bestsignpst.subreact.com Open in urlscan Pro
2606:4700:3037::ac43:8a05 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://bestsignpst.subreact.com/be5acd6e82cf70fde870/clients/
Submission: On March 21 via manual (March 21st 2024, 11:28:56 am UTC) from DE — Scanned from DE

Summary HTTP 13 Redirects Behaviour Indicators

Summary

This website contacted 1 IPs in 1 countries across 1 domains to perform 13 HTTP transactions. The main IP is 2606:4700:3037::ac43:8a05, located in United States and belongs to CLOUDFLARENET, US. The main domain is bestsignpst.subreact.com.
TLS certificate: Issued by GTS CA 1P5 on February 24th 2024. Valid for: 3 months.

This is the only time bestsignpst.subreact.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Postbank (Banking)

Domain & IP information

	IP Address		AS Autonomous System
2 15	2606:4700:303... 2606:4700:3037::ac43:8a05		13335 (CLOUDFLAR...) (CLOUDFLARENET)
13	1

15 2606:4700:3037::ac43:8a05 (United States) 2 redirects

ASN13335 (CLOUDFLARENET, US)

bestsignpst.subreact.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
15	subreact.com 2 redirects bestsignpst.subreact.com	2 MB
13	1

	Domain	Requested by
15	bestsignpst.subreact.com	2 redirects bestsignpst.subreact.com
13	1

This site contains no links.

Subject Issuer	Validity	Valid
subreact.com GTS CA 1P5	`2024-02-24` - `2024-05-24`	3 months	crt.sh

This page contains 2 frames:

Primary Page: https://bestsignpst.subreact.com/be5acd6e82cf70fde870/clients/
Frame ID: C4ACF7F9D5D13809111DFA336079E620
Requests: 11 HTTP requests in this frame

Frame: https://bestsignpst.subreact.com/cdn-cgi/challenge-platform/h/b/scripts/jsd/de9364586261/main.js
Frame ID: 32458F0CBDD44ED4C1449EC33BE1422D
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Login

Detected technologies

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

13
Requests

85 %
HTTPS

100 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

1552 kB
Transfer

1891 kB
Size

2
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 5

https://bestsignpst.subreact.com/be5acd6e82cf70fde870/templates/js/popper.min.js HTTP 302
https://bestsignpst.subreact.com/be5acd6e82cf70fde870/templates/index.php?redirection=

Request Chain 7

https://bestsignpst.subreact.com/cdn-cgi/challenge-platform/scripts/jsd/main.js HTTP 302
https://bestsignpst.subreact.com/cdn-cgi/challenge-platform/h/b/scripts/jsd/de9364586261/main.js

13 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request / Show response
bestsignpst.subreact.com/be5acd6e82cf70fde870/clients/ 2 KB
2 KB 268ms
116ms Document
text/html 2606:4700:3037::ac43:8a05
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://bestsignpst.subreact.com/be5acd6e82cf70fde870/clients/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3037::ac43:8a05 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / PHP/7.4.33

Resource Hash

21ef1d0a7b1d1789a73f5121dc704bf21d484f0926445d331124100a01776baf

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Mobile Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: no-store, no-cache, must-revalidate
cf-cache-status: DYNAMIC
cf-ray: 867d99ce08470c33-AMS
content-encoding: br
content-security-policy: upgrade-insecure-requests
content-type: text/html; charset=UTF-8
date: Thu, 21 Mar 2024 11:28:50 GMT
expires: Thu, 19 Nov 1981 08:52:00 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
pragma: no-cache
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=HXHyuYsGBbr1ta60sLxYDHZKnixX8MR4YApnC1C2hKpOSm8QhhduYg%2BN2hVvmfggmJo84V0N8M8oproBu2EGmPCxWKo9fyBsvq%2BZ2gjUjbCPIfaWtREuYovzj3sFC16Z1okh6qD2zzTWnpeQnBMF1rcs4iHueUg%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
strict-transport-security: max-age=63072000; includeSubDomains; preload
vary: Accept-Encoding
x-powered-by: PHP/7.4.33
x-turbo-charged-by: LiteSpeed

