bestrewrd.com
Open in
urlscan Pro
103.140.249.50
Malicious Activity!
Public Scan
Effective URL: https://bestrewrd.com/visitoronline_us_nonbr/index_6_d.php?device_name=Desktop&browser_name=Chrome&language=en-US&city...
Submission: On January 20 via manual from IN — Scanned from US
Summary
TLS certificate: Issued by R3 on January 2nd 2022. Valid for: 3 months.
This is the only time bestrewrd.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Customer Survey Spam (Consumer)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 | 52.218.176.128 52.218.176.128 | 16509 (AMAZON-02) (AMAZON-02) | |
1 1 | 66.206.0.170 66.206.0.170 | 29802 (HVC-AS) (HVC-AS) | |
1 | 85.209.159.205 85.209.159.205 | 18978 (ENZUINC-) (ENZUINC-) | |
1 1 | 103.140.249.49 103.140.249.49 | 24088 (HTCHCMC-A...) (HTCHCMC-AS-VN Hanoi Telecom Joint Stock Company - HCMC Branch) | |
8 | 103.140.249.50 103.140.249.50 | 24088 (HTCHCMC-A...) (HTCHCMC-AS-VN Hanoi Telecom Joint Stock Company - HCMC Branch) | |
1 | 69.16.175.10 69.16.175.10 | 20446 (HIGHWINDS3) (HIGHWINDS3) | |
5 | 13.226.39.21 13.226.39.21 | 16509 (AMAZON-02) (AMAZON-02) | |
2 | 142.250.64.74 142.250.64.74 | 15169 (GOOGLE) (GOOGLE) | |
4 | 142.250.65.227 142.250.65.227 | 15169 (GOOGLE) (GOOGLE) | |
22 | 7 |
ASN16509 (AMAZON-02, US)
PTR: s3-us-west-2.amazonaws.com
s3.us-west-2.amazonaws.com |
ASN18978 (ENZUINC-, US)
PTR: 205.159-209-85.rdns.scalabledns.com
lamentablesoggy.com |
ASN24088 (HTCHCMC-AS-VN Hanoi Telecom Joint Stock Company - HCMC Branch, VN)
PTR: static-ptr.vndata.vn
lpstrk.com |
ASN24088 (HTCHCMC-AS-VN Hanoi Telecom Joint Stock Company - HCMC Branch, VN)
PTR: static-ptr.vndata.vn
bestrewrd.com |
ASN16509 (AMAZON-02, US)
PTR: server-13-226-39-21.ewr53.r.cloudfront.net
d3e1y4kxkqljcb.cloudfront.net |
ASN15169 (GOOGLE, US)
PTR: lga34s30-in-f10.1e100.net
fonts.googleapis.com |
ASN15169 (GOOGLE, US)
PTR: lga25s73-in-f3.1e100.net
fonts.gstatic.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
8 |
bestrewrd.com
bestrewrd.com |
37 KB |
5 |
cloudfront.net
d3e1y4kxkqljcb.cloudfront.net |
145 KB |
4 |
gstatic.com
fonts.gstatic.com |
69 KB |
2 |
googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 47 |
2 KB |
1 |
jquery.com
code.jquery.com — Cisco Umbrella Rank: 584 |
33 KB |
1 |
lpstrk.com
1 redirects
lpstrk.com — Cisco Umbrella Rank: 537169 |
1 KB |
1 |
lamentablesoggy.com
lamentablesoggy.com |
469 B |
1 |
handlehere.com
1 redirects
handlehere.com |
399 B |
1 |
amazonaws.com
s3.us-west-2.amazonaws.com — Cisco Umbrella Rank: 2740 |
458 B |
22 | 9 |
Domain | Requested by | |
---|---|---|
8 | bestrewrd.com |
