www.getpaypalrewards.com Open in urlscan Pro
54.145.200.136  Malicious Activity! Public Scan

URL: https://www.getpaypalrewards.com/2
Submission Tags: @phishunt_io
Submission: On August 23 via api from ES

Summary

This website contacted 7 IPs in 1 countries across 6 domains to perform 16 HTTP transactions. The main IP is 54.145.200.136, located in Ashburn, United States and belongs to AMAZON-AES, US. The main domain is www.getpaypalrewards.com.
TLS certificate: Issued by Let's Encrypt Authority X3 on August 21st 2020. Valid for: 3 months.
This is the only time www.getpaypalrewards.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Generic Scam (Online)

Domain & IP information

IP Address AS Autonomous System
1 54.145.200.136 14618 (AMAZON-AES)
2 4 2606:4700::68... 13335 (CLOUDFLAR...)
1 2600:9000:215... 16509 (AMAZON-02)
3 2606:4700:303... 13335 (CLOUDFLAR...)
5 3.217.58.210 14618 (AMAZON-AES)
4 13.226.155.11 16509 (AMAZON-02)
16 7
Domain Requested by
5 espire.api.hasoffers.com d3iryrda585xkt.cloudfront.net
4 media.go2speed.org www.getpaypalrewards.com
4 unpkg.com 2 redirects www.getpaypalrewards.com
3 randomuser.me
1 d3iryrda585xkt.cloudfront.net www.getpaypalrewards.com
1 www.getpaypalrewards.com
16 6

This site contains links to these domains. Also see Links.

Domain
www.getthatapp.co
Subject Issuer Validity Valid
www.getvenmorewards.com
Let's Encrypt Authority X3
2020-08-21 -
2020-11-19
3 months crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3
2020-08-02 -
2021-08-02
a year crt.sh
*.cloudfront.net
DigiCert Global CA G2
2020-05-26 -
2021-04-21
a year crt.sh
*.api.hasoffers.com
Amazon
2019-10-11 -
2020-11-11
a year crt.sh
media.go2speed.org
Amazon
2019-12-01 -
2021-01-01
a year crt.sh

This page contains 1 frames:

Primary Page: https://www.getpaypalrewards.com/2
Frame ID: 43991B151EE6F84CB202A21CC1C9B9F9
Requests: 23 HTTP requests in this frame

Screenshot


Detected technologies

Overall confidence: 100%
Detected patterns
  • headers server /gunicorn(?:\/([\d.]+))?/i

Overall confidence: 100%
Detected patterns
  • headers server /gunicorn(?:\/([\d.]+))?/i

Page Statistics

16
Requests

100 %
HTTPS

50 %
IPv6

6
Domains

6
Subdomains

7
IPs

1
Countries

1064 kB
Transfer

3091 kB
Size

0
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0
  • https://unpkg.com/react@16/umd/react.production.min.js HTTP 302
  • https://unpkg.com/react@16.13.1/umd/react.production.min.js
Request Chain 1
  • https://unpkg.com/react-dom@16/umd/react-dom.production.min.js HTTP 302
  • https://unpkg.com/react-dom@16.13.1/umd/react-dom.production.min.js

