urlscan.io logo urlscan.io
SecurityTrails logo

py.pl Open in urlscan Pro
173.0.88.32  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://py.pl/
Effective URL: https://py.pl/
Submission: On March 11 via manual from US
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 2 IPs in 2 countries across 3 domains to perform 7 HTTP transactions. The main IP is 173.0.88.32, located in San Jose, United States and belongs to PAYPAL - PayPal, Inc., US. The main domain is py.pl.
TLS certificate: Issued by DigiCert SHA2 Extended Validation Ser... on March 23rd 2017. Valid for: 2 years.
This is the only time py.pl was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: PayPal (Financial)

Domain & IP information

IP Address AS Autonomous System
1 1 66.211.169.14 17012 (PAYPAL)
1 173.0.88.32 17012 (PAYPAL)
6 2.21.38.79 20940 (AKAMAI-ASN1)
7 2
Apex Domain
Subdomains		 Transfer
5 paypalobjects.com
www.paypalobjects.com
32 KB
2 py.pl
py.pl
4 KB
1 paypal.com
www.paypal.com
2 KB
7 3
Domain Requested by
5 www.paypalobjects.com py.pl
www.paypalobjects.com
2 py.pl 1 redirects
1 www.paypal.com py.pl
7 3

This site contains links to these domains. Also see Links.

Domain
cms.paypal.com
Subject Issuer Validity Valid
py.pl
DigiCert SHA2 Extended Validation Server CA		 2017-03-23 -
2019-03-27		 2 years crt.sh
www.paypal.com
DigiCert SHA2 Extended Validation Server CA		 2018-08-14 -
2020-08-18		 2 years crt.sh

This page contains 1 frames:

Primary Page: https://py.pl/
Frame ID: 712F3161B40C08237CE82B3B631D94B4
Requests: 7 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page URL History Show full URLs

  1. http://py.pl/ HTTP 302
    https://py.pl/ Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|)HTTPD)/i
Overall confidence: 100%
Detected patterns
  • script /paypalobjects\.com\/js/i
  • env /^PAYPAL$/i
Overall confidence: 100%
Detected patterns
  • script /require.*\.js/i
  • env /^requirejs$/i

Page Statistics

7
Requests

100 %
HTTPS

0 %
IPv6

3
Domains

3
Subdomains

2
IPs

2
Countries

38 kB
Transfer

110 kB
Size

1
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://py.pl/ HTTP 302
    https://py.pl/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

