urlscan.io logo urlscan.io
SecurityTrails logo

23.41.113.148 Open in urlscan Pro
23.41.113.148  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://23.41.113.148/br/webapps/mpp/account-selection
Effective URL: https://23.41.113.148/br/webapps/mpp/account-selection
Submission Tags: phishing malicious Search All
Submission: On August 17 via api from US
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 3 IPs in 2 countries across 4 domains to perform 19 HTTP transactions. The main IP is 23.41.113.148, located in United States and belongs to DOCOMO NTT DOCOMO, INC., JP. The main domain is 23.41.113.148.
TLS certificate: Issued by Symantec Class 3 EV SSL CA - G3 on September 22nd 2017. Valid for: 2 years.
This is the only time 23.41.113.148 was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 3 23.41.113.148 9605 (DOCOMO NT...)
1 17 23.210.248.226 16625 (AKAMAI-AS)
1 1 104.109.65.248 20940 (AKAMAI-ASN1)
19 3
Apex Domain
Subdomains		 Transfer
16 paypalobjects.com
www.paypalobjects.com
415 KB
1 paypal.com
t.paypal.com
558 B
1 abmr.net
ak1s.abmr.net
757 B
0 ensighten.com Failed
nexus.ensighten.com Failed
19 4
Domain Requested by
16 www.paypalobjects.com 1 redirects 23.41.113.148
www.paypalobjects.com
1 t.paypal.com
1 ak1s.abmr.net 1 redirects
0 nexus.ensighten.com Failed www.paypalobjects.com
19 4

This site contains links to these domains. Also see Links.

Domain
www.paypal.com
www.paypal-brasil.com.br
Subject Issuer Validity Valid
www.paypal.com
Symantec Class 3 EV SSL CA - G3		 2017-09-22 -
2019-10-30		 2 years crt.sh

This page contains 1 frames:

Primary Page: https://23.41.113.148/br/webapps/mpp/account-selection
Frame ID: BE103C5BA6604756A772FB2ED2586879
Requests: 19 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page URL History Show full URLs

  1. http://23.41.113.148/br/webapps/mpp/account-selection HTTP 301
    https://23.41.113.148/br/webapps/mpp/account-selection Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|\b)HTTPD)/i

Page Statistics

19
Requests

84 %
HTTPS

0 %
IPv6

4
Domains

4
Subdomains

3
IPs

2
Countries

427 kB
Transfer

992 kB
Size

4
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://23.41.113.148/br/webapps/mpp/account-selection HTTP 301
    https://23.41.113.148/br/webapps/mpp/account-selection Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 12
  • https://www.paypalobjects.com/digitalassets/c/website/marketing/latam/br/account-selection-na/br-accselnadesign-bkgnd.jpg HTTP 302
  • https://ak1s.abmr.net/is/www.paypalobjects.com?U=/digitalassets/c/website/marketing/latam/br/account-selection-na/br-accselnadesign-bkgnd.jpg&V=3-tO%2fwA7+8vSXjx6PJQCtqSQtgwYwOFSxeBOfTWLitF19SqAGoBF4PIzQxkpveKo%2fZ&I=59D000F5D5A9D91&D=paypalobjects.com&01AD=1& HTTP 302
  • https://www.paypalobjects.com/digitalassets/c/website/marketing/latam/br/account-selection-na/br-accselnadesign-bkgnd.jpg?01AD=3QTy8QFBPMHPnJ02N4U8qa6AX28iVORIHixLsFsKXywgS2_CNi3Mxrg&01RI=59D000F5D5A9D91&01NA=na

