www.getpaypalrewards.com Open in urlscan Pro
34.233.175.36 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://www.getpaypalrewards.com/2
Submission Tags: @phishunt_io
Submission: On September 20 via api (September 20th 2020, 9:01:21 am UTC) from ES

Summary HTTP 16 Redirects Links 1 Behaviour Indicators

Summary

This website contacted 7 IPs in 1 countries across 6 domains to perform 16 HTTP transactions. The main IP is 34.233.175.36, located in Ashburn, United States and belongs to AMAZON-AES, US. The main domain is www.getpaypalrewards.com.
TLS certificate: Issued by Let's Encrypt Authority X3 on September 19th 2020. Valid for: 3 months.

This is the only time www.getpaypalrewards.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Generic Scam (Online)

Domain & IP information

	IP Address	AS Autonomous System
1	34.233.175.36 34.233.175.36	14618 (AMAZON-AES) (AMAZON-AES)
2 4	2606:4700::68... 2606:4700::6810:7aaf	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2600:9000:205... 2600:9000:2057:ec00:14:1a55:4f40:21	16509 (AMAZON-02) (AMAZON-02)
3	2606:4700:303... 2606:4700:3033::681c:b2d	13335 (CLOUDFLAR...) (CLOUDFLARENET)
5	3.217.58.210 3.217.58.210	14618 (AMAZON-AES) (AMAZON-AES)
4	99.84.144.45 99.84.144.45	16509 (AMAZON-02) (AMAZON-02)
16	7

1 34.233.175.36 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-233-175-36.compute-1.amazonaws.com

www.getpaypalrewards.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2606:4700::6810:7aaf (United States) 2 redirects

ASN13335 (CLOUDFLARENET, US)

unpkg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:2057:ec00:14:1a55:4f40:21 (United States)

ASN16509 (AMAZON-02, US)

d3iryrda585xkt.cloudfront.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2606:4700:3033::681c:b2d (United States)

ASN13335 (CLOUDFLARENET, US)

randomuser.me	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 3.217.58.210 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-3-217-58-210.compute-1.amazonaws.com

espire.api.hasoffers.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 99.84.144.45 (Seattle, United States)

ASN16509 (AMAZON-02, US)
PTR: server-99-84-144-45.txl52.r.cloudfront.net

media.go2speed.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
5	hasoffers.com espire.api.hasoffers.com	3 KB
4	go2speed.org media.go2speed.org	79 KB
4	unpkg.com 2 redirects unpkg.com	41 KB
3	randomuser.me randomuser.me	17 KB
1	cloudfront.net d3iryrda585xkt.cloudfront.net	623 KB
1	getpaypalrewards.com www.getpaypalrewards.com	1 KB
16	6

	Domain	Requested by
5	espire.api.hasoffers.com	d3iryrda585xkt.cloudfront.net
4	media.go2speed.org	www.getpaypalrewards.com
4	unpkg.com	2 redirects www.getpaypalrewards.com
3	randomuser.me
1	d3iryrda585xkt.cloudfront.net	www.getpaypalrewards.com
1	www.getpaypalrewards.com
16	6

This site contains links to these domains. Also see Links.

Domain
www.getthatapp.co

Subject Issuer	Validity	Valid
www.getpaypalrewards.com Let's Encrypt Authority X3	`2020-09-19` - `2020-12-18`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2020-08-02` - `2021-08-02`	a year	crt.sh
*.cloudfront.net DigiCert Global CA G2	`2020-05-26` - `2021-04-21`	a year	crt.sh
*.api.hasoffers.com Amazon	`2020-09-13` - `2021-10-15`	a year	crt.sh
media.go2speed.org Amazon	`2019-12-01` - `2021-01-01`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://www.getpaypalrewards.com/2
Frame ID: 99310FF9697254AD4DF7F0545383D3BB
Requests: 23 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

Python (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

headers server /gunicorn(?:\/([\d.]+))?/i

gunicorn (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /gunicorn(?:\/([\d.]+))?/i

Page Statistics

16
Requests

100 %
HTTPS

50 %
IPv6

6
Domains

6
Subdomains

7
IPs

1
Countries

764 kB
Transfer

2792 kB
Size

0
Cookies

1 Outgoing links

These are links going to different origins than the main page.

