py.pl - urlscan.io

Summary

This website contacted 3 IPs in 3 countries across 3 domains to perform 7 HTTP transactions. The main IP is 66.211.169.14, located in United States and belongs to PAYPAL, US. The main domain is py.pl.
TLS certificate: Issued by DigiCert SHA2 Extended Validation Ser... on March 5th 2019. Valid for: 2 years.

This is the only time py.pl was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: PayPal (Financial)

Domain & IP information

	IP Address	AS Autonomous System
1	66.211.169.14 66.211.169.14	17012 (PAYPAL) (PAYPAL)
5	151.101.114.133 151.101.114.133	54113 (FASTLY) (FASTLY)
1	104.111.228.123 104.111.228.123	16625 (AKAMAI-AS) (AKAMAI-AS)
7	3

1 66.211.169.14 (United States)

ASN17012 (PAYPAL, US)
PTR: py.pl

py.pl	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 151.101.114.133 (Frankfurt am Main, Germany)

ASN54113 (FASTLY, US)

www.paypalobjects.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.111.228.123 (Netherlands)

ASN16625 (AKAMAI-AS, US)
PTR: a104-111-228-123.deploy.static.akamaitechnologies.com

www.paypal.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
5	paypalobjects.com www.paypalobjects.com	38 KB
1	paypal.com www.paypal.com
1	py.pl py.pl	4 KB
7	3

	Domain	Requested by
5	www.paypalobjects.com	py.pl www.paypalobjects.com
1	www.paypal.com	py.pl
1	py.pl
7	3

This site contains links to these domains. Also see Links.

Domain
cms.paypal.com

Subject Issuer	Validity	Valid
py.pl DigiCert SHA2 Extended Validation Server CA	`2019-03-05` - `2021-04-22`	2 years	crt.sh
www.paypalobjects.com DigiCert SHA2 Extended Validation Server CA	`2019-12-09` - `2021-12-13`	2 years	crt.sh
www.paypal.com DigiCert SHA2 Extended Validation Server CA	`2020-01-09` - `2022-01-12`	2 years	crt.sh

This page contains 1 frames:

Primary Page: https://py.pl/
Frame ID: EBBCE36BEB137AE027A9BA5F945B430C
Requests: 7 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Statistics

7
Requests

100 %
HTTPS

0 %
IPv6

3
Domains

3
Subdomains

3
IPs

3
Countries

42 kB
Transfer

122 kB
Size

1
Cookies

2 Outgoing links

These are links going to different origins than the main page.

URL: https://cms.paypal.com/cgi-bin/marketingweb?cmd=_render-content&fli=true&content_ID=ua/Privacy_full&locale.x=en-US
Title: Privacy

Search URL Search Domain Scan URL

URL: https://cms.paypal.com/cgi-bin/marketingweb?cmd=_render-content&fli=true&content_ID=ua/upcoming_policies_full&locale.x=en_US
Title: Policy updates

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

7 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 404
Not Found Primary Request Cookie set / Show response
py.pl/ 4 KB
4 KB 1842ms
376ms Document
text/html 66.211.169.14
PAYPAL

