urlscan.io logo urlscan.io
SecurityTrails logo

bestrewrd.com Open in urlscan Pro
103.140.249.50  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://s3.us-west-2.amazonaws.com/1q1xuvgizmb/autoriser-beneficiar-bec6#qs=r-afcbiagikjjcehbaegicehjaiefgidcafbfjiabababackahfacea...
Effective URL: https://bestrewrd.com/visitoronline_us_nonbr/index_6_d.php?device_name=Desktop&browser_name=Chrome&language=en-US&city...
Submission: On January 20 via manual from IN — Scanned from US
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 7 IPs in 2 countries across 9 domains to perform 22 HTTP transactions. The main IP is 103.140.249.50, located in Viet Nam and belongs to HTCHCMC-AS-VN Hanoi Telecom Joint Stock Company - HCMC Branch, VN. The main domain is bestrewrd.com.
TLS certificate: Issued by R3 on January 2nd 2022. Valid for: 3 months.
This is the only time bestrewrd.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Customer Survey Spam (Consumer)

Domain & IP information

IP Address AS Autonomous System
1 52.218.176.128 16509 (AMAZON-02)
1 1 66.206.0.170 29802 (HVC-AS)
1 85.209.159.205 18978 (ENZUINC-)
1 1 103.140.249.49 24088 (HTCHCMC-A...)
8 103.140.249.50 24088 (HTCHCMC-A...)
1 69.16.175.10 20446 (HIGHWINDS3)
5 13.226.39.21 16509 (AMAZON-02)
2 142.250.64.74 15169 (GOOGLE)
4 142.250.65.227 15169 (GOOGLE)
22 7
1    52.218.176.128 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: s3-us-west-2.amazonaws.com
s3.us-west-2.amazonaws.com
1    66.206.0.170 (New York, United States)

ASN29802 (HVC-AS, US)
PTR: freemimics.com
handlehere.com
1    85.209.159.205 (Los Angeles, United States)

ASN18978 (ENZUINC-, US)
PTR: 205.159-209-85.rdns.scalabledns.com
lamentablesoggy.com
1    103.140.249.49 (Viet Nam)

ASN24088 (HTCHCMC-AS-VN Hanoi Telecom Joint Stock Company - HCMC Branch, VN)
PTR: static-ptr.vndata.vn
lpstrk.com
8    103.140.249.50 (Viet Nam)

ASN24088 (HTCHCMC-AS-VN Hanoi Telecom Joint Stock Company - HCMC Branch, VN)
PTR: static-ptr.vndata.vn
bestrewrd.com
1    69.16.175.10 (United States)

ASN20446 (HIGHWINDS3, US)
PTR: tlb.hwcdn.net
code.jquery.com
5    13.226.39.21 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-226-39-21.ewr53.r.cloudfront.net
d3e1y4kxkqljcb.cloudfront.net
2    142.250.64.74 (United States)

ASN15169 (GOOGLE, US)
PTR: lga34s30-in-f10.1e100.net
fonts.googleapis.com
4    142.250.65.227 (United States)

ASN15169 (GOOGLE, US)
PTR: lga25s73-in-f3.1e100.net
fonts.gstatic.com
Apex Domain
Subdomains		 Transfer
8 bestrewrd.com
bestrewrd.com
37 KB
5 cloudfront.net
d3e1y4kxkqljcb.cloudfront.net
145 KB
4 gstatic.com
fonts.gstatic.com
69 KB
2 googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 47
2 KB
1 jquery.com
code.jquery.com — Cisco Umbrella Rank: 584
33 KB
1 lpstrk.com
lpstrk.com — Cisco Umbrella Rank: 537169
1 KB
1 lamentablesoggy.com
lamentablesoggy.com
469 B
1 handlehere.com
handlehere.com
399 B
1 amazonaws.com
s3.us-west-2.amazonaws.com — Cisco Umbrella Rank: 2740
458 B
22 9
Domain Requested by
8 bestrewrd.com lamentablesoggy.com
bestrewrd.com
code.jquery.com
5 d3e1y4kxkqljcb.cloudfront.net bestrewrd.com
4 fonts.gstatic.com fonts.googleapis.com
2 fonts.googleapis.com bestrewrd.com
1 code.jquery.com bestrewrd.com
1 lpstrk.com 1 redirects
1 lamentablesoggy.com s3.us-west-2.amazonaws.com
1 handlehere.com 1 redirects
1 s3.us-west-2.amazonaws.com
22 9

This site contains no links.

Subject Issuer Validity Valid
*.s3-us-west-2.amazonaws.com
Amazon		 2021-03-26 -
2022-03-05		 a year crt.sh
lamentablesoggy.com
Sectigo RSA Domain Validation Secure Server CA		 2021-09-16 -
2022-09-16		 a year crt.sh
bestrewrd.com
R3		 2022-01-02 -
2022-04-02		 3 months crt.sh
*.jquery.com
Sectigo RSA Domain Validation Secure Server CA		 2021-07-14 -
2022-08-14		 a year crt.sh
*.cloudfront.net
Amazon		 2021-03-19 -
2022-03-17		 a year crt.sh
upload.video.google.com
GTS CA 1C3		 2021-12-08 -
2022-03-02		 3 months crt.sh
*.gstatic.com
GTS CA 1C3		 2021-12-08 -
2022-03-02		 3 months crt.sh

This page contains 1 frames:

Primary Page: https://bestrewrd.com/visitoronline_us_nonbr/index_6_d.php?device_name=Desktop&browser_name=Chrome&language=en-US&city=New%20York&clickid=7cef2ghqdci7v0f7&campaign=2259&user_id=1&clickcost=0&lander=1445&time=1642607773&browser_version=97.0.4692.71&device_model=Desktop&device_brand=Desktop&resolution=desktop&os_name=Windows&os_version=10.0&country=United%20States&country_code=US&isp=Secure%20Data%20Systems%20SRL&ip=37.120.138.195&user_agent=Mozilla/5.0%20(Windows%20NT%2010.0;%20Win64;%20x64)%20AppleWebKit/537.36%20(KHTML,%20like%20Gecko)%20Chrome/97.0.4692.71%20Safari/537.36&lpkey=163442df653d120873&target=lw&device=DESKTOP&country=US&ts=id3&trafficsource=63&uclick=ghqdci7v&uclickhash=ghqdci7v-ghqdci7v-hesc-168n-ktwj-pm5mwj-xsejwj-57b35d
Frame ID: 3CB72E9E032F5E5932405D1B28FE8775
Requests: 22 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

[1] Reward Pending!

