urlscan.io logo urlscan.io
SecurityTrails logo

gobestreward.com Open in urlscan Pro
103.140.249.50  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://fgbnvbncvortyrty.s3.us-west-1.amazonaws.com/reptjkjgfhjfgjh.html#mauara.html?od=1syo61cb55b8d372a_vl_inboxvl_1214.6gjlyh0.C0000rh1p7s1drg03c...
Effective URL: https://gobestreward.com/visitoronline_us_nonbr/index_16_d.php?device_name=Desktop&browser_name=Chrome%20Mobile&language=...
Submission: On December 29 via api from BE — Scanned from US
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 6 IPs in 3 countries across 9 domains to perform 27 HTTP transactions. The main IP is 103.140.249.50, located in Viet Nam and belongs to HTCHCMC-AS-VN Hanoi Telecom Joint Stock Company - HCMC Branch, VN. The main domain is gobestreward.com.
TLS certificate: Issued by R3 on November 4th 2021. Valid for: 3 months.
This is the only time gobestreward.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Customer Survey Spam (Consumer)

Domain & IP information

IP Address AS Autonomous System
1 52.219.112.65 16509 (AMAZON-02)
1 1 185.254.198.158 30860 (YURTEH-AS)
1 1 35.204.218.225 396982 (GOOGLE-PR...)
1 1 103.140.249.49 24088 (HTCHCMC-A...)
9 103.140.249.50 24088 (HTCHCMC-A...)
1 2001:4de0:ac1... 20446 (HIGHWINDS3)
9 2600:9000:220... 16509 (AMAZON-02)
2 2607:f8b0:400... 15169 (GOOGLE)
5 2607:f8b0:400... 15169 (GOOGLE)
27 6
1    52.219.112.65 (San Jose, United States)

ASN16509 (AMAZON-02, US)
PTR: s3-us-west-1-r-w.amazonaws.com
fgbnvbncvortyrty.s3.us-west-1.amazonaws.com
1    185.254.198.158 (New York, United States)

ASN30860 (YURTEH-AS, UA)
PTR: dedicated.vsys.host
jinkan.selectorks.com
1    35.204.218.225 (Groningen, Netherlands)

ASN396982 (GOOGLE-PRIVATE-CLOUD, US)
PTR: 225.218.204.35.bc.googleusercontent.com
desklegger.com
1    103.140.249.49 (Viet Nam)

ASN24088 (HTCHCMC-AS-VN Hanoi Telecom Joint Stock Company - HCMC Branch, VN)
PTR: static-ptr.vndata.vn
lpstrk.com
9    103.140.249.50 (Viet Nam)

ASN24088 (HTCHCMC-AS-VN Hanoi Telecom Joint Stock Company - HCMC Branch, VN)
PTR: static-ptr.vndata.vn
gobestreward.com
1    2001:4de0:ac18::1:a:3a (Netherlands)

ASN20446 (HIGHWINDS3, US)
code.jquery.com
9    2600:9000:2201:5800:b:4623:cac0:21 (United States)

ASN16509 (AMAZON-02, US)
d3e1y4kxkqljcb.cloudfront.net
2    2607:f8b0:4006:80e::200a (United States)

ASN15169 (GOOGLE, US)
fonts.googleapis.com
5    2607:f8b0:4006:80c::2003 (United States)

ASN15169 (GOOGLE, US)
fonts.gstatic.com
Domain Requested by
9 d3e1y4kxkqljcb.cloudfront.net gobestreward.com
9 gobestreward.com fgbnvbncvortyrty.s3.us-west-1.amazonaws.com
gobestreward.com
code.jquery.com
5 fonts.gstatic.com fonts.googleapis.com
2 fonts.googleapis.com gobestreward.com
1 code.jquery.com gobestreward.com
1 lpstrk.com 1 redirects
1 desklegger.com 1 redirects
1 jinkan.selectorks.com 1 redirects
1 fgbnvbncvortyrty.s3.us-west-1.amazonaws.com
27 9

This site contains no links.

Subject Issuer Validity Valid
*.s3-us-west-1.amazonaws.com
Amazon		 2021-03-26 -
2022-03-25		 a year crt.sh
gobestreward.com
R3		 2021-11-04 -
2022-02-02		 3 months crt.sh
*.jquery.com
Sectigo RSA Domain Validation Secure Server CA		 2021-07-14 -
2022-08-14		 a year crt.sh
*.cloudfront.net
Amazon		 2021-03-19 -
2022-03-17		 a year crt.sh
upload.video.google.com
GTS CA 1C3		 2021-11-29 -
2022-02-21		 3 months crt.sh
*.gstatic.com
GTS CA 1C3		 2021-11-29 -
2022-02-21		 3 months crt.sh

This page contains 1 frames:

