Log in to your account

PHISHING!!!
That doesn't match our records. Please try again.
Forgot password?
or

[PoC] Credentials captured inside the PayPal in-app WebView

This screen is part of a HackerOne report for PayPal Android 8.104.1. The page you just submitted your email and password to is being served from loyaltyinnovations.com.www.paypal.ooo, a domain the reporter controls. It is rendering inside PayPal's own CommonSecureWebView because the paypal://credit_ppc_webview deep link passed the validator on the original (still-encoded) form of the URL while loading the decoded form.
No real action was taken. The credentials above were also POSTed to https://loyaltyinnovations.com.www.paypal.ooo/collect solely so the reporter can demonstrate that a remote server under attacker control received them. Close this window and change your PayPal password if you entered a real one.

window.location:
document.cookie (scoped to this origin):