urlscan.io logo urlscan.io
SecurityTrails logo

manager.paypal.com Open in urlscan Pro
173.0.93.135  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://manager.paypal.com/
Effective URL: https://manager.paypal.com/
Submission: On December 12 via api from CA — Scanned from CA
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 1 IPs in 1 countries across 1 domains to perform 13 HTTP transactions. The main IP is 173.0.93.135, located in United States and belongs to PAYPAL, US. The main domain is manager.paypal.com. The Cisco Umbrella rank of the primary domain is 361632.
TLS certificate: Issued by DigiCert SHA2 High Assurance Server CA on January 20th 2023. Valid for: a year.
This is the only time manager.paypal.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 14 173.0.93.135 17012 (PAYPAL)
13 1
Apex Domain
Subdomains		 Transfer
14 paypal.com
manager.paypal.com — Cisco Umbrella Rank: 361632
44 KB
13 1
Domain Requested by
14 manager.paypal.com 1 redirects manager.paypal.com
13 1

This site contains links to these domains. Also see Links.

Domain
www.paypal.com
Subject Issuer Validity Valid
active-www.paypal.com
DigiCert SHA2 High Assurance Server CA		 2023-01-20 -
2024-02-20		 a year crt.sh

This page contains 1 frames:

Primary Page: https://manager.paypal.com/
Frame ID: 181CBFD7D7406C46A1FFF69CBFF8128B
Requests: 13 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

PayPal Manager

Page URL History Show full URLs

  1. http://manager.paypal.com/ HTTP 302
    https://manager.paypal.com/ Page URL

Page Statistics

13
Requests

100 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

44 kB
Transfer

160 kB
Size

4
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://manager.paypal.com/ HTTP 302
    https://manager.paypal.com/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

13 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
manager.paypal.com/
Redirect Chain
  • http://manager.paypal.com/
  • https://manager.paypal.com/
77 KB
12 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://manager.paypal.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
173.0.93.135 , United States, ASN17012 (PAYPAL, US),
Reverse DNS
partnermanager.paypal.com
Software
nginx /
Resource Hash
b98f186bc14edb3d4f69a9de9581b014c823838fcf0ed8ec4242a93958882279
Security Headers
Name Value
Content-Security-Policy default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com; script-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline' 'unsafe-eval'; connect-src 'self' https://*.paypal.com https://*.paypalobjects.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; img-src 'self' https: data:;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36
accept-language
en-CA,en;q=0.9

Response headers

cache-control
max-age=0, no-cache, no-store, must-revalidate
content-encoding
gzip
content-security-policy
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com; script-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline' 'unsafe-eval'; connect-src 'self' https://*.paypal.com https://*.paypalobjects.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; img-src 'self' https: data:;
content-type
text/html; charset=UTF-8
date
Tue, 12 Dec 2023 20:21:34 GMT
dc
phx-origin-www-1.paypal.com
expires
Thu, 01 Jan 1970 00:00:00 GMT
paypal-debug-id
73eea127c66bf
pragma
no-cache
server
nginx
strict-transport-security
max-age=31536000; includeSubDomains
traceparent
00-000000000000000000073eea127c66bf-32c42f753e2257e1-01
vary
Accept-Encoding Accept-Encoding
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN
x-xss-protection
1; mode=block