GET
H2 200 main.css
bestsignpst.subreact.com/be5acd6e82cf70fde870/clients/css/ 50 KB
6 KB 133ms
132ms Stylesheet
text/css 2606:4700:3037::ac43:8a05
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://bestsignpst.subreact.com/be5acd6e82cf70fde870/clients/css/main.css

Requested by

Host: bestsignpst.subreact.com
URL: https://bestsignpst.subreact.com/be5acd6e82cf70fde870/clients/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3037::ac43:8a05 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

98f8b4b01ebae4460dd4c9b90a9c3a623f5263bfc51bcc3c8926ca3d4b8e9bdc

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://bestsignpst.subreact.com/be5acd6e82cf70fde870/clients/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Mobile Safari/537.36

Response headers

date: Thu, 21 Mar 2024 11:28:51 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
content-encoding: br
content-security-policy: upgrade-insecure-requests
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-cache-status: MISS
alt-svc: h3=":443"; ma=86400
last-modified: Wed, 20 Mar 2024 16:39:44 GMT
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=tHpNwIFOL7ZIgwYt6%2BDcDANzM63XRk8MHUgc%2Bqy8ldbJEoaqNuCxfWYNpK7GfX9guewneClxg98q2yJ0aW5yKQUNybfsS%2BojQqJUAzrRQ%2Bkv1kuH%2FPcPp5r7cfIwSwB5dx%2BVvYEzh5Ja9SCVvt33LEEIGBrRLVU%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: public, max-age=604800
x-turbo-charged-by: LiteSpeed
cf-ray: 867d99cec9320c33-AMS
expires: Thu, 28 Mar 2024 11:28:51 GMT

GET
H2 200 bootstrap.min.css
bestsignpst.subreact.com/be5acd6e82cf70fde870/clients/css/ 201 KB
27 KB 42ms
41ms Stylesheet
text/css 2606:4700:3037::ac43:8a05
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://bestsignpst.subreact.com/be5acd6e82cf70fde870/clients/css/bootstrap.min.css

Requested by

Host: bestsignpst.subreact.com
URL: https://bestsignpst.subreact.com/be5acd6e82cf70fde870/clients/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3037::ac43:8a05 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ed32594ab88d0b8594b1978ff2cb2489ae234186e9e3d6c404731aa04fe20abd

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://bestsignpst.subreact.com/be5acd6e82cf70fde870/clients/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Mobile Safari/537.36

Response headers

date: Thu, 21 Mar 2024 11:28:51 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
content-encoding: br
content-security-policy: upgrade-insecure-requests
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-cache-status: HIT
age: 67617
alt-svc: h3=":443"; ma=86400
last-modified: Wed, 20 Mar 2024 16:39:44 GMT
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=VXa9sHbilaZoG5klbqrBaJ2yPe7NICO4oZon%2BYjQPIR9EtGNf5xiNdc1P1IW45YA2VFtbipsseno9ak1VX2lNUiAtskjDvEqVD4A9CXbMiHzHsQyebfrdy%2FEMSjgtIuzdxhuDLnVefegX2nrf4URsnAjkEBl5bw%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: public, max-age=604800
x-turbo-charged-by: LiteSpeed
cf-ray: 867d99cec9330c33-AMS
expires: Wed, 27 Mar 2024 16:41:54 GMT

GET
H2 200 background.svg
bestsignpst.subreact.com/be5acd6e82cf70fde870/clients/images/ 3 KB
2 KB 140ms
139ms Image
image/svg+xml 2606:4700:3037::ac43:8a05
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bestsignpst.subreact.com/be5acd6e82cf70fde870/clients/images/background.svg