19 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request Cookie set account-selection
23.41.113.148/br/webapps/mpp/
Redirect Chain
  • http://23.41.113.148/br/webapps/mpp/account-selection
  • https://23.41.113.148/br/webapps/mpp/account-selection
18 KB
8 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://23.41.113.148/br/webapps/mpp/account-selection
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
23.41.113.148 , United States, ASN9605 (DOCOMO NTT DOCOMO, INC., JP),
Reverse DNS
a23-41-113-148.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
79ff24b8e226cda566d885492711034155cbb7336decfa7d49299abbdac05179
Security Headers
Name Value
Content-Security-Policy default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.brighttalk.com https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://www.wootag.com; script-src 'nonce-HbRfTO6FPikVG0qYpQ9/PdOPeNPTuVy9pTj+Ifs8aFxESPHz' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline' 'unsafe-eval'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://*.google-analytics.com https://*.salesforce.com https://*.force.com https://*.eloqua.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://*.brighttalk.com https://*.sperse.io https://*.dialogtech.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data:; form-action 'self' https://*.paypal.com https://*.salesforce.com https://*.eloqua.com https://secure.opinionlab.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; block-all-mixed-content; report-uri https://www.paypal.com/csplog/api/log/csp
Strict-Transport-Security max-age=63072000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Host
23.41.113.148
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
Sec-Fetch-Site
none
Accept-Encoding
gzip, deflate, br
Cookie
akavpau_ppsd=1566082355~id=d932b70498872e31ad576aed79737fdd
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Server
Apache
X-Recruiting
If you are reading this, maybe you should be working at PayPal instead! Check out https://www.paypal.com/us/webapps/mpp/paypal-jobs
Paypal-Debug-Id
5a87550bba086 5a87550bba086
Cache-Control
no-cache max-age=0, no-cache, no-store, must-revalidate
x-content-type-options
nosniff
x-xss-protection
1; mode=block
x-frame-options
SAMEORIGIN
content-security-policy
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.brighttalk.com https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://www.wootag.com; script-src 'nonce-HbRfTO6FPikVG0qYpQ9/PdOPeNPTuVy9pTj+Ifs8aFxESPHz' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline' 'unsafe-eval'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://*.google-analytics.com https://*.salesforce.com https://*.force.com https://*.eloqua.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://*.brighttalk.com https://*.sperse.io https://*.dialogtech.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data:; form-action 'self' https://*.paypal.com https://*.salesforce.com https://*.eloqua.com https://secure.opinionlab.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; block-all-mixed-content; report-uri https://www.paypal.com/csplog/api/log/csp
ETag
W/"47cb-oQQYBCWMQ0qMF6uwG5rn5mswFHg"
HTTP_X_PP_AZ_LOCATOR
dcg14.slc
Content-Encoding
gzip
Pragma
no-cache
Content-Type
text/html; charset=utf-8
DC
slc-b-origin-www-1.paypal.com
Date
Sat, 17 Aug 2019 22:42:36 GMT
Content-Length
5330
Connection
keep-alive
Vary
Accept-Encoding
Set-Cookie
enforce_policy=; Domain=.paypal.com; Path=/; Expires=Thu, 01 Jan 1970 00:00:00 GMT; Secure cookie_check=yes; Max-Age=315619199; Domain=.paypal.com; Path=/; Expires=Fri, 17 Aug 2029 22:42:35 GMT; HttpOnly; Secure LANG=pt_BR%3BBR; Max-Age=31555; Domain=.paypal.com; Path=/; Expires=Sun, 18 Aug 2019 07:28:31 GMT; HttpOnly; Secure tsrce=mppnodeweb; Max-Age=259199; Domain=.paypal.com; Path=/; Expires=Tue, 20 Aug 2019 22:42:35 GMT; HttpOnly; Secure x-pp-s=eyJ0IjoiMTU2NjA4MTc1NjgzNyIsImwiOiIwIiwibSI6IjAifQ; Domain=.paypal.com; Path=/; HttpOnly; Secure nsid=s%3ALEc1aSlBcfy5woi8JyifcDWrBroPMbbj.p6mYP00FsJZbbWWZKbRUv2%2B%2BPAgfz%2FwSjKd26lC6Qdo; Path=/; HttpOnly; Secure X-PP-SILOVER=name%3DLIVE6.WEB.1%26silo_version%3D880%26app%3Dmppnodeweb%26TIME%3D3699529821%26HTTP_X_PP_AZ_LOCATOR%3Ddcg14.slc; Expires=Sat, 17 Aug 2019 23:12:36 GMT; domain=.paypal.com; path=/; Secure; HttpOnly X-PP-SILOVER=; Expires=Thu, 01 Jan 1970 00:00:01 GMT AKDC=slc-b-origin-www-1.paypal.com; expires=Sat, 17-Aug-2019 23:12:36 GMT; path=/; secure akavpau_ppsd=1566082356~id=1f221659bdf1f1923473f3ae0b088580; Domain=23.41.113.148; Path=/; Secure; HttpOnly
Strict-Transport-Security
max-age=63072000

