www.getpaypalrewards.com Open in urlscan Pro
54.145.200.136 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://www.getpaypalrewards.com/2
Submission Tags: @phishunt_io
Submission: On August 23 via api (August 23rd 2020, 11:17:09 am UTC) from ES

Summary HTTP 16 Redirects Links 1 Behaviour Indicators

Summary

This website contacted 7 IPs in 1 countries across 6 domains to perform 16 HTTP transactions. The main IP is 54.145.200.136, located in Ashburn, United States and belongs to AMAZON-AES, US. The main domain is www.getpaypalrewards.com.
TLS certificate: Issued by Let's Encrypt Authority X3 on August 21st 2020. Valid for: 3 months.

This is the only time www.getpaypalrewards.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Generic Scam (Online)

Domain & IP information

	IP Address	AS Autonomous System
1	54.145.200.136 54.145.200.136	14618 (AMAZON-AES) (AMAZON-AES)
2 4	2606:4700::68... 2606:4700::6810:7daf	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2600:9000:215... 2600:9000:2156:cc00:14:1a55:4f40:21	16509 (AMAZON-02) (AMAZON-02)
3	2606:4700:303... 2606:4700:3036::681c:a2d	13335 (CLOUDFLAR...) (CLOUDFLARENET)
5	3.217.58.210 3.217.58.210	14618 (AMAZON-AES) (AMAZON-AES)
4	13.226.155.11 13.226.155.11	16509 (AMAZON-02) (AMAZON-02)
16	7

1 54.145.200.136 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-145-200-136.compute-1.amazonaws.com

www.getpaypalrewards.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2606:4700::6810:7daf (United States) 2 redirects

ASN13335 (CLOUDFLARENET, US)

unpkg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:2156:cc00:14:1a55:4f40:21 (United States)

ASN16509 (AMAZON-02, US)

d3iryrda585xkt.cloudfront.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2606:4700:3036::681c:a2d (United States)

ASN13335 (CLOUDFLARENET, US)

randomuser.me	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 3.217.58.210 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-3-217-58-210.compute-1.amazonaws.com

espire.api.hasoffers.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 13.226.155.11 (Seattle, United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-226-155-11.dus51.r.cloudfront.net

media.go2speed.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
5	hasoffers.com espire.api.hasoffers.com	3 KB
4	go2speed.org media.go2speed.org	381 KB
4	unpkg.com 2 redirects unpkg.com	41 KB
3	randomuser.me randomuser.me	14 KB
1	cloudfront.net d3iryrda585xkt.cloudfront.net	623 KB
1	getpaypalrewards.com www.getpaypalrewards.com	1 KB
16	6

	Domain	Requested by
5	espire.api.hasoffers.com	d3iryrda585xkt.cloudfront.net
4	media.go2speed.org	www.getpaypalrewards.com
4	unpkg.com	2 redirects www.getpaypalrewards.com
3	randomuser.me
1	d3iryrda585xkt.cloudfront.net	www.getpaypalrewards.com
1	www.getpaypalrewards.com
16	6

This site contains links to these domains. Also see Links.

Domain
www.getthatapp.co

Subject Issuer	Validity	Valid
www.getvenmorewards.com Let's Encrypt Authority X3	`2020-08-21` - `2020-11-19`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2020-08-02` - `2021-08-02`	a year	crt.sh
*.cloudfront.net DigiCert Global CA G2	`2020-05-26` - `2021-04-21`	a year	crt.sh
*.api.hasoffers.com Amazon	`2019-10-11` - `2020-11-11`	a year	crt.sh
media.go2speed.org Amazon	`2019-12-01` - `2021-01-01`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://www.getpaypalrewards.com/2
Frame ID: 43991B151EE6F84CB202A21CC1C9B9F9
Requests: 23 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

Python (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

headers server /gunicorn(?:\/([\d.]+))?/i

gunicorn (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /gunicorn(?:\/([\d.]+))?/i

Page Statistics

16
Requests

100 %
HTTPS

50 %
IPv6

6
Domains

6
Subdomains

7
IPs

1
Countries

1064 kB
Transfer

3091 kB
Size

0
Cookies

1 Outgoing links

These are links going to different origins than the main page.