Page URL History Show full URLs

  1. https://s3.us-west-2.amazonaws.com/1q1xuvgizmb/autoriser-beneficiar-bec6 Page URL
  2. http://handlehere.com/qs=r-afcbiagikjjcehbaegicehjaiefgidcafbfjiabababackahfaceackhacjbcajgkfhacb HTTP 302
    https://lamentablesoggy.com/1761891203328781800/40487_7345721_13/4107_579881360_0_0_0_3571368_19_1801_85... Page URL
  3. https://lpstrk.com/9j0pgkmqfxnl57iv2nrn&externalid=1234426082&agentid=690085&ts=id3&target=lw HTTP 302
    https://bestrewrd.com/visitoronline_us_nonbr/index_6_d.php?device_name=Desktop&browser_name=Chrome... Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • \.php(?:$|\?)
Overall confidence: 100%
Detected patterns
  • jquery[.-]([\d.]*\d)[^/]*\.js
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

22
Requests

100 %
HTTPS

0 %
IPv6

9
Domains

9
Subdomains

7
IPs

2
Countries

287 kB
Transfer

427 kB
Size

3
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://s3.us-west-2.amazonaws.com/1q1xuvgizmb/autoriser-beneficiar-bec6 Page URL
  2. http://handlehere.com/qs=r-afcbiagikjjcehbaegicehjaiefgidcafbfjiabababackahfaceackhacjbcajgkfhacb HTTP 302
    https://lamentablesoggy.com/1761891203328781800/40487_7345721_13/4107_579881360_0_0_0_3571368_19_1801_85946_7345721_10_196/19 Page URL
  3. https://lpstrk.com/9j0pgkmqfxnl57iv2nrn&externalid=1234426082&agentid=690085&ts=id3&target=lw HTTP 302
    https://bestrewrd.com/visitoronline_us_nonbr/index_6_d.php?device_name=Desktop&browser_name=Chrome&language=en-US&city=New%20York&clickid=7cef2ghqdci7v0f7&campaign=2259&user_id=1&clickcost=0&lander=1445&time=1642607773&browser_version=97.0.4692.71&device_model=Desktop&device_brand=Desktop&resolution=desktop&os_name=Windows&os_version=10.0&country=United%20States&country_code=US&isp=Secure%20Data%20Systems%20SRL&ip=37.120.138.195&user_agent=Mozilla/5.0%20(Windows%20NT%2010.0;%20Win64;%20x64)%20AppleWebKit/537.36%20(KHTML,%20like%20Gecko)%20Chrome/97.0.4692.71%20Safari/537.36&lpkey=163442df653d120873&target=lw&device=DESKTOP&country=US&ts=id3&trafficsource=63&uclick=ghqdci7v&uclickhash=ghqdci7v-ghqdci7v-hesc-168n-ktwj-pm5mwj-xsejwj-57b35d Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 1
  • http://handlehere.com/qs=r-afcbiagikjjcehbaegicehjaiefgidcafbfjiabababackahfaceackhacjbcajgkfhacb HTTP 302
  • https://lamentablesoggy.com/1761891203328781800/40487_7345721_13/4107_579881360_0_0_0_3571368_19_1801_85946_7345721_10_196/19

22 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
autoriser-beneficiar-bec6
s3.us-west-2.amazonaws.com/1q1xuvgizmb/ 		102 B
458 B 		Document
General
Check archive.org
Download Go to
Full URL
https://s3.us-west-2.amazonaws.com/1q1xuvgizmb/autoriser-beneficiar-bec6
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.218.176.128 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
s3-us-west-2.amazonaws.com
Software
AmazonS3 /
Resource Hash
47c802ec4479599b88b800eca121978ef6fb4cdd5042027a927a626c2b2a60c6

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language
en-US,en;q=0.9

Response headers

x-amz-id-2
MVcP3eEXtTE5DbSOXEplwIb5ysgy0ZoMlnG3FrBHsBmXWTeT43LwbDB3e5iKZv5vKGMLu7G8Aas=
x-amz-request-id
HBA2JR9Y6MDQ3XDZ
Date
Thu, 20 Jan 2022 03:56:12 GMT
Last-Modified
Mon, 10 Jan 2022 22:06:20 GMT
ETag
"b0e6f08333e0dcd1eed7cd13c8485176"
Accept-Ranges
bytes
Content-Type
text/html
Server
AmazonS3
Content-Length
102
19
lamentablesoggy.com/1761891203328781800/40487_7345721_13/4107_579881360_0_0_0_3571368_19_1801_85946_7345721_10_196/
Redirect Chain
  • http://handlehere.com/qs=r-afcbiagikjjcehbaegicehjaiefgidcafbfjiabababackahfaceackhacjbcajgkfhacb
  • https://lamentablesoggy.com/1761891203328781800/40487_7345721_13/4107_579881360_0_0_0_3571368_19_1801_85946_7345721_10_196/19
156 B
469 B 		Document
General
Check archive.org
Download Go to
Full URL
https://lamentablesoggy.com/1761891203328781800/40487_7345721_13/4107_579881360_0_0_0_3571368_19_1801_85946_7345721_10_196/19
Requested by
Host: s3.us-west-2.amazonaws.com
URL: https://s3.us-west-2.amazonaws.com/1q1xuvgizmb/autoriser-beneficiar-bec6
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
85.209.159.205 Los Angeles, United States, ASN18978 (ENZUINC-, US),
Reverse DNS
205.159-209-85.rdns.scalabledns.com
Software
Apache /
Resource Hash
df8c0ddcc30122b5394c2208dfb4edcaa1b61856aa1769e09abc601bbea62cd6

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language
en-US,en;q=0.9
Referer
https://s3.us-west-2.amazonaws.com/1q1xuvgizmb/autoriser-beneficiar-bec6#qs=r-afcbiagikjjcehbaegicehjaiefgidcafbfjiabababackahfaceackhacjbcajgkfhacb

Response headers

Date
Thu, 20 Jan 2022 03:56:12 GMT
Server
Apache
Content-Length
156
Connection
close
Content-Type
text/html; charset=UTF-8