16 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request 2
www.getpaypalrewards.com/
1 KB
1 KB
Document
General
Full URL
https://www.getpaypalrewards.com/2
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.145.200.136 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-145-200-136.compute-1.amazonaws.com
Software
gunicorn/19.9.0 /
Resource Hash
7bd173177f90d939f1f3ec4f076c3260f90f6ac0d2d6176ac1f608528d2c8b62
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Host
www.getpaypalrewards.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
none
Sec-Fetch-Mode
navigate
Sec-Fetch-User
?1
Sec-Fetch-Dest
document
Accept-Encoding
gzip, deflate, br
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Connection
keep-alive
Server
gunicorn/19.9.0
Date
Sun, 23 Aug 2020 11:16:51 GMT
Content-Type
text/html; charset=utf-8
X-Frame-Options
DENY
Content-Length
1251
X-Content-Type-Options
nosniff
Vary
Origin
Via
1.1 vegur
react.production.min.js
unpkg.com/react@16.13.1/umd/
Redirect Chain
  • https://unpkg.com/react@16/umd/react.production.min.js
  • https://unpkg.com/react@16.13.1/umd/react.production.min.js
12 KB
5 KB
Script
General
Full URL
https://unpkg.com/react@16.13.1/umd/react.production.min.js
Requested by
Host: www.getpaypalrewards.com
URL: https://www.getpaypalrewards.com/2
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:7daf , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
c9486f126615859fc61ac84840a02b2efc920d287a71d99d708c74b2947750fe
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.getpaypalrewards.com/2
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sun, 23 Aug 2020 11:16:51 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
age
4552943
status
200
vary
Accept-Encoding
cf-request-id
04bca223280000d70d020be200000001
last-modified
Sat, 26 Oct 1985 08:15:00 GMT
server
cloudflare
etag
W/"30af-MctM6gBk7YDBsMX11Y4ZVqfiKT8"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
x-cloud-trace-context
04ccd3603ac6bdbdc7346789ddc32675
cache-control
public, max-age=31536000
cf-ray
5c746c7eabc3d70d-FRA

Redirect headers

date
Sun, 23 Aug 2020 11:16:51 GMT
x-content-type-options
nosniff
cf-cache-status
HIT
age
336
status
302
vary
Accept, Accept-Encoding
content-length
64
cf-request-id
04bca223180000d70d020bc200000001
access-control-allow-origin
*
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
text/plain; charset=utf-8
location
/react@16.13.1/umd/react.production.min.js
x-cloud-trace-context
df7f45fabaf5ba608fcf9aab8d11251e
cache-control
public, s-maxage=600, max-age=60
cf-ray
5c746c7e8b95d70d-FRA
react-dom.production.min.js
unpkg.com/react-dom@16.13.1/umd/
Redirect Chain
  • https://unpkg.com/react-dom@16/umd/react-dom.production.min.js
  • https://unpkg.com/react-dom@16.13.1/umd/react-dom.production.min.js
116 KB
36 KB
Script
General
Full URL
https://unpkg.com/react-dom@16.13.1/umd/react-dom.production.min.js
Requested by
Host: www.getpaypalrewards.com
URL: https://www.getpaypalrewards.com/2
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:7daf , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
bc5b7797e8a595e365c1385b0d47683d3a85f3533c58d499659b771c48ec6d25
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.getpaypalrewards.com/2
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sun, 23 Aug 2020 11:16:51 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
age
2731383
status
200
vary
Accept-Encoding
cf-request-id
04bca223290000d70d020bf200000001
last-modified
Sat, 26 Oct 1985 08:15:00 GMT
server
cloudflare
etag
W/"1cf80-vxnsMq8j+48sDHVUmjmWtyX4DTU"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
x-cloud-trace-context
5a9ff872b42d0fe2ca92fa591fc6d7de
cache-control
public, max-age=31536000
cf-ray
5c746c7eabc4d70d-FRA

