www.paypnl.com
Open in
urlscan Pro
2.57.89.5
Malicious Activity!
Public Scan
Submission Tags: phishing malicious Search All
Submission: On May 01 via api from US
Summary
TLS certificate: Issued by R3 on April 9th 2021. Valid for: 3 months.
This is the only time www.paypnl.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: PayPal (Financial)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
5 | 2.57.89.5 2.57.89.5 | 47583 (AS-HOSTINGER) (AS-HOSTINGER) | |
9 | 104.111.228.123 104.111.228.123 | 16625 (AKAMAI-AS) (AKAMAI-AS) | |
1 | 151.101.129.21 151.101.129.21 | 54113 (FASTLY) (FASTLY) | |
5 | 2.19.41.160 2.19.41.160 | 16625 (AKAMAI-AS) (AKAMAI-AS) | |
1 2 | 64.4.245.84 64.4.245.84 | 17012 (PAYPAL) (PAYPAL) | |
2 | 173.0.82.77 173.0.82.77 | 17012 (PAYPAL) (PAYPAL) | |
1 | 2a04:4e42:600... 2a04:4e42:600::291 | 54113 (FASTLY) (FASTLY) | |
1 | 151.101.1.35 151.101.1.35 | 54113 (FASTLY) (FASTLY) | |
25 | 8 |
ASN16625 (AKAMAI-AS, US)
PTR: a104-111-228-123.deploy.static.akamaitechnologies.com
www.paypalobjects.com |
ASN16625 (AKAMAI-AS, US)
PTR: a2-19-41-160.deploy.static.akamaitechnologies.com
c.paypal.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
12 |
paypal.com
1 redirects
www.paypal.com c.paypal.com b.stats.paypal.com dub.stats.paypal.com www.sandbox.paypal.com c6.paypal.com t.paypal.com |
137 KB |
9 |
paypalobjects.com
www.paypalobjects.com |
93 KB |
5 |
paypnl.com
www.paypnl.com |
21 KB |
25 | 3 |
Domain | Requested by | |
---|---|---|
9 | www.paypalobjects.com |
www.paypnl.com
www.paypalobjects.com |
5 | c.paypal.com |
www.paypalobjects.com
c.paypal.com |
5 | www.paypnl.com |
www.paypalobjects.com
|
2 | www.sandbox.paypal.com |
www.paypalobjects.com
|
1 | t.paypal.com | |
1 | c6.paypal.com | |
1 | dub.stats.paypal.com | |
1 | b.stats.paypal.com | 1 redirects |
1 | www.paypal.com |
www.paypnl.com
|
25 | 9 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
paypnl.com R3 |
2021-04-09 - 2021-07-08 |
3 months | crt.sh |
www.paypal.com DigiCert SHA2 Extended Validation Server CA |
2021-04-28 - 2022-01-11 |
9 months | crt.sh |
c.paypal.com DigiCert SHA2 Extended Validation Server CA |
2020-01-09 - 2022-01-13 |
2 years | crt.sh |
b.stats.paypal.com DigiCert SHA2 High Assurance Server CA |
2020-03-13 - 2022-06-03 |
2 years | crt.sh |
www.sandbox.paypal.com DigiCert SHA2 Extended Validation Server CA |
2021-01-07 - 2022-02-06 |
a year | crt.sh |
t.paypal.com DigiCert SHA2 Extended Validation Server CA |
2020-11-17 - 2021-11-21 |
a year | crt.sh |
This page contains 3 frames:
Primary Page:
https://www.paypnl.com/signin/paypal.php
Frame ID: CB8F3716FDCB3525FA07E7655937B39A
Requests: 18 HTTP requests in this frame
Frame:
https://dub.stats.paypal.com/v1/counter2.cgi?r=cD02NUgxNDk1MDQ1MjMzMTUzOCZpPTE5Ny4yMzQuMjE5LjI1JnQ9MTU5NTU4ODc3OS41MDMmYT0yMSZzPVVOSUZJRURfTE9HSU6GN6ekZhfESPuqlqkuJ3Ot61B5ug
Frame ID: FC7BB86C796718A30BAAB043DDE1BEB4
Requests: 1 HTTP requests in this frame
Frame:
https://c.paypal.com/v1/r/d/i?js_src=https://c.paypal.com/webstatic/r/fb/fb-all-prod.pp2.min.js
Frame ID: 25F91708E7F6879A628432AACE961FFF
Requests: 5 HTTP requests in this frame
0 Outgoing links
These are links going to different origins than the main page.