Redirect headers

Date
Thu, 20 Jan 2022 03:56:11 GMT
Server
Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.4.16
X-Powered-By
PHP/5.4.16
location
https://lamentablesoggy.com/1761891203328781800/40487_7345721_13/4107_579881360_0_0_0_3571368_19_1801_85946_7345721_10_196/19
Content-Length
0
Keep-Alive
timeout=5, max=100
Connection
Keep-Alive
Content-Type
text/html; charset=UTF-8
Primary Request index_6_d.php
bestrewrd.com/visitoronline_us_nonbr/
Redirect Chain
  • https://lpstrk.com/9j0pgkmqfxnl57iv2nrn&externalid=1234426082&agentid=690085&ts=id3&target=lw
  • https://bestrewrd.com/visitoronline_us_nonbr/index_6_d.php?device_name=Desktop&browser_name=Chrome&language=en-US&city=New%20York&clickid=7cef2ghqdci7v0f7&campaign=2259&user_id=1&clickcost=0&lander...
37 KB
7 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://bestrewrd.com/visitoronline_us_nonbr/index_6_d.php?device_name=Desktop&browser_name=Chrome&language=en-US&city=New%20York&clickid=7cef2ghqdci7v0f7&campaign=2259&user_id=1&clickcost=0&lander=1445&time=1642607773&browser_version=97.0.4692.71&device_model=Desktop&device_brand=Desktop&resolution=desktop&os_name=Windows&os_version=10.0&country=United%20States&country_code=US&isp=Secure%20Data%20Systems%20SRL&ip=37.120.138.195&user_agent=Mozilla/5.0%20(Windows%20NT%2010.0;%20Win64;%20x64)%20AppleWebKit/537.36%20(KHTML,%20like%20Gecko)%20Chrome/97.0.4692.71%20Safari/537.36&lpkey=163442df653d120873&target=lw&device=DESKTOP&country=US&ts=id3&trafficsource=63&uclick=ghqdci7v&uclickhash=ghqdci7v-ghqdci7v-hesc-168n-ktwj-pm5mwj-xsejwj-57b35d
Requested by
Host: lamentablesoggy.com
URL: https://lamentablesoggy.com/1761891203328781800/40487_7345721_13/4107_579881360_0_0_0_3571368_19_1801_85946_7345721_10_196/19
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
103.140.249.50 , Viet Nam, ASN24088 (HTCHCMC-AS-VN Hanoi Telecom Joint Stock Company - HCMC Branch, VN),
Reverse DNS
static-ptr.vndata.vn
Software
nginx /
Resource Hash
b4879476c77b76dc8adb1ddc4b4b6c1785834ff3f793c7d8e5c2307173d265b5

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language
en-US,en;q=0.9
Referer
https://lamentablesoggy.com/1761891203328781800/40487_7345721_13/4107_579881360_0_0_0_3571368_19_1801_85946_7345721_10_196/19

Response headers

Server
nginx
Date
Thu, 20 Jan 2022 03:56:14 GMT
Content-Type
text/html; charset=UTF-8
Content-Length
7398
Connection
keep-alive
Vary
Accept-Encoding
Content-Encoding
gzip

Redirect headers

Server
nginx/1.20.0
Date
Thu, 20 Jan 2022 03:56:13 GMT
Content-Type
text/html; charset=UTF-8
Transfer-Encoding
chunked
Connection
keep-alive
Location
https://bestrewrd.com/visitoronline_us_nonbr/index_6_d.php?device_name=Desktop&browser_name=Chrome&language=en-US&city=New%20York&clickid=7cef2ghqdci7v0f7&campaign=2259&user_id=1&clickcost=0&lander=1445&time=1642607773&browser_version=97.0.4692.71&device_model=Desktop&device_brand=Desktop&resolution=desktop&os_name=Windows&os_version=10.0&country=United%20States&country_code=US&isp=Secure%20Data%20Systems%20SRL&ip=37.120.138.195&user_agent=Mozilla/5.0%20(Windows%20NT%2010.0;%20Win64;%20x64)%20AppleWebKit/537.36%20(KHTML,%20like%20Gecko)%20Chrome/97.0.4692.71%20Safari/537.36&lpkey=163442df653d120873&target=lw&device=DESKTOP&country=US&ts=id3&trafficsource=63&uclick=ghqdci7v&uclickhash=ghqdci7v-ghqdci7v-hesc-168n-ktwj-pm5mwj-xsejwj-57b35d
Strict-Transport-Security
max-age=31536000
main_1_d.css
bestrewrd.com/visitoronline_us_nonbr/css/ 		20 KB
5 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://bestrewrd.com/visitoronline_us_nonbr/css/main_1_d.css
Requested by
Host: bestrewrd.com
URL: https://bestrewrd.com/visitoronline_us_nonbr/index_6_d.php?device_name=Desktop&browser_name=Chrome&language=en-US&city=New%20York&clickid=7cef2ghqdci7v0f7&campaign=2259&user_id=1&clickcost=0&lander=1445&time=1642607773&browser_version=97.0.4692.71&device_model=Desktop&device_brand=Desktop&resolution=desktop&os_name=Windows&os_version=10.0&country=United%20States&country_code=US&isp=Secure%20Data%20Systems%20SRL&ip=37.120.138.195&user_agent=Mozilla/5.0%20(Windows%20NT%2010.0;%20Win64;%20x64)%20AppleWebKit/537.36%20(KHTML,%20like%20Gecko)%20Chrome/97.0.4692.71%20Safari/537.36&lpkey=163442df653d120873&target=lw&device=DESKTOP&country=US&ts=id3&trafficsource=63&uclick=ghqdci7v&uclickhash=ghqdci7v-ghqdci7v-hesc-168n-ktwj-pm5mwj-xsejwj-57b35d
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
103.140.249.50 , Viet Nam, ASN24088 (HTCHCMC-AS-VN Hanoi Telecom Joint Stock Company - HCMC Branch, VN),
Reverse DNS
static-ptr.vndata.vn
Software
nginx /
Resource Hash
54fd3bda9421f5b009ef51984a7c555c4d89c332adee26549a847143d1d0367b

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://bestrewrd.com/visitoronline_us_nonbr/index_6_d.php?device_name=Desktop&browser_name=Chrome&language=en-US&city=New%20York&clickid=7cef2ghqdci7v0f7&campaign=2259&user_id=1&clickcost=0&lander=1445&time=1642607773&browser_version=97.0.4692.71&device_model=Desktop&device_brand=Desktop&resolution=desktop&os_name=Windows&os_version=10.0&country=United%20States&country_code=US&isp=Secure%20Data%20Systems%20SRL&ip=37.120.138.195&user_agent=Mozilla/5.0%20(Windows%20NT%2010.0;%20Win64;%20x64)%20AppleWebKit/537.36%20(KHTML,%20like%20Gecko)%20Chrome/97.0.4692.71%20Safari/537.36&lpkey=163442df653d120873&target=lw&device=DESKTOP&country=US&ts=id3&trafficsource=63&uclick=ghqdci7v&uclickhash=ghqdci7v-ghqdci7v-hesc-168n-ktwj-pm5mwj-xsejwj-57b35d
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date
Thu, 20 Jan 2022 03:56:15 GMT
Content-Encoding
gzip
Last-Modified
Fri, 19 Nov 2021 12:50:51 GMT
Server
nginx
ETag
W/"61979dab-4f34"
Vary
Accept-Encoding
Content-Type
text/css
Cache-Control
max-age=315360000
Transfer-Encoding
chunked
Connection
keep-alive
Expires
Thu, 31 Dec 2037 23:55:55 GMT
jquery-1.11.1.min.js
code.jquery.com/ 		94 KB
33 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://code.jquery.com/jquery-1.11.1.min.js
Requested by
Host: bestrewrd.com
URL: https://bestrewrd.com/visitoronline_us_nonbr/index_6_d.php?device_name=Desktop&browser_name=Chrome&language=en-US&city=New%20York&clickid=7cef2ghqdci7v0f7&campaign=2259&user_id=1&clickcost=0&lander=1445&time=1642607773&browser_version=97.0.4692.71&device_model=Desktop&device_brand=Desktop&resolution=desktop&os_name=Windows&os_version=10.0&country=United%20States&country_code=US&isp=Secure%20Data%20Systems%20SRL&ip=37.120.138.195&user_agent=Mozilla/5.0%20(Windows%20NT%2010.0;%20Win64;%20x64)%20AppleWebKit/537.36%20(KHTML,%20like%20Gecko)%20Chrome/97.0.4692.71%20Safari/537.36&lpkey=163442df653d120873&target=lw&device=DESKTOP&country=US&ts=id3&trafficsource=63&uclick=ghqdci7v&uclickhash=ghqdci7v-ghqdci7v-hesc-168n-ktwj-pm5mwj-xsejwj-57b35d
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
69.16.175.10 , United States, ASN20446 (HIGHWINDS3, US),
Reverse DNS
tlb.hwcdn.net
Software
nginx /
Resource Hash
540bc6dec1dd4b92ea4d3fb903f69eabf6d919afd48f4e312b163c28cff0f441