URL: https://www.getthatapp.co/go/2/1835
Title: PayPal Survey

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0

https://unpkg.com/react@16/umd/react.production.min.js HTTP 302
https://unpkg.com/react@16.13.1/umd/react.production.min.js

Request Chain 1

https://unpkg.com/react-dom@16/umd/react-dom.production.min.js HTTP 302
https://unpkg.com/react-dom@16.13.1/umd/react-dom.production.min.js

16 HTTP transactions
7 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request 2 Show response
www.getpaypalrewards.com/ 1 KB
1 KB 421ms
154ms Document
text/html 54.145.200.136
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://www.getpaypalrewards.com/2

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.145.200.136 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-54-145-200-136.compute-1.amazonaws.com

Software

gunicorn/19.9.0 /

Resource Hash

7bd173177f90d939f1f3ec4f076c3260f90f6ac0d2d6176ac1f608528d2c8b62

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Host: www.getpaypalrewards.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: none
Sec-Fetch-Mode: navigate
Sec-Fetch-User: ?1
Sec-Fetch-Dest: document
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Connection: keep-alive
Server: gunicorn/19.9.0
Date: Sun, 23 Aug 2020 11:16:51 GMT
Content-Type: text/html; charset=utf-8
X-Frame-Options: DENY
Content-Length: 1251
X-Content-Type-Options: nosniff
Vary: Origin
Via: 1.1 vegur

GET
H2

200

react.production.min.js Show response
unpkg.com/react@16.13.1/umd/
Redirect Chain

https://unpkg.com/react@16/umd/react.production.min.js
https://unpkg.com/react@16.13.1/umd/react.production.min.js

12 KB
5 KB

12ms
12ms

Script
application/javascript

2606:4700::6810:7daf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://unpkg.com/react@16.13.1/umd/react.production.min.js

Requested by

Host: www.getpaypalrewards.com
URL: https://www.getpaypalrewards.com/2

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7daf , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c9486f126615859fc61ac84840a02b2efc920d287a71d99d708c74b2947750fe

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.getpaypalrewards.com/2
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sun, 23 Aug 2020 11:16:51 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 4552943
status: 200
vary: Accept-Encoding
cf-request-id: 04bca223280000d70d020be200000001
last-modified: Sat, 26 Oct 1985 08:15:00 GMT
server: cloudflare
etag: W/"30af-MctM6gBk7YDBsMX11Y4ZVqfiKT8"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
x-cloud-trace-context: 04ccd3603ac6bdbdc7346789ddc32675
cache-control: public, max-age=31536000
cf-ray: 5c746c7eabc3d70d-FRA

Redirect headers

date: Sun, 23 Aug 2020 11:16:51 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 336
status: 302
vary: Accept, Accept-Encoding
content-length: 64
cf-request-id: 04bca223180000d70d020bc200000001
access-control-allow-origin: *
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/plain; charset=utf-8
location: /react@16.13.1/umd/react.production.min.js
x-cloud-trace-context: df7f45fabaf5ba608fcf9aab8d11251e
cache-control: public, s-maxage=600, max-age=60
cf-ray: 5c746c7e8b95d70d-FRA

GET
H2

200

react-dom.production.min.js Show response
unpkg.com/react-dom@16.13.1/umd/
Redirect Chain

https://unpkg.com/react-dom@16/umd/react-dom.production.min.js
https://unpkg.com/react-dom@16.13.1/umd/react-dom.production.min.js

116 KB
36 KB

24ms
24ms

Script
application/javascript

2606:4700::6810:7daf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://unpkg.com/react-dom@16.13.1/umd/react-dom.production.min.js

Requested by

Host: www.getpaypalrewards.com
URL: https://www.getpaypalrewards.com/2

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7daf , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

bc5b7797e8a595e365c1385b0d47683d3a85f3533c58d499659b771c48ec6d25

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.getpaypalrewards.com/2
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sun, 23 Aug 2020 11:16:51 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 2731383
status: 200
vary: Accept-Encoding
cf-request-id: 04bca223290000d70d020bf200000001
last-modified: Sat, 26 Oct 1985 08:15:00 GMT
server: cloudflare
etag: W/"1cf80-vxnsMq8j+48sDHVUmjmWtyX4DTU"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
x-cloud-trace-context: 5a9ff872b42d0fe2ca92fa591fc6d7de
cache-control: public, max-age=31536000
cf-ray: 5c746c7eabc4d70d-FRA

