py.pl Open in urlscan Pro
151.101.2.133 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://py.pl/
Effective URL:
https://py.pl/
Submission: On July 06 via api (July 6th 2024, 10:03:48 am UTC) from US — Scanned from PL

Summary HTTP 9 Redirects Links 2 Behaviour Indicators

Summary

This website contacted 3 IPs in 1 countries across 3 domains to perform 9 HTTP transactions. The main IP is 151.101.2.133, located in San Francisco, United States and belongs to FASTLY, US. The main domain is py.pl.
TLS certificate: Issued by DigiCert SHA2 Extended Validation Ser... on February 8th 2024. Valid for: a year.

This is the only time py.pl was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: PayPal (Financial)

Domain & IP information

	IP Address	AS Autonomous System
1	151.101.2.133 151.101.2.133	54113 (FASTLY) (FASTLY)
7	192.229.221.25 192.229.221.25	15133 (EDGECAST) (EDGECAST)
9	3

1 151.101.2.133 (San Francisco, United States)

ASN54113 (FASTLY, US)

py.pl	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 192.229.221.25 (United States)

ASN15133 (EDGECAST, US)

www.paypalobjects.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
7	paypalobjects.com www.paypalobjects.com — Cisco Umbrella Rank: 2988	51 KB
1	py.pl py.pl	3 KB
0	paypal.com Failed www.paypal.com Failed
9	3

	Domain	Requested by
7	www.paypalobjects.com	py.pl www.paypalobjects.com
1	py.pl
0	www.paypal.com Failed	py.pl
9	3

This site contains links to these domains. Also see Links.

Domain
cms.paypal.com

Subject Issuer	Validity	Valid
www.paypal.com DigiCert SHA2 Extended Validation Server CA	`2024-02-08` - `2025-02-08`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://py.pl/
Frame ID: 1BAA959FB635291C5958FB3BCC122BCF
Requests: 9 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

PayPal Kraken Sample application

Page URL History Show full URLs

http://py.pl/ HTTP 307
https://py.pl/ Page URL

Detected technologies

PayPal (Payment Processors) Expand

Overall confidence: 100%
Detected patterns

paypalobjects\.com

RequireJS (JavaScript Frameworks) Expand

Overall confidence: 100%
Detected patterns

require.*\.js

Page Statistics

9
Requests

89 %
HTTPS

0 %
IPv6

3
Domains

3
Subdomains

3
IPs

1
Countries

54 kB
Transfer

153 kB
Size

1
Cookies

2 Outgoing links

These are links going to different origins than the main page.

URL: https://cms.paypal.com/cgi-bin/marketingweb?cmd=_render-content&fli=true&content_ID=ua/Privacy_full&locale.x=en-US
Title: Privacy

Search URL Search Domain Scan URL

URL: https://cms.paypal.com/cgi-bin/marketingweb?cmd=_render-content&fli=true&content_ID=ua/upcoming_policies_full&locale.x=en_US
Title: Policy updates

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://py.pl/ HTTP 307
https://py.pl/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

9 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

404

Primary Request / Show response
py.pl/
Redirect Chain

http://py.pl/
https://py.pl/

4 KB
3 KB

414ms
311ms

Document
text/html

151.101.2.133
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://py.pl/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.2.133 San Francisco, United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

136c0317a87182012c65ed27acd7d9463ce1efc5816bcedb33a67c076bcd649e

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https://.paypal.com https://.paypalobjects.com; script-src 'nonce-cPI0eul2dembvHKexMITSkOKXGVKBJPCooKLWiED1UiuJ39B' 'self' https://.paypal.com https://.paypalobjects.com 'unsafe-inline'; img-src 'self' https:; font-src 'self' https://.paypalobjects.com https://.paypal.com; form-action 'self' https://.paypal.com; base-uri 'self' https://.paypal.com; object-src 'none'; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: pl-PL,pl;q=0.9;q=0.9
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