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://bestrewrd.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Thu, 20 Jan 2022 03:56:15 GMT
content-encoding
gzip
last-modified
Fri, 24 Oct 2014 00:16:07 GMT
server
nginx
etag
"54499a47-1762a"
vary
Accept-Encoding
x-hw
1642650975.dop035.ny3.t,1642650975.cds202.ny3.hn,1642650975.cds144.ny3.c
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=315360000, public
accept-ranges
bytes
content-length
33202
script_5_d.js
bestrewrd.com/visitoronline_us_nonbr/js/ 		36 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://bestrewrd.com/visitoronline_us_nonbr/js/script_5_d.js
Requested by
Host: bestrewrd.com
URL: https://bestrewrd.com/visitoronline_us_nonbr/index_6_d.php?device_name=Desktop&browser_name=Chrome&language=en-US&city=New%20York&clickid=7cef2ghqdci7v0f7&campaign=2259&user_id=1&clickcost=0&lander=1445&time=1642607773&browser_version=97.0.4692.71&device_model=Desktop&device_brand=Desktop&resolution=desktop&os_name=Windows&os_version=10.0&country=United%20States&country_code=US&isp=Secure%20Data%20Systems%20SRL&ip=37.120.138.195&user_agent=Mozilla/5.0%20(Windows%20NT%2010.0;%20Win64;%20x64)%20AppleWebKit/537.36%20(KHTML,%20like%20Gecko)%20Chrome/97.0.4692.71%20Safari/537.36&lpkey=163442df653d120873&target=lw&device=DESKTOP&country=US&ts=id3&trafficsource=63&uclick=ghqdci7v&uclickhash=ghqdci7v-ghqdci7v-hesc-168n-ktwj-pm5mwj-xsejwj-57b35d
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
103.140.249.50 , Viet Nam, ASN24088 (HTCHCMC-AS-VN Hanoi Telecom Joint Stock Company - HCMC Branch, VN),
Reverse DNS
static-ptr.vndata.vn
Software
nginx /
Resource Hash
c079c8211069a2a954620b32996ac23ebf653adcb3bb1625a0da42342629a520

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://bestrewrd.com/visitoronline_us_nonbr/index_6_d.php?device_name=Desktop&browser_name=Chrome&language=en-US&city=New%20York&clickid=7cef2ghqdci7v0f7&campaign=2259&user_id=1&clickcost=0&lander=1445&time=1642607773&browser_version=97.0.4692.71&device_model=Desktop&device_brand=Desktop&resolution=desktop&os_name=Windows&os_version=10.0&country=United%20States&country_code=US&isp=Secure%20Data%20Systems%20SRL&ip=37.120.138.195&user_agent=Mozilla/5.0%20(Windows%20NT%2010.0;%20Win64;%20x64)%20AppleWebKit/537.36%20(KHTML,%20like%20Gecko)%20Chrome/97.0.4692.71%20Safari/537.36&lpkey=163442df653d120873&target=lw&device=DESKTOP&country=US&ts=id3&trafficsource=63&uclick=ghqdci7v&uclickhash=ghqdci7v-ghqdci7v-hesc-168n-ktwj-pm5mwj-xsejwj-57b35d
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date
Thu, 20 Jan 2022 03:56:15 GMT
Content-Encoding
gzip
Last-Modified
Wed, 19 Jan 2022 15:30:02 GMT
Server
nginx
ETag
W/"61e82e7a-91ab"
Vary
Accept-Encoding
Content-Type
application/javascript
Cache-Control
max-age=315360000
Transfer-Encoding
chunked
Connection
keep-alive
Expires
Thu, 31 Dec 2037 23:55:55 GMT
giphy.gif
d3e1y4kxkqljcb.cloudfront.net/survey_us_d/nn_survey/ 		15 KB
16 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://d3e1y4kxkqljcb.cloudfront.net/survey_us_d/nn_survey/giphy.gif
Requested by
Host: bestrewrd.com
URL: https://bestrewrd.com/visitoronline_us_nonbr/index_6_d.php?device_name=Desktop&browser_name=Chrome&language=en-US&city=New%20York&clickid=7cef2ghqdci7v0f7&campaign=2259&user_id=1&clickcost=0&lander=1445&time=1642607773&browser_version=97.0.4692.71&device_model=Desktop&device_brand=Desktop&resolution=desktop&os_name=Windows&os_version=10.0&country=United%20States&country_code=US&isp=Secure%20Data%20Systems%20SRL&ip=37.120.138.195&user_agent=Mozilla/5.0%20(Windows%20NT%2010.0;%20Win64;%20x64)%20AppleWebKit/537.36%20(KHTML,%20like%20Gecko)%20Chrome/97.0.4692.71%20Safari/537.36&lpkey=163442df653d120873&target=lw&device=DESKTOP&country=US&ts=id3&trafficsource=63&uclick=ghqdci7v&uclickhash=ghqdci7v-ghqdci7v-hesc-168n-ktwj-pm5mwj-xsejwj-57b35d
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.226.39.21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-226-39-21.ewr53.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
9ba6662bdb40bb1a731890fe8a7612ab1724363831a0342e36c2fc4bddd4a7a1