Redirect headers

date
Sun, 23 Aug 2020 11:16:51 GMT
x-content-type-options
nosniff
cf-cache-status
HIT
age
313
status
302
vary
Accept, Accept-Encoding
content-length
72
cf-request-id
04bca223180000d70d020bd200000001
access-control-allow-origin
*
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
text/plain; charset=utf-8
location
/react-dom@16.13.1/umd/react-dom.production.min.js
x-cloud-trace-context
c057a4abb5931ebaccc6c8196ab400cd
cache-control
public, s-maxage=600, max-age=60
cf-ray
5c746c7e8b97d70d-FRA
app.19b82dbfb287.js
d3iryrda585xkt.cloudfront.net/static/getpaypalrewards/
2 MB
623 KB
Script
General
Full URL
https://d3iryrda585xkt.cloudfront.net/static/getpaypalrewards/app.19b82dbfb287.js
Requested by
Host: www.getpaypalrewards.com
URL: https://www.getpaypalrewards.com/2
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:9000:2156:cc00:14:1a55:4f40:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
gunicorn/19.9.0 /
Resource Hash
81f7acc982d8c8d9335bd38ff4eb3192f7021a00048a2a98d4f6ef1ecef61fb7
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.getpaypalrewards.com/2
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sun, 23 Aug 2020 11:16:51 GMT
content-encoding
gzip
x-content-type-options
nosniff
x-amz-cf-pop
FRA50-C1
x-cache
Miss from cloudfront
status
200
content-length
636624
access-control-allow-origin
*
last-modified
Fri, 21 Aug 2020 20:49:48 GMT
server
gunicorn/19.9.0
etag
"5f406bac-2539cf"
vary
Accept-Encoding
content-type
application/javascript; charset="utf-8"
via
1.1 vegur, 1.1 5f6905ea282e042ad3334bfed8a840ce.cloudfront.net (CloudFront)
cache-control
max-age=315360000, public, immutable
x-amz-cf-id
AntJWF5xL16FWsbUpj_qO9248RMAPWHpPTQhE5-b9FuKQBRtU7zVLg==
truncated
/
50 KB
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
e51f084527b8c0e289aab0a14e222cad74b1ea1ddab0aef9501ebaa5de03ae97

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type
image/png
truncated
/
30 KB
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
fdd380af3f1a4f42eaff704ed10c0bb44e723da7e4391be2a7e2a894479364ed

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type
image/png
truncated
/
50 KB
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
cb2b7fa3fbd6fdf07f3da867bab39fac8d3eabcb9e28ab394f42d9e372b10254

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/
9 KB
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
807451a252c9ecf84cee81714b159661a06e3ee442d9cb8a60739bdeddf07644

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/
13 KB
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
a383904ab1b54c1748ef677b7777939f0f541188459a57845680abb0914189e1

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type
image/png
truncated
/
19 KB
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
378edef60bb43ce6e41dcfcc9683054d093ec8d13650589e258ab885c5f156f3

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type
image/png
truncated
/
12 KB
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
481394a0635b874c071b54a2c352e29ca6c07875adf7337455975d575dcfa464

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type
image/png
52.jpg
randomuser.me/api/portraits/men/
4 KB
4 KB
Image
General
Full URL
https://randomuser.me/api/portraits/men/52.jpg
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3036::681c:a2d , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6cff624a3918ef93fa859e2c4cdb4634ceca702242654071804da9fbf0b617bc

Request headers

Referer
https://www.getpaypalrewards.com/2
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sun, 23 Aug 2020 11:16:53 GMT
cf-cache-status
HIT
age
2571333
status
200
content-length
4344
cf-request-id
04bca229d40000074a512d5200000001
last-modified
Fri, 08 Apr 2016 02:26:17 GMT
server
cloudflare
etag
"570716c9-10f8"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/jpeg
cache-control
public, max-age=2592000
accept-ranges
bytes
cf-ray
5c746c895e0f074a-FRA
expires
Sun, 23 Aug 2020 16:58:17 GMT
10.jpg
randomuser.me/api/portraits/men/
5 KB
5 KB
Image
General
Full URL
https://randomuser.me/api/portraits/men/10.jpg
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3036::681c:a2d , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a2c119fd54bdd0e0148ab84a5fe314357a8e5c9dd7c15c0ef574749128437830