Redirect headers

Server
AkamaiGHost
Content-Length
0
Location
https://23.41.113.148/br/webapps/mpp/account-selection
Date
Sat, 17 Aug 2019 22:42:35 GMT
Connection
keep-alive
Set-Cookie
akavpau_ppsd=1566082355~id=d932b70498872e31ad576aed79737fdd; Domain=23.41.113.148; Path=/; HttpOnly
PayPalSansSmall-Regular.woff2
www.paypalobjects.com/digitalassets/c/paypal-ui/fonts/ 		18 KB
18 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://www.paypalobjects.com/digitalassets/c/paypal-ui/fonts/PayPalSansSmall-Regular.woff2
Requested by
Host: 23.41.113.148
URL: https://23.41.113.148/br/webapps/mpp/account-selection
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
23.210.248.226 , Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a23-210-248-226.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
af93d1d952b2dc42c029871cbbb92988835b31c86d4f0cb6a9674b1d1714a20f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff

Request headers

Sec-Fetch-Mode
cors
Referer
https://23.41.113.148/br/webapps/mpp/account-selection
Origin
https://23.41.113.148
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Sat, 17 Aug 2019 22:42:37 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Tue, 23 Jan 2018 03:38:51 GMT
server
Apache
status
200
vary
Accept-Encoding
content-type
application/font-woff2
access-control-allow-origin
*
strict-transport-security
max-age=31536000
accept-ranges
bytes
content-length
18348
expires
Mon, 16 Sep 2019 22:42:37 GMT
PayPalSansBig-Light.woff2
www.paypalobjects.com/digitalassets/c/paypal-ui/fonts/ 		18 KB
18 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://www.paypalobjects.com/digitalassets/c/paypal-ui/fonts/PayPalSansBig-Light.woff2
Requested by
Host: 23.41.113.148
URL: https://23.41.113.148/br/webapps/mpp/account-selection
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
23.210.248.226 , Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a23-210-248-226.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
0d4d4b0ee4bdbbbfdf2fa8cc4c0ba0332a3798c2629cb806d249712f6a7063e3
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff

Request headers

Sec-Fetch-Mode
cors
Referer
https://23.41.113.148/br/webapps/mpp/account-selection
Origin
https://23.41.113.148
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Sat, 17 Aug 2019 22:42:37 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Tue, 23 Jan 2018 02:50:53 GMT
server
Apache
status
200
vary
Accept-Encoding
content-type
application/font-woff2
access-control-allow-origin
*
strict-transport-security
max-age=31536000
accept-ranges
bytes
content-length
18388
expires
Mon, 16 Sep 2019 22:42:37 GMT
ebc72bb493e02d1ac39586b8e5c0136f1db939.css
www.paypalobjects.com/eboxapps/css/ba/ 		182 KB
34 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.paypalobjects.com/eboxapps/css/ba/ebc72bb493e02d1ac39586b8e5c0136f1db939.css
Requested by
Host: 23.41.113.148
URL: https://23.41.113.148/br/webapps/mpp/account-selection
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
23.210.248.226 , Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a23-210-248-226.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
880bef7e8488f4279d902aa4e3c5a830ce6d51ccaabc3b9aeab9d39c7cdc9c31
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://23.41.113.148/br/webapps/mpp/account-selection
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Sat, 17 Aug 2019 22:42:37 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Tue, 30 Apr 2019 14:59:03 GMT
server
Apache
vary
Accept-Encoding
content-type
text/css
status
200
cache-control
max-age=7776000
strict-transport-security
max-age=31536000
accept-ranges
bytes
content-length
34248
expires
Fri, 15 Nov 2019 22:42:37 GMT
fa89f17d37eb3f97e39b926835ba73c0a3fd63.css
www.paypalobjects.com/eboxapps/css/1b/ 		2 KB
808 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.paypalobjects.com/eboxapps/css/1b/fa89f17d37eb3f97e39b926835ba73c0a3fd63.css
Requested by
Host: 23.41.113.148
URL: https://23.41.113.148/br/webapps/mpp/account-selection
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
23.210.248.226 , Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a23-210-248-226.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
3e08798b4612ce1d4700d2fe3c953f5b56be571619153da80e6012ccd9e8eb9b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://23.41.113.148/br/webapps/mpp/account-selection
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Sat, 17 Aug 2019 22:42:37 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Mon, 21 Dec 2015 23:11:11 GMT
server
Apache
vary
Accept-Encoding
content-type
text/css
status
200
cache-control
max-age=7776000
strict-transport-security
max-age=31536000
accept-ranges
bytes
content-length
600
expires
Fri, 15 Nov 2019 22:42:37 GMT
73c73cb559f7729b2f99072f44c98b79f42af2.css
www.paypalobjects.com/eboxapps/css/cc/ 		25 KB
4 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.paypalobjects.com/eboxapps/css/cc/73c73cb559f7729b2f99072f44c98b79f42af2.css
Requested by
Host: 23.41.113.148
URL: https://23.41.113.148/br/webapps/mpp/account-selection
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
23.210.248.226 , Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a23-210-248-226.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
ca117e60f2f421fc2e3ffa92f485b5f34ab1dab6e2e0b81e5fd5d897d48a5117
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://23.41.113.148/br/webapps/mpp/account-selection
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Sat, 17 Aug 2019 22:42:37 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Mon, 20 May 2019 15:12:10 GMT
server
Apache
vary
Accept-Encoding
content-type
text/css
status
200
cache-control
max-age=7776000
strict-transport-security
max-age=31536000
accept-ranges
bytes
content-length
3829
expires
Fri, 15 Nov 2019 22:42:37 GMT
treatment2-cards.png
www.paypalobjects.com/digitalassets/c/website/marketing/latam/br/account-selection-new-design/ 		9 KB
9 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.paypalobjects.com/digitalassets/c/website/marketing/latam/br/account-selection-new-design/treatment2-cards.png
Requested by
Host: 23.41.113.148
URL: https://23.41.113.148/br/webapps/mpp/account-selection
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
23.210.248.226 , Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a23-210-248-226.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
b5bc7267c8e24ce1a56ba062c793f4820dfe2cfb15ccd4f806e9601d34e74974
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://23.41.113.148/br/webapps/mpp/account-selection
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 17 Aug 2019 22:42:37 GMT
x-content-type-options
nosniff
last-modified
Tue, 12 Jun 2018 13:54:47 GMT
server
Apache
strict-transport-security
max-age=31536000
p3p
CP="NON DSP ADM DEV PSD OUR IND STP PHY PRE NAV UNI"
status
200
cache-control
max-age=0, no-cache, no-store
accept-ranges
bytes
content-type
image/png
content-length
9099
expires
Sat, 17 Aug 2019 22:42:37 GMT
6640c747e38e078ecf900ac8cdabd994f854ac.js
www.paypalobjects.com/eboxapps/js/0d/ 		398 KB
114 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.paypalobjects.com/eboxapps/js/0d/6640c747e38e078ecf900ac8cdabd994f854ac.js
Requested by
Host: 23.41.113.148
URL: https://23.41.113.148/br/webapps/mpp/account-selection
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
23.210.248.226 , Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a23-210-248-226.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
23e9692772d6428494c06d68c65b416126240d9769999086d30ee319464b10b7
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://23.41.113.148/br/webapps/mpp/account-selection
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Sat, 17 Aug 2019 22:42:37 GMT
x-pad
avoid browser bug
x-content-type-options
nosniff
last-modified
Mon, 08 Apr 2019 15:15:30 GMT
server
Apache
vary
Accept-Encoding
content-type
application/x-javascript
status
200
cache-control
max-age=7776000
strict-transport-security
max-age=31536000
accept-ranges
bytes
content-encoding
gzip
content-length
116529
expires
Fri, 15 Nov 2019 22:42:37 GMT
opinionLab-2.0.0.js
www.paypalobjects.com/digitalassets/c/website/marketing/global/kui/js/ 		41 KB
12 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.paypalobjects.com/digitalassets/c/website/marketing/global/kui/js/opinionLab-2.0.0.js
Requested by
Host: 23.41.113.148
URL: https://23.41.113.148/br/webapps/mpp/account-selection
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
23.210.248.226 , Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a23-210-248-226.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