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://bestrewrd.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Thu, 20 Jan 2022 01:42:16 GMT
via
1.1 ba636ce43f1cebcb0c172b8070a33b14.cloudfront.net (CloudFront)
last-modified
Mon, 26 Oct 2020 15:58:58 GMT
server
AmazonS3
age
8040
etag
"45f10d30ce7014885a2d438941a16d3a"
x-cache
Hit from cloudfront
x-amz-version-id
null
x-amz-cf-pop
EWR53-C2
accept-ranges
bytes
content-type
image/gif
content-length
15537
x-amz-cf-id
ppKCCTeBv_hM_nvXTuFKlWBltOUk6S_Vk4hHDt-31pUjqsOojc83Xw==
redirect_bin.js
bestrewrd.com/ 		551 B
869 B 		Script
General
Check archive.org
Download Go to
Full URL
https://bestrewrd.com/redirect_bin.js
Requested by
Host: bestrewrd.com
URL: https://bestrewrd.com/visitoronline_us_nonbr/index_6_d.php?device_name=Desktop&browser_name=Chrome&language=en-US&city=New%20York&clickid=7cef2ghqdci7v0f7&campaign=2259&user_id=1&clickcost=0&lander=1445&time=1642607773&browser_version=97.0.4692.71&device_model=Desktop&device_brand=Desktop&resolution=desktop&os_name=Windows&os_version=10.0&country=United%20States&country_code=US&isp=Secure%20Data%20Systems%20SRL&ip=37.120.138.195&user_agent=Mozilla/5.0%20(Windows%20NT%2010.0;%20Win64;%20x64)%20AppleWebKit/537.36%20(KHTML,%20like%20Gecko)%20Chrome/97.0.4692.71%20Safari/537.36&lpkey=163442df653d120873&target=lw&device=DESKTOP&country=US&ts=id3&trafficsource=63&uclick=ghqdci7v&uclickhash=ghqdci7v-ghqdci7v-hesc-168n-ktwj-pm5mwj-xsejwj-57b35d
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
103.140.249.50 , Viet Nam, ASN24088 (HTCHCMC-AS-VN Hanoi Telecom Joint Stock Company - HCMC Branch, VN),
Reverse DNS
static-ptr.vndata.vn
Software
nginx /
Resource Hash
595fc9d77aaa41cb01936f11d16d156a8c571faace86be0e10634aeaf3e924ce

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://bestrewrd.com/visitoronline_us_nonbr/index_6_d.php?device_name=Desktop&browser_name=Chrome&language=en-US&city=New%20York&clickid=7cef2ghqdci7v0f7&campaign=2259&user_id=1&clickcost=0&lander=1445&time=1642607773&browser_version=97.0.4692.71&device_model=Desktop&device_brand=Desktop&resolution=desktop&os_name=Windows&os_version=10.0&country=United%20States&country_code=US&isp=Secure%20Data%20Systems%20SRL&ip=37.120.138.195&user_agent=Mozilla/5.0%20(Windows%20NT%2010.0;%20Win64;%20x64)%20AppleWebKit/537.36%20(KHTML,%20like%20Gecko)%20Chrome/97.0.4692.71%20Safari/537.36&lpkey=163442df653d120873&target=lw&device=DESKTOP&country=US&ts=id3&trafficsource=63&uclick=ghqdci7v&uclickhash=ghqdci7v-ghqdci7v-hesc-168n-ktwj-pm5mwj-xsejwj-57b35d
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date
Thu, 20 Jan 2022 03:56:15 GMT
Last-Modified
Sat, 20 Nov 2021 11:31:15 GMT
Server
nginx
ETag
"6198dc83-227"
Content-Type
application/javascript
Cache-Control
max-age=315360000
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
551
Expires
Thu, 31 Dec 2037 23:55:55 GMT
css2
fonts.googleapis.com/ 		8 KB
816 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css2?family=Roboto:ital,wght@0,400;0,700;1,300;1,700&display=swap
Requested by
Host: bestrewrd.com
URL: https://bestrewrd.com/visitoronline_us_nonbr/css/main_1_d.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.64.74 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s30-in-f10.1e100.net
Software
ESF /
Resource Hash
33284fe633022dc52abfaa8f476c0642cc34d552861bdd2924b60a3edd68b882
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://bestrewrd.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Thu, 20 Jan 2022 03:56:15 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
date
Thu, 20 Jan 2022 03:56:15 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Thu, 20 Jan 2022 03:56:15 GMT
css2
fonts.googleapis.com/ 		2 KB
973 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css2?family=Barlow:wght@400;700&display=swap
Requested by
Host: bestrewrd.com
URL: https://bestrewrd.com/visitoronline_us_nonbr/css/main_1_d.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.64.74 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s30-in-f10.1e100.net
Software
ESF /
Resource Hash
baa5f5f917fb3ed0c1c2c52a17298805a10e6fa41a1adbcd6d06c85c882cfae1
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://bestrewrd.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Thu, 20 Jan 2022 03:56:15 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
date
Thu, 20 Jan 2022 03:56:15 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Thu, 20 Jan 2022 03:56:15 GMT
new_sprite_8.png
d3e1y4kxkqljcb.cloudfront.net/survey_us_d/ 		22 KB
23 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://d3e1y4kxkqljcb.cloudfront.net/survey_us_d/new_sprite_8.png
Requested by
Host: bestrewrd.com
URL: https://bestrewrd.com/visitoronline_us_nonbr/css/main_1_d.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.226.39.21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-226-39-21.ewr53.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
703b205caa6038e17c88e792100955746b321bd0497970bc9c6b2f967749f8ec

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://bestrewrd.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

x-amz-server-side-encryption
AES256
date
Wed, 19 Jan 2022 05:37:17 GMT
via
1.1 ba636ce43f1cebcb0c172b8070a33b14.cloudfront.net (CloudFront)
last-modified
Fri, 19 Nov 2021 12:44:09 GMT
server
AmazonS3
age
80339
etag
"070a2d22130ab75690b701c22a1e2974"
x-cache
Hit from cloudfront
x-amz-version-id
9ej7nRvFwrLI5itWKzvrD34ghG5wlzfS
x-amz-cf-pop
EWR53-C2
accept-ranges
bytes
content-type
image/png
content-length
22737
x-amz-cf-id
BMTTKghdqQHpqeX7heoCxb4xnPfUHeJd-uuyGzmqlwcHsHRPi_ltkw==
line_background4.png
d3e1y4kxkqljcb.cloudfront.net/survey_us_d/ 		61 KB
62 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://d3e1y4kxkqljcb.cloudfront.net/survey_us_d/line_background4.png
Requested by
Host: bestrewrd.com
URL: https://bestrewrd.com/visitoronline_us_nonbr/index_6_d.php?device_name=Desktop&browser_name=Chrome&language=en-US&city=New%20York&clickid=7cef2ghqdci7v0f7&campaign=2259&user_id=1&clickcost=0&lander=1445&time=1642607773&browser_version=97.0.4692.71&device_model=Desktop&device_brand=Desktop&resolution=desktop&os_name=Windows&os_version=10.0&country=United%20States&country_code=US&isp=Secure%20Data%20Systems%20SRL&ip=37.120.138.195&user_agent=Mozilla/5.0%20(Windows%20NT%2010.0;%20Win64;%20x64)%20AppleWebKit/537.36%20(KHTML,%20like%20Gecko)%20Chrome/97.0.4692.71%20Safari/537.36&lpkey=163442df653d120873&target=lw&device=DESKTOP&country=US&ts=id3&trafficsource=63&uclick=ghqdci7v&uclickhash=ghqdci7v-ghqdci7v-hesc-168n-ktwj-pm5mwj-xsejwj-57b35d
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.226.39.21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-226-39-21.ewr53.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
9144afcf99db928e2f67372c78684c5e4d37352700f47abb00992fe60155fae7