Requested by

Host: bestsignpst.subreact.com
URL: https://bestsignpst.subreact.com/be5acd6e82cf70fde870/clients/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3037::ac43:8a05 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

fe5103f855975085f28d2a255145a386f30d2afe2a1b26fa9943d74b54859b7b

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://bestsignpst.subreact.com/be5acd6e82cf70fde870/clients/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Mobile Safari/537.36

Response headers

date: Thu, 21 Mar 2024 11:28:51 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
content-encoding: br
content-security-policy: upgrade-insecure-requests
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-cache-status: MISS
alt-svc: h3=":443"; ma=86400
last-modified: Wed, 20 Mar 2024 16:39:44 GMT
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Ewz5aSp2%2B%2FymTwz%2BDlCOoCE9sv6o7EKSOcbVP2aMfqNu4PSxuKlH7Q6QTZYsobYiyneWNYCYi7bxFMrib9zFVy2p1deWhaqHPRe9bBHbtAyyUJ2JsAToDehZ8I5JOS80fly5pYw2SuPjcnb3pBK%2FBbBjPbggiK4%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/svg+xml
cache-control: public, max-age=604800
x-turbo-charged-by: LiteSpeed
cf-ray: 867d99cec9360c33-AMS
expires: Thu, 28 Mar 2024 11:28:51 GMT

GET
H2 200 jquery.min.js Show response
bestsignpst.subreact.com/be5acd6e82cf70fde870/js/ 91 KB
33 KB 154ms
154ms Script
application/javascript 2606:4700:3037::ac43:8a05
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://bestsignpst.subreact.com/be5acd6e82cf70fde870/js/jquery.min.js

Requested by

Host: bestsignpst.subreact.com
URL: https://bestsignpst.subreact.com/be5acd6e82cf70fde870/clients/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3037::ac43:8a05 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

89a15e9c40bc6b14809f236ee8cd3ed1ea42393c1f6ca55c7855cd779b3f922e

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://bestsignpst.subreact.com/be5acd6e82cf70fde870/clients/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Mobile Safari/537.36

Response headers

date: Thu, 21 Mar 2024 11:28:51 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
content-encoding: br
content-security-policy: upgrade-insecure-requests
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-cache-status: MISS
alt-svc: h3=":443"; ma=86400
last-modified: Wed, 20 Mar 2024 16:39:44 GMT
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=DJ%2FU17kG8BvZDGSvW3F0%2FtTqyC3qaOv6wbHyYlHfIJn20V1tr45atwPI7cylcc4rJoN1PouX%2Bk7QuC4PwRlVYE%2B%2FBM1PQx9wxn1YmC%2B3agGia2ppHzbf3o3gaN6in1XFGnMsC3DYK7wwQXIgxeOOetztQbYLjuw%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=604800
x-turbo-charged-by: LiteSpeed
cf-ray: 867d99cec9380c33-AMS
expires: Thu, 28 Mar 2024 11:28:51 GMT

GET
H2 200 jquery.min.js Show response
bestsignpst.subreact.com/be5acd6e82cf70fde870/templates/js/ 86 KB
31 KB 152ms
151ms Script
application/javascript 2606:4700:3037::ac43:8a05
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://bestsignpst.subreact.com/be5acd6e82cf70fde870/templates/js/jquery.min.js

Requested by

Host: bestsignpst.subreact.com
URL: https://bestsignpst.subreact.com/be5acd6e82cf70fde870/clients/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3037::ac43:8a05 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4c24dfd28784ad2befb3dafaac6bf1ed4e7cd58cce713d9a0b228d426e812baf

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://bestsignpst.subreact.com/be5acd6e82cf70fde870/clients/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Mobile Safari/537.36

