ScamLens analyzed pypi.org using 90+ threat intelligence sources and assigned a trust score of 100/100, classifying it as safe.
Trust Score: 100/100
Risk Level: Trusted
There is no strongest risk signal at the moment, but that does not automatically clear the case. Continue by checking the actual transaction scenario, company identity, and communication method.
Quick Answer
There is no strongest risk signal at the moment, but that does not automatically clear the case. Continue by checking the actual transaction scenario, company identity, and communication method.
Positive Signals
- + Domain has been active for 10 year
- + Google Safe Browsing: Safe
- + HTTPS encryption supported
- + DNSSEC enabled
- + Security headers configured (HSTS + CSP)
No concerns found
Score Breakdown
Was this assessment accurate?
pypi.org looks legitimate
No threat feeds have flagged this domain. Use standard online-safety habits.
- Bookmark the official URLScammers often clone legitimate brands at look-alike domains. A saved bookmark protects you from typos.
- Watch for unexpected payment requestsEven legitimate sites can be hijacked. Treat unsolicited 'urgent payment' prompts as suspicious.
- Verify HTTPS + the exact spellingConfirm the lock icon, and inspect the domain letter-by-letter before entering passwords or card details.
Trust but verify — open this domain on unrelated security services and compare the verdict.
Threat-intelligence sources
Checked across 27 sources — 1 flagged this domain
Show source breakdown
Threat-intelligence sources
Checked across 27 sources — 1 flagged this domain
- safe_browsing clean
- urlhaus clean
- cloudflare_radar clean
- cert_transparency clean
- alienvault_otx info
- phishstats clean
- virustotal clean
- ipqs clean
- abuseipdb clean
- securitytrails clean
- phishdestroy clean
- threatfox clean
- shodan_internetdb clean
- phishtank clean
- urlscan clean
- rdap clean
- maltiverse flagged
- dns_security clean
- wanted_domains clean
- darkweb clean
- openphish clean
- scam_blocklist clean
- maltrail clean
- crypto_scam_feed clean
- phishing_army clean
- hagezi_tif clean
- red_flag_domains clean
ScamLens aggregates real-time signals from 90+ commercial and open-source threat-intelligence providers including Google Safe Browsing, VirusTotal, PhishTank, URLhaus, ThreatFox, Cloudflare Radar, OTX, IPQS, GoPlus, Honeypot.is, and more. A flagged signal is evidence; the absence of flags is not proof of safety. Use the signals below alongside community reports to decide.
Advanced Scan
Comprehensive data lookup across premium sources
- Website history verification
- Detailed WHOIS information
- Reverse WHOIS association
- Traffic rank analysis
- Company registration check
AI Deep Investigation
Cross-check the story, claims, and supporting evidence before you decide
- Everything in Advanced Scan
- AI website content analysis
- AI cross-reference verification
- Claim authenticity validation
- Detailed report with evidence
Comprehensive Investigation
Full-spectrum investigation with company deep search & social intelligence
- Everything in Deep Investigation
- AI company background search
- Social media intelligence
- Detailed suspicious point analysis
- Event timeline & entity connections
This analysis is for informational purposes only and does not constitute a legal determination.
Security Sources
Domain Information
- Registrar
- Gandi SAS
- Created
- July 24, 2015
- Expires
- July 24, 2032
- Domain Age
- 10 years
- DNSSEC
- Enabled
- Nameservers
- ns-1264.awsdns-30.org, ns-1702.awsdns-20.co.uk, ns-897.awsdns-48.net, ns-96.awsdns-12.com
- Domain Status
- client transfer prohibited
SSL/TLS Certificate
No data available
Server Information
- IP Address
- 151.101.64.223
- Hosting Provider
- Fastly, Inc.
- ASN
- AS54113 Fastly, Inc.
- Server Location
- Montreal, Canada
- Organization
- Fastly, Inc.