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://bestrewrd.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

x-amz-server-side-encryption
AES256
date
Thu, 20 Jan 2022 01:42:37 GMT
via
1.1 ba636ce43f1cebcb0c172b8070a33b14.cloudfront.net (CloudFront)
last-modified
Mon, 23 Aug 2021 15:43:45 GMT
server
AmazonS3
age
8019
etag
"375e3524d7f8353cb120bb59e9b66c05"
x-cache
Hit from cloudfront
x-amz-version-id
MhoF05G5kGnYWTDTNUZnmaMztuyzUHC3
x-amz-cf-pop
EWR53-C2
accept-ranges
bytes
content-type
image/png
content-length
62543
x-amz-cf-id
fpJb7eZ2pFtIM717Jjx0cEYrwYkc3K8CH3QcpMcHgGQpZ-F-7poZEA==
KFOlCnqEu92Fr1MmWUlfBBc4.woff2
fonts.gstatic.com/s/roboto/v29/ 		15 KB
16 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/roboto/v29/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Roboto:ital,wght@0,400;0,700;1,300;1,700&display=swap
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.65.227 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga25s73-in-f3.1e100.net
Software
sffe /
Resource Hash
0eaeadb58e6995ba85eccb6198aaef77eeb1d4b66699e4e1f3fc10eb6adfcdb9
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://bestrewrd.com
Accept-Language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Thu, 13 Jan 2022 08:30:30 GMT
x-content-type-options
nosniff
age
588345
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
15828
x-xss-protection
0
last-modified
Wed, 22 Sep 2021 16:13:28 GMT
server
sffe
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="apps-themes"
expires
Fri, 13 Jan 2023 08:30:30 GMT
KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v29/ 		15 KB
15 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/roboto/v29/KFOmCnqEu92Fr1Mu4mxK.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Roboto:ital,wght@0,400;0,700;1,300;1,700&display=swap
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.65.227 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga25s73-in-f3.1e100.net
Software
sffe /
Resource Hash
cc46322d5c4d41da447f26f7fa714827f2ec9a112968c12ef5736c7494985eca
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://bestrewrd.com
Accept-Language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Sat, 15 Jan 2022 07:38:42 GMT
x-content-type-options
nosniff
age
418653
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
15688
x-xss-protection
0
last-modified
Wed, 22 Sep 2021 16:13:19 GMT
server
sffe
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="apps-themes"
expires
Sun, 15 Jan 2023 07:38:42 GMT
7cHqv4kjgoGqM7E3t-4s51os.woff2
fonts.gstatic.com/s/barlow/v5/ 		21 KB
21 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/barlow/v5/7cHqv4kjgoGqM7E3t-4s51os.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Barlow:wght@400;700&display=swap
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.65.227 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga25s73-in-f3.1e100.net
Software
sffe /
Resource Hash
4c52e4274ebdbe29cd5b4983d888c247496b6d3bb55e05d4c0769d1b946d14f8
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://bestrewrd.com
Accept-Language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Thu, 13 Jan 2022 08:04:54 GMT
x-content-type-options
nosniff
age
589881
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
21080
x-xss-protection
0
last-modified
Thu, 10 Sep 2020 17:05:19 GMT
server
sffe
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="apps-themes"
expires
Fri, 13 Jan 2023 08:04:54 GMT
KFOjCnqEu92Fr1Mu51TjASc6CsQ.woff2
fonts.gstatic.com/s/roboto/v29/ 		17 KB
17 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/roboto/v29/KFOjCnqEu92Fr1Mu51TjASc6CsQ.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Roboto:ital,wght@0,400;0,700;1,300;1,700&display=swap
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.65.227 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga25s73-in-f3.1e100.net
Software
sffe /
Resource Hash
4c7856c0d39606a745670d4c03525f3644fe65304191be208516def923cc3762
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://bestrewrd.com
Accept-Language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Thu, 13 Jan 2022 08:05:06 GMT
x-content-type-options
nosniff
age
589869
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
17484
x-xss-protection
0
last-modified
Wed, 22 Sep 2021 16:13:21 GMT
server
sffe
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="apps-themes"
expires
Fri, 13 Jan 2023 08:05:06 GMT
new_footer2.png
d3e1y4kxkqljcb.cloudfront.net/survey_us_d/ 		8 KB
9 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://d3e1y4kxkqljcb.cloudfront.net/survey_us_d/new_footer2.png
Requested by
Host: bestrewrd.com
URL: https://bestrewrd.com/visitoronline_us_nonbr/index_6_d.php?device_name=Desktop&browser_name=Chrome&language=en-US&city=New%20York&clickid=7cef2ghqdci7v0f7&campaign=2259&user_id=1&clickcost=0&lander=1445&time=1642607773&browser_version=97.0.4692.71&device_model=Desktop&device_brand=Desktop&resolution=desktop&os_name=Windows&os_version=10.0&country=United%20States&country_code=US&isp=Secure%20Data%20Systems%20SRL&ip=37.120.138.195&user_agent=Mozilla/5.0%20(Windows%20NT%2010.0;%20Win64;%20x64)%20AppleWebKit/537.36%20(KHTML,%20like%20Gecko)%20Chrome/97.0.4692.71%20Safari/537.36&lpkey=163442df653d120873&target=lw&device=DESKTOP&country=US&ts=id3&trafficsource=63&uclick=ghqdci7v&uclickhash=ghqdci7v-ghqdci7v-hesc-168n-ktwj-pm5mwj-xsejwj-57b35d
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.226.39.21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-226-39-21.ewr53.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
38698bd6030ccf4376df80dc1080041bad75f3ea78d7aae8482c190398f36efc