Redirect headers

date: Sun, 23 Aug 2020 11:16:51 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 313
status: 302
vary: Accept, Accept-Encoding
content-length: 72
cf-request-id: 04bca223180000d70d020bd200000001
access-control-allow-origin: *
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/plain; charset=utf-8
location: /react-dom@16.13.1/umd/react-dom.production.min.js
x-cloud-trace-context: c057a4abb5931ebaccc6c8196ab400cd
cache-control: public, s-maxage=600, max-age=60
cf-ray: 5c746c7e8b97d70d-FRA

GET
H2 200 app.19b82dbfb287.js Show response
d3iryrda585xkt.cloudfront.net/static/getpaypalrewards/ 2 MB
623 KB 421ms
395ms Script
application/javascript 2600:9000:2156:cc00:14:1a55:4f40:21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://d3iryrda585xkt.cloudfront.net/static/getpaypalrewards/app.19b82dbfb287.js

Requested by

Host: www.getpaypalrewards.com
URL: https://www.getpaypalrewards.com/2

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2600:9000:2156:cc00:14:1a55:4f40:21 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

gunicorn/19.9.0 /

Resource Hash

81f7acc982d8c8d9335bd38ff4eb3192f7021a00048a2a98d4f6ef1ecef61fb7

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.getpaypalrewards.com/2
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sun, 23 Aug 2020 11:16:51 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-amz-cf-pop: FRA50-C1
x-cache: Miss from cloudfront
status: 200
content-length: 636624
access-control-allow-origin: *
last-modified: Fri, 21 Aug 2020 20:49:48 GMT
server: gunicorn/19.9.0
etag: "5f406bac-2539cf"
vary: Accept-Encoding
content-type: application/javascript; charset="utf-8"
via: 1.1 vegur, 1.1 5f6905ea282e042ad3334bfed8a840ce.cloudfront.net (CloudFront)
cache-control: max-age=315360000, public, immutable
x-amz-cf-id: AntJWF5xL16FWsbUpj_qO9248RMAPWHpPTQhE5-b9FuKQBRtU7zVLg==

GET
DATA 200
OK truncated
/ 50 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e51f084527b8c0e289aab0a14e222cad74b1ea1ddab0aef9501ebaa5de03ae97

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ 30 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: fdd380af3f1a4f42eaff704ed10c0bb44e723da7e4391be2a7e2a894479364ed

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ 50 KB
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: cb2b7fa3fbd6fdf07f3da867bab39fac8d3eabcb9e28ab394f42d9e372b10254

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 9 KB
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 807451a252c9ecf84cee81714b159661a06e3ee442d9cb8a60739bdeddf07644

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 13 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: a383904ab1b54c1748ef677b7777939f0f541188459a57845680abb0914189e1

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ 19 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 378edef60bb43ce6e41dcfcc9683054d093ec8d13650589e258ab885c5f156f3

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ 12 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 481394a0635b874c071b54a2c352e29ca6c07875adf7337455975d575dcfa464

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 52.jpg
randomuser.me/api/portraits/men/ 4 KB
4 KB 47ms
24ms Image
image/jpeg 2606:4700:3036::681c:a2d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://randomuser.me/api/portraits/men/52.jpg
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3036::681c:a2d , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6cff624a3918ef93fa859e2c4cdb4634ceca702242654071804da9fbf0b617bc

Request headers

Referer: https://www.getpaypalrewards.com/2
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sun, 23 Aug 2020 11:16:53 GMT
cf-cache-status: HIT
age: 2571333
status: 200
content-length: 4344
cf-request-id: 04bca229d40000074a512d5200000001
last-modified: Fri, 08 Apr 2016 02:26:17 GMT
server: cloudflare
etag: "570716c9-10f8"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
cache-control: public, max-age=2592000
accept-ranges: bytes
cf-ray: 5c746c895e0f074a-FRA
expires: Sun, 23 Aug 2020 16:58:17 GMT

GET
H2 200 10.jpg
randomuser.me/api/portraits/men/ 5 KB
5 KB 47ms
24ms Image
image/jpeg 2606:4700:3036::681c:a2d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://randomuser.me/api/portraits/men/10.jpg
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3036::681c:a2d , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a2c119fd54bdd0e0148ab84a5fe314357a8e5c9dd7c15c0ef574749128437830