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 15- https://b.stats.paypal.com/v1/counter.cgi?r=cD02NUgxNDk1MDQ1MjMzMTUzOCZpPTE5Ny4yMzQuMjE5LjI1JnQ9MTU5NTU4ODc3OS41MDMmYT0yMSZzPVVOSUZJRURfTE9HSU6GN6ekZhfESPuqlqkuJ3Ot61B5ug HTTP 302
- https://dub.stats.paypal.com/v1/counter2.cgi?r=cD02NUgxNDk1MDQ1MjMzMTUzOCZpPTE5Ny4yMzQuMjE5LjI1JnQ9MTU5NTU4ODc3OS41MDMmYT0yMSZzPVVOSUZJRURfTE9HSU6GN6ekZhfESPuqlqkuJ3Ot61B5ug
25 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
paypal.php
www.paypnl.com/signin/ |
55 KB 17 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
xhr-ads.min.js
www.paypalobjects.com/web/res/40f/264f98d5d1f113e33bd9c3be2bba5/js/ |
21 KB 7 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
contextualLogin.css
www.paypalobjects.com/web/res/c0e/6ca529a45d99f5eaa05cdff0777ab/css/ |
98 KB 17 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
modernizr-2.6.1.js
www.paypalobjects.com/web/res/c0e/6ca529a45d99f5eaa05cdff0777ab/js/lib/ |
4 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
icon-PN-check.png
www.paypalobjects.com/images/shared/ |
1 KB 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
glyph_alert_critical_big-2x.png
www.paypalobjects.com/images/shared/ |
2 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
fn-sync-telemetry-min.js
www.paypalobjects.com/web/res/c0e/6ca529a45d99f5eaa05cdff0777ab/js/lib/ |
5 KB 3 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
checkout-split.js
www.paypalobjects.com/web/res/c0e/6ca529a45d99f5eaa05cdff0777ab/js/ |
158 KB 39 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
pa.js
www.paypalobjects.com/pa/js/min/ |
52 KB 20 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
js
www.paypal.com/sdk/ |
302 KB 94 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
paypal-logo-129x32.svg
www.paypalobjects.com/images/shared/ |
5 KB 2 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
fb-all-prod.pp2.min.js
c.paypal.com/webstatic/r/fb/ |
58 KB 19 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3-Q050 |
challenge.js
www.paypnl.com/auth/createchallenge/5d5f96d4ee80d31f/ |
2 KB 1 KB |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H3-Q050 |
client-log
www.paypnl.com/signin/ |
2 KB 933 B |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3-Q050 |
cookie-banner
www.paypnl.com/signin/ |
2 KB 933 B |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H3-Q050 |
client-log
www.paypnl.com/signin/ |
2 KB 933 B |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
counter2.cgi
dub.stats.paypal.com/v1/ Frame FC7B Redirect Chain
|
42 B 299 B |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H/1.1 |
logger
www.sandbox.paypal.com/xoplatform/logger/api/ |
875 B 2 KB |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
OPTIONS H/1.1 |
logger
www.sandbox.paypal.com/xoplatform/logger/api/ Frame |
0 0 |
Preflight
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
i
c.paypal.com/v1/r/d/ Frame 25F9 |
187 B 1 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
fb-all-prod.pp2.min.js
c.paypal.com/webstatic/r/fb/ Frame 25F9 |
58 KB 19 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H/1.1 |
p1
c.paypal.com/v1/r/d/b/ Frame 25F9 |
