SUSPICIOUS

Shop shows non-delivery red flags

Official PayPal Honey coupon site facing December 2024 allegations of affiliate-link hijacking and creator commission theft. Several red flags typical of non-delivery shops are present. Don't pay by crypto or wire, and keep the chargeback window in mind.

Security Review

Is joinhoney.com legit or a scam?

Our verdict:Suspicious· 55/100

Official PayPal Honey coupon site facing December 2024 allegations of affiliate-link hijacking and creator commission theft.

joinhoney.comScanned 1h ago
0
Trust score
SUSPICIOUS
Score breakdown
Heuristics 100·MT 55
Screenshot of joinhoney.comSee the live page ↓
Category tags
couponbrowser extension75% MT confidence
Positive signals (5)
Antivirus clearNot on major blacklistsDomain is 14 years oldEncrypted connectionClean server reputation

These checks passed — but they don't clear the site. A clean antivirus result, valid SSL, and a calm server only mean it isn't hosting malware; they say nothing about whether the business is real. This verdict is based on the site's conduct and content, not a malware detection.

View density

Analysis Summary

Threat Intelligence
0/92
All engines report clean
Domain Age
14 years old
Registered Oct 19, 2012
Intelligence
Suspicious
Moderate likelihood · 75% confidence

Website Preview

Screenshot of joinhoney.com
LIVE RENDER
joinhoney.com

Automated page render — captured in a safe sandbox. What an ordinary visitor would see when loading the site. See full visual analysis →

Visual analysis

We capture a fresh screenshot of the live page and ask a vision model to look for scam visual patterns — fake trust badges, countdown timers, overlay pop-ups, and visual clones of legitimate brands.

0
/ 100
No visual red flags

No scam visual patterns detected

The page appears to be a legitimate, fully-rendered landing page for PayPal Honey with no visual indicators of a scam or malicious intent.

Visual risk0/100

What our vision model saw

5 signals

Professional layout with high-quality 3D graphics and typography

Legitimate PayPal Honey branding and logo present

Standard cookie consent banner at the bottom of the page

Functional 'Add to Chrome' call-to-action button

Clean navigation with a standard 'Log in' link

Intelligence

Advanced threat intelligence
Analysis
Moderate scam likelihoodengineMT · Guardiantrust55/100
MT AgentLive web researchVisual inspection
0%
Confidence
The domain is 13.7 years old, hosted on clean infrastructure, and carries valid DigiCert SSL with no antivirus detections. The page itself displays legitimate PayPal Honey branding and a professional storefront layout. Our web research uncovered four major news outlets reporting accusations that the extension overrides affiliate links and diverts commissions from influencers and creators. Snopes and Wikipedia both confirm the practice occurs but note it is not a direct consumer scam. The combination of an established brand with documented business-practice complaints produces a moderate-risk profile rather than outright malice.
Full dossier
Analysis complete

Page Content

The landing page promotes an automated coupon browser extension that claims to scan 30,000+ stores and apply codes at checkout. It displays standard PayPal Honey branding, a prominent "Add to Chrome" button, and links to the Google Play and App Store. No login forms, countdown timers, or data-harvesting fields appear on the initial view.

Infrastructure

The site resolves to IP 107.178.251.16 with a zero abuse score and no reports on file. SSL is issued by DigiCert and remains valid for another 218 days. Two cross-domain redirects occur but stay within the same brand family. No malicious scripts or external domains associated with malware distribution were detected.

Domain History

joinhoney.com was registered on 2012-10-19 through MarkMonitor Inc. and is 13.7 years old. The registrant is listed as Honey Science Corporation, a Delaware entity (#5239390) acquired by PayPal in 2020. Business registration records confirm the company remains active.

Web Reputation

Four major outlets (The Verge, Snopes, USA Today, Wikipedia) document a December 2024 controversy alleging the extension overrides affiliate links and diverts commissions from creators. Two positive signals exist: a 4.6/5 rating from 179K Chrome Web Store users and a self-reported 17M+ member base. an independent review aggregator shows a low ~1.8-2/5 aggregate score with thousands of reviews. No malware or phishing detections appear in our antivirus network.