Request headers

Referer
https://www.getpaypalrewards.com/2
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sun, 23 Aug 2020 11:16:53 GMT
cf-cache-status
HIT
age
2571752
status
200
content-length
5422
cf-request-id
04bca229d40000074a512d6200000001
last-modified
Fri, 08 Apr 2016 02:26:17 GMT
server
cloudflare
etag
"570716c9-152e"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/jpeg
expires
Sun, 23 Aug 2020 16:52:41 GMT
cache-control
public, max-age=2592000
accept-ranges
bytes
cf-ray
5c746c895e11074a-FRA
cf-bgj
h2pri
88.jpg
randomuser.me/api/portraits/women/
4 KB
4 KB
Image
General
Full URL
https://randomuser.me/api/portraits/women/88.jpg
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3036::681c:a2d , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
1b3bb15506d4e4378f8c31f163859bba7155263c02d06221e3b376285498764e

Request headers

Referer
https://www.getpaypalrewards.com/2
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sun, 23 Aug 2020 11:16:53 GMT
cf-cache-status
HIT
age
2568905
status
200
content-length
3844
cf-request-id
04bca229d40000074a512d7200000001
last-modified
Fri, 08 Apr 2016 02:26:17 GMT
server
cloudflare
etag
"570716c9-f04"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/jpeg
expires
Sun, 23 Aug 2020 16:58:01 GMT
cache-control
public, max-age=2592000
accept-ranges
bytes
cf-ray
5c746c895e12074a-FRA
cf-bgj
h2pri
json
espire.api.hasoffers.com/Apiv3/
815 B
662 B
XHR
General
Full URL
https://espire.api.hasoffers.com/Apiv3/json?NetworkToken=NETBp1OQHKM1OwVED641ic6hWLe5Jz&Target=Report&Method=getStats&fields[]=Stat.offer_id&fields[]=Offer.name&filters[Stat.date][conditional]=EQUAL_TO&filters[Stat.date][values][]=2020-08-23&filters[Stat.date][values][]=2020-08-23&sort[Stat.revenue]=desc&limit=4&totals=1
Requested by
Host: d3iryrda585xkt.cloudfront.net
URL: https://d3iryrda585xkt.cloudfront.net/static/getpaypalrewards/app.19b82dbfb287.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.217.58.210 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-217-58-210.compute-1.amazonaws.com
Software
Apache /
Resource Hash
1b7057598a2a979bbe89e04dba30f8f83d26e964bbb296236d8132d638e696ab

Request headers

Accept
application/json, text/plain, */*
Referer
https://www.getpaypalrewards.com/2
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sun, 23 Aug 2020 11:16:53 GMT
content-encoding
gzip
server
Apache
status
200
vary
Accept-Encoding
content-type
application/json
access-control-allow-origin
*
access-control-allow-headers
X-Requested-With
content-length
448
x-request-id
8a8f1940-c422-4288-be78-1198dea182dc
json
espire.api.hasoffers.com/Apiv3/
898 B
681 B
XHR
General
Full URL
https://espire.api.hasoffers.com/Apiv3/json?NetworkToken=NETBp1OQHKM1OwVED641ic6hWLe5Jz&Target=Offer&Method=getThumbnail&id=2130
Requested by
Host: d3iryrda585xkt.cloudfront.net
URL: https://d3iryrda585xkt.cloudfront.net/static/getpaypalrewards/app.19b82dbfb287.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.217.58.210 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-217-58-210.compute-1.amazonaws.com
Software
Apache /
Resource Hash
7be114130c0ddb403d165cddb4b73a55cfcb3384fc1b0ff5b4f19f77fc3a9d4f

Request headers

Accept
application/json, text/plain, */*
Referer
https://www.getpaypalrewards.com/2
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sun, 23 Aug 2020 11:16:53 GMT
content-encoding
gzip
server
Apache
status
200
vary
Accept-Encoding
content-type
application/json
access-control-allow-origin
*
access-control-allow-headers
X-Requested-With
content-length
467
x-request-id
116fc4c2-c825-46bb-b539-e218b97b5373
json
espire.api.hasoffers.com/Apiv3/
904 B
680 B
XHR
General
Full URL
https://espire.api.hasoffers.com/Apiv3/json?NetworkToken=NETBp1OQHKM1OwVED641ic6hWLe5Jz&Target=Offer&Method=getThumbnail&id=2024
Requested by
Host: d3iryrda585xkt.cloudfront.net
URL: https://d3iryrda585xkt.cloudfront.net/static/getpaypalrewards/app.19b82dbfb287.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.217.58.210 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-217-58-210.compute-1.amazonaws.com
Software
Apache /
Resource Hash
cf907838a5159ee574881f25d9585a5b3ad20f069b159ff651685f0b69ad5e40