URL: https://www.getthatapp.co/go/2/1835
Title: PayPal Survey

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0

https://unpkg.com/react@16/umd/react.production.min.js HTTP 302
https://unpkg.com/react@16.13.1/umd/react.production.min.js

Request Chain 1

https://unpkg.com/react-dom@16/umd/react-dom.production.min.js HTTP 302
https://unpkg.com/react-dom@16.13.1/umd/react-dom.production.min.js

16 HTTP transactions
7 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request 2 Show response
www.getpaypalrewards.com/ 1 KB
1 KB 391ms
152ms Document
text/html 34.233.175.36
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://www.getpaypalrewards.com/2

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

34.233.175.36 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-34-233-175-36.compute-1.amazonaws.com

Software

gunicorn/19.9.0 /

Resource Hash

7bd173177f90d939f1f3ec4f076c3260f90f6ac0d2d6176ac1f608528d2c8b62

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Host: www.getpaypalrewards.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: none
Sec-Fetch-Mode: navigate
Sec-Fetch-User: ?1
Sec-Fetch-Dest: document
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Connection: keep-alive
Server: gunicorn/19.9.0
Date: Sun, 20 Sep 2020 09:01:05 GMT
Content-Type: text/html; charset=utf-8
X-Frame-Options: DENY
Content-Length: 1251
X-Content-Type-Options: nosniff
Vary: Origin
Via: 1.1 vegur

GET
H2

200

react.production.min.js Show response
unpkg.com/react@16.13.1/umd/
Redirect Chain

https://unpkg.com/react@16/umd/react.production.min.js
https://unpkg.com/react@16.13.1/umd/react.production.min.js

12 KB
5 KB

24ms
23ms

Script
application/javascript

2606:4700::6810:7aaf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://unpkg.com/react@16.13.1/umd/react.production.min.js

Requested by

Host: www.getpaypalrewards.com
URL: https://www.getpaypalrewards.com/2

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7aaf , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c9486f126615859fc61ac84840a02b2efc920d287a71d99d708c74b2947750fe

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.getpaypalrewards.com/2
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sun, 20 Sep 2020 09:01:05 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 6963997
status: 200
vary: Accept-Encoding
cf-request-id: 054c57e5820000176a4b095200000001
last-modified: Sat, 26 Oct 1985 08:15:00 GMT
server: cloudflare
etag: W/"30af-MctM6gBk7YDBsMX11Y4ZVqfiKT8"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
x-cloud-trace-context: 04ccd3603ac6bdbdc7346789ddc32675
cache-control: public, max-age=31536000
cf-ray: 5d5a5c1c0a3d176a-FRA

Redirect headers

date: Sun, 20 Sep 2020 09:01:05 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 150
status: 302
vary: Accept, Accept-Encoding
content-length: 64
cf-request-id: 054c57e5710000176a4b092200000001
access-control-allow-origin: *
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/plain; charset=utf-8
location: /react@16.13.1/umd/react.production.min.js
x-cloud-trace-context: acccdf4f6ffcce275944e7a2106b7ab9
cache-control: public, s-maxage=600, max-age=60
cf-ray: 5d5a5c1be9e7176a-FRA

GET
H2

200

react-dom.production.min.js Show response
unpkg.com/react-dom@16.13.1/umd/
Redirect Chain

https://unpkg.com/react-dom@16/umd/react-dom.production.min.js
https://unpkg.com/react-dom@16.13.1/umd/react-dom.production.min.js

116 KB
36 KB

26ms
26ms

Script
application/javascript

2606:4700::6810:7aaf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://unpkg.com/react-dom@16.13.1/umd/react-dom.production.min.js

Requested by

Host: www.getpaypalrewards.com
URL: https://www.getpaypalrewards.com/2

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7aaf , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

bc5b7797e8a595e365c1385b0d47683d3a85f3533c58d499659b771c48ec6d25

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.getpaypalrewards.com/2
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sun, 20 Sep 2020 09:01:05 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 5142437
status: 200
vary: Accept-Encoding
cf-request-id: 054c57e5800000176a4b094200000001
last-modified: Sat, 26 Oct 1985 08:15:00 GMT
server: cloudflare
etag: W/"1cf80-vxnsMq8j+48sDHVUmjmWtyX4DTU"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
x-cloud-trace-context: 5a9ff872b42d0fe2ca92fa591fc6d7de
cache-control: public, max-age=31536000
cf-ray: 5d5a5c1c0a36176a-FRA