Request headers

Referer: https://www.getpaypalrewards.com/2
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sun, 23 Aug 2020 11:16:53 GMT
cf-cache-status: HIT
age: 2571752
status: 200
content-length: 5422
cf-request-id: 04bca229d40000074a512d6200000001
last-modified: Fri, 08 Apr 2016 02:26:17 GMT
server: cloudflare
etag: "570716c9-152e"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
expires: Sun, 23 Aug 2020 16:52:41 GMT
cache-control: public, max-age=2592000
accept-ranges: bytes
cf-ray: 5c746c895e11074a-FRA
cf-bgj: h2pri

GET
H2 200 88.jpg
randomuser.me/api/portraits/women/ 4 KB
4 KB 46ms
23ms Image
image/jpeg 2606:4700:3036::681c:a2d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://randomuser.me/api/portraits/women/88.jpg
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3036::681c:a2d , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1b3bb15506d4e4378f8c31f163859bba7155263c02d06221e3b376285498764e

Request headers

Referer: https://www.getpaypalrewards.com/2
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sun, 23 Aug 2020 11:16:53 GMT
cf-cache-status: HIT
age: 2568905
status: 200
content-length: 3844
cf-request-id: 04bca229d40000074a512d7200000001
last-modified: Fri, 08 Apr 2016 02:26:17 GMT
server: cloudflare
etag: "570716c9-f04"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
expires: Sun, 23 Aug 2020 16:58:01 GMT
cache-control: public, max-age=2592000
accept-ranges: bytes
cf-ray: 5c746c895e12074a-FRA
cf-bgj: h2pri

GET
H2 200 json Show response
espire.api.hasoffers.com/Apiv3/ 815 B
662 B 390ms
141ms XHR
application/json 3.217.58.210
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://espire.api.hasoffers.com/Apiv3/json?NetworkToken=NETBp1OQHKM1OwVED641ic6hWLe5Jz&Target=Report&Method=getStats&fields[]=Stat.offer_id&fields[]=Offer.name&filters[Stat.date][conditional]=EQUAL_TO&filters[Stat.date][values][]=2020-08-23&filters[Stat.date][values][]=2020-08-23&sort[Stat.revenue]=desc&limit=4&totals=1
Requested by: Host: d3iryrda585xkt.cloudfront.net
URL: https://d3iryrda585xkt.cloudfront.net/static/getpaypalrewards/app.19b82dbfb287.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.217.58.210 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-217-58-210.compute-1.amazonaws.com
Software: Apache /
Resource Hash: 1b7057598a2a979bbe89e04dba30f8f83d26e964bbb296236d8132d638e696ab

Request headers

Accept: application/json, text/plain, */*
Referer: https://www.getpaypalrewards.com/2
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sun, 23 Aug 2020 11:16:53 GMT
content-encoding: gzip
server: Apache
status: 200
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
access-control-allow-headers: X-Requested-With
content-length: 448
x-request-id: 8a8f1940-c422-4288-be78-1198dea182dc

GET
H2 200 json Show response
espire.api.hasoffers.com/Apiv3/ 898 B
681 B 149ms
147ms XHR
application/json 3.217.58.210
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://espire.api.hasoffers.com/Apiv3/json?NetworkToken=NETBp1OQHKM1OwVED641ic6hWLe5Jz&Target=Offer&Method=getThumbnail&id=2130
Requested by: Host: d3iryrda585xkt.cloudfront.net
URL: https://d3iryrda585xkt.cloudfront.net/static/getpaypalrewards/app.19b82dbfb287.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.217.58.210 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-217-58-210.compute-1.amazonaws.com
Software: Apache /
Resource Hash: 7be114130c0ddb403d165cddb4b73a55cfcb3384fc1b0ff5b4f19f77fc3a9d4f

Request headers

Accept: application/json, text/plain, */*
Referer: https://www.getpaypalrewards.com/2
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sun, 23 Aug 2020 11:16:53 GMT
content-encoding: gzip
server: Apache
status: 200
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
access-control-allow-headers: X-Requested-With
content-length: 467
x-request-id: 116fc4c2-c825-46bb-b539-e218b97b5373