Primary Page: https://gobestreward.com/visitoronline_us_nonbr/index_16_d.php?device_name=Desktop&browser_name=Chrome%20Mobile&language=en-US&city=New%20York&clickid=756efnta1sygm8a0&campaign=104&user_id=1&clickcost=0&lander=1417&time=1640743960&browser_version=96.0.4664.93&device_model=Desktop&device_brand=Desktop&resolution=desktop&os_name=Windows&os_version=10.0&country=United%20States&country_code=US&isp=M247%20Europe%20SRL&ip=87.101.95.205&user_agent=Mozilla/5.0%20(Windows%20NT%2010.0;%20Win64;%20x64)%20AppleWebKit/537.36%20(KHTML,%20like%20Gecko)%20Chrome/96.0.4664.93%20Safari/537.36&lpkey=166040d27802742160&target=amz&device=DESKTOP&country=US&ts=Unknown&trafficsource=2&uclick=nta1sygm&uclickhash=nta1sygm-nta1sygm-2twj-hei4-3vi4-pmiri4-usfti4-20d337
Frame ID: 1A22588773FDED428122FA80EBA10611
Requests: 27 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

[1] Reward Pending!

Page URL History Show full URLs

  1. https://fgbnvbncvortyrty.s3.us-west-1.amazonaws.com/reptjkjgfhjfgjh.html Page URL
  2. http://jinkan.selectorks.com/mauara.html?od=1syo61cb55b8d372a_vl_inboxvl_1214.6gjlyh0.C0000rh1p7s1drg03c_... HTTP 302
    https://desklegger.com/?a=923&oc=11065&c=40627&m=3&s1=mauara__dc182011258a5800a5f21&s2=yo121|M21unJ... HTTP 302
    https://lpstrk.com/click.php?key=eljhrwyt2vaurnwctqxh&clickid=229310216&affid=923&target=amz HTTP 302
    https://gobestreward.com/visitoronline_us_nonbr/index_16_d.php?device_name=Desktop&browser_name=Chrom... Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • \.php(?:$|\?)
Overall confidence: 100%
Detected patterns
  • jquery[.-]([\d.]*\d)[^/]*\.js
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

27
Requests

100 %
HTTPS

44 %
IPv6

9
Domains

9
Subdomains

6
IPs

3
Countries

403 kB
Transfer

539 kB
Size

5
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://fgbnvbncvortyrty.s3.us-west-1.amazonaws.com/reptjkjgfhjfgjh.html Page URL
  2. http://jinkan.selectorks.com/mauara.html?od=1syo61cb55b8d372a_vl_inboxvl_1214.6gjlyh0.C0000rh1p7s1drg03c_x11369.h1p7sMmNrN3pnLTB2ZDQ2bHM0x697l HTTP 302
    https://desklegger.com/?a=923&oc=11065&c=40627&m=3&s1=mauara__dc182011258a5800a5f21&s2=yo121|M21unJj=|h1p7s|2ck7zg|0vd46ls|64492|0000rh1p7s|C|M21unJj=|PC|1bmanud&s3=p3yiAwSwLwH1LwuxZmplLI92oS9cozWirUMfKmRlZGD= HTTP 302
    https://lpstrk.com/click.php?key=eljhrwyt2vaurnwctqxh&clickid=229310216&affid=923&target=amz HTTP 302
    https://gobestreward.com/visitoronline_us_nonbr/index_16_d.php?device_name=Desktop&browser_name=Chrome%20Mobile&language=en-US&city=New%20York&clickid=756efnta1sygm8a0&campaign=104&user_id=1&clickcost=0&lander=1417&time=1640743960&browser_version=96.0.4664.93&device_model=Desktop&device_brand=Desktop&resolution=desktop&os_name=Windows&os_version=10.0&country=United%20States&country_code=US&isp=M247%20Europe%20SRL&ip=87.101.95.205&user_agent=Mozilla/5.0%20(Windows%20NT%2010.0;%20Win64;%20x64)%20AppleWebKit/537.36%20(KHTML,%20like%20Gecko)%20Chrome/96.0.4664.93%20Safari/537.36&lpkey=166040d27802742160&target=amz&device=DESKTOP&country=US&ts=Unknown&trafficsource=2&uclick=nta1sygm&uclickhash=nta1sygm-nta1sygm-2twj-hei4-3vi4-pmiri4-usfti4-20d337 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

27 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
reptjkjgfhjfgjh.html
fgbnvbncvortyrty.s3.us-west-1.amazonaws.com/ 		109 B
465 B 		Document
General
Check archive.org
Download Go to
Full URL
https://fgbnvbncvortyrty.s3.us-west-1.amazonaws.com/reptjkjgfhjfgjh.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.219.112.65 San Jose, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
s3-us-west-1-r-w.amazonaws.com
Software
AmazonS3 /
Resource Hash