accept-ranges: bytes
cache-control: max-age=0, no-cache, no-store, must-revalidate
content-encoding: gzip
content-security-policy: default-src 'self' https://*.paypal.com https://*.paypalobjects.com; script-src 'nonce-cPI0eul2dembvHKexMITSkOKXGVKBJPCooKLWiED1UiuJ39B' 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; img-src 'self' https:; font-src 'self' https://*.paypalobjects.com https://*.paypal.com; form-action 'self' https://*.paypal.com; base-uri 'self' https://*.paypal.com; object-src 'none'; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp
content-type: text/html; charset=utf-8
date: Sat, 06 Jul 2024 10:03:42 GMT
dc: ccg11-origin-www-1.paypal.com
etag: W/"e3d-/DPK4Ou06sfg2zMp1V+cD6i+a8Y"
paypal-debug-id: f281779a9d3ac
server-timing: content-encoding;desc="gzip",x-cdn;desc="fastly"
strict-transport-security: max-age=63072000; includeSubDomains; preload
traceparent: 00-0000000000000000000f281779a9d3ac-688d7d49b35a6bd2-01
vary: Accept-Encoding
via: 1.1 varnish, 1.1 varnish
x-cache: MISS, MISS
x-cache-hits: 0, 0
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-served-by: cache-fra-eddf8230071-FRA, cache-fra-eddf8230071-FRA
x-timer: S1720260222.115272,VS0,VE257
x-xss-protection: 1; mode=block

Redirect headers

Cross-Origin-Resource-Policy: Cross-Origin
Location: https://py.pl/
Non-Authoritative-Reason: HSTS

GET
H2 200 app.css
www.paypalobjects.com/web/res/b5f/12b4a9da96fba3c903ae17fdcc16e/css/ 54 KB
10 KB 217ms
43ms Stylesheet
text/css 192.229.221.25
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL

https://www.paypalobjects.com/web/res/b5f/12b4a9da96fba3c903ae17fdcc16e/css/app.css

Requested by

Host: py.pl
URL: https://py.pl/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.229.221.25 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECAcc (frc/4CE4) /

Resource Hash

b726f930dfb2fe747c5aba1d2a72f521efde6960103de4c7174cea1edaafde6b

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://py.pl/
Accept-Language: pl-PL,pl;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 06 Jul 2024 10:03:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-cache: HIT
paypal-debug-id: e8d01c16ca55d
dc: ccg11-origin-www-1.paypal.com
content-length: 10335
last-modified: Fri, 23 Oct 2015 22:24:12 GMT
server: ECAcc (frc/4CE4)
traceparent: 00-0000000000000000000e8d01c16ca55d-7b77ed89733ba3c9-01
etag: W/"562ab38c-d8fd"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31536000, s-maxage=31536000
accept-ranges: bytes
timing-allow-origin: https://www.paypal.com,https://www.sandbox.paypal.com
access-control-allow-headers: x-csrf-token
expires: Sun, 06 Jul 2025 10:03:42 GMT

GET
H2 200 logo_paypal_106x27.png
www.paypalobjects.com/webstatic/logo/ 3 KB
3 KB 215ms
41ms Image
image/png 192.229.221.25
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.paypalobjects.com/webstatic/logo/logo_paypal_106x27.png

Requested by

Host: py.pl
URL: https://py.pl/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.229.221.25 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECAcc (frc/4C86) /

Resource Hash

d5b4b06879f67d270c16984685854fffa267be3e05db4d025761676ddd46a1c9

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://py.pl/
Accept-Language: pl-PL,pl;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 06 Jul 2024 10:03:42 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
x-cache: HIT
paypal-debug-id: bcf7e0bb954cf
dc: ccg11-origin-www-1.paypal.com
content-length: 2787
last-modified: Wed, 30 Apr 2014 15:54:51 GMT
accept-ch: DPR, Viewport-Width, Width, ECT, Downlink
server: ECAcc (frc/4C86)
traceparent: 00-0000000000000000000bcf7e0bb954cf-edf11aa732bf5c1e-01
etag: "53611ccb-ae3"
content-type: image/png
cache-control: s-maxage=31536000, public,max-age=3600
accept-ranges: bytes
timing-allow-origin: https://www.paypal.com,https://www.sandbox.paypal.com
expires: Sat, 06 Jul 2024 11:03:42 GMT

GET
H2 200 require.js Show response
www.paypalobjects.com/js/lib/requirejs/2.1.20/ 15 KB
6 KB 217ms
43ms Script
application/javascript 192.229.221.25
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL

https://www.paypalobjects.com/js/lib/requirejs/2.1.20/require.js

Requested by

Host: py.pl
URL: https://py.pl/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.229.221.25 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECAcc (frc/4CE9) /

