gobestreward.com
Open in
urlscan Pro
103.140.249.50
Malicious Activity!
Public Scan
Effective URL: https://gobestreward.com/visitoronline_us_nonbr/index_16_d.php?device_name=Desktop&browser_name=Chrome%20Mobile&language=...
Submission: On December 29 via api from BE — Scanned from US
Summary
TLS certificate: Issued by R3 on November 4th 2021. Valid for: 3 months.
This is the only time gobestreward.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Customer Survey Spam (Consumer)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 | 52.219.112.65 52.219.112.65 | 16509 (AMAZON-02) (AMAZON-02) | |
1 1 | 185.254.198.158 185.254.198.158 | 30860 (YURTEH-AS) (YURTEH-AS) | |
1 1 | 35.204.218.225 35.204.218.225 | 396982 (GOOGLE-PR...) (GOOGLE-PRIVATE-CLOUD) | |
1 1 | 103.140.249.49 103.140.249.49 | 24088 (HTCHCMC-A...) (HTCHCMC-AS-VN Hanoi Telecom Joint Stock Company - HCMC Branch) | |
9 | 103.140.249.50 103.140.249.50 | 24088 (HTCHCMC-A...) (HTCHCMC-AS-VN Hanoi Telecom Joint Stock Company - HCMC Branch) | |
1 | 2001:4de0:ac1... 2001:4de0:ac18::1:a:3a | 20446 (HIGHWINDS3) (HIGHWINDS3) | |
9 | 2600:9000:220... 2600:9000:2201:5800:b:4623:cac0:21 | 16509 (AMAZON-02) (AMAZON-02) | |
2 | 2607:f8b0:400... 2607:f8b0:4006:80e::200a | 15169 (GOOGLE) (GOOGLE) | |
5 | 2607:f8b0:400... 2607:f8b0:4006:80c::2003 | 15169 (GOOGLE) (GOOGLE) | |
27 | 6 |
ASN16509 (AMAZON-02, US)
PTR: s3-us-west-1-r-w.amazonaws.com
fgbnvbncvortyrty.s3.us-west-1.amazonaws.com |
ASN30860 (YURTEH-AS, UA)
PTR: dedicated.vsys.host
jinkan.selectorks.com |
ASN396982 (GOOGLE-PRIVATE-CLOUD, US)
PTR: 225.218.204.35.bc.googleusercontent.com
desklegger.com |
ASN24088 (HTCHCMC-AS-VN Hanoi Telecom Joint Stock Company - HCMC Branch, VN)
PTR: static-ptr.vndata.vn
lpstrk.com |
ASN24088 (HTCHCMC-AS-VN Hanoi Telecom Joint Stock Company - HCMC Branch, VN)
PTR: static-ptr.vndata.vn
gobestreward.com |
ASN16509 (AMAZON-02, US)
d3e1y4kxkqljcb.cloudfront.net |
Apex Domain Subdomains |
Transfer | |
---|---|---|
9 |
cloudfront.net
d3e1y4kxkqljcb.cloudfront.net |
258 KB |
9 |
gobestreward.com
gobestreward.com |
24 KB |
5 |
gstatic.com
fonts.gstatic.com |
86 KB |
2 |
googleapis.com
fonts.googleapis.com |
2 KB |
1 |
jquery.com
code.jquery.com |
33 KB |
1 |
lpstrk.com
1 redirects
lpstrk.com |
1 KB |
1 |
desklegger.com
1 redirects
desklegger.com |
753 B |
1 |
selectorks.com
1 redirects
jinkan.selectorks.com |
483 B |
1 |
amazonaws.com
fgbnvbncvortyrty.s3.us-west-1.amazonaws.com |
465 B |
27 | 9 |
Domain | Requested by | |
---|---|---|
9 | d3e1y4kxkqljcb.cloudfront.net |
gobestreward.com
|
9 | gobestreward.com |
fgbnvbncvortyrty.s3.us-west-1.amazonaws.com
gobestreward.com code.jquery.com |
5 | fonts.gstatic.com |
fonts.googleapis.com
|
2 | fonts.googleapis.com |
gobestreward.com
|
1 | code.jquery.com |
gobestreward.com
|
1 | lpstrk.com | 1 redirects |
1 | desklegger.com | 1 redirects |
1 | jinkan.selectorks.com | 1 redirects |
1 | fgbnvbncvortyrty.s3.us-west-1.amazonaws.com | |
27 | 9 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
*.s3-us-west-1.amazonaws.com Amazon |
2021-03-26 - 2022-03-25 |
a year | crt.sh |
gobestreward.com R3 |
2021-11-04 - 2022-02-02 |
3 months | crt.sh |
*.jquery.com Sectigo RSA Domain Validation Secure Server CA |
2021-07-14 - 2022-08-14 |
a year | crt.sh |