Redirect headers

Connection
keep-alive
Content-Length
161
Content-Type
text/html
Location
https://manager.paypal.com/
menu.css
manager.paypal.com/stylesheet/ 		2 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://manager.paypal.com/stylesheet/menu.css
Requested by
Host: manager.paypal.com
URL: https://manager.paypal.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
173.0.93.135 , United States, ASN17012 (PAYPAL, US),
Reverse DNS
partnermanager.paypal.com
Software
nginx /
Resource Hash
638aa3604af6133941aa489e3973e02a4f1d936488f31090251722052b69c307
Security Headers
Name Value
Content-Security-Policy default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com; script-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline' 'unsafe-eval'; connect-src 'self' https://*.paypal.com https://*.paypalobjects.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; img-src 'self' https: data:;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://manager.paypal.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date
Tue, 12 Dec 2023 20:21:34 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com; script-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline' 'unsafe-eval'; connect-src 'self' https://*.paypal.com https://*.paypalobjects.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; img-src 'self' https: data:;
strict-transport-security
max-age=31536000; includeSubDomains
paypal-debug-id
00c9397d55f9b
dc
phx-origin-www-1.paypal.com
x-xss-protection
1; mode=block
last-modified
Thu, 02 Nov 2023 04:05:08 GMT
server
nginx
traceparent
00-000000000000000000000c9397d55f9b-5f461d75131ebcae-01
vary
Accept-Encoding, Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
text/css
cache-control
max-age=0, no-cache, no-store, must-revalidate
accept-ranges
bytes
secondNav.css
manager.paypal.com/stylesheet/ 		3 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://manager.paypal.com/stylesheet/secondNav.css
Requested by
Host: manager.paypal.com
URL: https://manager.paypal.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
173.0.93.135 , United States, ASN17012 (PAYPAL, US),
Reverse DNS
partnermanager.paypal.com
Software
nginx /
Resource Hash
73a3629bb744a6deb6bbcf90ef65d2e800ebede06f9490ab319c20b06ca900af
Security Headers
Name Value
Content-Security-Policy default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com; script-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline' 'unsafe-eval'; connect-src 'self' https://*.paypal.com https://*.paypalobjects.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; img-src 'self' https: data:;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://manager.paypal.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date
Tue, 12 Dec 2023 20:21:34 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com; script-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline' 'unsafe-eval'; connect-src 'self' https://*.paypal.com https://*.paypalobjects.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; img-src 'self' https: data:;
strict-transport-security
max-age=31536000; includeSubDomains
paypal-debug-id
813ddd1463587
dc
phx-origin-www-1.paypal.com
x-xss-protection
1; mode=block
last-modified
Mon, 06 Nov 2023 09:08:54 GMT
server
nginx
traceparent
00-0000000000000000000813ddd1463587-e56fb4f289ac183a-01
vary
Accept-Encoding, Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
text/css
cache-control
max-age=0, no-cache, no-store, must-revalidate
accept-ranges
bytes
thirdNav.css
manager.paypal.com/stylesheet/ 		3 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://manager.paypal.com/stylesheet/thirdNav.css
Requested by
Host: manager.paypal.com
URL: https://manager.paypal.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
173.0.93.135 , United States, ASN17012 (PAYPAL, US),
Reverse DNS
partnermanager.paypal.com
Software
nginx /
Resource Hash
863aadda472b2d4c641a01612f75967b010f142b86ed6adbf08f6c37e70ee03c
Security Headers
Name Value
Content-Security-Policy default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com; script-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline' 'unsafe-eval'; connect-src 'self' https://*.paypal.com https://*.paypalobjects.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; img-src 'self' https: data:;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://manager.paypal.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date
Tue, 12 Dec 2023 20:21:34 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com; script-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline' 'unsafe-eval'; connect-src 'self' https://*.paypal.com https://*.paypalobjects.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; img-src 'self' https: data:;
strict-transport-security
max-age=31536000; includeSubDomains
paypal-debug-id
dedf269f5660d
dc
phx-origin-www-1.paypal.com
x-xss-protection
1; mode=block
last-modified
Mon, 06 Nov 2023 09:08:54 GMT
server
nginx
traceparent
00-0000000000000000000dedf269f5660d-03b1c03186d755f5-01
vary
Accept-Encoding, Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
