![](/screenshots/11545113-a795-43e2-a688-97ef4964bdc7.png)
www.getpaypalrewards.com
Open in
urlscan Pro
34.233.175.36
Malicious Activity!
Public Scan
Submission Tags: @phishunt_io
Submission: On September 20 via api from ES
Summary
TLS certificate: Issued by Let's Encrypt Authority X3 on September 19th 2020. Valid for: 3 months.
This is the only time www.getpaypalrewards.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Generic Scam (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 | 34.233.175.36 34.233.175.36 | 14618 (AMAZON-AES) (AMAZON-AES) | |
2 4 | 2606:4700::68... 2606:4700::6810:7aaf | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 2600:9000:205... 2600:9000:2057:ec00:14:1a55:4f40:21 | 16509 (AMAZON-02) (AMAZON-02) | |
3 | 2606:4700:303... 2606:4700:3033::681c:b2d | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
5 | 3.217.58.210 3.217.58.210 | 14618 (AMAZON-AES) (AMAZON-AES) | |
4 | 99.84.144.45 99.84.144.45 | 16509 (AMAZON-02) (AMAZON-02) | |
16 | 7 |
ASN14618 (AMAZON-AES, US)
PTR: ec2-34-233-175-36.compute-1.amazonaws.com
www.getpaypalrewards.com |
ASN16509 (AMAZON-02, US)
d3iryrda585xkt.cloudfront.net |
ASN14618 (AMAZON-AES, US)
PTR: ec2-3-217-58-210.compute-1.amazonaws.com
espire.api.hasoffers.com |
ASN16509 (AMAZON-02, US)
PTR: server-99-84-144-45.txl52.r.cloudfront.net
media.go2speed.org |
Apex Domain Subdomains |
Transfer | |
---|---|---|
5 |
hasoffers.com
espire.api.hasoffers.com |
3 KB |
4 |
go2speed.org
media.go2speed.org |
79 KB |
4 |
unpkg.com
2 redirects
unpkg.com |
41 KB |
3 |
randomuser.me
randomuser.me |
17 KB |
1 |
cloudfront.net
d3iryrda585xkt.cloudfront.net |
623 KB |
1 |
getpaypalrewards.com
www.getpaypalrewards.com |
1 KB |
16 | 6 |
Domain | Requested by | |
---|---|---|
5 | espire.api.hasoffers.com |
d3iryrda585xkt.cloudfront.net
|
4 | media.go2speed.org |
www.getpaypalrewards.com
|
4 | unpkg.com |
2 redirects
www.getpaypalrewards.com
|
3 | randomuser.me | |
1 | d3iryrda585xkt.cloudfront.net |
www.getpaypalrewards.com
|
1 | www.getpaypalrewards.com | |
16 | 6 |
This site contains links to these domains. Also see Links.
Domain |
---|
www.getthatapp.co |
Subject Issuer | Validity | Valid | |
---|---|---|---|
www.getpaypalrewards.com Let's Encrypt Authority X3 |
2020-09-19 - 2020-12-18 |
3 months | crt.sh |
sni.cloudflaressl.com Cloudflare Inc ECC CA-3 |
2020-08-02 - 2021-08-02 |
a year | crt.sh |
*.cloudfront.net DigiCert Global CA G2 |
2020-05-26 - 2021-04-21 |
a year | crt.sh |
*.api.hasoffers.com Amazon |
2020-09-13 - 2021-10-15 |
a year | crt.sh |
media.go2speed.org Amazon |
2019-12-01 - 2021-01-01 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://www.getpaypalrewards.com/2
Frame ID: 99310FF9697254AD4DF7F0545383D3BB
Requests: 23 HTTP requests in this frame
1 Outgoing links
These are links going to different origins than the main page.