Redirect headers

date: Sun, 20 Sep 2020 09:01:05 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 82
status: 302
vary: Accept, Accept-Encoding
content-length: 72
cf-request-id: 054c57e5710000176a4b093200000001
access-control-allow-origin: *
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/plain; charset=utf-8
location: /react-dom@16.13.1/umd/react-dom.production.min.js
x-cloud-trace-context: 5cb26ccc6e063eec83287e0f5002370b
cache-control: public, s-maxage=600, max-age=60
cf-ray: 5d5a5c1be9eb176a-FRA

GET
H2 200 app.19b82dbfb287.js Show response
d3iryrda585xkt.cloudfront.net/static/getpaypalrewards/ 2 MB
623 KB 34ms
12ms Script
application/javascript 2600:9000:2057:ec00:14:1a55:4f40:21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://d3iryrda585xkt.cloudfront.net/static/getpaypalrewards/app.19b82dbfb287.js

Requested by

Host: www.getpaypalrewards.com
URL: https://www.getpaypalrewards.com/2

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2057:ec00:14:1a55:4f40:21 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

gunicorn/19.9.0 /

Resource Hash

81f7acc982d8c8d9335bd38ff4eb3192f7021a00048a2a98d4f6ef1ecef61fb7

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.getpaypalrewards.com/2
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 18 Sep 2020 04:23:49 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 189436
x-cache: Hit from cloudfront
status: 200
content-length: 636624
access-control-allow-origin: *
last-modified: Thu, 03 Sep 2020 02:54:13 GMT
server: gunicorn/19.9.0
etag: "5f509315-2539cf"
vary: Accept-Encoding
content-type: application/javascript; charset="utf-8"
via: 1.1 vegur, 1.1 1277de71b2472d19ca0bfc510db9ec54.cloudfront.net (CloudFront)
cache-control: max-age=315360000, public, immutable
x-amz-cf-pop: FRA6-C1
x-amz-cf-id: 41erAiWOkuPlZ9cLjuPmgzi2ErnHsYOFLzzrNnhmQLsxFxY5oHnZVQ==

GET
DATA 200
OK truncated
/ 50 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e51f084527b8c0e289aab0a14e222cad74b1ea1ddab0aef9501ebaa5de03ae97

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ 30 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: fdd380af3f1a4f42eaff704ed10c0bb44e723da7e4391be2a7e2a894479364ed

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ 50 KB
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: cb2b7fa3fbd6fdf07f3da867bab39fac8d3eabcb9e28ab394f42d9e372b10254

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 9 KB
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 807451a252c9ecf84cee81714b159661a06e3ee442d9cb8a60739bdeddf07644

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 13 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: a383904ab1b54c1748ef677b7777939f0f541188459a57845680abb0914189e1

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ 19 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 378edef60bb43ce6e41dcfcc9683054d093ec8d13650589e258ab885c5f156f3

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ 12 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 481394a0635b874c071b54a2c352e29ca6c07875adf7337455975d575dcfa464

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 78.jpg
randomuser.me/api/portraits/women/ 5 KB
5 KB 46ms
27ms Image
image/jpeg 2606:4700:3033::681c:b2d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://randomuser.me/api/portraits/women/78.jpg
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3033::681c:b2d , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 9fc376b1021a34806e4da612e31e20f6af8971b3bdb0feb643d25c25bde956ff

Request headers

Referer: https://www.getpaypalrewards.com/2
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sun, 20 Sep 2020 09:01:06 GMT
cf-cache-status: HIT
age: 275941
status: 200
content-length: 4675
cf-request-id: 054c57e85e00002bce9b8c7200000001
last-modified: Fri, 08 Apr 2016 02:26:17 GMT
server: cloudflare
etag: "570716c9-1243"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
cache-control: public, max-age=2592000
accept-ranges: bytes
cf-ray: 5d5a5c209cc32bce-FRA
expires: Fri, 09 Oct 2020 19:07:29 GMT