Resource Hash

d04169118448d14844d957998462c04a2ba0fd70fce512fe079db00f9493ad17

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://py.pl/
Accept-Language: pl-PL,pl;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 06 Jul 2024 10:03:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-cache: HIT
paypal-debug-id: aebf1ffe4e01a
dc: ccg11-origin-www-1.paypal.com
content-length: 6332
last-modified: Sat, 13 Feb 2021 00:20:33 GMT
server: ECAcc (frc/4CE9)
traceparent: 00-0000000000000000000aebf1ffe4e01a-432413b21be39a23-01
etag: W/"60271b51-3ca3"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: *
cache-control: s-maxage=31536000, public,max-age=3600
accept-ranges: bytes
timing-allow-origin: https://www.paypal.com,https://www.sandbox.paypal.com
access-control-allow-headers: x-csrf-token
expires: Sat, 06 Jul 2024 11:03:42 GMT

GET
H2 200 pa.js Show response
www.paypalobjects.com/pa/js/ 68 KB
25 KB 203ms
43ms Script
application/javascript 192.229.221.25
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL

https://www.paypalobjects.com/pa/js/pa.js

Requested by

Host: py.pl
URL: https://py.pl/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.229.221.25 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECAcc (frc/4CF8) /

Resource Hash

e9dad11ddc84d110174ed1627b4b3d722d0c919965193df8d9d6662794d69767

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://py.pl/
Accept-Language: pl-PL,pl;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 06 Jul 2024 10:03:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-cache: HIT
paypal-debug-id: 6adb86e352280
dc: ccg11-origin-www-1.paypal.com
content-length: 25593
last-modified: Tue, 02 Jul 2024 21:58:28 GMT
server: ECAcc (frc/4CF8)
traceparent: 00-00000000000000000006adb86e352280-897eeb3794d48fe6-01
etag: "66847804-11086+gzip"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: *
cache-control: s-maxage=31536000, public,max-age=3600
accept-ranges: bytes
timing-allow-origin: https://www.paypal.com,https://www.sandbox.paypal.com
access-control-allow-headers: x-csrf-token
expires: Sat, 06 Jul 2024 11:03:42 GMT

GET
H2 200 app.js Show response
www.paypalobjects.com/web/res/b5f/12b4a9da96fba3c903ae17fdcc16e/js/ 218 B
266 B 44ms
44ms Script
application/javascript 192.229.221.25
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL

https://www.paypalobjects.com/web/res/b5f/12b4a9da96fba3c903ae17fdcc16e/js/app.js

Requested by

Host: www.paypalobjects.com
URL: https://www.paypalobjects.com/js/lib/requirejs/2.1.20/require.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.229.221.25 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECAcc (frc/4C90) /

Resource Hash

c45e884274a793b0d6f2a4f47da5249ac502d8214da1aee94e7a6954437e68ac

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://py.pl/
Accept-Language: pl-PL,pl;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 06 Jul 2024 10:03:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-cache: HIT
paypal-debug-id: efb7e7aa293bc
dc: ccg11-origin-www-1.paypal.com
content-length: 144
last-modified: Fri, 23 Oct 2015 22:24:12 GMT
server: ECAcc (frc/4C90)
traceparent: 00-0000000000000000000efb7e7aa293bc-432ea6896974e7e9-01
etag: W/"562ab38c-da"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000, s-maxage=31536000
timing-allow-origin: https://www.paypal.com,https://www.sandbox.paypal.com
access-control-allow-headers: x-csrf-token
expires: Sun, 06 Jul 2025 10:03:42 GMT

POST csp
www.paypal.com/csplog/api/log/ 0
0

GET
H2 200 pp32.png
www.paypalobjects.com/webstatic/icon/ 4 KB
4 KB 44ms
44ms Other
image/png 192.229.221.25
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL

https://www.paypalobjects.com/webstatic/icon/pp32.png

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.229.221.25 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECAcc (frc/4CB6) /

Resource Hash

9e208d404c81e5fc7170c13b8564b1368100d668b2071b16ee14600d08519ac4

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://py.pl/
Accept-Language: pl-PL,pl;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 06 Jul 2024 10:03:42 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
x-cache: HIT
paypal-debug-id: 5ae2365ab9abc
dc: ccg11-origin-www-1.paypal.com
content-length: 3972
last-modified: Wed, 30 Apr 2014 15:54:51 GMT
accept-ch: DPR, Viewport-Width, Width, ECT, Downlink
server: ECAcc (frc/4CB6)
traceparent: 00-00000000000000000005ae2365ab9abc-1077fffe2bf09aa0-01
etag: "53611ccb-f84"
access-control-allow-methods: GET
content-type: image/png
access-control-allow-origin: *
cache-control: s-maxage=31536000, public,max-age=3600
accept-ranges: bytes
timing-allow-origin: https://www.paypal.com,https://www.sandbox.paypal.com
expires: Sat, 06 Jul 2024 11:03:42 GMT