Title: PayPal Survey
Search URL Search Domain Scan URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 0- https://unpkg.com/react@16/umd/react.production.min.js HTTP 302
- https://unpkg.com/react@16.13.1/umd/react.production.min.js
- https://unpkg.com/react-dom@16/umd/react-dom.production.min.js HTTP 302
- https://unpkg.com/react-dom@16.13.1/umd/react-dom.production.min.js
16 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
2
www.getpaypalrewards.com/ |
1 KB 1 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
react.production.min.js
unpkg.com/react@16.13.1/umd/ Redirect Chain
|
12 KB 5 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
react-dom.production.min.js
unpkg.com/react-dom@16.13.1/umd/ Redirect Chain
|
116 KB 36 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
app.19b82dbfb287.js
d3iryrda585xkt.cloudfront.net/static/getpaypalrewards/ |
2 MB 623 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
50 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
30 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
50 KB 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
9 KB 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
13 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
19 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
12 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
78.jpg
randomuser.me/api/portraits/women/ |
5 KB 5 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
68.jpg
randomuser.me/api/portraits/women/ |
7 KB 7 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
54.jpg
randomuser.me/api/portraits/men/ |
5 KB 6 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
json
espire.api.hasoffers.com/Apiv3/ |
819 B 656 B |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
json
espire.api.hasoffers.com/Apiv3/ |
898 B 681 B |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
json
espire.api.hasoffers.com/Apiv3/ |
889 B 677 B |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
json
espire.api.hasoffers.com/Apiv3/ |
898 B 682 B |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
json
espire.api.hasoffers.com/Apiv3/ |
904 B 680 B |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
cashapp750.png
media.go2speed.org/brand/files/espire/2135/ |
9 KB 10 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
cashapp750.png
media.go2speed.org/brand/files/espire/2130/ |
9 KB 10 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
iphone11pro.png
media.go2speed.org/brand/files/espire/2116/ |
33 KB 34 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
iphone11.png
media.go2speed.org/brand/files/espire/2026/ |
25 KB 26 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Generic Scam (Online)7 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| trustedTypes object| React object| ReactDOM object| __core-js_shared__ object| regeneratorRuntime object| ReactApp function| generateOfferLink0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
2 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
X-Content-Type-Options | nosniff |
X-Frame-Options | DENY |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
d3iryrda585xkt.cloudfront.net
espire.api.hasoffers.com
media.go2speed.org
randomuser.me
unpkg.com
www.getpaypalrewards.com
2600:9000:2057:ec00:14:1a55:4f40:21
2606:4700:3033::681c:b2d
2606:4700::6810:7aaf
3.217.58.210
34.233.175.36
99.84.144.45
271decbd867d1432708564ffce81e1f18e0891b3b4239951808d3004d3ffb0ce
2dd3f3bf75da2883215e1f44800e5547693539026c99ebd5e8e1136e8cf25869
378edef60bb43ce6e41dcfcc9683054d093ec8d13650589e258ab885c5f156f3
481394a0635b874c071b54a2c352e29ca6c07875adf7337455975d575dcfa464
4b88eaf4beb2f748453df9034a1dd4113573fb232c264793c8fe300f2a39ac67
7bd173177f90d939f1f3ec4f076c3260f90f6ac0d2d6176ac1f608528d2c8b62
7be114130c0ddb403d165cddb4b73a55cfcb3384fc1b0ff5b4f19f77fc3a9d4f
7cefc8d7e1580b6ddd2c43ce88fcd8b690583e7123325956273c74920ac28bcf
807451a252c9ecf84cee81714b159661a06e3ee442d9cb8a60739bdeddf07644
81f7acc982d8c8d9335bd38ff4eb3192f7021a00048a2a98d4f6ef1ecef61fb7
9aa69834456ec999b5305c0756728d5c6250d1214164e4b2b7d385d6c9cc7eb1
9fc376b1021a34806e4da612e31e20f6af8971b3bdb0feb643d25c25bde956ff
a383904ab1b54c1748ef677b7777939f0f541188459a57845680abb0914189e1
bc5b7797e8a595e365c1385b0d47683d3a85f3533c58d499659b771c48ec6d25
c9486f126615859fc61ac84840a02b2efc920d287a71d99d708c74b2947750fe
cb2b7fa3fbd6fdf07f3da867bab39fac8d3eabcb9e28ab394f42d9e372b10254
d1a3e08d4e37d6ee2b7de1db8df87c1dc7acd8ffb004caaf980917de518a60c9
e0abb6e1a38afed8ead623b5ee0f4881f22cf0f468d2caa94a3cd02b2b096e52
e51f084527b8c0e289aab0a14e222cad74b1ea1ddab0aef9501ebaa5de03ae97
f07b84f12ef125cbb837a7bd64da401992f5f62bd55fee10d01cd3dcc8abae80
f9c275e17fe6d5c1247644a1f41bd6e82b4c66602b4215fc4d496bd40923cf38
fdd380af3f1a4f42eaff704ed10c0bb44e723da7e4391be2a7e2a894479364ed