urlscan.io logo urlscan.io
SecurityTrails logo

paypal-sign-in.com Open in urlscan Pro
2a00:f940:2:2:1:1:0:209  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
URL: https://paypal-sign-in.com/
Submission Tags: @phishunt_io
Submission: On April 27 via api from DE — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 2 IPs in 2 countries across 2 domains to perform 8 HTTP transactions. The main IP is 2a00:f940:2:2:1:1:0:209, located in Russian Federation and belongs to AS-REG, RU. The main domain is paypal-sign-in.com.
TLS certificate: Issued by R3 on April 26th 2022. Valid for: 3 months.
This is the only time paypal-sign-in.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: PayPal (Financial)

Domain & IP information

IP Address AS Autonomous System
7 2a00:f940:2:2... 197695 (AS-REG)
1 2a00:1450:400... 15169 (GOOGLE)
8 2
Apex Domain
Subdomains		 Transfer
7 paypal-sign-in.com
paypal-sign-in.com
206 KB
1 googleapis.com
ajax.googleapis.com — Cisco Umbrella Rank: 271
31 KB
8 2
Domain Requested by
7 paypal-sign-in.com paypal-sign-in.com
1 ajax.googleapis.com paypal-sign-in.com
8 2

This site contains no links.

Subject Issuer Validity Valid
paypal-sign-in.com
R3		 2022-04-26 -
2022-07-25		 3 months crt.sh
upload.video.google.com
GTS CA 1C3		 2022-04-11 -
2022-07-04		 3 months crt.sh

This page contains 1 frames:

Primary Page: https://paypal-sign-in.com/
Frame ID: F1103368D19EA578BE400D77A0540336
Requests: 8 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Log in to your PayPal account

Detected technologies

Overall confidence: 100%
Detected patterns
  • /([\d.]+)/jquery(?:\.min)?\.js
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

8
Requests

100 %
HTTPS

100 %
IPv6

2
Domains

2
Subdomains

2
IPs

2
Countries

237 kB
Transfer

311 kB
Size

0
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

8 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
paypal-sign-in.com/ 		9 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://paypal-sign-in.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a00:f940:2:2:1:1:0:209 , Russian Federation, ASN197695 (AS-REG, RU),
Reverse DNS
Software
nginx /
Resource Hash
9aab104d173ecdfd41ef912710f99bf7e7a84f2dcb50eb0962eea4668eb95cab
Security Headers
Name Value
Strict-Transport-Security max-age=31536000;

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

content-encoding
gzip
content-type
text/html
date
Wed, 27 Apr 2022 00:35:33 GMT
server
nginx
strict-transport-security
max-age=31536000;
vary
Accept-Encoding
styles.css
paypal-sign-in.com/ 		17 KB
4 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://paypal-sign-in.com/styles.css
Requested by
Host: paypal-sign-in.com
URL: https://paypal-sign-in.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a00:f940:2:2:1:1:0:209 , Russian Federation, ASN197695 (AS-REG, RU),
Reverse DNS
Software
nginx /
Resource Hash
829c5dcb86a6fa08f9b58b786dfc522b69d964b2d4ede5477ef887ad57fa785f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000;

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://paypal-sign-in.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date
Wed, 27 Apr 2022 00:35:33 GMT
content-encoding
gzip
last-modified
Tue, 26 Apr 2022 12:46:44 GMT
server
nginx
etag
W/"6267e9b4-4314"
vary
Accept-Encoding
content-type
text/css
cache-control
max-age=3888000
strict-transport-security
max-age=31536000;
expires
Sat, 11 Jun 2022 00:35:33 GMT
jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/3.6.0/ 		87 KB
31 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ajax.googleapis.com/ajax/libs/jquery/3.6.0/jquery.min.js
Requested by
Host: paypal-sign-in.com
URL: https://paypal-sign-in.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:829::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://paypal-sign-in.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date
Tue, 26 Apr 2022 08:35:52 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
57581
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
31017
x-xss-protection
0
last-modified
Wed, 10 Mar 2021 14:28:09 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="hosted-libraries-pushers"
vary
Accept-Encoding
report-to
{"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 26 Apr 2023 08:35:52 GMT
momgram@2x.png
paypal-sign-in.com/ 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://paypal-sign-in.com/momgram@2x.png
Requested by
Host: paypal-sign-in.com
URL: https://paypal-sign-in.com/styles.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a00:f940:2:2:1:1:0:209 , Russian Federation, ASN197695 (AS-REG, RU),
Reverse DNS
Software
nginx /
Resource Hash
d662747018528e56e73f581f4ac187dffe16319c79d9822dae27b33ff69593e6
Security Headers
Name Value
Strict-Transport-Security max-age=31536000;