What this means for you

The site itself is not distributing malware or harvesting credentials. However, the extension's business practices have drawn credible public criticism and legal action. Review the recent news coverage and consider whether the affiliate-link behavior aligns with your expectations before installing.

Risk Factors
3
  • December 2024 news reports accuse the extension of overriding affiliate links and diverting creator commissions.
  • an independent review aggregator aggregate rating sits at approximately 1.8-2/5 across thousands of reviews.
  • Chrome Web Store lost roughly 8 million users following the affiliate controversy coverage.
Positive Signals
4
  • Domain registered in 2012 and owned by PayPal subsidiary Honey Science Corporation.
  • Zero detections across 92 antivirus engines and clean browser blocklist status.
  • Professional page layout with verified PayPal branding and valid DigiCert SSL.
  • 4.6/5 rating from 179K+ Chrome Web Store users.
AI Recommendation
Read the recent news coverage about affiliate-link practices before installing the extension. The site itself is safe to visit.
Next-gen fraud intelligence
Evidence-backedCross-checked

Web Research Findings

Our live research agent queries scam-report databases, consumer-review sites, news coverage, and general web search for joinhoney.com, then cross-checks business-registration records and look-alike domain patterns. Everything below is pulled from what it actually found.

Business registration
Active · United States (Delaware corporation)
Site traces back to an actively registered business.
Clone check
Not a clone
No well-known site's layout or branding detected here.
Typosquat check
No look-alike match
The domain doesn't resemble any well-known brand's spelling.
Web mentions
4 scam reports · 5 complaints · 2 positive
Key findings
7 headline facts from open-web research
  • Domain joinhoney.com registered 2012-10-19 (13.7 years old); official site of Honey (PayPal Honey), acquired by PayPal for ~$4B in 2020.
  • Operates browser extension for automatic coupons on 30,000+ sites; claims 17M+ members.
  • Major controversy Dec 2024+: YouTuber MegaLag videos (millions of views) accuse extension of overriding affiliate links/cookie stuffing, poaching commissions from influencers/creators even without applying coupons.
  • Resulted in class-action lawsuits (e.g., Wendover Productions et al. vs PayPal), user loss of ~8M Chrome users by end-2025, policy changes by Google, and Rakuten removing Honey from affiliate network.
  • Snopes reproduced some findings but noted it is not a consumer scam; PayPal states it follows last-click attribution rules set by merchants.
  • Trustpilot rating ~1.8-2/5 (thousands of reviews); Chrome extension 4.6/5 (179K+ ratings).
  • Business: Honey Science Corporation, Delaware #5239390, active subsidiary of PayPal; HQ Los Angeles, CA. Official help pages address phishing/fake emails.
Scam reports (4)
Direct quotes from public scam databases, forums, and news.
  • The Vergeopen

    "Honey's deal-hunting browser extension is accused of ripping off influencers"

  • Snopesopen

    "A viral video alleged that the coupon-finding browser extension is a scam."

  • Wikipediaopen

    "Honey has come under scrutiny for overriding affiliate links and using misleading advertising."

  • USA Todayopen

    "A YouTube creator is accusing PayPal of fraudulent behavior tied to the internet browser extension Honey"

Positive reviews (2)
Quotes indicating the site is legitimate.
  • Google Chrome Web Storeopen

    "4.6 out of 5 (179.7K ratings)"

  • joinhoney.comopen

    "Join 17M+ members using PayPal Honey to find deals, earn rewards, and compare prices while you shop."

Business registration
Status: active · United States (Delaware corporation)

Honey Science Corporation (or Honey Science LLC), Delaware entity #5239390, founded 2012, acquired by PayPal in 2020, headquartered in Los Angeles, CA. Subsidiary of PayPal.

