Suspicious
Phishings targeting PayPal
Suspicious and active websites
Phishings targeting Paypal
Suspicious and active websites
Active
7
New (7d)
1
Trend (7d)
↓50%
Suspicious sites — confidence is not always 100%. Use for Threat Hunting or watchlists.
| Last check (UTC) | First seen (UTC) ▾ | URL | Screenshot | Flags | Details |
|---|---|---|---|---|---|
| 2026-07-08 19:30 | 2026-07-05 18:12 | ![]() |
urlscan | Details | |
| 2026-07-08 19:30 | 2026-06-29 01:02 | ![]() |
OpenPhish | Details | |
| 2026-07-08 19:30 | 2026-06-27 01:01 | ![]() |
OpenPhish | Details | |
| 2026-07-08 19:30 | 2026-06-24 01:01 | ![]() |
OpenPhish | Details | |
| 2026-07-08 19:30 | 2026-06-08 13:01 | ![]() |
OpenPhish | Details | |
| 2026-07-08 19:30 | 2026-05-14 13:07 | ![]() |
GSB OpenPhish urlscan | Details | |
| 2026-07-08 19:30 | 2026-05-01 01:01 | ![]() |
OpenPhish | Details |
Suspicious sites — confidence is not always 100%. Use for Threat Hunting or watchlists.
| URL | Screenshot | Details |
|---|---|---|
| https://paypal-fee-calculator…
urlscan |
![]() |
Details |
| https://paypal-signin.blogspo…
OpenPhish |
![]() |
Details |
| http://payme-paypal.com
OpenPhish |
![]() |
Details |
| http://paylink-paypal.com
OpenPhish |
![]() |
Details |
| https://paypal-c.vercel.app
OpenPhish |
![]() |
Details |
| http://paypal.cardpaysecurity…
GSB OpenPhish urlscan |
![]() |
Details |
| http://paypal-logiin.blogspot…
OpenPhish |
![]() |
Details |
AIHow to verify a real PayPal URL
- Legitimate PayPal URLs always end in
paypal.com(e.g.www.paypal.com,account.paypal.com). Anything else — including look-alike typosquats, hyphenated variations, or unfamiliar TLDs like.xyz/.top/.vip— is not PayPal. - The padlock icon proves TLS is active, not that the site is safe. Free DV certificates are issued to attackers in minutes; every active site listed above has a valid TLS certificate.
- If you got the link from email, SMS, or social media, do not click it. Open
paypal.comfrom your browser bookmark or type the domain manually. - Real PayPal pages almost never ask for credentials immediately after clicking from a message — treat any such redirect as a phishing attempt until the domain is verified.