Request headers

Accept
application/json, text/plain, */*
Referer
https://www.getpaypalrewards.com/2
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sun, 23 Aug 2020 11:16:53 GMT
content-encoding
gzip
server
Apache
status
200
vary
Accept-Encoding
content-type
application/json
access-control-allow-origin
*
access-control-allow-headers
X-Requested-With
content-length
465
x-request-id
3676fdad-8916-444c-b3c2-71333fe95b36
json
espire.api.hasoffers.com/Apiv3/
1 KB
714 B
XHR
General
Full URL
https://espire.api.hasoffers.com/Apiv3/json?NetworkToken=NETBp1OQHKM1OwVED641ic6hWLe5Jz&Target=Offer&Method=getThumbnail&id=701
Requested by
Host: d3iryrda585xkt.cloudfront.net
URL: https://d3iryrda585xkt.cloudfront.net/static/getpaypalrewards/app.19b82dbfb287.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.217.58.210 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-217-58-210.compute-1.amazonaws.com
Software
Apache /
Resource Hash
2bb12b1cf885b307a4ddb3599b58b05a20f64cfc9a6e9668b1fc5d32bdcc163c

Request headers

Accept
application/json, text/plain, */*
Referer
https://www.getpaypalrewards.com/2
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sun, 23 Aug 2020 11:16:53 GMT
content-encoding
gzip
server
Apache
status
200
vary
Accept-Encoding
content-type
application/json
access-control-allow-origin
*
access-control-allow-headers
X-Requested-With
content-length
500
x-request-id
ab89488a-ded4-4869-ba77-7e79ac3b0e51
json
espire.api.hasoffers.com/Apiv3/
898 B
682 B
XHR
General
Full URL
https://espire.api.hasoffers.com/Apiv3/json?NetworkToken=NETBp1OQHKM1OwVED641ic6hWLe5Jz&Target=Offer&Method=getThumbnail&id=2135
Requested by
Host: d3iryrda585xkt.cloudfront.net
URL: https://d3iryrda585xkt.cloudfront.net/static/getpaypalrewards/app.19b82dbfb287.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.217.58.210 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-217-58-210.compute-1.amazonaws.com
Software
Apache /
Resource Hash
7cefc8d7e1580b6ddd2c43ce88fcd8b690583e7123325956273c74920ac28bcf

Request headers

Accept
application/json, text/plain, */*
Referer
https://www.getpaypalrewards.com/2
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sun, 23 Aug 2020 11:16:53 GMT
content-encoding
gzip
server
Apache
status
200
vary
Accept-Encoding
content-type
application/json
access-control-allow-origin
*
access-control-allow-headers
X-Requested-With
content-length
468
x-request-id
34f3ceff-9e24-4814-9950-162faab00d3d
cashapp750.png
media.go2speed.org/brand/files/espire/2135/
9 KB
10 KB
Image
General
Full URL
https://media.go2speed.org/brand/files/espire/2135/cashapp750.png
Requested by
Host: www.getpaypalrewards.com
URL: https://www.getpaypalrewards.com/2
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
13.226.155.11 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-226-155-11.dus51.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
9aa69834456ec999b5305c0756728d5c6250d1214164e4b2b7d385d6c9cc7eb1