*.cloudfront.net Amazon |
2021-03-19 - 2022-03-17 |
a year | crt.sh |
upload.video.google.com GTS CA 1C3 |
2021-11-29 - 2022-02-21 |
3 months | crt.sh |
*.gstatic.com GTS CA 1C3 |
2021-11-29 - 2022-02-21 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://gobestreward.com/visitoronline_us_nonbr/index_16_d.php?device_name=Desktop&browser_name=Chrome%20Mobile&language=en-US&city=New%20York&clickid=756efnta1sygm8a0&campaign=104&user_id=1&clickcost=0&lander=1417&time=1640743960&browser_version=96.0.4664.93&device_model=Desktop&device_brand=Desktop&resolution=desktop&os_name=Windows&os_version=10.0&country=United%20States&country_code=US&isp=M247%20Europe%20SRL&ip=87.101.95.205&user_agent=Mozilla/5.0%20(Windows%20NT%2010.0;%20Win64;%20x64)%20AppleWebKit/537.36%20(KHTML,%20like%20Gecko)%20Chrome/96.0.4664.93%20Safari/537.36&lpkey=166040d27802742160&target=amz&device=DESKTOP&country=US&ts=Unknown&trafficsource=2&uclick=nta1sygm&uclickhash=nta1sygm-nta1sygm-2twj-hei4-3vi4-pmiri4-usfti4-20d337
Frame ID: 1A22588773FDED428122FA80EBA10611
Requests: 27 HTTP requests in this frame
Screenshot
Page Title
[1] Reward Pending!Page URL History Show full URLs
- https://fgbnvbncvortyrty.s3.us-west-1.amazonaws.com/reptjkjgfhjfgjh.html Page URL
-
http://jinkan.selectorks.com/mauara.html?od=1syo61cb55b8d372a_vl_inboxvl_1214.6gjlyh0.C0000rh1p7s1drg03c_...
HTTP 302
https://desklegger.com/?a=923&oc=11065&c=40627&m=3&s1=mauara__dc182011258a5800a5f21&s2=yo121|M21unJ... HTTP 302
https://lpstrk.com/click.php?key=eljhrwyt2vaurnwctqxh&clickid=229310216&affid=923&target=amz HTTP 302
https://gobestreward.com/visitoronline_us_nonbr/index_16_d.php?device_name=Desktop&browser_name=Chrom... Page URL
Detected technologies
PHP (Programming Languages) ExpandDetected patterns
- \.php(?:$|\?)
jQuery (JavaScript Libraries) Expand
Detected patterns
- jquery[.-]([\d.]*\d)[^/]*\.js
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
- https://fgbnvbncvortyrty.s3.us-west-1.amazonaws.com/reptjkjgfhjfgjh.html Page URL
-
http://jinkan.selectorks.com/mauara.html?od=1syo61cb55b8d372a_vl_inboxvl_1214.6gjlyh0.C0000rh1p7s1drg03c_x11369.h1p7sMmNrN3pnLTB2ZDQ2bHM0x697l
HTTP 302
https://desklegger.com/?a=923&oc=11065&c=40627&m=3&s1=mauara__dc182011258a5800a5f21&s2=yo121|M21unJj=|h1p7s|2ck7zg|0vd46ls|64492|0000rh1p7s|C|M21unJj=|PC|1bmanud&s3=p3yiAwSwLwH1LwuxZmplLI92oS9cozWirUMfKmRlZGD= HTTP 302
https://lpstrk.com/click.php?key=eljhrwyt2vaurnwctqxh&clickid=229310216&affid=923&target=amz HTTP 302
https://gobestreward.com/visitoronline_us_nonbr/index_16_d.php?device_name=Desktop&browser_name=Chrome%20Mobile&language=en-US&city=New%20York&clickid=756efnta1sygm8a0&campaign=104&user_id=1&clickcost=0&lander=1417&time=1640743960&browser_version=96.0.4664.93&device_model=Desktop&device_brand=Desktop&resolution=desktop&os_name=Windows&os_version=10.0&country=United%20States&country_code=US&isp=M247%20Europe%20SRL&ip=87.101.95.205&user_agent=Mozilla/5.0%20(Windows%20NT%2010.0;%20Win64;%20x64)%20AppleWebKit/537.36%20(KHTML,%20like%20Gecko)%20Chrome/96.0.4664.93%20Safari/537.36&lpkey=166040d27802742160&target=amz&device=DESKTOP&country=US&ts=Unknown&trafficsource=2&uclick=nta1sygm&uclickhash=nta1sygm-nta1sygm-2twj-hei4-3vi4-pmiri4-usfti4-20d337 Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