GET
H2 200 68.jpg
randomuser.me/api/portraits/women/ 7 KB
7 KB 38ms
19ms Image
image/jpeg 2606:4700:3033::681c:b2d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://randomuser.me/api/portraits/women/68.jpg
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3033::681c:b2d , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f07b84f12ef125cbb837a7bd64da401992f5f62bd55fee10d01cd3dcc8abae80

Request headers

Referer: https://www.getpaypalrewards.com/2
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sun, 20 Sep 2020 09:01:06 GMT
cf-cache-status: HIT
age: 913509
status: 200
content-length: 6948
cf-request-id: 054c57e85e00002bce9b8c8200000001
last-modified: Fri, 08 Apr 2016 02:26:17 GMT
server: cloudflare
etag: "570716c9-1b24"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
cache-control: public, max-age=2592000
accept-ranges: bytes
cf-ray: 5d5a5c209cc62bce-FRA
expires: Fri, 09 Oct 2020 19:07:40 GMT

GET
H2 200 54.jpg
randomuser.me/api/portraits/men/ 5 KB
6 KB 37ms
18ms Image
image/jpeg 2606:4700:3033::681c:b2d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://randomuser.me/api/portraits/men/54.jpg
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3033::681c:b2d , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d1a3e08d4e37d6ee2b7de1db8df87c1dc7acd8ffb004caaf980917de518a60c9

Request headers

Referer: https://www.getpaypalrewards.com/2
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sun, 20 Sep 2020 09:01:06 GMT
cf-cache-status: HIT
age: 895853
status: 200
content-length: 5276
cf-request-id: 054c57e85e00002bce9b8c9200000001
last-modified: Fri, 08 Apr 2016 02:26:17 GMT
server: cloudflare
etag: "570716c9-149c"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
cache-control: public, max-age=2592000
accept-ranges: bytes
cf-ray: 5d5a5c209cc72bce-FRA
expires: Fri, 09 Oct 2020 19:07:02 GMT

GET
H2 200 json Show response
espire.api.hasoffers.com/Apiv3/ 819 B
656 B 379ms
149ms XHR
application/json 3.217.58.210
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://espire.api.hasoffers.com/Apiv3/json?NetworkToken=NETBp1OQHKM1OwVED641ic6hWLe5Jz&Target=Report&Method=getStats&fields[]=Stat.offer_id&fields[]=Offer.name&filters[Stat.date][conditional]=EQUAL_TO&filters[Stat.date][values][]=2020-09-20&filters[Stat.date][values][]=2020-09-20&sort[Stat.revenue]=desc&limit=4&totals=1
Requested by: Host: d3iryrda585xkt.cloudfront.net
URL: https://d3iryrda585xkt.cloudfront.net/static/getpaypalrewards/app.19b82dbfb287.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.217.58.210 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-217-58-210.compute-1.amazonaws.com
Software: Apache /
Resource Hash: 4b88eaf4beb2f748453df9034a1dd4113573fb232c264793c8fe300f2a39ac67

Request headers

Accept: application/json, text/plain, */*
Referer: https://www.getpaypalrewards.com/2
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sun, 20 Sep 2020 09:01:06 GMT
content-encoding: gzip
server: Apache
status: 200
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
access-control-allow-headers: X-Requested-With
content-length: 442
x-request-id: 7913138f-86a5-43f8-a78b-a32234ca680a

GET
H2 200 json Show response
espire.api.hasoffers.com/Apiv3/ 898 B
681 B 153ms
152ms XHR
application/json 3.217.58.210
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://espire.api.hasoffers.com/Apiv3/json?NetworkToken=NETBp1OQHKM1OwVED641ic6hWLe5Jz&Target=Offer&Method=getThumbnail&id=2130
Requested by: Host: d3iryrda585xkt.cloudfront.net
URL: https://d3iryrda585xkt.cloudfront.net/static/getpaypalrewards/app.19b82dbfb287.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.217.58.210 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-217-58-210.compute-1.amazonaws.com
Software: Apache /
Resource Hash: 7be114130c0ddb403d165cddb4b73a55cfcb3384fc1b0ff5b4f19f77fc3a9d4f

Request headers

Accept: application/json, text/plain, */*
Referer: https://www.getpaypalrewards.com/2
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sun, 20 Sep 2020 09:01:06 GMT
content-encoding: gzip
server: Apache
status: 200
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
access-control-allow-headers: X-Requested-With
content-length: 467
x-request-id: 23051ba3-f3ab-4c1e-a626-fcfd91f27ecf