text/css
cache-control
max-age=0, no-cache, no-store, must-revalidate
accept-ranges
bytes
bodyContent.css
manager.paypal.com/stylesheet/ 		27 KB
8 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://manager.paypal.com/stylesheet/bodyContent.css
Requested by
Host: manager.paypal.com
URL: https://manager.paypal.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
173.0.93.135 , United States, ASN17012 (PAYPAL, US),
Reverse DNS
partnermanager.paypal.com
Software
nginx /
Resource Hash
08931bda2cc33d1cdcfb35ae0d58b9480e8d913fc6a2b3b483385c47ef9e9850
Security Headers
Name Value
Content-Security-Policy default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com; script-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline' 'unsafe-eval'; connect-src 'self' https://*.paypal.com https://*.paypalobjects.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; img-src 'self' https: data:;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://manager.paypal.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date
Tue, 12 Dec 2023 20:21:34 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com; script-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline' 'unsafe-eval'; connect-src 'self' https://*.paypal.com https://*.paypalobjects.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; img-src 'self' https: data:;
strict-transport-security
max-age=31536000; includeSubDomains
paypal-debug-id
0431311f6828e
dc
phx-origin-www-1.paypal.com
x-xss-protection
1; mode=block
last-modified
Mon, 06 Nov 2023 09:08:54 GMT
server
nginx
traceparent
00-00000000000000000000431311f6828e-10f39dd86e750d10-01
vary
Accept-Encoding, Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
text/css
cache-control
max-age=0, no-cache, no-store, must-revalidate
accept-ranges
bytes
banner.css
manager.paypal.com/stylesheet/ 		1 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://manager.paypal.com/stylesheet/banner.css
Requested by
Host: manager.paypal.com
URL: https://manager.paypal.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
173.0.93.135 , United States, ASN17012 (PAYPAL, US),
Reverse DNS
partnermanager.paypal.com
Software
nginx /
Resource Hash
3fdee0ce6b98df62c4d2bfd8eb778709538e6d63c5cbc0528726caa4d4350b5f
Security Headers
Name Value
Content-Security-Policy default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com; script-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline' 'unsafe-eval'; connect-src 'self' https://*.paypal.com https://*.paypalobjects.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; img-src 'self' https: data:;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://manager.paypal.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date
Tue, 12 Dec 2023 20:21:34 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com; script-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline' 'unsafe-eval'; connect-src 'self' https://*.paypal.com https://*.paypalobjects.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; img-src 'self' https: data:;
strict-transport-security
max-age=31536000; includeSubDomains
paypal-debug-id
10c8a72a8a3fb
dc
phx-origin-www-1.paypal.com
x-xss-protection
1; mode=block
last-modified
Thu, 02 Nov 2023 04:05:08 GMT
server
nginx
traceparent
00-000000000000000000010c8a72a8a3fb-27106060720b314b-01
vary
Accept-Encoding, Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
text/css
cache-control
max-age=0, no-cache, no-store, must-revalidate
accept-ranges
bytes
ssostyle.css
manager.paypal.com/stylesheet/ 		2 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://manager.paypal.com/stylesheet/ssostyle.css
Requested by
Host: manager.paypal.com
URL: https://manager.paypal.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
173.0.93.135 , United States, ASN17012 (PAYPAL, US),
Reverse DNS
partnermanager.paypal.com
Software
nginx /
Resource Hash
404a04bda730b8cb607ac75107e8cfd153821d8ecf26d5c38bffdf28abcc27af
Security Headers
Name Value
Content-Security-Policy default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com; script-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline' 'unsafe-eval'; connect-src 'self' https://*.paypal.com https://*.paypalobjects.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; img-src 'self' https: data:;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://manager.paypal.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date
Tue, 12 Dec 2023 20:21:34 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com; script-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline' 'unsafe-eval'; connect-src 'self' https://*.paypal.com https://*.paypalobjects.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; img-src 'self' https: data:;
strict-transport-security
max-age=31536000; includeSubDomains
paypal-debug-id
7544c8f4f423c
dc
phx-origin-www-1.paypal.com
x-xss-protection
1; mode=block
last-modified
Mon, 06 Nov 2023 09:08:54 GMT
server
nginx
traceparent
00-00000000000000000007544c8f4f423c-343704be8b96a676-01
vary
Accept-Encoding, Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