lamentablesoggy.com
bestrewrd.com code.jquery.com |
5 | d3e1y4kxkqljcb.cloudfront.net |
bestrewrd.com
|
4 | fonts.gstatic.com |
fonts.googleapis.com
|
2 | fonts.googleapis.com |
bestrewrd.com
|
1 | code.jquery.com |
bestrewrd.com
|
1 | lpstrk.com | 1 redirects |
1 | lamentablesoggy.com |
s3.us-west-2.amazonaws.com
|
1 | handlehere.com | 1 redirects |
1 | s3.us-west-2.amazonaws.com | |
22 | 9 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
*.s3-us-west-2.amazonaws.com Amazon |
2021-03-26 - 2022-03-05 |
a year | crt.sh |
lamentablesoggy.com Sectigo RSA Domain Validation Secure Server CA |
2021-09-16 - 2022-09-16 |
a year | crt.sh |
bestrewrd.com R3 |
2022-01-02 - 2022-04-02 |
3 months | crt.sh |
*.jquery.com Sectigo RSA Domain Validation Secure Server CA |
2021-07-14 - 2022-08-14 |
a year | crt.sh |
*.cloudfront.net Amazon |
2021-03-19 - 2022-03-17 |
a year | crt.sh |
upload.video.google.com GTS CA 1C3 |
2021-12-08 - 2022-03-02 |
3 months | crt.sh |
*.gstatic.com GTS CA 1C3 |
2021-12-08 - 2022-03-02 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://bestrewrd.com/visitoronline_us_nonbr/index_6_d.php?device_name=Desktop&browser_name=Chrome&language=en-US&city=New%20York&clickid=7cef2ghqdci7v0f7&campaign=2259&user_id=1&clickcost=0&lander=1445&time=1642607773&browser_version=97.0.4692.71&device_model=Desktop&device_brand=Desktop&resolution=desktop&os_name=Windows&os_version=10.0&country=United%20States&country_code=US&isp=Secure%20Data%20Systems%20SRL&ip=37.120.138.195&user_agent=Mozilla/5.0%20(Windows%20NT%2010.0;%20Win64;%20x64)%20AppleWebKit/537.36%20(KHTML,%20like%20Gecko)%20Chrome/97.0.4692.71%20Safari/537.36&lpkey=163442df653d120873&target=lw&device=DESKTOP&country=US&ts=id3&trafficsource=63&uclick=ghqdci7v&uclickhash=ghqdci7v-ghqdci7v-hesc-168n-ktwj-pm5mwj-xsejwj-57b35d
Frame ID: 3CB72E9E032F5E5932405D1B28FE8775
Requests: 22 HTTP requests in this frame
Screenshot
Page Title
[1] Reward Pending!Page URL History Show full URLs
- https://s3.us-west-2.amazonaws.com/1q1xuvgizmb/autoriser-beneficiar-bec6 Page URL
-
http://handlehere.com/qs=r-afcbiagikjjcehbaegicehjaiefgidcafbfjiabababackahfaceackhacjbcajgkfhacb
HTTP 302
https://lamentablesoggy.com/1761891203328781800/40487_7345721_13/4107_579881360_0_0_0_3571368_19_1801_85... Page URL
-
https://lpstrk.com/9j0pgkmqfxnl57iv2nrn&externalid=1234426082&agentid=690085&ts=id3&target=lw
HTTP 302
https://bestrewrd.com/visitoronline_us_nonbr/index_6_d.php?device_name=Desktop&browser_name=Chrome... Page URL
Detected technologies
PHP (Programming Languages) ExpandDetected patterns
- \.php(?:$|\?)