Research summary
Narrative write-up from our AI analyst, grounded on the facts above

Four major outlets (The Verge, Snopes, USA Today, Wikipedia) reported that Honey's extension overrides affiliate links and diverts commissions from influencers and creators. Snopes reproduced some findings but clarified it is not a consumer scam. PayPal states it follows last-click attribution rules set by merchants. an independent review aggregator shows low aggregate scores while the Chrome extension maintains a 4.6/5 rating from nearly 180,000 users.

Domain Timeline

  1. Oct 19, 2012
    Domain registered

    First appeared in WHOIS records — 14 years old today.

  2. Jul 10, 2026
    Latest security review — Flagged as suspicious

    This scan re-ran every check; the current findings are detailed above.

joinhoney.com is an established domain now carrying threat signals. An older domain that starts tripping security checks is a classic pattern for an asset that was sold, repurposed, or compromised — the age alone is not reassurance.

Threat Detection

Antivirus Engines

Clean pass · verified
Clean across 92 engines

We cross-check every URL against our antivirus network of 92 malware and blacklist engines. None of them flagged this URL in the last scan.

0Malicious0Suspicious60Harmless92Engines
Clean
Kaspersky
Clean
Bitdefender
Clean
Microsoft
Not in pass
ESET-NOD32
Not in pass
Avira
Not in pass
Sophos
Clean
Fortinet
Clean
Google Safebrowsing
Clean
Emsisoft
Clean

No engine detections. The URL passed every antivirus and blacklist engine we queried in this scan. Stay vigilant — AV coverage is only one signal among many.

Security Scans

Blacklist Check
Not flagged on major threat lists

Checked against the major public blocklists used by browsers and security tools — no hits.

Reputation Sources

How this domain rates across independent threat-intelligence and blocklist providers.

Google Safe Browsing
Not listedCheck ↗
VirusTotal
Not listedCheck ↗
AbuseIPDB
Not listedCheck ↗

Scam-Type Likelihood

1 scam-type patterns detected
Scam-Type Likelihood

1 of 14 categories showed signals

We check every URL against 14 distinct scam categories so the verdict tells you not just how risky the page is, but what kind of risk it carries. Each meter pulls from page signals, web reports, our AI analyst, vision, and the scam-network cluster — not from raw AV labels.

Top match: Fake Shop
Fake Shop
Moderate likelihood
58/100
  • Page contains e-commerce copy (cart / checkout / shipping).
  • No phone number or postal address anywhere on the page.
  • Multiple contact / trust-signal red flags on the page.
  • E-commerce page with multiple non-delivery red flags (missing real contact info, very young domain, crypto-only checkout, or fake-urgency).

Technical Details

Contact Verification

We fetched the page and looked for real-world contact details. Legitimate businesses almost always publish an email on their own domain, a phone number, and a postal address. Scam shops usually don't.

What We Found
No clear contact details on the page
Emails on site's domainNone
Phone numbersNone
Postal addressNot listed
Linked social profiles4
Signal Summary
Several contact red flags
  • No contact email found anywhere on the page.
  • No phone number listed on the page.
  • No postal address visible on the page.
  • Links to 4 social profiles.

Domain & Encryption

Domain History
Age14 years old
RegistrarMarkMonitor Inc.
RegisteredOct 19, 2012
ExpiresOct 19, 2029
Owner privacyVisible
Encryption Certificate
StatusValid
ProtocolTLSv1.3
IssuerDigiCert Inc · DigiCert Global G2 TLS RSA SHA256 2020 CA1
ExpiresFeb 13, 2027 (218d)
Self-signedNo
Hosting & Technology
HostingGoogle LLC
Server locationUS
PopularityTop 100k worldwide

Redirect Chain

Hops
2
Cross-domain
No
Lookalike
No
Punycode
No
  • 1301http://joinhoney.com/
  • 2301https://joinhoney.com/
  • 3200https://www.joinhoney.com/

Server Reputation

Abuse Intelligence
Confidence score0%
Reports on file0
ISPGoogle LLC
Usage typeContent Delivery Network

Referenced Domains

Outbound domains this page links to or loads resources from. Each links to its own security scan.