8aeb7d31ca8e643689b11e5881247eea8015a4f7df45905f0971b7a21aa25c58
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://23.41.113.148/br/webapps/mpp/account-selection
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Sat, 17 Aug 2019 22:42:37 GMT
x-pad
avoid browser bug
x-content-type-options
nosniff
last-modified
Thu, 26 Jul 2018 16:45:50 GMT
server
Apache
vary
Accept-Encoding
content-type
application/x-javascript
status
200
cache-control
max-age=7776000
strict-transport-security
max-age=31536000
accept-ranges
bytes
content-encoding
gzip
content-length
12124
expires
Fri, 15 Nov 2019 22:42:37 GMT
26d09c5089413a09277a4f5ee64fe447671603.js
www.paypalobjects.com/eboxapps/js/dd/ 		2 KB
908 B 		Script
General
Check archive.org
Download Go to
Full URL
https://www.paypalobjects.com/eboxapps/js/dd/26d09c5089413a09277a4f5ee64fe447671603.js
Requested by
Host: 23.41.113.148
URL: https://23.41.113.148/br/webapps/mpp/account-selection
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
23.210.248.226 , Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a23-210-248-226.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
7f96db64423312ded84f0c8e82361fd08c548e78829c49e1b1b6551776a86b15
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://23.41.113.148/br/webapps/mpp/account-selection
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Sat, 17 Aug 2019 22:42:37 GMT
x-pad
avoid browser bug
x-content-type-options
nosniff
last-modified
Mon, 20 May 2019 15:12:12 GMT
server
Apache
vary
Accept-Encoding
content-type
application/x-javascript
status
200
cache-control
max-age=7776000
strict-transport-security
max-age=31536000
accept-ranges
bytes
content-encoding
gzip
content-length
668
expires
Fri, 15 Nov 2019 22:42:37 GMT
bs-chunk.js
www.paypalobjects.com/tagmgmt/ 		67 KB
19 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.paypalobjects.com/tagmgmt/bs-chunk.js
Requested by
Host: 23.41.113.148
URL: https://23.41.113.148/br/webapps/mpp/account-selection
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
23.210.248.226 , Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a23-210-248-226.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
6bb932ce3fc9effb5c981daa3682d85f156b3e00f2485adfde1773c164bf8f50
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://23.41.113.148/br/webapps/mpp/account-selection
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Sat, 17 Aug 2019 22:42:37 GMT
x-pad
avoid browser bug
x-content-type-options
nosniff
status
200
content-encoding
gzip
vary
Accept-Encoding
content-length
19304
last-modified
Thu, 18 Apr 2019 18:33:54 GMT
server
Apache
strict-transport-security
max-age=31536000
access-control-allow-methods
GET
content-type
application/x-javascript
access-control-allow-origin
*
cache-control
max-age=7776000
accept-ranges
bytes
access-control-allow-headers
x-csrf-token
expires
Fri, 15 Nov 2019 22:42:37 GMT
pa.js
www.paypalobjects.com/pa/js/min/ 		41 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.paypalobjects.com/pa/js/min/pa.js
Requested by
Host: 23.41.113.148
URL: https://23.41.113.148/br/webapps/mpp/account-selection
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
23.210.248.226 , Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a23-210-248-226.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
fb09c511a746af8737671bd1bd11245f3607a988293c567d2403f1bbadc75e90
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://23.41.113.148/br/webapps/mpp/account-selection
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Sat, 17 Aug 2019 22:42:37 GMT
x-pad
avoid browser bug
x-content-type-options
nosniff
status
200
content-encoding
gzip
vary
Accept-Encoding
content-length
14743
last-modified
Tue, 06 Aug 2019 04:43:25 GMT
server
Apache
strict-transport-security
max-age=31536000
access-control-allow-methods
GET
content-type
application/x-javascript
access-control-allow-origin
*
cache-control
max-age=3600
accept-ranges
bytes
access-control-allow-headers
x-csrf-token
expires
Sat, 17 Aug 2019 23:42:37 GMT
open-chat.js
www.paypalobjects.com/helpcenter/smartchat/sales/v1/ 		1 KB
1008 B 		Script
General
Check archive.org
Download Go to
Full URL
https://www.paypalobjects.com/helpcenter/smartchat/sales/v1/open-chat.js
Requested by
Host: 23.41.113.148
URL: https://23.41.113.148/br/webapps/mpp/account-selection
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
23.210.248.226 , Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a23-210-248-226.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
2f22b3a940b843ff60272ea15ac63039409d7dbfeeb1916a5782f23a9b33aba1
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://23.41.113.148/br/webapps/mpp/account-selection
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Sat, 17 Aug 2019 22:42:37 GMT
x-pad
avoid browser bug
x-content-type-options
nosniff
last-modified
Fri, 07 Jun 2019 05:10:02 GMT
server
Apache
vary
Accept-Encoding
content-type
application/x-javascript
status
200
cache-control
max-age=7776000
strict-transport-security
max-age=31536000
accept-ranges
bytes
content-encoding
gzip
content-length
768
expires
Fri, 15 Nov 2019 22:42:37 GMT
br-accselnadesign-bkgnd.jpg
www.paypalobjects.com/digitalassets/c/website/marketing/latam/br/account-selection-na/
Redirect Chain
  • https://www.paypalobjects.com/digitalassets/c/website/marketing/latam/br/account-selection-na/br-accselnadesign-bkgnd.jpg
  • https://ak1s.abmr.net/is/www.paypalobjects.com?U=/digitalassets/c/website/marketing/latam/br/account-selection-na/br-accselnadesign-bkgnd.jpg&V=3-tO%2fwA7+8vSXjx6PJQCtqSQtgwYwOFSxeBOfTWLitF19SqAGoB...
  • https://www.paypalobjects.com/digitalassets/c/website/marketing/latam/br/account-selection-na/br-accselnadesign-bkgnd.jpg?01AD=3QTy8QFBPMHPnJ02N4U8qa6AX28iVORIHixLsFsKXywgS2_CNi3Mxrg&01RI=59D000F5D...
140 KB
141 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.paypalobjects.com/digitalassets/c/website/marketing/latam/br/account-selection-na/br-accselnadesign-bkgnd.jpg?01AD=3QTy8QFBPMHPnJ02N4U8qa6AX28iVORIHixLsFsKXywgS2_CNi3Mxrg&01RI=59D000F5D5A9D91&01NA=na
Requested by
Host: 23.41.113.148
URL: https://23.41.113.148/br/webapps/mpp/account-selection
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
23.210.248.226 , Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a23-210-248-226.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
b8418e9284e81251bca19540ca7ef12b5b206b0f42061b0ea2b760b822372c8d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff

Request headers

Referer
https://www.paypalobjects.com/eboxapps/css/cc/73c73cb559f7729b2f99072f44c98b79f42af2.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 17 Aug 2019 22:42:37 GMT
x-content-type-options
nosniff
last-modified
Wed, 15 May 2019 04:23:21 GMT
server
Apache
strict-transport-security
max-age=31536000
p3p
CP="NON DSP ADM DEV PSD OUR IND STP PHY PRE NAV UNI"
status
200
cache-control
max-age=0, no-cache, no-store
accept-ranges
bytes
content-type
image/jpeg
content-length
143808
expires
Sat, 17 Aug 2019 22:42:37 GMT

Redirect headers

Pragma
no-cache
Date
Sat, 17 Aug 2019 22:42:37 GMT
P3P
policyref="http://www.abmr.net/w3c/policy.xml", CP="NON DSP COR CURa ADMa DEVa OUR SAMa IND"
Location
https://www.paypalobjects.com/digitalassets/c/website/marketing/latam/br/account-selection-na/br-accselnadesign-bkgnd.jpg?01AD=3QTy8QFBPMHPnJ02N4U8qa6AX28iVORIHixLsFsKXywgS2_CNi3Mxrg&01RI=59D000F5D5A9D91&01NA=na
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Content-Length
0
Expires
Sat, 17 Aug 2019 22:42:37 GMT
ppcom-white.svg
www.paypalobjects.com/webstatic/i/logo/rebrand/ 		5 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.paypalobjects.com/webstatic/i/logo/rebrand/ppcom-white.svg
Requested by
Host: 23.41.113.148
URL: https://23.41.113.148/br/webapps/mpp/account-selection
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
23.210.248.226 , Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a23-210-248-226.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
e35c57fad02017983d4261c8d65697ec8b312a2a19127cb93f92d1eca6408015
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://www.paypalobjects.com/eboxapps/css/cc/73c73cb559f7729b2f99072f44c98b79f42af2.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Sat, 17 Aug 2019 22:42:37 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Sat, 21 Mar 2015 01:00:01 GMT
server
Apache
status
200
vary
Accept-Encoding
content-type
image/svg+xml
access-control-allow-origin
*
strict-transport-security
max-age=31536000
accept-ranges
bytes
content-length
1988
expires
Mon, 16 Sep 2019 22:42:37 GMT
serverComponent.php
nexus.ensighten.com/paypal/paypal_chunk_poc/ 		0
0
eligibility
23.41.113.148/smartchat/open/ 		1 KB
3 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://23.41.113.148/smartchat/open/eligibility?intent=SALESCHAT&page=/br/webapps/mpp/account-selection
Requested by
Host: www.paypalobjects.com
URL: https://www.paypalobjects.com/helpcenter/smartchat/sales/v1/open-chat.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
23.41.113.148 , United States, ASN9605 (DOCOMO NTT DOCOMO, INC., JP),
Reverse DNS
a23-41-113-148.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
2ea95097fb35d32e051f20b64dfc9f58ee70d255396e8f2c795e2519d9aa680d
Security Headers
Name Value
Content-Security-Policy default-src 'self' https://*.paypal.com https://*.paypalobjects.com; script-src 'nonce-eFmIDtiNY7K4TkPKtFlRe34SWKkCugN30B6wPhRkvpkx5Wzd' 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline' ; style-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline' ; img-src 'self' https: data:; object-src 'none'; connect-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com data:; base-uri 'self' https://*.paypal.com; form-action 'self' https://*.paypal.com; block-all-mixed-content; report-uri https://www.paypal.com/csplog/api/log/csp
Strict-Transport-Security max-age=63072000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Sec-Fetch-Mode
cors
Referer
https://23.41.113.148/br/webapps/mpp/account-selection
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