GET
H2 200 json Show response
espire.api.hasoffers.com/Apiv3/ 904 B
680 B 150ms
149ms XHR
application/json 3.217.58.210
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://espire.api.hasoffers.com/Apiv3/json?NetworkToken=NETBp1OQHKM1OwVED641ic6hWLe5Jz&Target=Offer&Method=getThumbnail&id=2024
Requested by: Host: d3iryrda585xkt.cloudfront.net
URL: https://d3iryrda585xkt.cloudfront.net/static/getpaypalrewards/app.19b82dbfb287.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.217.58.210 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-217-58-210.compute-1.amazonaws.com
Software: Apache /
Resource Hash: cf907838a5159ee574881f25d9585a5b3ad20f069b159ff651685f0b69ad5e40

Request headers

Accept: application/json, text/plain, */*
Referer: https://www.getpaypalrewards.com/2
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sun, 23 Aug 2020 11:16:53 GMT
content-encoding: gzip
server: Apache
status: 200
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
access-control-allow-headers: X-Requested-With
content-length: 465
x-request-id: 3676fdad-8916-444c-b3c2-71333fe95b36

GET
H2 200 json Show response
espire.api.hasoffers.com/Apiv3/ 1 KB
714 B 147ms
146ms XHR
application/json 3.217.58.210
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://espire.api.hasoffers.com/Apiv3/json?NetworkToken=NETBp1OQHKM1OwVED641ic6hWLe5Jz&Target=Offer&Method=getThumbnail&id=701
Requested by: Host: d3iryrda585xkt.cloudfront.net
URL: https://d3iryrda585xkt.cloudfront.net/static/getpaypalrewards/app.19b82dbfb287.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.217.58.210 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-217-58-210.compute-1.amazonaws.com
Software: Apache /
Resource Hash: 2bb12b1cf885b307a4ddb3599b58b05a20f64cfc9a6e9668b1fc5d32bdcc163c

Request headers

Accept: application/json, text/plain, */*
Referer: https://www.getpaypalrewards.com/2
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sun, 23 Aug 2020 11:16:53 GMT
content-encoding: gzip
server: Apache
status: 200
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
access-control-allow-headers: X-Requested-With
content-length: 500
x-request-id: ab89488a-ded4-4869-ba77-7e79ac3b0e51

GET
H2 200 json Show response
espire.api.hasoffers.com/Apiv3/ 898 B
682 B 145ms
144ms XHR
application/json 3.217.58.210
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://espire.api.hasoffers.com/Apiv3/json?NetworkToken=NETBp1OQHKM1OwVED641ic6hWLe5Jz&Target=Offer&Method=getThumbnail&id=2135
Requested by: Host: d3iryrda585xkt.cloudfront.net
URL: https://d3iryrda585xkt.cloudfront.net/static/getpaypalrewards/app.19b82dbfb287.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.217.58.210 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-217-58-210.compute-1.amazonaws.com
Software: Apache /
Resource Hash: 7cefc8d7e1580b6ddd2c43ce88fcd8b690583e7123325956273c74920ac28bcf

Request headers

Accept: application/json, text/plain, */*
Referer: https://www.getpaypalrewards.com/2
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sun, 23 Aug 2020 11:16:53 GMT
content-encoding: gzip
server: Apache
status: 200
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
access-control-allow-headers: X-Requested-With
content-length: 468
x-request-id: 34f3ceff-9e24-4814-9950-162faab00d3d

GET
H2 200 cashapp750.png
media.go2speed.org/brand/files/espire/2135/ 9 KB
10 KB 73ms
26ms Image
image/png 13.226.155.11
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://media.go2speed.org/brand/files/espire/2135/cashapp750.png
Requested by: Host: www.getpaypalrewards.com
URL: https://www.getpaypalrewards.com/2
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.226.155.11 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-226-155-11.dus51.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 9aa69834456ec999b5305c0756728d5c6250d1214164e4b2b7d385d6c9cc7eb1

