Suspicious

Phishings targeting PayPal

Suspicious and active websites

Phishings targeting Paypal

Suspicious and active websites

Active
11
New (7d)
0
Trend (7d)
↓100%
Website
paypal.com
About
AILong-running phishing target. Credentials grant direct funds-transfer ability plus linked card and bank data.
Hosts
Amazon.com, Inc. (8) · Google LLC (2) · OVH SAS (1)
Countries
GermanyGermany (9) · United StatesUnited States (1) · CanadaCanada (1)
TLS certs
Amazon RSA 2048 M02 (8) · Let's Encrypt (2) · WE2 (1)

Suspicious sites — confidence is not always 100%. Use for Threat Hunting or watchlists.

Last check (UTC) First seen (UTC) URL Screenshot Flags Details
2026-05-29 13:30 2026-05-21 01:01
https://paypal.cardpaysecurity.org/login/tfkxscsmt_48_qyabrl9ii9hgjwl…
Screenshot of paypal.cardpaysecurity.org GSB OpenPhish urlscan Details
2026-05-29 13:30 2026-05-20 01:03
https://paypal.cardpaysecurity.org/login/k3zxzz5prn87w8yyvf98pc7tygar…
Screenshot of paypal.cardpaysecurity.org GSB OpenPhish urlscan Details
2026-05-29 13:30 2026-05-19 11:32
https://paypal-finance.com
Screenshot of paypal-finance.com urlscan Details
2026-05-29 13:30 2026-05-17 13:01
https://paypal.cardpaysecurity.org/login/tfkxscsmt_48_qyabrl9ii9hgjwl…
Screenshot of paypal.cardpaysecurity.org GSB OpenPhish urlscan Details
2026-05-29 13:30 2026-05-17 00:03
https://paypal.cardpaysecurity.org/login/k3zxzz5prn87w8yyvf98pc7tygar…
Screenshot of paypal.cardpaysecurity.org GSB OpenPhish Details
2026-05-29 13:30 2026-05-14 13:07
http://paypal.cardpaysecurity.org/login/tfkxscsmt_48_qyabrl9ii9hgjwli…
Screenshot of paypal.cardpaysecurity.org GSB OpenPhish urlscan Details
2026-05-29 13:30 2026-05-14 13:07
http://paypal.cardpaysecurity.org/login/tfkxscsmt_48_qyabrl9ii9hgjwli…
Screenshot of paypal.cardpaysecurity.org GSB OpenPhish urlscan Details
2026-05-29 13:30 2026-05-13 13:05
http://paypal.cardpaysecurity.org/login/k3zxzz5prn87w8yyvf98pc7tygarw…
Screenshot of paypal.cardpaysecurity.org OpenPhish urlscan Details
2026-05-29 13:30 2026-05-13 13:04
http://paypal.cardpaysecurity.org/login/k3zxzz5prn87w8yyvf98pc7tygarw…
Screenshot of paypal.cardpaysecurity.org OpenPhish urlscan Details
2026-05-29 13:30 2026-05-01 01:01
http://paypal-logiin.blogspot.com/2021/02?m=1
Screenshot of paypal-logiin.blogspot.com OpenPhish Details
2026-05-29 13:30 2026-03-31 12:04
https://paypal.loanapproval.in
Screenshot of paypal.loanapproval.in urlscan Details

Suspicious sites — confidence is not always 100%. Use for Threat Hunting or watchlists.

URL Screenshot Details
https://paypal.cardpaysecurit…
GSB OpenPhish urlscan 		Screenshot of paypal.cardpaysecurity.org Details
https://paypal.cardpaysecurit…
GSB OpenPhish urlscan 		Screenshot of paypal.cardpaysecurity.org Details
https://paypal-finance.com
urlscan 		Screenshot of paypal-finance.com Details
https://paypal.cardpaysecurit…
GSB OpenPhish urlscan 		Screenshot of paypal.cardpaysecurity.org Details
https://paypal.cardpaysecurit…
GSB OpenPhish 		Screenshot of paypal.cardpaysecurity.org Details
http://paypal.cardpaysecurity…
GSB OpenPhish urlscan 		Screenshot of paypal.cardpaysecurity.org Details
http://paypal.cardpaysecurity…
GSB OpenPhish urlscan 		Screenshot of paypal.cardpaysecurity.org Details
http://paypal.cardpaysecurity…
OpenPhish urlscan 		Screenshot of paypal.cardpaysecurity.org Details
http://paypal.cardpaysecurity…
OpenPhish urlscan 		Screenshot of paypal.cardpaysecurity.org Details
http://paypal-logiin.blogspot…
OpenPhish 		Screenshot of paypal-logiin.blogspot.com Details
https://paypal.loanapproval.in
urlscan 		Screenshot of paypal.loanapproval.in Details

AIHow to verify a real PayPal URL

  • Legitimate PayPal URLs always end in paypal.com (e.g. www.paypal.com, account.paypal.com). Anything else — including look-alike typosquats, hyphenated variations, or unfamiliar TLDs like .xyz / .top / .vip — is not PayPal.
  • The padlock icon proves TLS is active, not that the site is safe. Free DV certificates are issued to attackers in minutes; every active site listed above has a valid TLS certificate.
  • If you got the link from email, SMS, or social media, do not click it. Open paypal.com from your browser bookmark or type the domain manually.
  • Real PayPal pages almost never ask for credentials immediately after clicking from a message — treat any such redirect as a phishing attempt until the domain is verified.