8619e6bc80d409c8

Request headers

accept-language: en-CA,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date: Thu, 29 Sep 2022 12:00:54 GMT
via: 1.1 9a4c760031a0dcc526cc9dcd0d0940ea.cloudfront.net (CloudFront)
last-modified: Wed, 07 Oct 2020 12:11:41 GMT
server: Contentful Images API
x-amz-cf-pop: PHL50-C1
age: 37389
etag: "4ef026add9b038543403d95af9a52c77"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: image/gif
access-control-allow-origin: *
cache-control: max-age=31536000
content-length: 1183
x-amz-cf-id: gJ0XNb6s6bOoQyLUxhoWw-oCFFaYkyDn9ryJ8VNbBWRBrd5d6ioWuA==

GET
H2 200 pixel.gif
pixel.app.returnpath.net/ 22 B
0 87ms
25ms Image
image/gif 18.210.55.148
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pixel.app.returnpath.net/pixel.gif?r=2f6be46d47e11b222de691bd456fc58eb37b72dd

Requested by

Host: view.emails.paypal.com
URL: https://view.emails.paypal.com/?qs=723049337a4f0e26896888d92dbd4406bd052ffee8956e9e7a485896e4d659ff9e265388e45d4b34399be55d27fa0c0db45086a8ec982330e93a1e674faf465bb8058ed9013c22fbe120d5c3afd5f33d

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

18.210.55.148 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-18-210-55-148.compute-1.amazonaws.com

Software

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 29 Sep 2022 22:24:02 GMT
cache-control: no-store, no-cache, must-revalidate
x-content-type-options: nosniff
content-type: image/gif

GET
H2 200 PayPalSansBig-Regular.woff
www.paypalobjects.com/webstatic/mktg/2014design/font/PP-Sans/ 49 KB
49 KB 56ms
13ms Font
font/woff 151.101.2.133
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.paypalobjects.com/webstatic/mktg/2014design/font/PP-Sans/PayPalSansBig-Regular.woff

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.2.133 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

4d5c29e41277f543455e865a69634f17a2846fd001553890d5801379df3a7c47

Security Headers

Name	Value
Strict-Transport-Security	max-age=31557600
X-Content-Type-Options	nosniff

Request headers

Referer: https://view.emails.paypal.com/
Origin: https://view.emails.paypal.com
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date: Thu, 29 Sep 2022 22:24:02 GMT
via: 1.1 varnish, 1.1 varnish
x-content-type-options: nosniff
strict-transport-security: max-age=31557600
x-cache: HIT, HIT
paypal-debug-id: e5fe70db9e689
dc: phx-origin-www-3.paypal.com
content-length: 50031
x-served-by: cache-sjc10045-SJC, cache-yul12822-YUL
last-modified: Wed, 30 Sep 2015 05:09:04 GMT
x-timer: S1664490242.029659,VS0,VE0
etag: "560b6e70-c36f"
content-type: font/woff
access-control-allow-origin: *
cache-control: public,max-age=3600
accept-ranges: bytes
x-cache-hits: 19499, 18

GET
H2 200 PayPalSansSmall-Regular.woff
www.paypalobjects.com/webstatic/mktg/2014design/font/PP-Sans/ 46 KB
46 KB 59ms
16ms Font
font/woff 151.101.2.133
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.paypalobjects.com/webstatic/mktg/2014design/font/PP-Sans/PayPalSansSmall-Regular.woff

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.2.133 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

ae79dcc3eb016922caa1d095cfd936446bc65a46bb3364b242dfc556f7e3c6a8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31557600
X-Content-Type-Options	nosniff

Request headers

Referer: https://view.emails.paypal.com/
Origin: https://view.emails.paypal.com
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date: Thu, 29 Sep 2022 22:24:02 GMT
via: 1.1 varnish, 1.1 varnish
x-content-type-options: nosniff
strict-transport-security: max-age=31557600
x-cache: HIT, HIT
paypal-debug-id: dc9f7adddf8b6
dc: ccg11-origin-www-1.paypal.com
content-length: 47339
x-served-by: cache-sjc10059-SJC, cache-yul12822-YUL
last-modified: Wed, 30 Sep 2015 05:09:04 GMT
x-timer: S1664490242.029641,VS0,VE0
etag: "560b6e70-b8eb"
content-type: font/woff
access-control-allow-origin: *
cache-control: public,max-age=3600
accept-ranges: bytes
x-cache-hits: 79, 11909

Verdicts & Comments Add Verdict or Comment

9 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

click.emails.paypal.com
images.ctfassets.net
pixel.app.returnpath.net
view.emails.paypal.com
www.paypalobjects.com
13.110.199.75
13.110.203.71
151.101.2.133
18.210.55.148
2600:9000:20ed:5a00:12:94b3:c380:93a1
35f062a41a05f7c303a45a27451bc038588515374fb7079ecfdb5d960943271c
4d5c29e41277f543455e865a69634f17a2846fd001553890d5801379df3a7c47
96a6c012d122b61f9009756b4092b984fe9e33286c7deed6eb7b2a173035313a
ae79dcc3eb016922caa1d095cfd936446bc65a46bb3364b242dfc556f7e3c6a8
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b90781c7be1ef6d4bd5a5f73fad51c0f97793bc6a53ff663053e0185ee45bcf2
dea668f585bdc0e57147e8425862f42ec31188b27225c6ae8619e6bc80d409c8

view.emails.paypal.com Open in urlscan Pro 13.110.203.71 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

8 Requests

100 %HTTPS

20 %IPv6

4 Domains

5 Subdomains

5 IPs

1 Countries

138 kBTransfer

136 kBSize

0 Cookies

3 Outgoing links

Redirected requests

8 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

9 JavaScript Global Variables

0 Cookies

Indicators

view.emails.paypal.com Open in urlscan Pro
13.110.203.71 Public Scan

Screenshot
Live screenshot

Full Image

8
Requests

100 %
HTTPS

20 %
IPv6

4
Domains

5
Subdomains

5
IPs

1
Countries

138 kB
Transfer

136 kB
Size

0
Cookies

8 HTTP transactions
0 data transactions