text/css
cache-control
max-age=0, no-cache, no-store, must-revalidate
accept-ranges
bytes
functions.js
manager.paypal.com/js/ 		33 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://manager.paypal.com/js/functions.js
Requested by
Host: manager.paypal.com
URL: https://manager.paypal.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
173.0.93.135 , United States, ASN17012 (PAYPAL, US),
Reverse DNS
partnermanager.paypal.com
Software
nginx /
Resource Hash
04dc2aacd3f2c7b5af2e4534c09fec6be7d002db4d661ae59f2941234049ece9
Security Headers
Name Value
Content-Security-Policy default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com; script-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline' 'unsafe-eval'; connect-src 'self' https://*.paypal.com https://*.paypalobjects.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; img-src 'self' https: data:;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://manager.paypal.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date
Tue, 12 Dec 2023 20:21:34 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com; script-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline' 'unsafe-eval'; connect-src 'self' https://*.paypal.com https://*.paypalobjects.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; img-src 'self' https: data:;
strict-transport-security
max-age=31536000; includeSubDomains
paypal-debug-id
ed1c7901af635
dc
phx-origin-www-1.paypal.com
x-xss-protection
1; mode=block
last-modified
Thu, 02 Nov 2023 04:05:08 GMT
server
nginx
traceparent
00-0000000000000000000ed1c7901af635-f194e131e5b0945c-01
vary
Accept-Encoding, Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
text/javascript
cache-control
max-age=0, no-cache, no-store, must-revalidate
accept-ranges
bytes
performTransFunc.js
manager.paypal.com/js/ 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://manager.paypal.com/js/performTransFunc.js
Requested by
Host: manager.paypal.com
URL: https://manager.paypal.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
173.0.93.135 , United States, ASN17012 (PAYPAL, US),
Reverse DNS
partnermanager.paypal.com
Software
nginx /
Resource Hash
10279bf57d1d2597da82aaccf08d81139a91aa7b8ba9b1e69ccdb282f7bc439a
Security Headers
Name Value
Content-Security-Policy default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com; script-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline' 'unsafe-eval'; connect-src 'self' https://*.paypal.com https://*.paypalobjects.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; img-src 'self' https: data:;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://manager.paypal.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date
Tue, 12 Dec 2023 20:21:34 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com; script-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline' 'unsafe-eval'; connect-src 'self' https://*.paypal.com https://*.paypalobjects.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; img-src 'self' https: data:;
strict-transport-security
max-age=31536000; includeSubDomains
paypal-debug-id
bcce3102c98b5
dc
phx-origin-www-1.paypal.com
x-xss-protection
1; mode=block
last-modified
Thu, 02 Nov 2023 04:05:08 GMT
server
nginx
traceparent
00-0000000000000000000bcce3102c98b5-e9263288ec6056d5-01
vary
Accept-Encoding, Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
text/javascript
cache-control
max-age=0, no-cache, no-store, must-revalidate
accept-ranges
bytes
sso.js
manager.paypal.com/js/ 		5 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://manager.paypal.com/js/sso.js
Requested by
Host: manager.paypal.com
URL: https://manager.paypal.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
173.0.93.135 , United States, ASN17012 (PAYPAL, US),
Reverse DNS
partnermanager.paypal.com
Software
nginx /
Resource Hash
0b043c94c1b4f2487bd95458283e928356a6cab17e9b5eb0d8ba0fefb5484ced
Security Headers
Name Value
Content-Security-Policy default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com; script-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline' 'unsafe-eval'; connect-src 'self' https://*.paypal.com https://*.paypalobjects.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; img-src 'self' https: data:;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://manager.paypal.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date
Tue, 12 Dec 2023 20:21:34 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com; script-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline' 'unsafe-eval'; connect-src 'self' https://*.paypal.com https://*.paypalobjects.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; img-src 'self' https: data:;
strict-transport-security
max-age=31536000; includeSubDomains
paypal-debug-id
00c9390370385
dc
phx-origin-www-1.paypal.com
x-xss-protection
1; mode=block
last-modified
Mon, 06 Nov 2023 09:08:54 GMT
server
nginx
traceparent
00-000000000000000000000c9390370385-757fd3f9e49f7284-01
vary
Accept-Encoding, Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