GET
H2 200 json Show response
espire.api.hasoffers.com/Apiv3/ 889 B
677 B 176ms
175ms XHR
application/json 3.217.58.210
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://espire.api.hasoffers.com/Apiv3/json?NetworkToken=NETBp1OQHKM1OwVED641ic6hWLe5Jz&Target=Offer&Method=getThumbnail&id=2026
Requested by: Host: d3iryrda585xkt.cloudfront.net
URL: https://d3iryrda585xkt.cloudfront.net/static/getpaypalrewards/app.19b82dbfb287.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.217.58.210 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-217-58-210.compute-1.amazonaws.com
Software: Apache /
Resource Hash: 2dd3f3bf75da2883215e1f44800e5547693539026c99ebd5e8e1136e8cf25869

Request headers

Accept: application/json, text/plain, */*
Referer: https://www.getpaypalrewards.com/2
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sun, 20 Sep 2020 09:01:06 GMT
content-encoding: gzip
server: Apache
status: 200
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
access-control-allow-headers: X-Requested-With
content-length: 464
x-request-id: 09ec0ca6-01f8-4a96-ace3-b299e1136b29

GET
H2 200 json Show response
espire.api.hasoffers.com/Apiv3/ 898 B
682 B 148ms
146ms XHR
application/json 3.217.58.210
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://espire.api.hasoffers.com/Apiv3/json?NetworkToken=NETBp1OQHKM1OwVED641ic6hWLe5Jz&Target=Offer&Method=getThumbnail&id=2135
Requested by: Host: d3iryrda585xkt.cloudfront.net
URL: https://d3iryrda585xkt.cloudfront.net/static/getpaypalrewards/app.19b82dbfb287.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.217.58.210 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-217-58-210.compute-1.amazonaws.com
Software: Apache /
Resource Hash: 7cefc8d7e1580b6ddd2c43ce88fcd8b690583e7123325956273c74920ac28bcf

Request headers

Accept: application/json, text/plain, */*
Referer: https://www.getpaypalrewards.com/2
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sun, 20 Sep 2020 09:01:06 GMT
content-encoding: gzip
server: Apache
status: 200
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
access-control-allow-headers: X-Requested-With
content-length: 468
x-request-id: 65c89a7e-7cce-4733-b0c0-527f8041f1e6

GET
H2 200 json Show response
espire.api.hasoffers.com/Apiv3/ 904 B
680 B 149ms
148ms XHR
application/json 3.217.58.210
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://espire.api.hasoffers.com/Apiv3/json?NetworkToken=NETBp1OQHKM1OwVED641ic6hWLe5Jz&Target=Offer&Method=getThumbnail&id=2116
Requested by: Host: d3iryrda585xkt.cloudfront.net
URL: https://d3iryrda585xkt.cloudfront.net/static/getpaypalrewards/app.19b82dbfb287.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.217.58.210 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-217-58-210.compute-1.amazonaws.com
Software: Apache /
Resource Hash: 271decbd867d1432708564ffce81e1f18e0891b3b4239951808d3004d3ffb0ce

Request headers

Accept: application/json, text/plain, */*
Referer: https://www.getpaypalrewards.com/2
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sun, 20 Sep 2020 09:01:06 GMT
content-encoding: gzip
server: Apache
status: 200
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
access-control-allow-headers: X-Requested-With
content-length: 466
x-request-id: 43910daf-5a85-4c8f-b3bd-0c8477cffbb0

GET
H2 200 cashapp750.png
media.go2speed.org/brand/files/espire/2135/ 9 KB
10 KB 588ms
515ms Image
image/png 99.84.144.45
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://media.go2speed.org/brand/files/espire/2135/cashapp750.png
Requested by: Host: www.getpaypalrewards.com
URL: https://www.getpaypalrewards.com/2
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.84.144.45 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-84-144-45.txl52.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 9aa69834456ec999b5305c0756728d5c6250d1214164e4b2b7d385d6c9cc7eb1