General

Check archive.org

Show headers Download Go to

Full URL

https://py.pl/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

66.211.169.14 , United States, ASN17012 (PAYPAL, US),

Reverse DNS

py.pl

Software

/

Resource Hash

e4c62bb67f1a52dc67145c95aa4b80a71d7eb9503eb8957aa9646376145612d5

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https://.paypal.com https://.paypalobjects.com; script-src 'nonce-dLcLyrXiPOAEucoHZTs9oyiS4Fx4tgV6pBDlXWFF5slrbRt3' 'self' https://.paypal.com https://.paypalobjects.com 'unsafe-inline'; img-src 'self' https:; font-src 'self' https://.paypalobjects.com https://.paypal.com; form-action 'self' https://.paypal.com; base-uri 'self' https://.paypal.com; object-src 'none'; block-all-mixed-content;; report-uri https://www.paypal.com/csplog/api/log/csp
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Host: py.pl
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: none
Sec-Fetch-Mode: navigate
Sec-Fetch-User: ?1
Sec-Fetch-Dest: document
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Cache-Control: max-age=0, no-cache, no-store, must-revalidate
Content-Encoding: gzip
Content-Security-Policy: default-src 'self' https://*.paypal.com https://*.paypalobjects.com; script-src 'nonce-dLcLyrXiPOAEucoHZTs9oyiS4Fx4tgV6pBDlXWFF5slrbRt3' 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; img-src 'self' https:; font-src 'self' https://*.paypalobjects.com https://*.paypal.com; form-action 'self' https://*.paypal.com; base-uri 'self' https://*.paypal.com; object-src 'none'; block-all-mixed-content;; report-uri https://www.paypal.com/csplog/api/log/csp
Content-Type: text/html; charset=utf-8
Date: Fri, 04 Sep 2020 20:06:46 GMT
Etag: W/"ff3-+RhSllKtdlX2L66c415mU7TSZpQ"
Paypal-Debug-Id: 17cd82594c1e8
Set-Cookie: enforce_policy=ccpa; Path=/; Domain=paypal.com; Expires=Sat, 04 Sep 2021 20:06:46 GMT; Max-Age=31536000; Secure; SameSite=None LANG=en_US%3BUS; Path=/; Domain=paypal.com; Expires=Sat, 05 Sep 2020 04:52:42 GMT; Max-Age=31556; HttpOnly; Secure; SameSite=None tsrce=unpshorturlnodeweb; Path=/; Domain=paypal.com; Expires=Mon, 07 Sep 2020 20:06:45 GMT; Max-Age=259199; HttpOnly; Secure; SameSite=None x-pp-s=eyJ0IjoiMTU5OTI1MDAwNjg5NyIsImwiOiIwIiwibSI6IjAifQ; Path=/; Domain=paypal.com; HttpOnly; Secure; SameSite=None nsid=s%3AtxjWL7Ko7MGofOUJOr69HsypfF0-LWEY.io1AbuDfSD6%2FOVirC7NrPNVBc0aYo63vmoz0td3Dyhw; Path=/; HttpOnly; Secure; SameSite=None X-PP-SILOVER=name%3DLIVE3.WEB.1%26silo_version%3D880%26app%3Dunpshorturlnodeweb%26TIME%3D1599250006%26HTTP_X_PP_AZ_LOCATOR%3Ddcg02.phx; Path=/; Domain=paypal.com; Expires=Fri, 04 Sep 2020 20:36:46 GMT; HttpOnly; Secure; SameSite=None ts=vreXpYrS%3D1693858006%26vteXpYrS%3D1599251806%26vr%3D5aba83561740a270be28dbb9fef2487c%26vt%3D5aba83561740a270be28dbb9fef2487b%26vtyp%3Dnew; Path=/; Domain=paypal.com; Expires=Mon, 04 Sep 2023 20:06:46 GMT; HttpOnly; Secure; SameSite=None ts_c=vr%3D5aba83561740a270be28dbb9fef2487c%26vt%3D5aba83561740a270be28dbb9fef2487b; Path=/; Domain=paypal.com; Expires=Mon, 04 Sep 2023 20:06:46 GMT; Secure; SameSite=None
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-Xss-Protection: 1; mode=block
Content-Length: 1742

GET
H2 200 app.css
www.paypalobjects.com/web/res/b5f/12b4a9da96fba3c903ae17fdcc16e/css/ 54 KB
10 KB 198ms
95ms Stylesheet
text/css 151.101.114.133
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.paypalobjects.com/web/res/b5f/12b4a9da96fba3c903ae17fdcc16e/css/app.css

Requested by

Host: py.pl
URL: https://py.pl/

Protocol

H2

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.114.133 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),

Reverse DNS

Software

Apache /

Resource Hash

b726f930dfb2fe747c5aba1d2a72f521efde6960103de4c7174cea1edaafde6b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31557600
X-Content-Type-Options	nosniff

Request headers

Referer: https://py.pl/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 04 Sep 2020 20:06:47 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1128617
x-cache: HIT, HIT
status: 200
vary: Accept-Encoding
content-length: 10335
x-served-by: cache-lax8622-LAX, cache-hhn4062-HHN
last-modified: Fri, 23 Oct 2015 22:24:12 GMT
server: Apache
x-timer: S1599250007.168753,VS0,VE1
strict-transport-security: max-age=31557600
content-type: text/css
via: 1.1 varnish, 1.1 varnish
cache-control: max-age=31536000
accept-ranges: bytes
x-cache-hits: 1, 1