content-security-policy
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; script-src 'nonce-eFmIDtiNY7K4TkPKtFlRe34SWKkCugN30B6wPhRkvpkx5Wzd' 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline' ; style-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline' ; img-src 'self' https: data:; object-src 'none'; connect-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com data:; base-uri 'self' https://*.paypal.com; form-action 'self' https://*.paypal.com; block-all-mixed-content; report-uri https://www.paypal.com/csplog/api/log/csp
Content-Encoding
gzip
x-content-type-options
nosniff
X-Recruiting
If you are reading this, maybe you should be working at PayPal instead! Check out https://www.paypal.com/us/webapps/mpp/paypal-jobs
Paypal-Debug-Id
8cd283bba0d99, 8cd283bba0d99
HTTP_X_PP_AZ_LOCATOR
dcg13.slc
Access-Control-Allow-Methods
POST, GET, OPTIONS
Connection
keep-alive
DC
slc-b-origin-www-1.paypal.com
Vary
Accept-Encoding
Content-Length
682
x-xss-protection
1; mode=block
Pragma
no-cache
Server
Apache
x-frame-options
SAMEORIGIN
Date
Sat, 17 Aug 2019 22:42:37 GMT
Access-Control-Max-Age
600
Strict-Transport-Security
max-age=63072000
Content-Type
application/json; charset=utf-8
Access-Control-Allow-Origin
https://gts-goto-community.cs77.force.com
Cache-Control
no-cache, max-age=0, no-cache, no-store, must-revalidate
Access-Control-Allow-Credentials
true
ETag
W/"555-ajfofRplOBx21sRIENv3gy1tbOQ"
Access-Control-Allow-Headers
content-type
sprite_countries_flag5.png
www.paypalobjects.com/digitalassets/c/website/marketing/global/shared/global/country-worldwide/ 		25 KB
25 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.paypalobjects.com/digitalassets/c/website/marketing/global/shared/global/country-worldwide/sprite_countries_flag5.png
Requested by
Host: www.paypalobjects.com
URL: https://www.paypalobjects.com/eboxapps/js/0d/6640c747e38e078ecf900ac8cdabd994f854ac.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
23.210.248.226 , Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a23-210-248-226.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
dd8d04423e8f925ae8d5b47567e78ce92df2b95b30034cdc764676355fc65296
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://23.41.113.148/br/webapps/mpp/account-selection
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 17 Aug 2019 22:42:37 GMT
x-content-type-options
nosniff
last-modified
Thu, 26 Jul 2018 22:25:44 GMT
server
Apache
strict-transport-security
max-age=31536000
content-type
image/png
status
200
cache-control
max-age=0, no-cache, no-store
accept-ranges
bytes
content-length
25183
expires
Sat, 17 Aug 2019 22:42:37 GMT
ts
t.paypal.com/ 		42 B
558 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://t.paypal.com/ts?v=1.3.19&t=1566081758055&g=-120&e=im&pgrp=main%3Amktg%3ACustomer%3A%3Aaccount-selection&page=main%3Amktg%3ACustomer%3A%3Aaccount-selection%3A%3A%3A&pgst=Unknown&calc=5a87550bba086&rsta=pt_BR&pgtf=Nodejs&env=live&s=ci&ccpg=br&csci=4cd9bf23e13440fe86e6aec7b61bddf9&comp=mppnodeweb&tsrce=mppnodeweb&cu=0&pxpguid=a1bf2e7416cac1200010a534ffff5559&xe=100277%2C100453%2C100542&xt=100661%2C101182%2C101447&pgld=Unknown&bzsr=main&bchn=mktg&tmpl=account-selection&pgsf=Customer&lgin=out&shir=main_mktg_Customer_&pros=3&lgcook=0&akdc=slc-b-origin-www-1.paypal.com&view=%7B%22t10%22%3A1348%2C%22t11%22%3A2849%2C%22tcp%22%3A2132%2C%22et%22%3A%224g%22%2C%22nt%22%3A%22navigate%22%2C%22bt%22%3A425%7D&pt=Como%20criar%20uma%20conta-%20PayPal%20BR&cd=24&sw=1600&sh=1200&dw=1600&dh=1200&bw=1600&bh=1200&ce=1&t1=823&t1c=822&t1s=559&t2=543&t3=1&t4d=526&t4=530&t4e=4&tt=2424&res=%7B%7D
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
23.210.248.226 , Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a23-210-248-226.deploy.static.akamaitechnologies.com
Software
akka-http/10.1.7 /
Resource Hash
6d8ba81d1b60a18707722a1f2b62dad48a6acced95a1933f49a68b5016620b93