Request headers

Referer: https://www.getpaypalrewards.com/2
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-amz-server-side-encryption: AES256
date: Sun, 20 Sep 2020 09:01:08 GMT
via: 1.1 a57d5819527c444e16b1875e3bd28970.cloudfront.net (CloudFront)
last-modified: Sun, 02 Aug 2020 23:08:48 GMT
server: AmazonS3
x-amz-cf-pop: TXL52-C1
etag: "81274931e31482d79640db360539050c"
x-cache: RefreshHit from cloudfront
content-type: image/png
status: 200
cache-control: max-age=3600
accept-ranges: bytes
content-length: 9594
x-amz-cf-id: Hfx7971KGZh-Z_mUfDlrRHYTQaEbDZGvOnHl5TxkXoPTKsE2pbsxpw==

GET
H2 200 cashapp750.png
media.go2speed.org/brand/files/espire/2130/ 9 KB
10 KB 535ms
469ms Image
image/png 99.84.144.45
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://media.go2speed.org/brand/files/espire/2130/cashapp750.png
Requested by: Host: www.getpaypalrewards.com
URL: https://www.getpaypalrewards.com/2
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.84.144.45 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-84-144-45.txl52.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 9aa69834456ec999b5305c0756728d5c6250d1214164e4b2b7d385d6c9cc7eb1

Request headers

Referer: https://www.getpaypalrewards.com/2
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-amz-server-side-encryption: AES256
date: Sun, 20 Sep 2020 09:01:07 GMT
via: 1.1 a57d5819527c444e16b1875e3bd28970.cloudfront.net (CloudFront)
last-modified: Mon, 20 Jul 2020 18:59:09 GMT
server: AmazonS3
x-amz-cf-pop: TXL52-C1
etag: "81274931e31482d79640db360539050c"
x-cache: RefreshHit from cloudfront
content-type: image/png
status: 200
cache-control: max-age=3600
accept-ranges: bytes
content-length: 9594
x-amz-cf-id: i2v9MEcwSa01GySD1otl1OREJDu1Bs8GhHC3EIAvHFt83t1ZzCE1nQ==

GET
H2 200 iphone11pro.png
media.go2speed.org/brand/files/espire/2116/ 33 KB
34 KB 651ms
586ms Image
image/png 99.84.144.45
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://media.go2speed.org/brand/files/espire/2116/iphone11pro.png
Requested by: Host: www.getpaypalrewards.com
URL: https://www.getpaypalrewards.com/2
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.84.144.45 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-84-144-45.txl52.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: f9c275e17fe6d5c1247644a1f41bd6e82b4c66602b4215fc4d496bd40923cf38

Request headers

Referer: https://www.getpaypalrewards.com/2
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-amz-server-side-encryption: AES256
date: Sun, 20 Sep 2020 09:01:07 GMT
via: 1.1 a57d5819527c444e16b1875e3bd28970.cloudfront.net (CloudFront)
last-modified: Tue, 12 May 2020 16:30:02 GMT
server: AmazonS3
x-amz-cf-pop: TXL52-C1
etag: "a1d9777d7c41c7cc40c47da10e527560"
x-cache: Miss from cloudfront
content-type: image/png
status: 200
cache-control: max-age=3600
accept-ranges: bytes
content-length: 34033
x-amz-cf-id: XpLf54NFjlODYNTT__uMsidW_5IjyxopEPoxxGkQJDbit0sNFl4Ybw==

GET
H2 200 iphone11.png
media.go2speed.org/brand/files/espire/2026/ 25 KB
26 KB 527ms
489ms Image
image/png 99.84.144.45
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://media.go2speed.org/brand/files/espire/2026/iphone11.png
Requested by: Host: www.getpaypalrewards.com
URL: https://www.getpaypalrewards.com/2
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.84.144.45 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-84-144-45.txl52.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: e0abb6e1a38afed8ead623b5ee0f4881f22cf0f468d2caa94a3cd02b2b096e52

Request headers

Referer: https://www.getpaypalrewards.com/2
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-amz-server-side-encryption: AES256
date: Sun, 20 Sep 2020 09:01:07 GMT
via: 1.1 a57d5819527c444e16b1875e3bd28970.cloudfront.net (CloudFront)
last-modified: Mon, 10 Aug 2020 19:02:39 GMT
server: AmazonS3
x-amz-cf-pop: TXL52-C1
etag: "7985561f90d0023bb3f65e3feeebedf7"
x-cache: Miss from cloudfront
content-type: image/png
status: 200
cache-control: max-age=3600
accept-ranges: bytes
content-length: 25939
x-amz-cf-id: qP4FeAcjV6Nreeb4-9iPeYImGO4dCSCoXpPIp2_03wPkok-vKhpJuA==