Request headers

Referer
https://www.getpaypalrewards.com/2
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-amz-server-side-encryption
AES256
date
Sun, 23 Aug 2020 10:27:51 GMT
via
1.1 892b66fb24658030c9f86276c7abeda5.cloudfront.net (CloudFront)
last-modified
Sun, 02 Aug 2020 23:08:48 GMT
server
AmazonS3
age
2944
etag
"81274931e31482d79640db360539050c"
x-cache
Hit from cloudfront
content-type
image/png
status
200
cache-control
max-age=3600
x-amz-cf-pop
DUS51-C1
accept-ranges
bytes
content-length
9594
x-amz-cf-id
Sh0yjEa49tXJ7wyRIYlqIssG2a1hUn70PEiBqfVyJGyvNGcR0CQ7EQ==
cashapp750.png
media.go2speed.org/brand/files/espire/2130/
9 KB
10 KB
Image
General
Full URL
https://media.go2speed.org/brand/files/espire/2130/cashapp750.png
Requested by
Host: www.getpaypalrewards.com
URL: https://www.getpaypalrewards.com/2
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
13.226.155.11 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-226-155-11.dus51.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
9aa69834456ec999b5305c0756728d5c6250d1214164e4b2b7d385d6c9cc7eb1

Request headers

Referer
https://www.getpaypalrewards.com/2
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-amz-server-side-encryption
AES256
date
Sun, 23 Aug 2020 11:16:55 GMT
via
1.1 892b66fb24658030c9f86276c7abeda5.cloudfront.net (CloudFront)
last-modified
Mon, 20 Jul 2020 18:59:09 GMT
server
AmazonS3
x-amz-cf-pop
DUS51-C1
etag
"81274931e31482d79640db360539050c"
x-cache
RefreshHit from cloudfront
content-type
image/png
status
200
cache-control
max-age=3600
accept-ranges
bytes
content-length
9594
x-amz-cf-id
Bz0ccHV1FzvTwudIBTyQ7usny0-fQGclgT74SwHgk5rEBmhaIAMP1Q==
iphone11pro.png
media.go2speed.org/brand/files/espire/2024/
33 KB
34 KB
Image
General
Full URL
https://media.go2speed.org/brand/files/espire/2024/iphone11pro.png
Requested by
Host: www.getpaypalrewards.com
URL: https://www.getpaypalrewards.com/2
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
13.226.155.11 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-226-155-11.dus51.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
f9c275e17fe6d5c1247644a1f41bd6e82b4c66602b4215fc4d496bd40923cf38

Request headers

Referer
https://www.getpaypalrewards.com/2
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-amz-server-side-encryption
AES256
date
Sun, 23 Aug 2020 10:55:46 GMT
via
1.1 892b66fb24658030c9f86276c7abeda5.cloudfront.net (CloudFront)
last-modified
Mon, 10 Aug 2020 19:02:12 GMT
server
AmazonS3
age
1269
etag
"a1d9777d7c41c7cc40c47da10e527560"
x-cache
Hit from cloudfront
content-type
image/png
status
200
cache-control
max-age=3600
x-amz-cf-pop
DUS51-C1
accept-ranges
bytes
content-length
34033
x-amz-cf-id
EgEVlWvMSDdJnaYB43V-CH3v7nU6KxP5ZHo_riSosGSu3P8YKQUVsw==
39C02AA3-D10F-4465-BAD9-1870A546EAE8.jpeg
media.go2speed.org/brand/files/espire/701/
328 KB
328 KB
Image
General
Full URL
https://media.go2speed.org/brand/files/espire/701/39C02AA3-D10F-4465-BAD9-1870A546EAE8.jpeg
Requested by
Host: www.getpaypalrewards.com
URL: https://www.getpaypalrewards.com/2
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
13.226.155.11 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-226-155-11.dus51.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
0690050d2366122276467f27f91aea098dacb7cf08fdc62870cd37cb17192198