27 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
reptjkjgfhjfgjh.html
fgbnvbncvortyrty.s3.us-west-1.amazonaws.com/ |
109 B 465 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Primary Request
index_16_d.php
gobestreward.com/visitoronline_us_nonbr/ Redirect Chain
|
31 KB 7 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
main_1_d.css
gobestreward.com/visitoronline_us_nonbr/css/ |
20 KB 5 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
bg.css
gobestreward.com/visitoronline_us_nonbr/css/ |
5 KB 889 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
christmas.css
gobestreward.com/ |
4 KB 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery-1.11.1.min.js
code.jquery.com/ |
94 KB 33 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
script_3_d.js
gobestreward.com/visitoronline_us_nonbr/js/ |
30 KB 6 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
giphy.gif
d3e1y4kxkqljcb.cloudfront.net/survey_us_d/nn_survey/ |
15 KB 16 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
redirect_bin.js
gobestreward.com/ |
551 B 869 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
css2
fonts.googleapis.com/ |
8 KB 839 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
css2
fonts.googleapis.com/ |
2 KB 973 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
falling-snow2.png
d3e1y4kxkqljcb.cloudfront.net/survey_us_d/ |
2 KB 3 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
new_sprite_8.png
d3e1y4kxkqljcb.cloudfront.net/survey_us_d/ |
22 KB 23 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
line_background4.png
d3e1y4kxkqljcb.cloudfront.net/survey_us_d/ |
61 KB 62 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
falling-snow1.png
d3e1y4kxkqljcb.cloudfront.net/survey_us_d/ |
3 KB 4 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
KFOlCnqEu92Fr1MmWUlfBBc4.woff2
fonts.gstatic.com/s/roboto/v29/ |
15 KB 16 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v29/ |
15 KB 15 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
7cHqv4kjgoGqM7E3t-4s51os.woff2
fonts.gstatic.com/s/barlow/v5/ |
21 KB 21 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
KFOjCnqEu92Fr1Mu51TjASc6CsQ.woff2
fonts.gstatic.com/s/roboto/v29/ |
17 KB 17 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
new_footer2.png
d3e1y4kxkqljcb.cloudfront.net/survey_us_d/ |
8 KB 9 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
gift.css
gobestreward.com/visitoronline_us_nonbr/css/ |
790 B 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
amz.css
gobestreward.com/visitoronline_us_nonbr/css/ |
4 KB 2 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
amz.json
gobestreward.com/visitoronline_us_nonbr/datas/ |
778 B 1021 B |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
gift_card_amz.png
d3e1y4kxkqljcb.cloudfront.net/survey_us_d/gift_card/ |
39 KB 39 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
chr_banner4.jpg
d3e1y4kxkqljcb.cloudfront.net/survey_us_d/ |
94 KB 95 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
shopper_logo.png
d3e1y4kxkqljcb.cloudfront.net/survey_us_d/ |
9 KB 10 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
KFOjCnqEu92Fr1Mu51TzBic6CsQ.woff2
fonts.gstatic.com/s/roboto/v29/ |