GET
H2 200 logo_paypal_106x27.png
www.paypalobjects.com/webstatic/logo/ 3 KB
3 KB 161ms
58ms Image
image/png 151.101.114.133
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.paypalobjects.com/webstatic/logo/logo_paypal_106x27.png

Requested by

Host: py.pl
URL: https://py.pl/

Protocol

H2

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.114.133 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),

Reverse DNS

Software

Apache /

Resource Hash

d5b4b06879f67d270c16984685854fffa267be3e05db4d025761676ddd46a1c9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31557600
X-Content-Type-Options	nosniff

Request headers

Referer: https://py.pl/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 04 Sep 2020 20:06:47 GMT
via: 1.1 varnish, 1.1 varnish
x-content-type-options: nosniff
age: 14517178
x-cache: HIT, HIT
status: 200
surrorage-key: /webstatic/logo/logo_paypal_106x27.png /webstatic/logo/logo_paypal_106x27.png /webstatic/logo/logo_paypal_106x27.png /webstatic/logo/logo_paypal_106x27.png /webstatic/logo/logo_paypal_106x27.png /webstatic/logo/logo_paypal_106x27.png /webstatic/logo/logo_paypal_106x27.png /webstatic/logo /webstatic
content-length: 2787
x-served-by: cache-lax8627-LAX, cache-hhn4062-HHN
last-modified: Wed, 30 Apr 2014 15:54:51 GMT
server: Apache
x-timer: S1599250007.168714,VS0,VE0
strict-transport-security: max-age=31557600
content-type: image/png
cache-control: max-age=3600
accept-ranges: bytes
x-cache-hits: 26, 3

GET
H2 200 require.js Show response
www.paypalobjects.com/js/lib/requirejs/2.1.20/ 15 KB
6 KB 193ms
91ms Script
application/x-javascript 151.101.114.133
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.paypalobjects.com/js/lib/requirejs/2.1.20/require.js

Requested by

Host: py.pl
URL: https://py.pl/

Protocol

H2

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.114.133 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),

Reverse DNS

Software

Apache /

Resource Hash

d04169118448d14844d957998462c04a2ba0fd70fce512fe079db00f9493ad17

Security Headers

Name	Value
Strict-Transport-Security	max-age=31557600
X-Content-Type-Options	nosniff

Request headers

Referer: https://py.pl/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 04 Sep 2020 20:06:47 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 2976054
x-cache: HIT, HIT
status: 200
vary: Accept-Encoding
content-length: 6332
via: 1.1 varnish, 1.1 varnish
x-served-by: cache-lax8623-LAX, cache-hhn4062-HHN
last-modified: Wed, 12 Aug 2015 17:53:29 GMT
server: Apache
x-timer: S1599250007.168734,VS0,VE1
strict-transport-security: max-age=31557600
access-control-allow-methods: GET
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: max-age=3600
accept-ranges: bytes
access-control-allow-headers: x-csrf-token
x-cache-hits: 1, 1

GET
H2 200 pa.js Show response
www.paypalobjects.com/pa/js/ 46 KB
18 KB 160ms
58ms Script
application/x-javascript 151.101.114.133
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.paypalobjects.com/pa/js/pa.js

Requested by

Host: py.pl
URL: https://py.pl/

Protocol

H2

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.114.133 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),

Reverse DNS

Software

Apache /

Resource Hash

7b05f3d436d0facb423ffd11545560d590ae5c4186b942f937b1b091322070ed

Security Headers

Name	Value
Strict-Transport-Security	max-age=31557600
X-Content-Type-Options	nosniff

Request headers

Referer: https://py.pl/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 04 Sep 2020 20:06:47 GMT
x-pad: avoid browser bug
x-content-type-options: nosniff
age: 160008
x-cache: HIT, HIT
status: 200
content-encoding: gzip
vary: Accept-Encoding
content-length: 17778
via: 1.1 varnish, 1.1 varnish
x-served-by: cache-lax8639-LAX, cache-hhn4062-HHN
last-modified: Wed, 02 Sep 2020 23:05:30 GMT
server: Apache
x-timer: S1599250007.168722,VS0,VE0
strict-transport-security: max-age=31557600
access-control-allow-methods: GET
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: max-age=3600
accept-ranges: bytes
access-control-allow-headers: x-csrf-token
x-cache-hits: 97, 17525