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://bestrewrd.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

x-amz-server-side-encryption
AES256
date
Wed, 19 Jan 2022 05:37:17 GMT
via
1.1 ba636ce43f1cebcb0c172b8070a33b14.cloudfront.net (CloudFront)
last-modified
Thu, 16 Dec 2021 14:42:21 GMT
server
AmazonS3
age
80339
etag
"619490af4a1c1203e96f1971f8c5a754"
x-cache
Hit from cloudfront
x-amz-version-id
yBLYCULXABmGaPHdCaVR884WdkPQwV4V
x-amz-cf-pop
EWR53-C2
accept-ranges
bytes
content-type
image/png
content-length
8408
x-amz-cf-id
uQLdDEmn425ScIbP6f70pY9CmtYskmBPXaha1QOBKSASNBGnX6iT_Q==
gift.css
bestrewrd.com/visitoronline_us_nonbr/css/ 		790 B
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://bestrewrd.com/visitoronline_us_nonbr/css/gift.css
Requested by
Host: code.jquery.com
URL: https://code.jquery.com/jquery-1.11.1.min.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
103.140.249.50 , Viet Nam, ASN24088 (HTCHCMC-AS-VN Hanoi Telecom Joint Stock Company - HCMC Branch, VN),
Reverse DNS
static-ptr.vndata.vn
Software
nginx /
Resource Hash
bd1acc174c163ada5660f8d2ebd24a6d3cefea2728ba12d3e712c1b25eef5672

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://bestrewrd.com/visitoronline_us_nonbr/index_6_d.php?device_name=Desktop&browser_name=Chrome&language=en-US&city=New%20York&clickid=7cef2ghqdci7v0f7&campaign=2259&user_id=1&clickcost=0&lander=1445&time=1642607773&browser_version=97.0.4692.71&device_model=Desktop&device_brand=Desktop&resolution=desktop&os_name=Windows&os_version=10.0&country=United%20States&country_code=US&isp=Secure%20Data%20Systems%20SRL&ip=37.120.138.195&user_agent=Mozilla/5.0%20(Windows%20NT%2010.0;%20Win64;%20x64)%20AppleWebKit/537.36%20(KHTML,%20like%20Gecko)%20Chrome/97.0.4692.71%20Safari/537.36&lpkey=163442df653d120873&target=lw&device=DESKTOP&country=US&ts=id3&trafficsource=63&uclick=ghqdci7v&uclickhash=ghqdci7v-ghqdci7v-hesc-168n-ktwj-pm5mwj-xsejwj-57b35d
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date
Thu, 20 Jan 2022 03:56:16 GMT
Last-Modified
Wed, 24 Nov 2021 12:33:18 GMT
Server
nginx
ETag
"619e310e-316"
Content-Type
text/css
Cache-Control
max-age=315360000
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
790
Expires
Thu, 31 Dec 2037 23:55:55 GMT
lw.css
bestrewrd.com/visitoronline_us_nonbr/css/ 		2 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://bestrewrd.com/visitoronline_us_nonbr/css/lw.css
Requested by
Host: code.jquery.com
URL: https://code.jquery.com/jquery-1.11.1.min.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
103.140.249.50 , Viet Nam, ASN24088 (HTCHCMC-AS-VN Hanoi Telecom Joint Stock Company - HCMC Branch, VN),
Reverse DNS
static-ptr.vndata.vn
Software
nginx /
Resource Hash
b8170507fc250385522c23b7f4ab131a970a4d41ada27d3751cf4ebff54dde61

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://bestrewrd.com/visitoronline_us_nonbr/index_6_d.php?device_name=Desktop&browser_name=Chrome&language=en-US&city=New%20York&clickid=7cef2ghqdci7v0f7&campaign=2259&user_id=1&clickcost=0&lander=1445&time=1642607773&browser_version=97.0.4692.71&device_model=Desktop&device_brand=Desktop&resolution=desktop&os_name=Windows&os_version=10.0&country=United%20States&country_code=US&isp=Secure%20Data%20Systems%20SRL&ip=37.120.138.195&user_agent=Mozilla/5.0%20(Windows%20NT%2010.0;%20Win64;%20x64)%20AppleWebKit/537.36%20(KHTML,%20like%20Gecko)%20Chrome/97.0.4692.71%20Safari/537.36&lpkey=163442df653d120873&target=lw&device=DESKTOP&country=US&ts=id3&trafficsource=63&uclick=ghqdci7v&uclickhash=ghqdci7v-ghqdci7v-hesc-168n-ktwj-pm5mwj-xsejwj-57b35d
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date
Thu, 20 Jan 2022 03:56:16 GMT
Content-Encoding
gzip
Last-Modified
Mon, 12 Jul 2021 15:13:28 GMT
Server
nginx
ETag
W/"60ec5c18-9e6"
Vary
Accept-Encoding
Content-Type
text/css
Cache-Control
max-age=315360000
Transfer-Encoding
chunked
Connection
keep-alive
Expires
Thu, 31 Dec 2037 23:55:55 GMT
lw.json
bestrewrd.com/visitoronline_us_nonbr/datas/ 		883 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://bestrewrd.com/visitoronline_us_nonbr/datas/lw.json
Requested by
Host: code.jquery.com
URL: https://code.jquery.com/jquery-1.11.1.min.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
103.140.249.50 , Viet Nam, ASN24088 (HTCHCMC-AS-VN Hanoi Telecom Joint Stock Company - HCMC Branch, VN),
Reverse DNS
static-ptr.vndata.vn
Software
nginx /
Resource Hash
4026184fb4096358113d7718bf75520f2de835f9190de8f640ce6e6d8d7ed4f1

Request headers

Accept
application/json, text/javascript, */*; q=0.01
Referer
https://bestrewrd.com/visitoronline_us_nonbr/index_6_d.php?device_name=Desktop&browser_name=Chrome&language=en-US&city=New%20York&clickid=7cef2ghqdci7v0f7&campaign=2259&user_id=1&clickcost=0&lander=1445&time=1642607773&browser_version=97.0.4692.71&device_model=Desktop&device_brand=Desktop&resolution=desktop&os_name=Windows&os_version=10.0&country=United%20States&country_code=US&isp=Secure%20Data%20Systems%20SRL&ip=37.120.138.195&user_agent=Mozilla/5.0%20(Windows%20NT%2010.0;%20Win64;%20x64)%20AppleWebKit/537.36%20(KHTML,%20like%20Gecko)%20Chrome/97.0.4692.71%20Safari/537.36&lpkey=163442df653d120873&target=lw&device=DESKTOP&country=US&ts=id3&trafficsource=63&uclick=ghqdci7v&uclickhash=ghqdci7v-ghqdci7v-hesc-168n-ktwj-pm5mwj-xsejwj-57b35d
X-Requested-With
XMLHttpRequest
Accept-Language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date
Thu, 20 Jan 2022 03:56:16 GMT
Last-Modified
Mon, 12 Jul 2021 15:14:09 GMT
Server
nginx
ETag
"373-5c6ee92b2c7c0"
Content-Type
application/json
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
883
gift_card_lw.png
d3e1y4kxkqljcb.cloudfront.net/survey_us_d/gift_card/ 		36 KB
37 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://d3e1y4kxkqljcb.cloudfront.net/survey_us_d/gift_card/gift_card_lw.png
Requested by
Host: bestrewrd.com
URL: https://bestrewrd.com/visitoronline_us_nonbr/index_6_d.php?device_name=Desktop&browser_name=Chrome&language=en-US&city=New%20York&clickid=7cef2ghqdci7v0f7&campaign=2259&user_id=1&clickcost=0&lander=1445&time=1642607773&browser_version=97.0.4692.71&device_model=Desktop&device_brand=Desktop&resolution=desktop&os_name=Windows&os_version=10.0&country=United%20States&country_code=US&isp=Secure%20Data%20Systems%20SRL&ip=37.120.138.195&user_agent=Mozilla/5.0%20(Windows%20NT%2010.0;%20Win64;%20x64)%20AppleWebKit/537.36%20(KHTML,%20like%20Gecko)%20Chrome/97.0.4692.71%20Safari/537.36&lpkey=163442df653d120873&target=lw&device=DESKTOP&country=US&ts=id3&trafficsource=63&uclick=ghqdci7v&uclickhash=ghqdci7v-ghqdci7v-hesc-168n-ktwj-pm5mwj-xsejwj-57b35d
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.226.39.21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-226-39-21.ewr53.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
a0f5b3ad9a90ac26aabe085fc9db6a361a70ce5ec760758be46e9583199f4569