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Generic Scam (Online)

7 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

2 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
console-api	log	URL: https://d3iryrda585xkt.cloudfront.net/static/getpaypalrewards/app.19b82dbfb287.js(Line 577) Message: data
console-api	log	URL: https://d3iryrda585xkt.cloudfront.net/static/getpaypalrewards/app.19b82dbfb287.js(Line 577) Message: data [object Object],[object Object],[object Object],[object Object]

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

d3iryrda585xkt.cloudfront.net
espire.api.hasoffers.com
media.go2speed.org
randomuser.me
unpkg.com
www.getpaypalrewards.com
2600:9000:2057:ec00:14:1a55:4f40:21
2606:4700:3033::681c:b2d
2606:4700::6810:7aaf
3.217.58.210
34.233.175.36
99.84.144.45
271decbd867d1432708564ffce81e1f18e0891b3b4239951808d3004d3ffb0ce
2dd3f3bf75da2883215e1f44800e5547693539026c99ebd5e8e1136e8cf25869
378edef60bb43ce6e41dcfcc9683054d093ec8d13650589e258ab885c5f156f3
481394a0635b874c071b54a2c352e29ca6c07875adf7337455975d575dcfa464
4b88eaf4beb2f748453df9034a1dd4113573fb232c264793c8fe300f2a39ac67
7bd173177f90d939f1f3ec4f076c3260f90f6ac0d2d6176ac1f608528d2c8b62
7be114130c0ddb403d165cddb4b73a55cfcb3384fc1b0ff5b4f19f77fc3a9d4f
7cefc8d7e1580b6ddd2c43ce88fcd8b690583e7123325956273c74920ac28bcf
807451a252c9ecf84cee81714b159661a06e3ee442d9cb8a60739bdeddf07644
81f7acc982d8c8d9335bd38ff4eb3192f7021a00048a2a98d4f6ef1ecef61fb7
9aa69834456ec999b5305c0756728d5c6250d1214164e4b2b7d385d6c9cc7eb1
9fc376b1021a34806e4da612e31e20f6af8971b3bdb0feb643d25c25bde956ff
a383904ab1b54c1748ef677b7777939f0f541188459a57845680abb0914189e1
bc5b7797e8a595e365c1385b0d47683d3a85f3533c58d499659b771c48ec6d25
c9486f126615859fc61ac84840a02b2efc920d287a71d99d708c74b2947750fe
cb2b7fa3fbd6fdf07f3da867bab39fac8d3eabcb9e28ab394f42d9e372b10254
d1a3e08d4e37d6ee2b7de1db8df87c1dc7acd8ffb004caaf980917de518a60c9
e0abb6e1a38afed8ead623b5ee0f4881f22cf0f468d2caa94a3cd02b2b096e52
e51f084527b8c0e289aab0a14e222cad74b1ea1ddab0aef9501ebaa5de03ae97
f07b84f12ef125cbb837a7bd64da401992f5f62bd55fee10d01cd3dcc8abae80
f9c275e17fe6d5c1247644a1f41bd6e82b4c66602b4215fc4d496bd40923cf38
fdd380af3f1a4f42eaff704ed10c0bb44e723da7e4391be2a7e2a894479364ed

www.getpaypalrewards.com Open in urlscan Pro 34.233.175.36 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

16 Requests

100 %HTTPS

50 %IPv6

6 Domains

6 Subdomains

7 IPs

1 Countries

764 kBTransfer

2792 kBSize

0 Cookies

1 Outgoing links

Redirected requests

16 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 7 data transactions

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

7 JavaScript Global Variables

0 Cookies

2 Console Messages

Security Headers

Indicators

www.getpaypalrewards.com Open in urlscan Pro
34.233.175.36 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

16
Requests

100 %
HTTPS

50 %
IPv6

6
Domains

6
Subdomains

7
IPs

1
Countries

764 kB
Transfer

2792 kB
Size

0
Cookies

16 HTTP transactions
7 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!