paypal.com

Last analyzed: Jan 31, 2026 at 2:54 AM UTC Refreshing...

Looks Normal

Standard signals observed

This reflects observed technical signals, not a judgment of the website's intent or safety. Wondering if PayPal is legit? Below you'll find technical signals for paypal.com including domain age, HTTPS security, DNS records, and redirect behavior to help you decide if this website is trustworthy.

Observed signals

Domain registered 26 years ago

Valid HTTPS certificate

DNS records present

2 redirects observed

Favicon detected

HSTS preloaded (browser-enforced)

AI Summary Plain-language explanation of the signals

The domain paypal.com has DNS records and resolves to IP addresses 151.101.3.1 and 151.101.195.1; DNS appears to be hosted via Dynect (inferred from nameservers). It is registered with MarkMonitor Inc., is about 26 years old, and has an expiration date 2026-07-15. There are 3 redirects (HTTP to HTTPS), leading to the final URL https://www.paypal.com/us/home, with HTTPS enforced. The TLS certificate is valid and covers the domain; it is a multi-domain (SAN) certificate issued by /C=US/O=DigiCert Inc/CN=DigiCert Global G2 TLS RSA SHA256 2020 CA1, and expires 2026-07-07T23:59:59Z. These signals describe technical characteristics only and do not indicate intent or safety.

HTTP Response

HTTPS 2 redirects

Final URL:

https://www.paypal.com/us/home

Redirect chain

301 http://paypal.com/ → https://www.paypal.com/

302 https://www.paypal.com/ → https://www.paypal.com/us/home

200 https://www.paypal.com/us/home

TLS Certificate

Valid

Yes

Covers Domain

Yes

Type

Multi-domain

Expires in 157 days

Certificate details

Subject: /C=US/ST=California/L=San Jose/O=PayPal, Inc./CN=paypal.com

Issuer: /C=US/O=DigiCert Inc/CN=DigiCert Global G2 TLS RSA SHA256 2020 CA1

Chain: 3 certificates

Subject Alt Names (106)

paypal.com matches

braintreepayments.com

buyindiaonline.com

cash2india.com

curv.cc

curv.co

fastlane.paypal.com

futureofgiving.ca

+ 98 more

DNS Records

A Records

AAAA

IP addresses & nameservers

A: 151.101.195.1, 162.159.141.96, 151.101.3.1

NS: ns1.p57.dynect.net, ns2.p57.dynect.net, pdns100.ultradns.com, pdns100.ultradns.net, ns1-pchnet.paypal.com, ns2-pchnet.paypal.com

MX records (2)

mx1.paypalcorp.com

mx2.paypalcorp.com

TXT records (12)

MS=ms95960309

mgf84gx1cv1c759pmjqx0wnths9ss9f6

docker-verification=2deb3c1f-56d2-4fe4-8a09-d48b7bf8a918

workplace-domain-verification=F7ezsH9uapvYDGd2VtPARy1qq9ymN6

globalsign-domain-verification=KXa3jn_dNODlTVQ4eg1Wx3vA-R...

+ 7 more

Domain Registration

26 years old

Registered Jul 15, 1999

Registrar MarkMonitor Inc.

Expires Jul 15, 2026

More details

Last changed: Oct 03, 2025

Status: client delete prohibited client transfer prohibited client update prohibited +3 more

Nameservers: NS1.P57.DYNECT.NET, NS2.P57.DYNECT.NET, ...

Robots.txt (Crawl directives)

Status

200 OK (1 redirect)

Crawl Access

Allowed (with restrictions)

Final URL: https://www.paypal.com/robots.txt

These directives apply to crawlers requesting this host.

Agents

Rules

Sitemaps

Directive breakdown

Disallow 92

Allow 0

Sitemaps 1

Sitemap URLs

https://www.paypal.com/paypal-sitemap-index.xml

Raw content

Showing first ~1.97 KB View full file

### BEGIN FILE ###

# PayPal robots.txt file 

User-agent: *
Disallow: /cgibin/
Disallow: /il/cart/
Disallow: /*?cmd=_pce*
Disallow: /row/
Disallow: /xclick-auction*
Disallow: /affil/
Disallow: /*?cmd=_flow*
Disallow: /*?cmd=_mobile-activate-outside
Disallow: /*?SESSION*
Disallow: /*?cmd=_s-xclick*
Disallow: /subscriptions/
Disallow: /ireceipt/get/
Disallow: /ireceipt/get?
Disallow: /getCallUsInfoData/
Disallow: /*?action=callus
Disallow: /loadHelpcenterDecouplePage
Disallow: /limited-release/
Disallow: /files/developer/
Disallow: /*?content_ID=developer
Disallow: /ebook/
Disallow: /IntegrationCenter/
Disallow: /limited-release
Disallow: /ebook
Disallow: /IntegrationCenter
Disallow: /ece/
Disallow: /webscr/
Disallow: /*?cmd=_xclick*
Disallow: /*?cmd=_cart*
Disallow: /*?cmd=_gxo-upgrade/
Disallow: /cms_content/
Disallow: /affil/
Disallow: /*?cmd=_donations*
Disallow: /*?cmd=_oe-gift-certificate*
Disallow: /refer/
Disallow: /cart?*
Disallow: /signin/inject/
Disallow: /_prq/
Disallow: /PWD/
Disallow: /mobile/checkout
Disallow: /webapps/checkout
Disallow: /webapps/hermes
Disallow: /webapps/aries
Disallow: /webapps/xo/html/cookiecheck.html
Disallow: /webapps/xoonboarding/*
Disallow: /agreements/approve
Disallow: /mobile/agreements
Disallow: /checkoutnow/
Disallow: /incontext
Disallow: /helios/
Disallow: /xorouter/
Disallow: /auth/verifychallenge/
Disallow: /signin?expId=confirmEmail
Disallow: /signin?expId=confirmEmail*
Disallow: /?expId=confirmEmail*
Disallow: /*?cmd=_pay-inv
Disallow: /affil/pal
Disallow: /refer/pal
Disallow: /pools/campaign/*
Disallow: /invoice/p/*
Disallow: /pools/c/*
Disallow: /claim-money?*
Disallow: /hub?category=*
Disallow: /fundraiser/charity/*
Disallow: /auth/createchallenge
Disallow: /graphql?
Disallow: /muse/identity/v2/identity.js
Disallow: /sdk/js
Disallow: /smart/button
Disallow: /smart/buttons
Disallow: /tagmanager/containers/xo
Disallow: /tagmanager/pptm.js
Disallow: /xoplatform/logger/api/logger
Disallow: /merchantapps/
Disallow: /click
... (truncated)

Robots.txt directives are advisory instructions for crawlers and do not enforce access control.

Tech Stack

Platform

Not detected

JS Framework

Not detected

Server

Hidden (CDN)

CDN

Cloudflare

Analytics

Security Headers

4 / 6

Cloudflare Google Analytics

HSTS CSP X-Content-Type-Options Permissions-Policy

Detection evidence

CSP:

content-security-policy header present

HSTS:

strict-transport-security header present

Cloudflare:

cf-ray header present (IAD)

Google Analytics:

Google Analytics script loaded

Permissions-Policy:

permissions-policy header present

X-Content-Type-Options:

x-content-type-options header present

Technologies detected from HTTP headers and HTML patterns. Detection is passive and may not capture all technologies.

Check Another Domain