GET
H2 200 favicon.ico
www.paypalobjects.com/webstatic/icon/ 5 KB
2 KB 40ms
40ms Other
image/x-icon 192.229.221.25
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL

https://www.paypalobjects.com/webstatic/icon/favicon.ico

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.229.221.25 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECAcc (frc/4CB3) /

Resource Hash

1690c4e20869c3763b7fc111e2f94035b0a7ee830311dd680ac91421daad3667

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://py.pl/
Accept-Language: pl-PL,pl;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 06 Jul 2024 10:03:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-cache: HIT
paypal-debug-id: 7aecf912392ec
dc: ccg11-origin-www-1.paypal.com
content-length: 1403
last-modified: Thu, 01 May 2014 21:26:45 GMT
server: ECAcc (frc/4CB3)
traceparent: 00-00000000000000000007aecf912392ec-76ee9b2041e10ce3-01
etag: W/"5362bc15-1536"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: image/x-icon
access-control-allow-origin: *
cache-control: s-maxage=31536000, public,max-age=3600
accept-ranges: bytes
timing-allow-origin: https://www.paypal.com,https://www.sandbox.paypal.com
expires: Sat, 06 Jul 2024 11:03:42 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: www.paypal.com
URL: https://www.paypal.com/csplog/api/log/csp

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: PayPal (Financial)

10 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			py.pl/	1969-12-31 23:59:59	Name: nsid Value: s%3AhFXYtY6wkSB816zL_vv6t-Y8xG3XZHvC.okBZN%2BGbpcd%2BaLct6H%2Bfn7PrpwhqfZZyXU%2Fu4upIzo8

2 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://py.pl/ Message: Failed to load resource: the server responded with a status of 404 ()
security	error	URL: https://py.pl/ Message: Refused to execute inline script because it violates the following Content Security Policy directive: "script-src 'nonce-cPI0eul2dembvHKexMITSkOKXGVKBJPCooKLWiED1UiuJ39B' 'self' https://.paypal.com https://.paypalobjects.com 'unsafe-inline'". Note that 'unsafe-inline' is ignored if either a hash or nonce value is present in the source list.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	default-src 'self' https://.paypal.com https://.paypalobjects.com; script-src 'nonce-cPI0eul2dembvHKexMITSkOKXGVKBJPCooKLWiED1UiuJ39B' 'self' https://.paypal.com https://.paypalobjects.com 'unsafe-inline'; img-src 'self' https:; font-src 'self' https://.paypalobjects.com https://.paypal.com; form-action 'self' https://.paypal.com; base-uri 'self' https://.paypal.com; object-src 'none'; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

py.pl
www.paypal.com
www.paypalobjects.com
www.paypal.com
151.101.2.133
192.229.221.25
136c0317a87182012c65ed27acd7d9463ce1efc5816bcedb33a67c076bcd649e
1690c4e20869c3763b7fc111e2f94035b0a7ee830311dd680ac91421daad3667
9e208d404c81e5fc7170c13b8564b1368100d668b2071b16ee14600d08519ac4
b726f930dfb2fe747c5aba1d2a72f521efde6960103de4c7174cea1edaafde6b
c45e884274a793b0d6f2a4f47da5249ac502d8214da1aee94e7a6954437e68ac
d04169118448d14844d957998462c04a2ba0fd70fce512fe079db00f9493ad17
d5b4b06879f67d270c16984685854fffa267be3e05db4d025761676ddd46a1c9
e9dad11ddc84d110174ed1627b4b3d722d0c919965193df8d9d6662794d69767

py.pl Open in urlscan Pro 151.101.2.133 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

9 Requests

89 %HTTPS

0 %IPv6

3 Domains

3 Subdomains

3 IPs

1 Countries

54 kBTransfer

153 kBSize

1 Cookies

2 Outgoing links

Page URL History

Redirected requests

9 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

10 JavaScript Global Variables

1 Cookies

2 Console Messages

Security Headers

Indicators

py.pl Open in urlscan Pro
151.101.2.133 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

9
Requests

89 %
HTTPS

0 %
IPv6

3
Domains

3
Subdomains

3
IPs

1
Countries

54 kB
Transfer

153 kB
Size

1
Cookies

9 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!