jQuery (JavaScript Libraries) Expand
Detected patterns
- jquery[.-]([\d.]*\d)[^/]*\.js
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
- https://s3.us-west-2.amazonaws.com/1q1xuvgizmb/autoriser-beneficiar-bec6 Page URL
-
http://handlehere.com/qs=r-afcbiagikjjcehbaegicehjaiefgidcafbfjiabababackahfaceackhacjbcajgkfhacb
HTTP 302
https://lamentablesoggy.com/1761891203328781800/40487_7345721_13/4107_579881360_0_0_0_3571368_19_1801_85946_7345721_10_196/19 Page URL
-
https://lpstrk.com/9j0pgkmqfxnl57iv2nrn&externalid=1234426082&agentid=690085&ts=id3&target=lw
HTTP 302
https://bestrewrd.com/visitoronline_us_nonbr/index_6_d.php?device_name=Desktop&browser_name=Chrome&language=en-US&city=New%20York&clickid=7cef2ghqdci7v0f7&campaign=2259&user_id=1&clickcost=0&lander=1445&time=1642607773&browser_version=97.0.4692.71&device_model=Desktop&device_brand=Desktop&resolution=desktop&os_name=Windows&os_version=10.0&country=United%20States&country_code=US&isp=Secure%20Data%20Systems%20SRL&ip=37.120.138.195&user_agent=Mozilla/5.0%20(Windows%20NT%2010.0;%20Win64;%20x64)%20AppleWebKit/537.36%20(KHTML,%20like%20Gecko)%20Chrome/97.0.4692.71%20Safari/537.36&lpkey=163442df653d120873&target=lw&device=DESKTOP&country=US&ts=id3&trafficsource=63&uclick=ghqdci7v&uclickhash=ghqdci7v-ghqdci7v-hesc-168n-ktwj-pm5mwj-xsejwj-57b35d Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 1- http://handlehere.com/qs=r-afcbiagikjjcehbaegicehjaiefgidcafbfjiabababackahfaceackhacjbcajgkfhacb HTTP 302
- https://lamentablesoggy.com/1761891203328781800/40487_7345721_13/4107_579881360_0_0_0_3571368_19_1801_85946_7345721_10_196/19
22 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
autoriser-beneficiar-bec6
s3.us-west-2.amazonaws.com/1q1xuvgizmb/ |
102 B 458 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
19
lamentablesoggy.com/1761891203328781800/40487_7345721_13/4107_579881360_0_0_0_3571368_19_1801_85946_7345721_10_196/ Redirect Chain
|
156 B 469 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Primary Request
index_6_d.php
bestrewrd.com/visitoronline_us_nonbr/ Redirect Chain
|
37 KB 7 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
main_1_d.css
bestrewrd.com/visitoronline_us_nonbr/css/ |
20 KB 5 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery-1.11.1.min.js
code.jquery.com/ |
94 KB 33 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
script_5_d.js
bestrewrd.com/visitoronline_us_nonbr/js/ |
36 KB 6 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
giphy.gif
d3e1y4kxkqljcb.cloudfront.net/survey_us_d/nn_survey/ |
15 KB 16 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
redirect_bin.js
bestrewrd.com/ |
551 B 869 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
css2
fonts.googleapis.com/ |
8 KB 816 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
css2
fonts.googleapis.com/ |
2 KB 973 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
new_sprite_8.png
d3e1y4kxkqljcb.cloudfront.net/survey_us_d/ |
22 KB 23 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
line_background4.png
d3e1y4kxkqljcb.cloudfront.net/survey_us_d/ |
61 KB 62 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
KFOlCnqEu92Fr1MmWUlfBBc4.woff2
fonts.gstatic.com/s/roboto/v29/ |
15 KB 16 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v29/ |
15 KB 15 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
7cHqv4kjgoGqM7E3t-4s51os.woff2
fonts.gstatic.com/s/barlow/v5/ |
21 KB 21 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
KFOjCnqEu92Fr1Mu51TjASc6CsQ.woff2
fonts.gstatic.com/s/roboto/v29/ |