125 B 939 B |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H/1.1 |
p2
c.paypal.com/v1/r/d/b/ Frame 25F9 |
125 B 695 B |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
p3
c6.paypal.com/v1/r/d/b/ Frame 25F9 |
0 255 B |
Image
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ts
t.paypal.com/ |
42 B 675 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: PayPal (Financial)45 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| 0 object| 1 object| 2 object| onbeforexrselect object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| cookieStore function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker boolean| originAgentCluster object| trustedTypes boolean| crossOriginIsolated boolean| paypalADSInterceptorInjected object| html5 object| Modernizr function| isEligibleIntegration object| antiClickjack object| PAYPAL function| $ object| fpti string| fptiserverurl object| _ifpti object| __post_robot_10_0_42___d526c609dc_mtq6mtg6mdm object| paypal object| __zoid_9_0_63___d526c609dc_mtq6mtg6mdm object| __paypal_storage__ function| AjaxRequest string| PP_SERVICE_URL string| BASE_SWF_URL string| BEACON_BASE_URL string| PP_IFRAME_JS_URL string| PP_NEW_SERVICE_URL string| PP_VERSION object| Configuration object| PFB_4732Config object| PFB_4732 object| dataCollector object| fp undefined| runFb function| initTsFb object| jstz function| SwfStore function| SlvtStore1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
www.paypnl.com/ | Name: PHPSESSID Value: b20dc48613d0f7094072f4d7bbf1ec31 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
b.stats.paypal.com
c.paypal.com
c6.paypal.com
dub.stats.paypal.com
t.paypal.com
www.paypal.com
www.paypalobjects.com
www.paypnl.com
www.sandbox.paypal.com
104.111.228.123
151.101.1.35
151.101.129.21
173.0.82.77
2.19.41.160
2.57.89.5
2a04:4e42:600::291
64.4.245.84
04748dd9a27ac47177d01a763fd68b4ca09f5b9acb4208149f2de40251d07dd2
08d604303801d3eb8b48337e4b1ac48550e5a1f9524b9863b557ff0b6992d5b9
0adaf22e6710cbc950db6526ac09b6c8757ed25e4701196e88cf2f87dca596c7
243a1c7c64da6f60be60db0fe8603cf6a3ba4b30245ce3e3df312229c85ee40c
25fffe054cf7f48921658270315d75be019d52bf8e5fcdc59d8df79b1d5033e5
3d70ce95eb1eb78620cc57fe1a6a479e6f2d70508bf813238e573863df000d6e
44b78f50d8c2df728baaa7948c4967121bf5fb8190edfa6a0cda582dcaa9c534
47043e4823a6c21a8881de789b4185355330b5804629d23f6b43dd93f5265292
553929a7543b162c3da03dc59de4944071e13a575dee1578d33e753158af8e2e
5da9a02fdd7d6d2d41fef72d5e3ba33a4c32262a756542955f68707a93eadd84
6d8ba81d1b60a18707722a1f2b62dad48a6acced95a1933f49a68b5016620b93
8af52678ce80065531480759e30c03f2c43c53b28caf29c92beb5a0467a3ad42
8b202d5bd55968ce4bfc21c063166eaebe62104275ce7ec362d78b64b2581c95
93432f8d213abd9a6bc03c5453c9e857c5efb4657a16ab6163cc93ba73c4d4c9
a6c3bff965978df8093c3a29f7071c21d7439a212af41e7b40ce70d94d6bcc44
b3cc50b9e94bbecaaeb1079b64b8ca50616d1732824964c1cc2c5422627a0ec5
bfd98adbea1e57bd7d24aed2beca19a190c464ad7cbf268b09e65e619a87333a
d2847bea03b68a100caf41aca4d972b58368b4ee956ab13dde15963d905d7c24
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
eafd821460317e3f95f7f5dffba44226efd5a1b1f68be8835a44f1cc2fcfc1d6