7 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request Cookie set /
py.pl/
Redirect Chain
  • http://py.pl/
  • https://py.pl/
4 KB
4 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://py.pl/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
173.0.88.32 San Jose, United States, ASN17012 (PAYPAL - PayPal, Inc., US),
Reverse DNS
py.pl
Software
Apache /
Resource Hash
31079b8b9dbb64b6e8cb086c55e8c2afccb030d144b3511361e1170838faf26e
Security Headers
Name Value
Content-Security-Policy default-src 'self' https://*.paypal.com https://*.paypalobjects.com; script-src 'nonce-8P1xxsP080RqomK+5lCLU18Is9GQeWqsFQ/MASf+JVW4BuF7' 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; img-src 'self' https:; font-src 'self' https://*.paypalobjects.com https://*.paypal.com; form-action 'self' https://*.paypal.com; base-uri 'self' https://*.paypal.com; object-src 'none'; block-all-mixed-content; report-uri https://www.paypal.com/csplog/api/log/csp
Strict-Transport-Security max-age=14400
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Host
py.pl
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Accept-Encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Mon, 11 Mar 2019 23:37:57 GMT
Server
Apache
Connection
keep-alive, Keep-Alive
X-Recruiting
If you are reading this, maybe you should be working at PayPal instead! Check out https://www.paypal.com/us/webapps/mpp/paypal-jobs
Paypal-Debug-Id
f248f45bc4a98 f248f45bc4a98
Cache-Control
no-cache max-age=0, no-cache, no-store, must-revalidate
x-content-type-options
nosniff
x-xss-protection
1; mode=block
x-frame-options
SAMEORIGIN
content-security-policy
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; script-src 'nonce-8P1xxsP080RqomK+5lCLU18Is9GQeWqsFQ/MASf+JVW4BuF7' 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; img-src 'self' https:; font-src 'self' https://*.paypalobjects.com https://*.paypal.com; form-action 'self' https://*.paypal.com; base-uri 'self' https://*.paypal.com; object-src 'none'; block-all-mixed-content; report-uri https://www.paypal.com/csplog/api/log/csp
ETag
W/"f55-Sr5JB7/E83TizxknhAvpflm9jCc"
set-cookie
enforce_policy=; Domain=.paypal.com; Path=/; Expires=Thu, 01 Jan 1970 00:00:00 GMT; Secure LANG=en_US%3BUS; Max-Age=31; Domain=.paypal.com; Path=/; Expires=Mon, 11 Mar 2019 23:38:29 GMT; HttpOnly; Secure tsrce=unpshorturlnodeweb; Max-Age=259; Domain=.paypal.com; Path=/; Expires=Mon, 11 Mar 2019 23:42:17 GMT; HttpOnly; Secure x-pp-s=eyJ0IjoiMTU1MjM0NzQ3Nzg3MyIsIm0iOiIwIn0; Domain=.paypal.com; Path=/; HttpOnly; Secure nsid=s%3A31Jha5QZX-mBqAres5mkDBZqFbGrLA2D.%2B7wZdzijQ96h6A3VSdin9xbFAgOXj3SJXygganCTD7U; Path=/; HttpOnly; Secure
HTTP_X_PP_AZ_LOCATOR
dcg12.slc
Content-Encoding
gzip
Set-Cookie
X-PP-SILOVER=name%3DLIVE6.WEB.1%26silo_version%3D880%26app%3Dunpshorturlnodeweb%26TIME%3D1441891932%26HTTP_X_PP_AZ_LOCATOR%3Ddcg12.slc; Expires=Tue, 12 Mar 2019 00:07:57 GMT; domain=.paypal.com; path=/; Secure; HttpOnly X-PP-SILOVER=; Expires=Thu, 01 Jan 1970 00:00:01 GMT
Pragma
no-cache
Strict-Transport-Security
max-age=14400
Keep-Alive
timeout=5, max=100
Transfer-Encoding
chunked
Content-Type
text/html; charset=utf-8

Redirect headers

Location
https://py.pl/
Server
BigIP
Connection
Keep-Alive
Content-Length
0
app.css
www.paypalobjects.com/web/res/b5f/12b4a9da96fba3c903ae17fdcc16e/css/ 		54 KB
10 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.paypalobjects.com/web/res/b5f/12b4a9da96fba3c903ae17fdcc16e/css/app.css
Requested by
Host: py.pl
URL: https://py.pl/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2.21.38.79 , France, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
a2-21-38-79.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
b726f930dfb2fe747c5aba1d2a72f521efde6960103de4c7174cea1edaafde6b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff

Request headers

Referer
https://py.pl/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Mon, 11 Mar 2019 23:37:58 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Fri, 23 Oct 2015 22:24:12 GMT
server
Apache
vary
Accept-Encoding
content-type
text/css
status
200
cache-control
max-age=7776000
strict-transport-security
max-age=31536000
accept-ranges
bytes
content-length
10335
expires
Sun, 09 Jun 2019 23:37:58 GMT
logo_paypal_106x27.png
www.paypalobjects.com/webstatic/logo/ 		3 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.paypalobjects.com/webstatic/logo/logo_paypal_106x27.png
Requested by
Host: py.pl
URL: https://py.pl/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2.21.38.79 , France, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
a2-21-38-79.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
d5b4b06879f67d270c16984685854fffa267be3e05db4d025761676ddd46a1c9
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff

Request headers

Referer
https://py.pl/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 11 Mar 2019 23:37:58 GMT
x-content-type-options
nosniff
last-modified
Wed, 30 Apr 2014 15:54:51 GMT
server
Apache
strict-transport-security
max-age=31536000
p3p
CP="NON DSP ADM DEV PSD OUR IND STP PHY PRE NAV UNI"
status
200
cache-control
max-age=0, no-cache, no-store
accept-ranges
bytes
content-type
image/png
content-length
2787
expires
Mon, 11 Mar 2019 23:37:58 GMT
require.js
www.paypalobjects.com/js/lib/requirejs/2.1.20/ 		15 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.paypalobjects.com/js/lib/requirejs/2.1.20/require.js
Requested by
Host: py.pl
URL: https://py.pl/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2.21.38.79 , France, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
a2-21-38-79.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
d04169118448d14844d957998462c04a2ba0fd70fce512fe079db00f9493ad17
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff

Request headers

Referer
https://py.pl/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Mon, 11 Mar 2019 23:37:58 GMT
x-pad
avoid browser bug
x-content-type-options
nosniff
status
200
strict-transport-security
max-age=31536000
content-encoding
gzip
content-length
6332
last-modified
Wed, 12 Aug 2015 17:53:30 GMT
server
Apache
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
application/x-javascript
access-control-allow-origin
*
cache-control
max-age=7776000
accept-ranges
bytes
access-control-allow-headers
x-csrf-token
expires
Sun, 09 Jun 2019 23:37:58 GMT
pa.js
www.paypalobjects.com/pa/js/ 		33 KB
12 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.paypalobjects.com/pa/js/pa.js
Requested by
Host: py.pl
URL: https://py.pl/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2.21.38.79 , France, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
a2-21-38-79.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
47ddc974eefd3b0babea6d9ff9a63dca3fded165bb0fba5baa6a837d9871e26c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff

Request headers

Referer
https://py.pl/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Mon, 11 Mar 2019 23:37:58 GMT
x-pad
avoid browser bug
x-content-type-options
nosniff
status
200
strict-transport-security
max-age=31536000
content-encoding
gzip
content-length
12105
last-modified
Wed, 06 Mar 2019 01:46:47 GMT
server
Apache
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
application/x-javascript
access-control-allow-origin
*
cache-control
max-age=3600
accept-ranges
bytes
access-control-allow-headers
x-csrf-token
expires
Tue, 12 Mar 2019 00:37:58 GMT
app.js
www.paypalobjects.com/web/res/b5f/12b4a9da96fba3c903ae17fdcc16e/js/ 		218 B
447 B 		Script
General
Check archive.org
Download Go to
Full URL
https://www.paypalobjects.com/web/res/b5f/12b4a9da96fba3c903ae17fdcc16e/js/app.js
Requested by
Host: www.paypalobjects.com
URL: https://www.paypalobjects.com/js/lib/requirejs/2.1.20/require.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2.21.38.79 , France, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
a2-21-38-79.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
c45e884274a793b0d6f2a4f47da5249ac502d8214da1aee94e7a6954437e68ac
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff

Request headers

Referer
https://py.pl/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Mon, 11 Mar 2019 23:37:58 GMT
x-pad
avoid browser bug
x-content-type-options
nosniff
status
200
strict-transport-security
max-age=31536000
content-encoding
gzip
content-length
144
last-modified
Fri, 23 Oct 2015 22:24:12 GMT
server
Apache
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
application/x-javascript
access-control-allow-origin
*
cache-control
max-age=7776000
accept-ranges
bytes
access-control-allow-headers
x-csrf-token
expires
Sun, 09 Jun 2019 23:37:58 GMT
csp
www.paypal.com/csplog/api/log/ 		0
2 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://www.paypal.com/csplog/api/log/csp
Requested by
Host: py.pl
URL: https://py.pl/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2.21.38.79 , France, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
a2-21-38-79.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://py.pl/
Origin
https://py.pl
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Content-Type
application/csp-report

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: PayPal (Financial)

10 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onselectstart object| onselectionchange function| queueMicrotask function| requirejs function| require function| define object| PAYPAL object| fpti string| fptiserverurl boolean| readyToGo

1 Cookies

Domain/Path Name / Value
py.pl/ Name: nsid
Value: s%3A31Jha5QZX-mBqAres5mkDBZqFbGrLA2D.%2B7wZdzijQ96h6A3VSdin9xbFAgOXj3SJXygganCTD7U

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy default-src 'self' https://*.paypal.com https://*.paypalobjects.com; script-src 'nonce-8P1xxsP080RqomK+5lCLU18Is9GQeWqsFQ/MASf+JVW4BuF7' 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; img-src 'self' https:; font-src 'self' https://*.paypalobjects.com https://*.paypal.com; form-action 'self' https://*.paypal.com; base-uri 'self' https://*.paypal.com; object-src 'none'; block-all-mixed-content; report-uri https://www.paypal.com/csplog/api/log/csp
Strict-Transport-Security max-age=14400
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block