www.paypal-status.com
Open in
urlscan Pro
20.69.68.249
Malicious Activity!
Public Scan
Submission: On January 10 via api from US — Scanned from US
Summary
TLS certificate: Issued by DigiCert SHA2 Extended Validation Ser... on June 21st 2023. Valid for: a year.
This is the only time www.paypal-status.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: PayPal (Financial)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
5 | 20.69.68.249 20.69.68.249 | 8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK) | |
12 | 192.229.210.155 192.229.210.155 | 15133 (EDGECAST) (EDGECAST) | |
1 | 104.17.209.240 104.17.209.240 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
2 | 151.101.1.35 151.101.1.35 | 54113 (FASTLY) (FASTLY) | |
20 | 4 |
ASN13335 (CLOUDFLARENET, US)
zn6x1kz7ll5vk5v5q-paypalxm.siteintercept.qualtrics.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
12 |
paypalobjects.com
www.paypalobjects.com — Cisco Umbrella Rank: 2512 |
274 KB |
5 |
paypal-status.com
www.paypal-status.com — Cisco Umbrella Rank: 538132 |
1 MB |
2 |
paypal.com
t.paypal.com — Cisco Umbrella Rank: 3583 |
1 KB |
1 |
qualtrics.com
zn6x1kz7ll5vk5v5q-paypalxm.siteintercept.qualtrics.com |
2 KB |
20 | 4 |
Domain | Requested by | |
---|---|---|
12 | www.paypalobjects.com |
www.paypal-status.com
www.paypalobjects.com |
5 | www.paypal-status.com |
www.paypal-status.com
|
2 | t.paypal.com | |
1 | zn6x1kz7ll5vk5v5q-paypalxm.siteintercept.qualtrics.com |
www.paypalobjects.com
|
20 | 4 |
This site contains links to these domains. Also see Links.
Domain |
---|
www.paypal.com |
Subject Issuer | Validity | Valid | |
---|---|---|---|
www.paypal-status.com DigiCert SHA2 Extended Validation Server CA |
2023-06-21 - 2024-07-21 |
a year | crt.sh |
www.paypal.com DigiCert SHA2 Extended Validation Server CA |
2023-10-12 - 2024-10-31 |
a year | crt.sh |
*.qualtrics.com DigiCert Global G2 TLS RSA SHA256 2020 CA1 |
2023-03-27 - 2024-03-26 |
a year | crt.sh |
t.paypal.com DigiCert SHA2 Extended Validation Server CA |
2023-09-21 - 2024-10-21 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://www.paypal-status.com/incident/production
Frame ID: 0C50EB1612FF6507001319A89FD7AB04
Requests: 20 HTTP requests in this frame
4 Outgoing links
These are links going to different origins than the main page.
Title: Privacy
Search URL Search Domain Scan URL
Title: Legal
Search URL Search Domain Scan URL
Title: PayPal.com
Search URL Search Domain Scan URL
Title: Support
Search URL Search Domain Scan URL
Redirected requests
There were HTTP redirect chains for the following requests:
20 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
production
www.paypal-status.com/incident/ |
842 B 2 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
app.css
www.paypal-status.com/css/ |
122 KB 123 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
pa.js
www.paypalobjects.com/pa/js/min/ |
69 KB 26 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
bundle.js
www.paypal-status.com/ |
1 MB 300 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
latmconf.js
www.paypalobjects.com/pa/mi/paypal/ |
339 KB 38 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
OrchestratorMain.js
www.paypalobjects.com/pa/3pjs/qualtrics/1.64.1/ |
7 KB 3 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
12.2e4d3453d92fa382c1f6.chunk.js
www.paypalobjects.com/pa/3pjs/qualtrics/1.64.1/ |
56 KB 16 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
components
www.paypal-status.com/api/v1/ |
21 KB 22 KB |
Fetch
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
events
www.paypal-status.com/api/v1/ |
755 KB 756 KB |
Fetch
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ppcom.svg
www.paypalobjects.com/webstatic/i/logo/rebrand/ |
5 KB 2 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
PayPalSansBig-Regular.woff
www.paypalobjects.com/webstatic/mktg/2014design/font/PP-Sans/ |
49 KB 49 KB |
Font
font/woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
Targeting.php
zn6x1kz7ll5vk5v5q-paypalxm.siteintercept.qualtrics.com/WRSiteInterceptEngine/ |
3 KB 2 KB |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ts
t.paypal.com/ |
42 B 791 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
PayPalSansBig-Light.woff
www.paypalobjects.com/webstatic/mktg/2014design/font/PP-Sans/ |
48 KB 48 KB |
Font
font/woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