Response headers

date: Thu, 21 Mar 2024 11:28:51 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
content-encoding: br
content-security-policy: upgrade-insecure-requests
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-cache-status: MISS
alt-svc: h3=":443"; ma=86400
last-modified: Wed, 20 Mar 2024 16:39:44 GMT
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=XNWxVPnCTodVsLrAfNrHM0hoA8BKLNj88%2BFDyL8bYS%2Fw6kYYDSfm8%2FUSV244631GxCAuyQXG18baIzsrcyHpILfH%2B2IoTKn0L%2FlxuC9z94%2BJ1gi6%2FayogVvVMmp8EE%2BsfpkAzBnA9PiCnHhCt2xHz1D8cZXbRD8%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=604800
x-turbo-charged-by: LiteSpeed
cf-ray: 867d99cec9390c33-AMS
expires: Thu, 28 Mar 2024 11:28:51 GMT

GET
H3

500

index.php
bestsignpst.subreact.com/be5acd6e82cf70fde870/templates/
Redirect Chain

https://bestsignpst.subreact.com/be5acd6e82cf70fde870/templates/js/popper.min.js
https://bestsignpst.subreact.com/be5acd6e82cf70fde870/templates/index.php?redirection=

0
0

106ms
105ms

Script
text/html

2606:4700:3037::ac43:8a05
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://bestsignpst.subreact.com/be5acd6e82cf70fde870/templates/index.php?redirection=

Requested by

Host: bestsignpst.subreact.com
URL: https://bestsignpst.subreact.com/be5acd6e82cf70fde870/clients/

Protocol

Server

2606:4700:3037::ac43:8a05 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / PHP/7.4.33

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://bestsignpst.subreact.com/be5acd6e82cf70fde870/clients/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Mobile Safari/537.36

Response headers

date: Thu, 21 Mar 2024 11:28:51 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
content-security-policy: upgrade-insecure-requests
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
x-powered-by: PHP/7.4.33
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=b7UiAxQiH3JieJeU9UXQf8RhiMeQUBraRxl0HTiwO2MtY9PNvCQUKrM4M3EgYiK3Rwg%2F7zvSbmLttxKWXN2P6l%2B77uE%2FCO%2BOWZHyHv8NPU5YI1SK%2B5geqG0qLyffP9pJjQZ%2B2nLl3gPwWVCr886YSGdkNXusnwI%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/html; charset=UTF-8
x-turbo-charged-by: LiteSpeed
cf-ray: 867d99d34ad9b920-AMS
alt-svc: h3=":443"; ma=86400

Redirect headers

date: Thu, 21 Mar 2024 11:28:51 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
content-security-policy: upgrade-insecure-requests
cf-cache-status: BYPASS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-powered-by: PHP/7.4.33
alt-svc: h3=":443"; ma=86400
pragma: no-cache
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=fWco45G6KGqjBwSW0Pzt9mgmB0Ab%2BLYCjPrdz%2Brjs%2B6JCZRjeYZjfDbFT%2BBKMjfCrD%2Bjxx3IyKxFxB4bIgxVZZakmmThDvCAidawCN2U1sbK9WHR%2FWnlRmDVLfWuvRTyua5tMOxWTj2071MwldqL%2Bx8%2BzsCg1mw%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/html; charset=UTF-8
location: ../index.php?redirection=
cache-control: no-cache, no-store, must-revalidate, max-age=0
x-turbo-charged-by: LiteSpeed
cf-ray: 867d99ced93a0c33-AMS
expires: Thu, 19 Nov 1981 08:52:00 GMT

GET
H2 200 main.js Show response
bestsignpst.subreact.com/be5acd6e82cf70fde870/clients/ 7 KB
2 KB 151ms
150ms Script
application/javascript 2606:4700:3037::ac43:8a05
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://bestsignpst.subreact.com/be5acd6e82cf70fde870/clients/main.js

Requested by

Host: bestsignpst.subreact.com
URL: https://bestsignpst.subreact.com/be5acd6e82cf70fde870/clients/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3037::ac43:8a05 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

cb1b7d8d4cb4f503be126aaab18302b91acebb80d5f49b476c834c10fb9d76d3

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://bestsignpst.subreact.com/be5acd6e82cf70fde870/clients/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Mobile Safari/537.36