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://23.41.113.148/br/webapps/mpp/account-selection
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 17 Aug 2019 22:42:38 GMT
server
akka-http/10.1.7
p3p
policyref="https://t.paypal.com/w3c/p3p.xml",CP="CAO IND OUR SAM UNI STA COR COM"
status
200
http_x_pp_az_locator
slcb.slc
cache-control
max-age=0, no-cache, no-store
content-type
image/gif
content-length
42
expires
Sat, 17 Aug 2019 22:42:38 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
nexus.ensighten.com
URL
https://nexus.ensighten.com/paypal/paypal_chunk_poc/serverComponent.php?r=2.864108537568555&ensJson=true&ClientID=1620&PageID=https%3A%2F%2F23.41.113.148%2Fbr%2Fwebapps%2Fmpp%2Faccount-selection%3Ftms_country%3Dbr%26tms_enforce_policy%3D%26tms_targeting%3Dundefined%26ensJson%3Dtrue

Verdicts & Comments Add Verdict or Comment

20 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| antiClickjack object| PP_GLOBAL_JS_STRINGS string| HOLIDAYS string| BROWSER_TYPE object| html5 object| Modernizr function| yepnope function| $ function| jQuery object| PAYPAL object| dataLayer object| fpti string| fptiserverurl object| _ifpti object| OOo object| ensBootstraps object| Bootstrapper string| k function| t function| openSalesChat

4 Cookies

Domain/Path Name / Value
23.41.113.148/ Name: AKDC
Value: slc-b-origin-www-1.paypal.com
23.41.113.148/ Name: 44907
Value:
23.41.113.148/ Name: akavpau_ppsd
Value: 1566082356~id=1f221659bdf1f1923473f3ae0b088580
23.41.113.148/ Name: nsid
Value: s%3ALEc1aSlBcfy5woi8JyifcDWrBroPMbbj.p6mYP00FsJZbbWWZKbRUv2%2B%2BPAgfz%2FwSjKd26lC6Qdo

4 Console Messages

Source Level URL
Text
console-api warning URL: https://www.paypalobjects.com/eboxapps/js/0d/6640c747e38e078ecf900ac8cdabd994f854ac.js(Line 1)
Message:
jQuery.Deferred exception: Cannot read property 'getItem' of null
console-api log URL: https://23.41.113.148/br/webapps/mpp/account-selection(Line 455)
Message:
%c WARNING!!!
console-api log URL: https://23.41.113.148/br/webapps/mpp/account-selection(Line 456)
Message:
%c This browser feature is for developers only. Please do not copy-paste any code or run any scripts here. It may cause your PayPal account to be compromised.
console-api log URL: https://23.41.113.148/br/webapps/mpp/account-selection(Line 457)
Message:
%c For more information, http://en.wikipedia.org/wiki/Self-XSS

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.brighttalk.com https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://www.wootag.com; script-src 'nonce-HbRfTO6FPikVG0qYpQ9/PdOPeNPTuVy9pTj+Ifs8aFxESPHz' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline' 'unsafe-eval'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://*.google-analytics.com https://*.salesforce.com https://*.force.com https://*.eloqua.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://*.brighttalk.com https://*.sperse.io https://*.dialogtech.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data:; form-action 'self' https://*.paypal.com https://*.salesforce.com https://*.eloqua.com https://secure.opinionlab.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; block-all-mixed-content; report-uri https://www.paypal.com/csplog/api/log/csp
Strict-Transport-Security max-age=63072000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block