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://paypal-sign-in.com/styles.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date
Wed, 27 Apr 2022 00:35:33 GMT
last-modified
Tue, 26 Apr 2022 12:46:44 GMT
server
nginx
etag
"6267e9b4-738"
strict-transport-security
max-age=31536000;
content-type
image/png
cache-control
max-age=3888000
accept-ranges
bytes
content-length
1848
expires
Sat, 11 Jun 2022 00:35:33 GMT
PayPalSansSmall-Regular.woff
paypal-sign-in.com/ 		46 KB
46 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://paypal-sign-in.com/PayPalSansSmall-Regular.woff
Requested by
Host: paypal-sign-in.com
URL: https://paypal-sign-in.com/styles.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a00:f940:2:2:1:1:0:209 , Russian Federation, ASN197695 (AS-REG, RU),
Reverse DNS
Software
nginx /
Resource Hash
ae79dcc3eb016922caa1d095cfd936446bc65a46bb3364b242dfc556f7e3c6a8
Security Headers
Name Value
Strict-Transport-Security max-age=31536000;

Request headers

Referer
https://paypal-sign-in.com/styles.css
Origin
https://paypal-sign-in.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date
Wed, 27 Apr 2022 00:35:33 GMT
last-modified
Tue, 26 Apr 2022 12:46:44 GMT
server
nginx
etag
"b8eb-5dd8e15c6d500"
strict-transport-security
max-age=31536000;
content-type
application/font-woff
accept-ranges
bytes
content-length
47339
sprite_countries_flag4.png
paypal-sign-in.com/ 		108 KB
108 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://paypal-sign-in.com/sprite_countries_flag4.png
Requested by
Host: paypal-sign-in.com
URL: https://paypal-sign-in.com/styles.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a00:f940:2:2:1:1:0:209 , Russian Federation, ASN197695 (AS-REG, RU),
Reverse DNS
Software
nginx /
Resource Hash
21f89c7c27f0eab13388645aea1eedb4a342c06333a14d74c1a10dfca04d6455
Security Headers
Name Value
Strict-Transport-Security max-age=31536000;

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://paypal-sign-in.com/styles.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date
Wed, 27 Apr 2022 00:35:33 GMT
last-modified
Tue, 26 Apr 2022 12:46:44 GMT
server
nginx
etag
"6267e9b4-1ae61"
strict-transport-security
max-age=31536000;
content-type
image/png
cache-control
max-age=3888000
accept-ranges
bytes
content-length
110177
expires
Sat, 11 Jun 2022 00:35:33 GMT
PayPalSansBig-Regular.woff2
paypal-sign-in.com/ 		25 KB
25 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://paypal-sign-in.com/PayPalSansBig-Regular.woff2
Requested by
Host: paypal-sign-in.com
URL: https://paypal-sign-in.com/styles.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a00:f940:2:2:1:1:0:209 , Russian Federation, ASN197695 (AS-REG, RU),
Reverse DNS
Software
nginx /
Resource Hash
1f70ff447ed799a34f4c3ae37ef1f49ed4af71123ba2c2aefe354565354284be
Security Headers
Name Value
Strict-Transport-Security max-age=31536000;

Request headers

Referer
https://paypal-sign-in.com/styles.css
Origin
https://paypal-sign-in.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date
Wed, 27 Apr 2022 00:35:33 GMT
last-modified
Tue, 26 Apr 2022 12:46:44 GMT
server
nginx
accept-ranges
bytes
etag
"6318-5dd8e15c6d500"
content-length
25368
strict-transport-security
max-age=31536000;
PayPalSansBig-Medium.woff2
paypal-sign-in.com/ 		18 KB
18 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://paypal-sign-in.com/PayPalSansBig-Medium.woff2
Requested by
Host: paypal-sign-in.com
URL: https://paypal-sign-in.com/styles.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a00:f940:2:2:1:1:0:209 , Russian Federation, ASN197695 (AS-REG, RU),
Reverse DNS
Software
nginx /
Resource Hash
2ae6779c6c3579643ab6deb5cfb822e843bf637d006a4ec25d9857ec7fb6d8c1
Security Headers
Name Value
Strict-Transport-Security max-age=31536000;

Request headers

Referer
https://paypal-sign-in.com/styles.css
Origin
https://paypal-sign-in.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date
Wed, 27 Apr 2022 00:35:33 GMT
last-modified
Tue, 26 Apr 2022 12:46:44 GMT
server
nginx
accept-ranges
bytes
etag
"484c-5dd8e15c6d500"
content-length
18508
strict-transport-security
max-age=31536000;

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: PayPal (Financial)

6 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| structuredClone object| oncontextlost object| oncontextrestored function| getScreenDetails function| $ function| jQuery

0 Cookies

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=31536000;