Response headers

date: Thu, 21 Mar 2024 11:28:51 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
content-encoding: br
content-security-policy: upgrade-insecure-requests
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-cache-status: MISS
alt-svc: h3=":443"; ma=86400
last-modified: Wed, 20 Mar 2024 16:39:44 GMT
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=X9rG3dOFGrUCk0GWquFMalXRrHuHq5vRC2flkY8E6TNdtS%2BYTkvKZ%2F6JlMDLvhTTge7iC6yy9uo5NQAx5HaBdWLbOYiJ2eJh7LmErqcF7BsO7PzzDe1Wh6m9j180Mtw1QmLO8UjnRt5FVoLF848lgQbkww%2FfMgE%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=604800
x-turbo-charged-by: LiteSpeed
cf-ray: 867d99ced93b0c33-AMS
expires: Thu, 28 Mar 2024 11:28:51 GMT

GET
H3

200

main.js Show response
bestsignpst.subreact.com/cdn-cgi/challenge-platform/h/b/scripts/jsd/de9364586261/ Frame 3245
Redirect Chain

https://bestsignpst.subreact.com/cdn-cgi/challenge-platform/scripts/jsd/main.js
https://bestsignpst.subreact.com/cdn-cgi/challenge-platform/h/b/scripts/jsd/de9364586261/main.js

8 KB
4 KB

112ms
112ms

Script
application/javascript

2606:4700:3037::ac43:8a05
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://bestsignpst.subreact.com/cdn-cgi/challenge-platform/h/b/scripts/jsd/de9364586261/main.js

Protocol

Server

2606:4700:3037::ac43:8a05 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7afbd34920b90092562a4d07760bfc2d8f1d94fa3a73138aa7a26f0cec9cca19

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Mobile Safari/537.36

Response headers

date: Thu, 21 Mar 2024 11:28:51 GMT
content-encoding: br
x-content-type-options: nosniff
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: accept-encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Dbr3a8RHKgLVkd1D5Bp52Mh01s8hw6VEj%2BPzWJNyhGdGhwTycvu2Am9puqRQbk8FbBD3LJY4P99j2X5FzocaZyaPA8YU8neqJyiQPFnu2j38C58S6joDUnEBSc7hluXSJlYeAONpHeNn8hZPPC%2FaCIgkiW5uoYA%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=UTF-8
cache-control: max-age=14400, public
cf-ray: 867d99d44c36b920-AMS
alt-svc: h3=":443"; ma=86400

Redirect headers

date: Thu, 21 Mar 2024 11:28:51 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=rfWj2xx%2F%2FRjnHIVay2IeDndrn3XM0z9MKHUELAfE7KT6dbDUrwgQZEucAMAfScvEBRZz5pp35%2BpW1RcrWU7nP%2BmGX%2FkOD7VXsgJXpXLR7RbyAzzfYTnQOKUFOUwRT6c6M3jgZQugyGDHYrCZm%2Fi%2BmmiZkkQeTZg%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-origin: *
location: /cdn-cgi/challenge-platform/h/b/scripts/jsd/de9364586261/main.js
cache-control: max-age=300, public
cf-ray: 867d99d40bd8b920-AMS
alt-svc: h3=":443"; ma=86400
content-length: 0

GET
H3 200 img1.jpg
bestsignpst.subreact.com/be5acd6e82cf70fde870/templates/img/ 1 MB
1 MB 146ms
146ms Image
image/jpeg 2606:4700:3037::ac43:8a05
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bestsignpst.subreact.com/be5acd6e82cf70fde870/templates/img/img1.jpg

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3037::ac43:8a05 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

08e44df79f033daeb0375efd0c62ec5e3b13467388ed36815062f89ab2662940

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://bestsignpst.subreact.com/be5acd6e82cf70fde870/clients/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Mobile Safari/537.36