Request headers

Referer
https://www.getpaypalrewards.com/2
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sun, 23 Aug 2020 11:16:55 GMT
via
1.1 892b66fb24658030c9f86276c7abeda5.cloudfront.net (CloudFront)
last-modified
Fri, 18 May 2018 15:26:05 GMT
server
AmazonS3
x-amz-cf-pop
DUS51-C1
etag
"d4c2f70a65a1db9c2ba7c62e4573ebb9"
x-cache
RefreshHit from cloudfront
content-type
image/jpeg
status
200
accept-ranges
bytes
content-length
335474
x-amz-cf-id
hoxKaXBn_AZEeRso89zliW8TWAyLr0cvfZF3nswuc5EDcp5h0iIzSw==

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Generic Scam (Online)

7 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| trustedTypes object| React object| ReactDOM object| __core-js_shared__ object| regeneratorRuntime object| ReactApp function| generateOfferLink

0 Cookies

2 Console Messages

Source Level URL
Text
console-api log URL: https://d3iryrda585xkt.cloudfront.net/static/getpaypalrewards/app.19b82dbfb287.js(Line 577)
Message:
data
console-api log URL: https://d3iryrda585xkt.cloudfront.net/static/getpaypalrewards/app.19b82dbfb287.js(Line 577)
Message:
data [object Object],[object Object],[object Object],[object Object]

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
X-Content-Type-Options nosniff
X-Frame-Options DENY

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

d3iryrda585xkt.cloudfront.net
espire.api.hasoffers.com
media.go2speed.org
randomuser.me
unpkg.com
www.getpaypalrewards.com
13.226.155.11
2600:9000:2156:cc00:14:1a55:4f40:21
2606:4700:3036::681c:a2d
2606:4700::6810:7daf
3.217.58.210
54.145.200.136
0690050d2366122276467f27f91aea098dacb7cf08fdc62870cd37cb17192198
1b3bb15506d4e4378f8c31f163859bba7155263c02d06221e3b376285498764e
1b7057598a2a979bbe89e04dba30f8f83d26e964bbb296236d8132d638e696ab
2bb12b1cf885b307a4ddb3599b58b05a20f64cfc9a6e9668b1fc5d32bdcc163c
378edef60bb43ce6e41dcfcc9683054d093ec8d13650589e258ab885c5f156f3
481394a0635b874c071b54a2c352e29ca6c07875adf7337455975d575dcfa464
6cff624a3918ef93fa859e2c4cdb4634ceca702242654071804da9fbf0b617bc
7bd173177f90d939f1f3ec4f076c3260f90f6ac0d2d6176ac1f608528d2c8b62
7be114130c0ddb403d165cddb4b73a55cfcb3384fc1b0ff5b4f19f77fc3a9d4f
7cefc8d7e1580b6ddd2c43ce88fcd8b690583e7123325956273c74920ac28bcf
807451a252c9ecf84cee81714b159661a06e3ee442d9cb8a60739bdeddf07644
81f7acc982d8c8d9335bd38ff4eb3192f7021a00048a2a98d4f6ef1ecef61fb7
9aa69834456ec999b5305c0756728d5c6250d1214164e4b2b7d385d6c9cc7eb1
a2c119fd54bdd0e0148ab84a5fe314357a8e5c9dd7c15c0ef574749128437830
a383904ab1b54c1748ef677b7777939f0f541188459a57845680abb0914189e1
bc5b7797e8a595e365c1385b0d47683d3a85f3533c58d499659b771c48ec6d25
c9486f126615859fc61ac84840a02b2efc920d287a71d99d708c74b2947750fe
cb2b7fa3fbd6fdf07f3da867bab39fac8d3eabcb9e28ab394f42d9e372b10254
cf907838a5159ee574881f25d9585a5b3ad20f069b159ff651685f0b69ad5e40
e51f084527b8c0e289aab0a14e222cad74b1ea1ddab0aef9501ebaa5de03ae97
f9c275e17fe6d5c1247644a1f41bd6e82b4c66602b4215fc4d496bd40923cf38
fdd380af3f1a4f42eaff704ed10c0bb44e723da7e4391be2a7e2a894479364ed