What to do

Fake-shop warning signs

Signals common to non-delivery scam shops were detected on this site.

  • Treat joinhoney.com as unverified

    Do not enter credentials or send money until you have independently verified the business.

  • If you already paid by card or PayPal — start a chargeback

    Contact your bank or card issuer and dispute the charge as "goods not received" or "merchant fraud." PayPal users can open a case in the Resolution Centre. Act within 120 days for card chargebacks in most jurisdictions.

  • Save every piece of evidence

    Screenshots of the checkout, order confirmation emails, any chat transcripts, and the product listing page. Chargeback and fraud reports go faster when you have receipts.

  • Report the shop

    Report to the FTC (reportfraud.ftc.gov), Action Fraud UK, or your local consumer-protection body. Post the URL on the MalwareTips scam forum so other buyers can find it.

    Open

Safer Alternatives

Trying to shop safely? Use a safe option instead

Shopping for a deal? Stick to established retailers with real buyer protection — if a price looks too good to be true on an unknown store, it usually is.

Amazon

A-to-z Guarantee covers eligible orders.

eBay

Money Back Guarantee on most purchases.

Walmart

Major retailer with established returns.

The brand's official site

Search the brand name + "official site" rather than trusting an ad or unknown store.

Suggestions for safety only — not endorsements. Always verify the address bar before signing in or paying, even on well-known sites.

Final Verdict

0
Trust / 100
Final Verdict·joinhoney.com
SUSPICIOUS

This is the official landing page for PayPal Honey, a coupon browser extension. Recent news reports show the extension has been accused of overriding affiliate links and taking commissions from creators without applying coupons. Users should review the recent controversy before installing.

Read the recent news coverage about affiliate-link practices before installing the extension. The site itself is safe to visit.

AV engines
92
Domain age
14 yrs
Flagged
0
Scan another URL
Security review completemalwaretips.com/url-scan

Safety FAQ

Common questions about this site, answered directly from the scan data above — so the answers always reflect the latest verdict on this page.

  • Our automated security review marked joinhoney.com as suspicious. Several warning signs were detected; it may still turn out legitimate, but you should verify it through independent channels before trusting it with money or credentials.
  • joinhoney.com currently scores 55/100 on our trust scale. We found enough warning signals to recommend caution. Verify the site through independent channels before entering credentials or money.
  • Yes. joinhoney.com presents a valid TLSv1.3 certificate issued by DigiCert Inc · DigiCert Global G2 TLS RSA SHA256 2020 CA1, expiring in 218 days. Note that SSL only encrypts the connection — it does not guarantee that the site itself is trustworthy.
  • joinhoney.com is 13.7 years old, registered on 10/19/2012 through MarkMonitor Inc.. Scam domains are often freshly registered — a site under 6 months old warrants extra caution.
  • No. All 92 antivirus engines in our malware network report joinhoney.com as clean.
  • No. joinhoney.com is not currently listed on the major browser blocklist feeds that modern browsers use.
  • joinhoney.com resolves to an IP operated by Google LLC in US (usage type: Content Delivery Network). Hosting location alone doesn't make a site good or bad, but unusual geography for a brand's claimed country is one of many signals we weigh.
  • Yes. joinhoney.com sits in the global top-100k on Cloudflare Radar, which means it has substantial real-world traffic. That does not automatically make it safe, but established brands almost always rank here and throwaway scam domains almost never do.
Recently scanned

Other Suspicious reports

Browse all reports
Community review

User reviews & comments(0)

Share your experience — "Lost $200 on a fake checkout" is more useful than "Scam". Your review helps others avoid traps.

Loading…
Loading comments…
This report is generated automatically by combining threat intelligence, domain signals, and an AI security analyst. It is informational, not legal advice. Always use your own judgement before sharing personal information or money online.