Response headers

date: Thu, 21 Mar 2024 11:28:52 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
content-security-policy: upgrade-insecure-requests
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-cache-status: MISS
alt-svc: h3=":443"; ma=86400
content-length: 1181415
last-modified: Wed, 20 Mar 2024 16:39:44 GMT
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=1Wa9KGtEjGo48oWvjP5AnP5pVpETzV%2BcL4yGlWWTlrHDAZUYYga%2BB9BX2stHbhOiO8h5c3th6aduH1Zmo3e4g3Y%2FegZq%2BZmRBNN9QfeO%2BnVfzsEVFbvzlYEqwYT5nqyJ7K%2FaFBe2p8AJhYY4z4FDNBM3LZYxjIU%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: public, max-age=604800
x-turbo-charged-by: LiteSpeed
accept-ranges: bytes
cf-ray: 867d99d49ca2b920-AMS
expires: Thu, 28 Mar 2024 11:28:51 GMT

GET
H3 200 img2.jpg
bestsignpst.subreact.com/be5acd6e82cf70fde870/templates/img/ 15 KB
16 KB 84ms
84ms Image
image/jpeg 2606:4700:3037::ac43:8a05
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bestsignpst.subreact.com/be5acd6e82cf70fde870/templates/img/img2.jpg

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3037::ac43:8a05 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

550778f7050b2f39fc38c8e326c78e0a53921774f9f39dd3685f1c73efee2613

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://bestsignpst.subreact.com/be5acd6e82cf70fde870/clients/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Mobile Safari/537.36

Response headers

date: Thu, 21 Mar 2024 11:28:51 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
content-security-policy: upgrade-insecure-requests
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-cache-status: MISS
alt-svc: h3=":443"; ma=86400
content-length: 15808
last-modified: Wed, 20 Mar 2024 16:39:44 GMT
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=gFian6AwjiUyntw%2FaMPdw4sacxCLurfwqzbnBL3GiI7ZIhA0lsPAyM830ymMO%2BHtv2RvKTwcEkAO2heZrx53ph9jF0ZIYjm3JuKUtDw6Kb49UljlLwXWSq1%2Fv9oD6N5qo%2Fv743eDNRR%2Fn0sjxfLLniIqqLKrKhg%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: public, max-age=604800
x-turbo-charged-by: LiteSpeed
accept-ranges: bytes
cf-ray: 867d99d49ca7b920-AMS
expires: Thu, 28 Mar 2024 11:28:51 GMT

GET
H3 200 img3.jpg
bestsignpst.subreact.com/be5acd6e82cf70fde870/templates/img/ 274 KB
275 KB 128ms
128ms Image
image/jpeg 2606:4700:3037::ac43:8a05
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bestsignpst.subreact.com/be5acd6e82cf70fde870/templates/img/img3.jpg

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3037::ac43:8a05 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0caf058c53fc03f37915f7f4738582b863b20f34bf1bc53c890436bdf465dae0

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://bestsignpst.subreact.com/be5acd6e82cf70fde870/clients/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Mobile Safari/537.36

Response headers

date: Thu, 21 Mar 2024 11:28:52 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
content-security-policy: upgrade-insecure-requests
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-cache-status: MISS
alt-svc: h3=":443"; ma=86400
content-length: 280533
last-modified: Wed, 20 Mar 2024 16:39:44 GMT
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ZdS8pELsnlMxq4%2B29bPq8XfjUdGS0BjzBcfolU7Crf0wWicuQTjLQ9towvSZHDpbLRELNuWc1gA9nxc%2BN8t%2FWuP8IFx9F5cmvFBEVftpd1Y5FQrkV5jW0JtAkSU4gR9XEc%2Fk4nV20ZrkYpcBX39n7GaZQAwOSe0%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: public, max-age=604800
x-turbo-charged-by: LiteSpeed
accept-ranges: bytes
cf-ray: 867d99d49ca8b920-AMS
expires: Thu, 28 Mar 2024 11:28:51 GMT

