Paypal security is not optimal to say the least, see from these scan results:
https://www.htbridge.com/websec/?id=ekedIL6bThe cookie is missing SameSite flag, make sure it does not store sensitive information.
Misconfiguration or weakness
COOKIE: X-PP-SILOVER
The cookie is missing SameSite flag, make sure it does not store sensitive information.
Misconfiguration or weakness
The cookie is missing HttpOnly flag, make sure it does not store sensitive information.
Misconfiguration or weakness
The cookie is missing Secure flag, make sure it does not store sensitive information.
Misconfiguration or weakness
COOKIE: AKDC
The cookie is missing SameSite flag, make sure it does not store sensitive information.
Misconfiguration or weakness
The cookie is missing HttpOnly flag, make sure it does not store sensitive information.
Misconfiguration or weakness
Not-secured connection- htxps://23.194.182.174/ with PHISHING threat... (no third party tracking seen?).
Whenever the site is brought up as a fake phish from inside a mail-link, avast may detect HTML:Paypal-B [Phish].
polonus