text/javascript
cache-control
max-age=0, no-cache, no-store, must-revalidate
accept-ranges
bytes
PP-Manager.png
manager.paypal.com/images/ 		3 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://manager.paypal.com/images/PP-Manager.png
Requested by
Host: manager.paypal.com
URL: https://manager.paypal.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
173.0.93.135 , United States, ASN17012 (PAYPAL, US),
Reverse DNS
partnermanager.paypal.com
Software
nginx /
Resource Hash
b0d28aaee7f6bdf273e48b6781f8cd85380098a8a817a089e95edd8fa0edba6e
Security Headers
Name Value
Content-Security-Policy default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com; script-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline' 'unsafe-eval'; connect-src 'self' https://*.paypal.com https://*.paypalobjects.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; img-src 'self' https: data:;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://manager.paypal.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date
Tue, 12 Dec 2023 20:21:34 GMT
content-security-policy
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com; script-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline' 'unsafe-eval'; connect-src 'self' https://*.paypal.com https://*.paypalobjects.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; img-src 'self' https: data:;
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains
paypal-debug-id
631cf68e5a22c
dc
phx-origin-www-1.paypal.com
content-length
3031
x-xss-protection
1; mode=block
last-modified
Thu, 02 Nov 2023 04:05:08 GMT
server
nginx
traceparent
00-0000000000000000000631cf68e5a22c-4a756ff97ee298e6-01
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
image/png
cache-control
max-age=0, no-cache, no-store, must-revalidate
accept-ranges
bytes
function.js
manager.paypal.com/js/ 		0
0 		Script
General
Check archive.org
Download Go to
Full URL
https://manager.paypal.com/js/function.js
Requested by
Host: manager.paypal.com
URL: https://manager.paypal.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
173.0.93.135 , United States, ASN17012 (PAYPAL, US),
Reverse DNS
partnermanager.paypal.com
Software
nginx /
Resource Hash
Security Headers
Name Value
Content-Security-Policy default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com; script-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline' 'unsafe-eval'; connect-src 'self' https://*.paypal.com https://*.paypalobjects.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; img-src 'self' https: data:;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://manager.paypal.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date
Tue, 12 Dec 2023 20:21:34 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com; script-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline' 'unsafe-eval'; connect-src 'self' https://*.paypal.com https://*.paypalobjects.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; img-src 'self' https: data:;
server
nginx
strict-transport-security
max-age=31536000; includeSubDomains
traceparent
00-0000000000000000000d23d81bf31b35-561892b471227566-01
vary
Accept-Encoding, Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
text/html; charset=UTF-8
paypal-debug-id
d23d81bf31b35
cache-control
max-age=0, no-cache, no-store, must-revalidate
dc
phx-origin-www-1.paypal.com
x-xss-protection
1; mode=block
print.css
manager.paypal.com/stylesheet/ 		312 B
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://manager.paypal.com/stylesheet/print.css
Requested by
Host: manager.paypal.com
URL: https://manager.paypal.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
173.0.93.135 , United States, ASN17012 (PAYPAL, US),
Reverse DNS
partnermanager.paypal.com
Software
nginx /
Resource Hash
d86d036fde0f41a9bc2015758d1d5745116c36ca4bf6c050bba0967226e7736b
Security Headers
Name Value
Content-Security-Policy default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com; script-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline' 'unsafe-eval'; connect-src 'self' https://*.paypal.com https://*.paypalobjects.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; img-src 'self' https: data:;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://manager.paypal.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date
Tue, 12 Dec 2023 20:21:34 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com; script-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline' 'unsafe-eval'; connect-src 'self' https://*.paypal.com https://*.paypalobjects.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; img-src 'self' https: data:;
strict-transport-security
max-age=31536000; includeSubDomains
paypal-debug-id
3d2e51d26c794
dc
phx-origin-www-1.paypal.com
x-xss-protection
1; mode=block
last-modified
Thu, 02 Nov 2023 04:05:08 GMT
server
nginx
traceparent
00-00000000000000000003d2e51d26c794-5d062d4a8d897288-01
vary
Accept-Encoding, Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
text/css
cache-control
max-age=0, no-cache, no-store, must-revalidate
accept-ranges
bytes