Related Intelligence
Technical Details (DNS / Headers / Subdomains)
DNS Records
Email Security
SPF Configured DMARC Configured| Type | Value |
|---|---|
| A | 151.101.64.223 |
| A | 151.101.0.223 |
| A | 151.101.192.223 |
| A | 151.101.128.223 |
| AAAA | 2a04:4e42:200::223 |
| AAAA | 2a04:4e42:400::223 |
| AAAA | 2a04:4e42::223 |
| AAAA | 2a04:4e42:600::223 |
| MX | 1 aspmx.l.google.com |
| MX | 5 alt1.aspmx.l.google.com |
| MX | 5 alt2.aspmx.l.google.com |
| MX | 10 aspmx2.googlemail.com |
| MX | 10 aspmx3.googlemail.com |
| NS | ns-96.awsdns-12.com |
| NS | ns-897.awsdns-48.net |
| NS | ns-1264.awsdns-30.org |
| NS | ns-1702.awsdns-20.co.uk |
| TXT | google-site-verification=YdrllWIiutXFzqhEamHP4HgCoh88dTFzb2A6QFljooc |
| TXT | google-site-verification=ZI8zeHE6SWuJljW3f4csGetjOWo4krvjf13tdORsH4Y |
| TXT | v=spf1 include:_spf.google.com include:amazonses.com include:helpscoutemail.com -all |
HTTP Security Headers
6/6max-age=31536000; includeSubDomains; preload
base-uri 'self'; connect-src 'self' https://api.github.com/repos/ https://api.gi...
deny
nosniff
origin-when-cross-origin
publickey-credentials-create=(self),publickey-credentials-get=(self),acceleromet...
Channels / Subdomains
No data available
Community Reports
Log in to report and share your experience
Proceed with Caution
There is no strongest risk signal yet, but the domain alone is not enough to clear the case
If the case still involves shopping, investment, recovery, or branded support claims, a scenario-based review is usually more valuable than just refreshing the result.
Recommended First
Open the matching scenario guide
Continue by the actual scenario such as an investment platform, online store, or recovery service.
Verify the company or brand identity
Confirm whether the business or brand behind the domain is real.
Review the chat or direct-message script
Many otherwise normal-looking sites become risky because of the pitch, pressure, and payment instructions behind them.
If already affected, move into the action plan
If money or account data were already exposed, do not stay in the normal verification flow.
The results are based on multiple third-party data sources and AI models. False positives or negatives may occur. This report should not be used as the sole basis for any decision. Please verify with additional sources.
Continue with the actual scenario check
If this is a store, investment platform, or recovery service, do not rely on the domain alone. Continue with the matching scenario guide.
If you already paid, logged in, or downloaded files, move into the action plan immediately.
Related Security Guides
Learn more about how to protect yourself from this type of threat.
FAQ
Is pypi.org safe to visit?
pypi.org received a trust score of 100/100 from ScamLens, based on analysis of 30+ threat intelligence sources. No significant threats were detected. The site appears safe and trustworthy.
Was pypi.org flagged by any threat databases?
pypi.org was flagged by 1 out of 30+ threat intelligence sources. Specifically flagged by: maltiverse. The detected threat categories include: general threat.
How old is pypi.org?
pypi.org was first registered on July 24, 2015, making it approximately 10 years old. This is an established domain with a history of operation.
Does pypi.org use HTTPS and have a valid SSL certificate?
ScamLens could not verify the SSL certificate details for pypi.org during this scan. Treat this as unavailable evidence, not as proof that the site is safe or unsafe.
What security headers does pypi.org implement?
pypi.org is missing important security headers: Content-Security-Policy, X-Frame-Options, X-Content-Type-Options, Strict-Transport-Security, Referrer-Policy, Permissions-Policy. Missing security headers can leave visitors vulnerable to cross-site scripting (XSS) and other web-based attacks.
What does the ScamLens community think about pypi.org?
No community votes or reports have been submitted for pypi.org yet. You can be the first to share your experience.
Where is pypi.org hosted?
pypi.org is hosted by Fastly, Inc. in Montreal, Canada (ASN: ASAS54113 Fastly, Inc.).
What should I do about pypi.org?
Based on our analysis, pypi.org appears safe. You can proceed with normal caution. Always verify URLs manually and avoid clicking suspicious links.
Is this report useful?
Use this report to remind others to verify the shopping, investment, or support scenario instead of treating it as full clearance.
Forward to your parents — they deserve to browse safely too.
About this analysis
This report is generated from real-time data across 90+ threat intelligence sources, combined with AI analysis and community feedback.
Learn about our scoring methodology | Last analyzed: June 8, 2026