17 KB 17 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Customer Survey Spam (Consumer)34 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
function| $ function| jQuery function| $_GET object| months object| days object| time object| d string| dateNow object| now string| targets string| ip string| src string| gift string| css function| loadingData function| drawszlider function| timer string| target object| jQuery111109994866097655546 string| redirect_url string| back_url_link function| isIE object| comments function| startTimer number| slidewhere number| holvanszlider function| loadingOffers function| timer1 object| mydate number| year number| day number| month number| daym string| titleOut5 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
.desklegger.com/ | Name: som Value: J6Jly0qBAhOhd9tmO5TJIvFNKTSV6O+YVcNOC/r7GA/D01S+ZNKfBg== |
|
.desklegger.com/ | Name: tib Value: uIpRL9mP06dJ3ouCgjx9IvFNKTSV6O+YVcNOC/r7GA/D01S+ZNKfBg== |
|
.desklegger.com/ | Name: c11039 Value: J6Jly0qBAhOzbVMKYZvIuSsxZqHkzLp6S80y+kNzb3v63DbdZ7FYZg== |
|
lpstrk.com/ | Name: uclick Value: nta1sygm |
|
lpstrk.com/ | Name: uclickhash Value: nta1sygm-nta1sygm-2twj-hei4-3vi4-pmiri4-usfti4-20d337 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
code.jquery.com
d3e1y4kxkqljcb.cloudfront.net
desklegger.com
fgbnvbncvortyrty.s3.us-west-1.amazonaws.com
fonts.googleapis.com
fonts.gstatic.com
gobestreward.com
jinkan.selectorks.com
lpstrk.com
103.140.249.49
103.140.249.50
185.254.198.158
2001:4de0:ac18::1:a:3a
2600:9000:2201:5800:b:4623:cac0:21
2607:f8b0:4006:80c::2003
2607:f8b0:4006:80e::200a
35.204.218.225
52.219.112.65
0eaeadb58e6995ba85eccb6198aaef77eeb1d4b66699e4e1f3fc10eb6adfcdb9
2a42cc82f30fbf25a268f6d5a10158e8312a838222da6847158ea4175fa289d4
33284fe633022dc52abfaa8f476c0642cc34d552861bdd2924b60a3edd68b882
38698bd6030ccf4376df80dc1080041bad75f3ea78d7aae8482c190398f36efc
4b6cf80a7dd80e223e45edee5654eecfb915cae309fa90117d96303cb6dbad51
4c52e4274ebdbe29cd5b4983d888c247496b6d3bb55e05d4c0769d1b946d14f8
4c7856c0d39606a745670d4c03525f3644fe65304191be208516def923cc3762
540bc6dec1dd4b92ea4d3fb903f69eabf6d919afd48f4e312b163c28cff0f441
5440ef1b78aee47120227ae8580aa1fb8bb4b0e64299bda26510c2cc22d3c0d9
54fd3bda9421f5b009ef51984a7c555c4d89c332adee26549a847143d1d0367b
595fc9d77aaa41cb01936f11d16d156a8c571faace86be0e10634aeaf3e924ce
62dd9d9afb879ba49b028a9d0618a728ae03a54c353b0708408c90001d21f5f2
703b205caa6038e17c88e792100955746b321bd0497970bc9c6b2f967749f8ec
9144afcf99db928e2f67372c78684c5e4d37352700f47abb00992fe60155fae7
9ba6662bdb40bb1a731890fe8a7612ab1724363831a0342e36c2fc4bddd4a7a1
9ea14fd6d9f81c18003968c53acce96cd7f89b3dfc7e61313344317adf6111ff
a0ec19384aa4febfafa95f360e7919637ccd995636258d0805126ed90e8b8223
b4a1c1882fc1c4a2173198e586f779aed4ac11dfbd7fa175ae98a328cfe22b77
baa5f5f917fb3ed0c1c2c52a17298805a10e6fa41a1adbcd6d06c85c882cfae1
bb27ddcadb53ddb3930f3ff592f9ce9af9dd78e48a6a7a6cab448ba0a0bb7843
bd1acc174c163ada5660f8d2ebd24a6d3cefea2728ba12d3e712c1b25eef5672
c2d5918dfa2aa3d50425697bc297164d66a8c943d1a13f7321a503b78dccf513
cc46322d5c4d41da447f26f7fa714827f2ec9a112968c12ef5736c7494985eca
d4dda9a3dc558faa9ea0932700b2cf97fc2482517860273572c562ae7edd5c3c
d6d0e12414cd6cf2baa7ffd470c74e5c01b269c1e4cadbaade95e6608132d326
ffc777c347e5874ab8195637fa7f3deb637d8d193bd3245003cb68099e1feeae