GET
H2 200 app.js Show response
www.paypalobjects.com/web/res/b5f/12b4a9da96fba3c903ae17fdcc16e/js/ 218 B
437 B 63ms
63ms Script
application/x-javascript 151.101.114.133
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.paypalobjects.com/web/res/b5f/12b4a9da96fba3c903ae17fdcc16e/js/app.js

Requested by

Host: www.paypalobjects.com
URL: https://www.paypalobjects.com/js/lib/requirejs/2.1.20/require.js

Protocol

H2

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.114.133 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),

Reverse DNS

Software

Apache /

Resource Hash

c45e884274a793b0d6f2a4f47da5249ac502d8214da1aee94e7a6954437e68ac

Security Headers

Name	Value
Strict-Transport-Security	max-age=31557600
X-Content-Type-Options	nosniff

Request headers

Referer: https://py.pl/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 04 Sep 2020 20:06:47 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1902002
x-cache: MISS, HIT
status: 200
vary: Accept-Encoding
content-length: 144
via: 1.1 varnish, 1.1 varnish
x-served-by: cache-lax8645-LAX, cache-hhn4062-HHN
last-modified: Fri, 23 Oct 2015 22:24:12 GMT
server: Apache
x-timer: S1599250007.330921,VS0,VE1
strict-transport-security: max-age=31557600
access-control-allow-methods: GET
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: max-age=31536000
accept-ranges: bytes
access-control-allow-headers: x-csrf-token
x-cache-hits: 0, 1

POST
H2 200 csp
www.paypal.com/csplog/api/log/ 0
0 370ms
256ms Other
text/plain 104.111.228.123
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://www.paypal.com/csplog/api/log/csp
Requested by: Host: py.pl
URL: https://py.pl/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.111.228.123 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-111-228-123.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://py.pl/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: application/csp-report

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: PayPal (Financial)

8 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			py.pl/	1969-12-31 23:59:59	Name: nsid Value: s%3AtxjWL7Ko7MGofOUJOr69HsypfF0-LWEY.io1AbuDfSD6%2FOVirC7NrPNVBc0aYo63vmoz0td3Dyhw

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	default-src 'self' https://.paypal.com https://.paypalobjects.com; script-src 'nonce-dLcLyrXiPOAEucoHZTs9oyiS4Fx4tgV6pBDlXWFF5slrbRt3' 'self' https://.paypal.com https://.paypalobjects.com 'unsafe-inline'; img-src 'self' https:; font-src 'self' https://.paypalobjects.com https://.paypal.com; form-action 'self' https://.paypal.com; base-uri 'self' https://.paypal.com; object-src 'none'; block-all-mixed-content;; report-uri https://www.paypal.com/csplog/api/log/csp
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

py.pl
www.paypal.com
www.paypalobjects.com
104.111.228.123
151.101.114.133
66.211.169.14
7b05f3d436d0facb423ffd11545560d590ae5c4186b942f937b1b091322070ed
b726f930dfb2fe747c5aba1d2a72f521efde6960103de4c7174cea1edaafde6b
c45e884274a793b0d6f2a4f47da5249ac502d8214da1aee94e7a6954437e68ac
d04169118448d14844d957998462c04a2ba0fd70fce512fe079db00f9493ad17
d5b4b06879f67d270c16984685854fffa267be3e05db4d025761676ddd46a1c9
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e4c62bb67f1a52dc67145c95aa4b80a71d7eb9503eb8957aa9646376145612d5

py.pl Open in urlscan Pro 66.211.169.14 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Statistics

7 Requests

100 %HTTPS

0 %IPv6

3 Domains

3 Subdomains

3 IPs

3 Countries

42 kBTransfer

122 kBSize

1 Cookies

2 Outgoing links

Redirected requests

7 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

8 JavaScript Global Variables

1 Cookies

Security Headers

Indicators

py.pl Open in urlscan Pro
66.211.169.14 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

7
Requests

100 %
HTTPS

0 %
IPv6

3
Domains

3
Subdomains

3
IPs

3
Countries

42 kB
Transfer

122 kB
Size

1
Cookies

7 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!