Request headers

Referer: https://www.getpaypalrewards.com/2
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-amz-server-side-encryption: AES256
date: Sun, 23 Aug 2020 10:27:51 GMT
via: 1.1 892b66fb24658030c9f86276c7abeda5.cloudfront.net (CloudFront)
last-modified: Sun, 02 Aug 2020 23:08:48 GMT
server: AmazonS3
age: 2944
etag: "81274931e31482d79640db360539050c"
x-cache: Hit from cloudfront
content-type: image/png
status: 200
cache-control: max-age=3600
x-amz-cf-pop: DUS51-C1
accept-ranges: bytes
content-length: 9594
x-amz-cf-id: Sh0yjEa49tXJ7wyRIYlqIssG2a1hUn70PEiBqfVyJGyvNGcR0CQ7EQ==

GET
H2 200 cashapp750.png
media.go2speed.org/brand/files/espire/2130/ 9 KB
10 KB 482ms
445ms Image
image/png 13.226.155.11
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://media.go2speed.org/brand/files/espire/2130/cashapp750.png
Requested by: Host: www.getpaypalrewards.com
URL: https://www.getpaypalrewards.com/2
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.226.155.11 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-226-155-11.dus51.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 9aa69834456ec999b5305c0756728d5c6250d1214164e4b2b7d385d6c9cc7eb1

Request headers

Referer: https://www.getpaypalrewards.com/2
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-amz-server-side-encryption: AES256
date: Sun, 23 Aug 2020 11:16:55 GMT
via: 1.1 892b66fb24658030c9f86276c7abeda5.cloudfront.net (CloudFront)
last-modified: Mon, 20 Jul 2020 18:59:09 GMT
server: AmazonS3
x-amz-cf-pop: DUS51-C1
etag: "81274931e31482d79640db360539050c"
x-cache: RefreshHit from cloudfront
content-type: image/png
status: 200
cache-control: max-age=3600
accept-ranges: bytes
content-length: 9594
x-amz-cf-id: Bz0ccHV1FzvTwudIBTyQ7usny0-fQGclgT74SwHgk5rEBmhaIAMP1Q==

GET
H2 200 iphone11pro.png
media.go2speed.org/brand/files/espire/2024/ 33 KB
34 KB 73ms
37ms Image
image/png 13.226.155.11
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://media.go2speed.org/brand/files/espire/2024/iphone11pro.png
Requested by: Host: www.getpaypalrewards.com
URL: https://www.getpaypalrewards.com/2
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.226.155.11 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-226-155-11.dus51.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: f9c275e17fe6d5c1247644a1f41bd6e82b4c66602b4215fc4d496bd40923cf38

Request headers

Referer: https://www.getpaypalrewards.com/2
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-amz-server-side-encryption: AES256
date: Sun, 23 Aug 2020 10:55:46 GMT
via: 1.1 892b66fb24658030c9f86276c7abeda5.cloudfront.net (CloudFront)
last-modified: Mon, 10 Aug 2020 19:02:12 GMT
server: AmazonS3
age: 1269
etag: "a1d9777d7c41c7cc40c47da10e527560"
x-cache: Hit from cloudfront
content-type: image/png
status: 200
cache-control: max-age=3600
x-amz-cf-pop: DUS51-C1
accept-ranges: bytes
content-length: 34033
x-amz-cf-id: EgEVlWvMSDdJnaYB43V-CH3v7nU6KxP5ZHo_riSosGSu3P8YKQUVsw==

GET
H2 200 39C02AA3-D10F-4465-BAD9-1870A546EAE8.jpeg
media.go2speed.org/brand/files/espire/701/ 328 KB
328 KB 450ms
414ms Image
image/jpeg 13.226.155.11
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://media.go2speed.org/brand/files/espire/701/39C02AA3-D10F-4465-BAD9-1870A546EAE8.jpeg
Requested by: Host: www.getpaypalrewards.com
URL: https://www.getpaypalrewards.com/2
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.226.155.11 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-226-155-11.dus51.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 0690050d2366122276467f27f91aea098dacb7cf08fdc62870cd37cb17192198

Request headers

Referer: https://www.getpaypalrewards.com/2
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sun, 23 Aug 2020 11:16:55 GMT
via: 1.1 892b66fb24658030c9f86276c7abeda5.cloudfront.net (CloudFront)
last-modified: Fri, 18 May 2018 15:26:05 GMT
server: AmazonS3
x-amz-cf-pop: DUS51-C1
etag: "d4c2f70a65a1db9c2ba7c62e4573ebb9"
x-cache: RefreshHit from cloudfront
content-type: image/jpeg
status: 200
accept-ranges: bytes
content-length: 335474
x-amz-cf-id: hoxKaXBn_AZEeRso89zliW8TWAyLr0cvfZF3nswuc5EDcp5h0iIzSw==