PayPalSansSmall-Regular.woff
www.paypalobjects.com/webstatic/mktg/2014design/font/PP-Sans/ |
46 KB 46 KB |
Font
font/woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
CoreModule.js
www.paypalobjects.com/pa/3pjs/qualtrics/1.64.1/ |
100 KB 29 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
4.bee7caf079144a7b9980.chunk.js
www.paypalobjects.com/pa/3pjs/qualtrics/1.64.1/ |
2 KB 1 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
1.1303dc17a61da0f506d3.chunk.js
www.paypalobjects.com/pa/3pjs/qualtrics/1.64.1/ |
29 KB 7 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
17.0e47ac923c1fa85e46cf.chunk.js
www.paypalobjects.com/pa/3pjs/qualtrics/1.64.1/ |
19 KB 8 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ts
t.paypal.com/ |
42 B 494 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: PayPal (Financial)23 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| documentPictureInPicture object| PAYPAL object| fpti string| fptiserverurl object| options object| _ifpti object| latmconf object| laDataLayer object| QSI object| WAFQualtricsWebpackJsonP-hosted-1.64.1 object| core object| __core-js_shared__ object| global object| System function| asap function| Observable function| setImmediate function| clearImmediate object| regeneratorRuntime boolean| _babelPolyfill object| OOo function| launchOpinionLabFeedback object| _qsie3 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
www.paypal-status.com/ | Name: connect.sid Value: s%3A2Aak0ANIZMREX5g0Evd99cu9LjsMxsDY.%2Fzhzwb38jU1AYipuEFos2Q%2BrLdEVmmTqOG5J5Dh9Cpg |
|
.paypal.com/ | Name: ts_c Value: vr%3D3ffa02426f3c098c%26vt%3D2e73bb336b543187 |
|
.paypal.com/ | Name: ts Value: vreXpYrS%3D1799518907%26vteXpYrS%3D1704912707%26vr%3D3ffa02426f3c098c%26vt%3D2e73bb336b543187 |
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
Content-Security-Policy | default-src 'self' https://*.paypal.com https://*.paypalcorp.com https://*.paypalobjects.com 'unsafe-inline'; script-src 'self' https://*.paypal.com https://*.paypalobjects.com https://*.google-analytics.com 'unsafe-inline' 'unsafe-eval'; img-src 'self' data: https://*.paypalobjects.com https://*.paypal.com https://*.doubleclick.net https://*.google-analytics.com https://*.qualtrics.com; object-src 'self' https://*.paypal.com https://*.paypalobjects.com; font-src 'self' https://*.paypalobjects.com; media-src 'self' https://*.paypalobjects.com https://*.paypal.com; style-src 'self' 'unsafe-inline'; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://*.qualtrics.com; connect-src 'self' https://*.paypal.com https://*.paypalobjects.com https://nexus.ensighten.com https://*.google-analytics.com https://*.qualtrics.com |
Strict-Transport-Security | max-age=31536000 |
Strict-Transport-Security | max-age=31536000; includeSubDomains; preload |
X-Content-Type-Options | nosniff |
X-Frame-Options | SAMEORIGIN |
X-Xss-Protection | 1; mode=block |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
t.paypal.com
www.paypal-status.com
www.paypalobjects.com
zn6x1kz7ll5vk5v5q-paypalxm.siteintercept.qualtrics.com
104.17.209.240
151.101.1.35
192.229.210.155
20.69.68.249
34233b1083053799aaa8f716e8bf4024ce602505f61f29cafbbd8289b67dfa3a
3e18ef3d47cc69a8aecdba37fa9d10123d5b710db33431bc267e1c76a0201a62
4d5c29e41277f543455e865a69634f17a2846fd001553890d5801379df3a7c47
52f661a25a5c6ba5d186f31a78f999d24200d741f9907c6fd10e167275e5cb98
6448b277dd2faa344ae7ae5b0de43d248019e02e5f5a30dbfd6c5925c9b54aef
6ae30cb1ab74d66217a576b78124e053906f0a93cbf2d9f0ad398518f8442264
6d8ba81d1b60a18707722a1f2b62dad48a6acced95a1933f49a68b5016620b93
8527c74b50749fdb9c69b27adda275157a55fa83c983d668ab9922a49a6ba316
8b43508aba121c079651841e31c71adc6ddecca7cfbb0ee310498bf415d907b8
9678dd86513c236593527c9b89e5a95d64621c8b7dbe5f27638ab6c5c858a106
aca9811bc9fe2189931ecbde10d032e4bc36ab42c37d88c6c6e8cb3787f4ae54
ae79dcc3eb016922caa1d095cfd936446bc65a46bb3364b242dfc556f7e3c6a8
b3a8d966d249beda7f50ac3c2bfbb549109d5aee49c948aaba10cffade528715
ba4691262fbf1abd2bd988530282374fbe5517357d414d61cba2b6739374d565
bb230994469278cbe80e0336a575209516879ad6a5e8cc9233956e71747de578
c599c554590d1a336ffcb9627f6caaac34b6228f60e15f5f25454bff38facb7e
e7d287b90b3a071aed8c9860f22cff01bcb34fcfc45bd90319bac450226d1e6d
ea680c36b1e632fc0a96cd21231f1d9e17db700b8b68729328c5b8972e2d3622
ec1bba0b2486fc361b965beb3b5e088a9f4766366a46fc8d8a6518e9417adae5