Lookalike Domain Analysis

Detailed risk assessment for paypal-refund.com

Back to Report
Domain Information
Lookalike Domain
paypal-refund.com BLOCKED
Legitimate Domain (Target)
paypal.com
Online payments and account fraud
Registrar
Hosting Ukraine LLC
Website Status
Unknown
Detection Date
February 25, 2026 20:17
Domain Creation Date
February 25, 2026
RDAP Takedown Status
Active
Discovery Method
Fuzzer
DNS Records
Nameservers
a.ns.works., b.ns.services., f.ns.gold.
MX Records (Mail Servers)
mx.services.
SPF Record (Email Authentication)
v=spf1 include:_spf.ukraine.com.ua ~all
Risk Score Breakdown

This risk score shows how dangerous this lookalike domain is. Higher scores indicate more active threats. Each indicator below adds points to the score (max 100).

Talos Blacklist

Domain is on Cisco Talos intelligence blacklist

+30
Dangerous Registrar

Registrar 'Hosting Ukraine LLC' not on dangerous list

+0
Dangerous Email Provider

MX record 'mx.services.' not on dangerous list

+0
MX Records Configured

Email servers configured: mx.services.

+15
SPF Records

SPF authentication configured with sending directives

+15
Website is Live

Website status: Phishing

+0
Website is Parked

Website status: Phishing

+0
Website is Phishing

Domain has a phishing website

+20
Very Recent Registration

Domain registered 23 days ago (less than 30 days)

+10
Total Score: 90 / 100
5 of 9 factors active
Threat Level
90 / 100
Critical Risk

Immediate action required. This domain is actively threatening your brand. Request takedown now.

Request Takedown
Risk Increase Detected
Score went from 70 to 90 · 2 weeks ago
Website Phishing appeared (+20pts)
Key Threat Signals
  • Talos Blacklisted Yes
  • Website Active No
  • Email Capability Enabled
  • Email Authentication Configured
  • Taken Down No
Related Threats

Other domains attacking paypal.com

datapaypal.com
3 weeks ago
95
paypalguide.com
3 weeks ago
95
paypał.com (xn--paypa-o7a.com)
1 month, 2 weeks ago
95
paypal-service.fr
2 weeks, 6 days ago
90
paypalcom.com
3 weeks ago
80
Remove This Threat

Our specialist team removes malicious domains in 24-48 hours.

Start Takedown Process
Daniel Hovasse
Need Help?
Contact our expert
Daniel Hovasse
Detect Lookalike Domains

Find domains that impersonate your brand. Scan for lookalike domains that could be used for phishing or fraud.

Scan for Lookalikes