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://bestrewrd.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

x-amz-server-side-encryption
AES256
date
Wed, 19 Jan 2022 11:40:16 GMT
via
1.1 ba636ce43f1cebcb0c172b8070a33b14.cloudfront.net (CloudFront)
last-modified
Mon, 22 Nov 2021 15:29:05 GMT
server
AmazonS3
age
58560
etag
"1c560428130cd63de12ae258211ad10e"
x-cache
Hit from cloudfront
x-amz-version-id
kd5Lj_YmV_C2BC4aZiUYnLzL1_DGdrUU
x-amz-cf-pop
EWR53-C2
accept-ranges
bytes
content-type
image/png
content-length
37232
x-amz-cf-id
q7cGOSHveqbYreC4ecTzSLEry5qBq-1TpEvuipABE7IG3CGU0y1DNA==
design_system_a_900-webfont.woff2
bestrewrd.com/visitoronline_us_nonbr/fonts/ 		14 KB
14 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://bestrewrd.com/visitoronline_us_nonbr/fonts/design_system_a_900-webfont.woff2
Requested by
Host: bestrewrd.com
URL: https://bestrewrd.com/visitoronline_us_nonbr/css/lw.css
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
103.140.249.50 , Viet Nam, ASN24088 (HTCHCMC-AS-VN Hanoi Telecom Joint Stock Company - HCMC Branch, VN),
Reverse DNS
static-ptr.vndata.vn
Software
nginx /
Resource Hash
1d663a023a73f2ba8563a69da9cffc6571ceedba45deda00b1b707ff1f0f5443

Request headers

Referer
https://bestrewrd.com/visitoronline_us_nonbr/css/lw.css
Origin
https://bestrewrd.com
Accept-Language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date
Thu, 20 Jan 2022 03:56:16 GMT
Last-Modified
Mon, 12 Jul 2021 15:14:28 GMT
Server
nginx
Connection
keep-alive
Accept-Ranges
bytes
ETag
"3728-5c6ee93dc92e0"
Content-Length
14120

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Customer Survey Spam (Consumer)

34 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| $ function| jQuery function| $_GET object| months object| days object| time object| d string| dateNow object| now string| targets string| ip string| campaign string| gift string| css function| loadingData function| drawszlider function| timer string| target object| jQuery1111007687681955727532 string| redirect_url string| back_url_link function| isIE object| comments function| startTimer number| slidewhere number| holvanszlider function| loadingOffers function| timer1 object| mydate number| year number| day number| month number| daym string| titleOut

3 Cookies

Domain/Path Name / Value
lamentablesoggy.com/ Name: uid25151
Value: 1234426082-20220119225612-3b6764926c7bed59d5d7c155f2590882-
lpstrk.com/ Name: uclick
Value: ghqdci7v
lpstrk.com/ Name: uclickhash
Value: ghqdci7v-ghqdci7v-hesc-168n-ktwj-pm5mwj-xsejwj-57b35d

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

bestrewrd.com
code.jquery.com
d3e1y4kxkqljcb.cloudfront.net
fonts.googleapis.com
fonts.gstatic.com
handlehere.com
lamentablesoggy.com
lpstrk.com
s3.us-west-2.amazonaws.com
103.140.249.49
103.140.249.50
13.226.39.21
142.250.64.74
142.250.65.227
52.218.176.128
66.206.0.170
69.16.175.10
85.209.159.205
0eaeadb58e6995ba85eccb6198aaef77eeb1d4b66699e4e1f3fc10eb6adfcdb9
1d663a023a73f2ba8563a69da9cffc6571ceedba45deda00b1b707ff1f0f5443
33284fe633022dc52abfaa8f476c0642cc34d552861bdd2924b60a3edd68b882
38698bd6030ccf4376df80dc1080041bad75f3ea78d7aae8482c190398f36efc
4026184fb4096358113d7718bf75520f2de835f9190de8f640ce6e6d8d7ed4f1
47c802ec4479599b88b800eca121978ef6fb4cdd5042027a927a626c2b2a60c6
4c52e4274ebdbe29cd5b4983d888c247496b6d3bb55e05d4c0769d1b946d14f8
4c7856c0d39606a745670d4c03525f3644fe65304191be208516def923cc3762
540bc6dec1dd4b92ea4d3fb903f69eabf6d919afd48f4e312b163c28cff0f441
54fd3bda9421f5b009ef51984a7c555c4d89c332adee26549a847143d1d0367b
595fc9d77aaa41cb01936f11d16d156a8c571faace86be0e10634aeaf3e924ce
703b205caa6038e17c88e792100955746b321bd0497970bc9c6b2f967749f8ec
9144afcf99db928e2f67372c78684c5e4d37352700f47abb00992fe60155fae7
9ba6662bdb40bb1a731890fe8a7612ab1724363831a0342e36c2fc4bddd4a7a1
a0f5b3ad9a90ac26aabe085fc9db6a361a70ce5ec760758be46e9583199f4569
b4879476c77b76dc8adb1ddc4b4b6c1785834ff3f793c7d8e5c2307173d265b5
b8170507fc250385522c23b7f4ab131a970a4d41ada27d3751cf4ebff54dde61
baa5f5f917fb3ed0c1c2c52a17298805a10e6fa41a1adbcd6d06c85c882cfae1
bd1acc174c163ada5660f8d2ebd24a6d3cefea2728ba12d3e712c1b25eef5672
c079c8211069a2a954620b32996ac23ebf653adcb3bb1625a0da42342629a520
cc46322d5c4d41da447f26f7fa714827f2ec9a112968c12ef5736c7494985eca
df8c0ddcc30122b5394c2208dfb4edcaa1b61856aa1769e09abc601bbea62cd6