POST
H3 200 867d99ce08470c33 Show response
bestsignpst.subreact.com/cdn-cgi/challenge-platform/h/b/jsd/r/ Frame 3245 0
614 B 192ms
192ms XHR
text/plain 2606:4700:3037::ac43:8a05
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://bestsignpst.subreact.com/cdn-cgi/challenge-platform/h/b/jsd/r/867d99ce08470c33
Requested by: Host: bestsignpst.subreact.com
URL: https://bestsignpst.subreact.com/cdn-cgi/challenge-platform/scripts/jsd/main.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3037::ac43:8a05 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Mobile Safari/537.36
Content-Type: application/json

Response headers

date: Thu, 21 Mar 2024 11:28:52 GMT
content-encoding: br
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=DVANNJUnsCpmNDzrUoHxwKa5eiG%2FWt7mobNXSKhmp6bgHbZJ5v2kLPKED%2BVLbkc1X0qpKrKLCNwAQav%2FBQEEzU1NBt84ed4rfvosIarRwds1lS0P4lTLgNnNDVyyY%2BwE6L%2Fx5PvBnCr%2FxjIExG0MbkPQjs4uFoY%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/plain; charset=UTF-8
cf-ray: 867d99d55d7bb920-AMS
alt-svc: h3=":443"; ma=86400

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Postbank (Banking)

3 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 function| $ function| jQuery

2 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			bestsignpst.subreact.com/	1969-12-31 23:59:59	Name: PHPSESSID Value: d68fd8761fc83f91098ba1a0ddc9c7c3
			.subreact.com/	1970-01-21 04:02:36	Name: cf_clearance Value: q7DQS_g6w7OTVtUxjJzwnteVJKO9VfaUa59aNL.LuIg-1711020532-1.0.1.1-SLRjGhJXtnmgnUPL5PXQuX0WQvqywxuXIbEaKowE9ZE5eHrGbeg5EwSAw9TMdQBSV_SidjRbmF9dBd.juAOQNg

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://bestsignpst.subreact.com/be5acd6e82cf70fde870/templates/index.php?redirection= Message: Failed to load resource: the server responded with a status of 500 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

bestsignpst.subreact.com
2606:4700:3037::ac43:8a05
08e44df79f033daeb0375efd0c62ec5e3b13467388ed36815062f89ab2662940
0caf058c53fc03f37915f7f4738582b863b20f34bf1bc53c890436bdf465dae0
21ef1d0a7b1d1789a73f5121dc704bf21d484f0926445d331124100a01776baf
4c24dfd28784ad2befb3dafaac6bf1ed4e7cd58cce713d9a0b228d426e812baf
550778f7050b2f39fc38c8e326c78e0a53921774f9f39dd3685f1c73efee2613
7afbd34920b90092562a4d07760bfc2d8f1d94fa3a73138aa7a26f0cec9cca19
89a15e9c40bc6b14809f236ee8cd3ed1ea42393c1f6ca55c7855cd779b3f922e
98f8b4b01ebae4460dd4c9b90a9c3a623f5263bfc51bcc3c8926ca3d4b8e9bdc
cb1b7d8d4cb4f503be126aaab18302b91acebb80d5f49b476c834c10fb9d76d3
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
ed32594ab88d0b8594b1978ff2cb2489ae234186e9e3d6c404731aa04fe20abd
fe5103f855975085f28d2a255145a386f30d2afe2a1b26fa9943d74b54859b7b

bestsignpst.subreact.com Open in urlscan Pro 2606:4700:3037::ac43:8a05 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

13 Requests

85 %HTTPS

100 %IPv6

1 Domains

1 Subdomains

1 IPs

1 Countries

1552 kBTransfer

1891 kBSize

2 Cookies

0 Outgoing links

Redirected requests

13 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

3 JavaScript Global Variables

2 Cookies

1 Console Messages

Security Headers

Indicators

bestsignpst.subreact.com Open in urlscan Pro
2606:4700:3037::ac43:8a05 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

13
Requests

85 %
HTTPS

100 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

1552 kB
Transfer

1891 kB
Size

2
Cookies

13 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!