Verdicts & Comments Add Verdict or Comment

74 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| documentPictureInPicture function| countryDropDown function| popWindow function| popWindowMed function| setDayAsToday function| popWindowHelp function| popWindowPrice function| popWindowPDF function| popWindowBig function| popErrorWindow function| popWindowOnConfigPage function| showSecondary function| hideSecondary function| showAlert function| showReqFieldStarPT function| showReqFieldStarECheck function| submitForm function| forwardToPage function| checkCards function| sendReferral function| sendReferralToOldReg function| countryCode function| openWindowATC function| openWindowDemo function| openWindow640 function| openWindow function| windowNamer function| openWindowWH function| backtoLogin function| fraudFilterDeploy function| displyField function| displyFieldACH function| displyFieldECheck function| defaultSettings function| showHome function| clearpreview function| fillpreview function| checkDefaults boolean| bCancel function| validateLoginForm function| loginForm_required function| loginForm_maxlength function| loginForm_mask function| loginForm_minlength function| validateFloatRange function| validateMask function| jcv_matchPattern function| validateFloat function| validateMaxLength function| validateByte function| validateMinLength function| validateRequired function| trim function| isValidDay function| validateMonthDay function| validateRequired_checkBox function| validateRequired_if_radio function| validateRequired_if function| validateEmail function| jcv_checkEmail function| jcv_retrieveFormName function| jcv_handleErrors function| jcv_verifyArrayElement function| jcv_isFieldPresent function| jcv_isAllDigits function| jcv_isDecimalDigits function| validateDate function| jcv_isValidDate function| validateShort function| validateIntRange function| validateInteger function| validateCreditCard function| jcv_luhnCheck function| jcv_isLuhnNum

4 Cookies

Domain/Path Name / Value
manager.paypal.com/ Name: V5MGRMAYFLYSESSIONID
Value: 76ad135d0d0a2
manager.paypal.com/ Name: SID
Value: 544e749b-0966-4985-9e59-a701f2984f54
manager.paypal.com/ Name: JSESSIONID
Value: BIdfsScW6KCOAXV-MHUHa2Csq5DpTjkUNyM9LEwvNeC7Yx7rv-kn!649430531!204317313
manager.paypal.com/ Name: PAYFLOWCOOKIE
Value: 02c7df8377-7c7d-4c97xT9EHtWjdwQw-tApGLVu77_JchDB51otb86F4GfzobzV8EZ0BXrKGOHGCoCpnqn38

2 Console Messages

Source Level URL
Text
network error URL: https://manager.paypal.com/js/function.js
Message:
Failed to load resource: the server responded with a status of 404 ()
security error URL: https://manager.paypal.com/
Message:
Refused to execute script from 'https://manager.paypal.com/js/function.js' because its MIME type ('text/html') is not executable, and strict MIME type checking is enabled.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com; script-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline' 'unsafe-eval'; connect-src 'self' https://*.paypal.com https://*.paypalobjects.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; img-src 'self' https: data:;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block