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Generic Scam (Online)

7 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

2 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
console-api	log	URL: https://d3iryrda585xkt.cloudfront.net/static/getpaypalrewards/app.19b82dbfb287.js(Line 577) Message: data
console-api	log	URL: https://d3iryrda585xkt.cloudfront.net/static/getpaypalrewards/app.19b82dbfb287.js(Line 577) Message: data [object Object],[object Object],[object Object],[object Object]

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

d3iryrda585xkt.cloudfront.net
espire.api.hasoffers.com
media.go2speed.org
randomuser.me
unpkg.com
www.getpaypalrewards.com
13.226.155.11
2600:9000:2156:cc00:14:1a55:4f40:21
2606:4700:3036::681c:a2d
2606:4700::6810:7daf
3.217.58.210
54.145.200.136
0690050d2366122276467f27f91aea098dacb7cf08fdc62870cd37cb17192198
1b3bb15506d4e4378f8c31f163859bba7155263c02d06221e3b376285498764e
1b7057598a2a979bbe89e04dba30f8f83d26e964bbb296236d8132d638e696ab
2bb12b1cf885b307a4ddb3599b58b05a20f64cfc9a6e9668b1fc5d32bdcc163c
378edef60bb43ce6e41dcfcc9683054d093ec8d13650589e258ab885c5f156f3
481394a0635b874c071b54a2c352e29ca6c07875adf7337455975d575dcfa464
6cff624a3918ef93fa859e2c4cdb4634ceca702242654071804da9fbf0b617bc
7bd173177f90d939f1f3ec4f076c3260f90f6ac0d2d6176ac1f608528d2c8b62
7be114130c0ddb403d165cddb4b73a55cfcb3384fc1b0ff5b4f19f77fc3a9d4f
7cefc8d7e1580b6ddd2c43ce88fcd8b690583e7123325956273c74920ac28bcf
807451a252c9ecf84cee81714b159661a06e3ee442d9cb8a60739bdeddf07644
81f7acc982d8c8d9335bd38ff4eb3192f7021a00048a2a98d4f6ef1ecef61fb7
9aa69834456ec999b5305c0756728d5c6250d1214164e4b2b7d385d6c9cc7eb1
a2c119fd54bdd0e0148ab84a5fe314357a8e5c9dd7c15c0ef574749128437830
a383904ab1b54c1748ef677b7777939f0f541188459a57845680abb0914189e1
bc5b7797e8a595e365c1385b0d47683d3a85f3533c58d499659b771c48ec6d25
c9486f126615859fc61ac84840a02b2efc920d287a71d99d708c74b2947750fe
cb2b7fa3fbd6fdf07f3da867bab39fac8d3eabcb9e28ab394f42d9e372b10254
cf907838a5159ee574881f25d9585a5b3ad20f069b159ff651685f0b69ad5e40
e51f084527b8c0e289aab0a14e222cad74b1ea1ddab0aef9501ebaa5de03ae97
f9c275e17fe6d5c1247644a1f41bd6e82b4c66602b4215fc4d496bd40923cf38
fdd380af3f1a4f42eaff704ed10c0bb44e723da7e4391be2a7e2a894479364ed

www.getpaypalrewards.com Open in urlscan Pro 54.145.200.136 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

16 Requests

100 %HTTPS

50 %IPv6

6 Domains

6 Subdomains

7 IPs

1 Countries

1064 kBTransfer

3091 kBSize

0 Cookies

1 Outgoing links

Redirected requests

16 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 7 data transactions

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

7 JavaScript Global Variables

0 Cookies

2 Console Messages

Security Headers

Indicators

www.getpaypalrewards.com Open in urlscan Pro
54.145.200.136 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

16
Requests

100 %
HTTPS

50 %
IPv6

6
Domains

6
Subdomains

7
IPs

1
Countries

1064 kB
Transfer

3091 kB
Size

0
Cookies

16 HTTP transactions
7 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!