17 KB 17 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
new_footer2.png
d3e1y4kxkqljcb.cloudfront.net/survey_us_d/ |
8 KB 9 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
gift.css
bestrewrd.com/visitoronline_us_nonbr/css/ |
790 B 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
lw.css
bestrewrd.com/visitoronline_us_nonbr/css/ |
2 KB 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
lw.json
bestrewrd.com/visitoronline_us_nonbr/datas/ |
883 B 1 KB |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
gift_card_lw.png
d3e1y4kxkqljcb.cloudfront.net/survey_us_d/gift_card/ |
36 KB 37 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
design_system_a_900-webfont.woff2
bestrewrd.com/visitoronline_us_nonbr/fonts/ |
14 KB 14 KB |
Font
application/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Customer Survey Spam (Consumer)34 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
function| $ function| jQuery function| $_GET object| months object| days object| time object| d string| dateNow object| now string| targets string| ip string| campaign string| gift string| css function| loadingData function| drawszlider function| timer string| target object| jQuery1111007687681955727532 string| redirect_url string| back_url_link function| isIE object| comments function| startTimer number| slidewhere number| holvanszlider function| loadingOffers function| timer1 object| mydate number| year number| day number| month number| daym string| titleOut3 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
lamentablesoggy.com/ | Name: uid25151 Value: 1234426082-20220119225612-3b6764926c7bed59d5d7c155f2590882- |
|
lpstrk.com/ | Name: uclick Value: ghqdci7v |
|
lpstrk.com/ | Name: uclickhash Value: ghqdci7v-ghqdci7v-hesc-168n-ktwj-pm5mwj-xsejwj-57b35d |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
bestrewrd.com
code.jquery.com
d3e1y4kxkqljcb.cloudfront.net
fonts.googleapis.com
fonts.gstatic.com
handlehere.com
lamentablesoggy.com
lpstrk.com
s3.us-west-2.amazonaws.com
103.140.249.49
103.140.249.50
13.226.39.21
142.250.64.74
142.250.65.227
52.218.176.128
66.206.0.170
69.16.175.10
85.209.159.205
0eaeadb58e6995ba85eccb6198aaef77eeb1d4b66699e4e1f3fc10eb6adfcdb9
1d663a023a73f2ba8563a69da9cffc6571ceedba45deda00b1b707ff1f0f5443
33284fe633022dc52abfaa8f476c0642cc34d552861bdd2924b60a3edd68b882
38698bd6030ccf4376df80dc1080041bad75f3ea78d7aae8482c190398f36efc
4026184fb4096358113d7718bf75520f2de835f9190de8f640ce6e6d8d7ed4f1
47c802ec4479599b88b800eca121978ef6fb4cdd5042027a927a626c2b2a60c6
4c52e4274ebdbe29cd5b4983d888c247496b6d3bb55e05d4c0769d1b946d14f8
4c7856c0d39606a745670d4c03525f3644fe65304191be208516def923cc3762
540bc6dec1dd4b92ea4d3fb903f69eabf6d919afd48f4e312b163c28cff0f441
54fd3bda9421f5b009ef51984a7c555c4d89c332adee26549a847143d1d0367b
595fc9d77aaa41cb01936f11d16d156a8c571faace86be0e10634aeaf3e924ce
703b205caa6038e17c88e792100955746b321bd0497970bc9c6b2f967749f8ec
9144afcf99db928e2f67372c78684c5e4d37352700f47abb00992fe60155fae7
9ba6662bdb40bb1a731890fe8a7612ab1724363831a0342e36c2fc4bddd4a7a1
a0f5b3ad9a90ac26aabe085fc9db6a361a70ce5ec760758be46e9583199f4569
b4879476c77b76dc8adb1ddc4b4b6c1785834ff3f793c7d8e5c2307173d265b5
b8170507fc250385522c23b7f4ab131a970a4d41ada27d3751cf4ebff54dde61
baa5f5f917fb3ed0c1c2c52a17298805a10e6fa41a1adbcd6d06c85c882cfae1
bd1acc174c163ada5660f8d2ebd24a6d3cefea2728ba12d3e712c1b25eef5672
c079c8211069a2a954620b32996ac23ebf653adcb3bb1625a0da42342629a520
cc46322d5c4d41da447f26f7fa714827f2ec9a112968c12ef5736c7494985eca
df8c0ddcc30122b5394c2208dfb4edcaa1b61856aa1769e09abc601bbea62cd6