You can also use LetsEncrypt to get a wildcard for any domain and put "paypal" in front of it. That won't even show up in the cert transparency database [1] or any of the API's that spammer bots use for newly registered domains.<p>The reason I mention this is that you can have dozens or hundreds of domains warmed up and ready to provide malicious websites. And to the point of the authors site, there is no way to tell that these sites are not legit, beyond people knowing in advance that paypal uses EV certs and the average person has no idea what EV certs are.<p>[1] - <a href="https://crt.sh/?id=1106070533" rel="nofollow">https://crt.sh/?id=1106070533</a>