ScanMalware.com

Security Scan Report: pay-checkout-de.com

Redirected to: https://www.paypal.com/de/home

Submitted: Nov 17, 2025, 5:18:47 PMCompleted: Nov 17, 2025, 5:19:41 PMpubliccompleted
Loading additional data...

Summary

This website contacted 25 IPs in 3 countries across 10 domains to perform 112 HTTP transactions. The main domain is paypal.com.

Submitted URL: https://pay-checkout-de.com/

Effective URL: https://www.paypal.com/de/homeRedirected

AI Security Verdict

Low Risk

Confidence: 78%

3
Risk Score

Suspicious redirect from an unranked domain but no active phishing elements detected.

Risk Factors
Typosquatting / brand impersonation on an unranked domain
Multiple redirects from a suspicious domain to a legitimate site
Domain not recognized as a trusted redirect service
Safety Factors
Final destination URL is the official PayPal domain (www.paypal.com)
No credential or payment forms detected on the site
No malicious Indicators of Compromise matches found
Domain age information unavailable

Details

Page Title

pay-checkout-de.com

Scan Type

public

Language

🇩🇪

German

(80% confidence)

Category

e-commerce shopping

(99%)

Domain Information

You're looking at domain 'pay-checkout-de.com' on the commercial generic top-level domain (.com) without a subdomain. Count 15 characters in 'pay-checkout-de' containing five vowels alongside 8 consonants; bonus characters include 2 hyphens. Splitting it apart reveals 3 words: pay, checkout, de. Median word length is three characters. No strong language cues emerged from the frequency lists.

Screenshot

Security scan screenshot of https://pay-checkout-de.com/

Page Load Overview

2.62s
Total Load Time
112
HTTP Requests
10
Domains
1.6 MB
Total Size

Language Analysis

Primary Language

🇩🇪German
Code: de
Confidence:80%
Script:Latin
Direction:ltr

Detection Details

Language Code:de
Detection Confidence:80%
Script Type:Latin
HTML Lang Attribute:de-DE
Text Length:5,323 chars
Detector Agreement:80%

Website Classification

Primary Category

e-commerce shopping99% confidence
Type: spa
Method: ml+structural

All Detected Categories

e-commerce shopping
99%
finance banking
93%
technology software
41%
corporate business
39%
corporate
35%

Detected Features

OG: website
Schema.org

Domain & IP Information

RequestsIP AddressLocationAS Autonomous System
16102.135.91.226Seychelles
AS15169
4185.15.59.240United States
AS14907WIKIMEDIA
4142.250.186.67United States
AS15169GOOGLE
4104.18.34.93United States
AS13335CLOUDFLARENET
434.149.66.154Kansas City, Missouri, United States
AS396982GOOGLE-CLOUD-PLATFORM
4172.64.153.163United States
AS13335CLOUDFLARENET
4162.159.141.96United States
AS13335CLOUDFLARENET
4142.250.184.195United States
AS15169GOOGLE
4142.250.186.163United States
AS15169GOOGLE
4146.75.123.1Frankfurt am Main, Hesse, Germany
AS54113FASTLY
11225--

Content Similarity HashesFor malware variant detection

TLSH (Trend Micro Locality Sensitive Hash)

Security-focused

Specialized for malware detection and similarity analysis

T18F047E77329A063D86458499E057430D9F20B143B50AC9BC7ABCBAD9BFDED06107BB78

ssdeep (Context Triggered Piecewise Hashing)

Context-aware

Detects similar content even with modifications

3072:7fQho9PKBb9JsE9RHCbZgRjFtSBaw9QWgceIsz22bMy8Oldq:khoC9J395CbZgLtSL3gcrsy2eAg

sdhash (Similarity Digest Hashing)

High-precision

High-precision similarity detection for forensic analysis

sdhash:3:183589:5IWkWiEqggRgQmCAZQWUQDYXFkIABMxACwggHwiMAyJNaqoJgLwLAKI0LiToLQAmSBL9ULwSkEALSZUCBgQJxYHEiooOLIXk

These hashes enable detection of similar websites and malware variants by comparing content similarity even when exact matches aren't found.

Image Hashes

Perceptual Hashes

Average Hash:ffcfc3c7ffffffff
Perceptual Hash:b3318ccccc673333
Difference Hash:00180c1400000000
Wavelet Hash:ffdfc3cf00000000
Color Hash:#9753ac

Other Hashes

Crop Resistant:00180c1400000000

Scan History

Scan history not available

Unable to load historical scan data