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language
en-US,en;q=0.9

Response headers

x-amz-id-2
+MJV5WokJZojBlYtEx8gqW3SKaGAMlCgHtE7YTaQ2PEZE5q39e/T8W1+UFao6CPYUP/AWkMpF6Q=
x-amz-request-id
W3NW0ZHKNVT5TTF6
Date
Wed, 29 Dec 2021 14:12:38 GMT
Last-Modified
Tue, 28 Dec 2021 18:41:11 GMT
ETag
"9b934f90023a027671bea032feeb5b72"
Accept-Ranges
bytes
Content-Type
text/html
Server
AmazonS3
Content-Length
109
Primary Request index_16_d.php
gobestreward.com/visitoronline_us_nonbr/
Redirect Chain
  • http://jinkan.selectorks.com/mauara.html?od=1syo61cb55b8d372a_vl_inboxvl_1214.6gjlyh0.C0000rh1p7s1drg03c_x11369.h1p7sMmNrN3pnLTB2ZDQ2bHM0x697l
  • https://desklegger.com/?a=923&oc=11065&c=40627&m=3&s1=mauara__dc182011258a5800a5f21&s2=yo121|M21unJj=|h1p7s|2ck7zg|0vd46ls|64492|0000rh1p7s|C|M21unJj=|PC|1bmanud&s3=p3yiAwSwLwH1LwuxZmplLI92oS9cozWi...
  • https://lpstrk.com/click.php?key=eljhrwyt2vaurnwctqxh&clickid=229310216&affid=923&target=amz
  • https://gobestreward.com/visitoronline_us_nonbr/index_16_d.php?device_name=Desktop&browser_name=Chrome%20Mobile&language=en-US&city=New%20York&clickid=756efnta1sygm8a0&campaign=104&user_id=1&clickc...
31 KB
7 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://gobestreward.com/visitoronline_us_nonbr/index_16_d.php?device_name=Desktop&browser_name=Chrome%20Mobile&language=en-US&city=New%20York&clickid=756efnta1sygm8a0&campaign=104&user_id=1&clickcost=0&lander=1417&time=1640743960&browser_version=96.0.4664.93&device_model=Desktop&device_brand=Desktop&resolution=desktop&os_name=Windows&os_version=10.0&country=United%20States&country_code=US&isp=M247%20Europe%20SRL&ip=87.101.95.205&user_agent=Mozilla/5.0%20(Windows%20NT%2010.0;%20Win64;%20x64)%20AppleWebKit/537.36%20(KHTML,%20like%20Gecko)%20Chrome/96.0.4664.93%20Safari/537.36&lpkey=166040d27802742160&target=amz&device=DESKTOP&country=US&ts=Unknown&trafficsource=2&uclick=nta1sygm&uclickhash=nta1sygm-nta1sygm-2twj-hei4-3vi4-pmiri4-usfti4-20d337
Requested by
Host: fgbnvbncvortyrty.s3.us-west-1.amazonaws.com
URL: https://fgbnvbncvortyrty.s3.us-west-1.amazonaws.com/reptjkjgfhjfgjh.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
103.140.249.50 , Viet Nam, ASN24088 (HTCHCMC-AS-VN Hanoi Telecom Joint Stock Company - HCMC Branch, VN),
Reverse DNS
static-ptr.vndata.vn
Software
nginx /
Resource Hash
ffc777c347e5874ab8195637fa7f3deb637d8d193bd3245003cb68099e1feeae

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language
en-US,en;q=0.9
Referer
https://fgbnvbncvortyrty.s3.us-west-1.amazonaws.com/reptjkjgfhjfgjh.html#mauara.html?od=1syo61cb55b8d372a_vl_inboxvl_1214.6gjlyh0.C0000rh1p7s1drg03c_x11369.h1p7sMmNrN3pnLTB2ZDQ2bHM0x697l

Response headers

Server
nginx
Date
Wed, 29 Dec 2021 14:12:41 GMT
Content-Type
text/html; charset=UTF-8
Content-Length
6532
Connection
keep-alive
Vary
Accept-Encoding
Content-Encoding
gzip

Redirect headers

Server
nginx/1.20.0
Date
Wed, 29 Dec 2021 14:12:40 GMT
Content-Type
text/html; charset=UTF-8
Transfer-Encoding
chunked
Connection
keep-alive
Location
https://gobestreward.com/visitoronline_us_nonbr/index_16_d.php?device_name=Desktop&browser_name=Chrome%20Mobile&language=en-US&city=New%20York&clickid=756efnta1sygm8a0&campaign=104&user_id=1&clickcost=0&lander=1417&time=1640743960&browser_version=96.0.4664.93&device_model=Desktop&device_brand=Desktop&resolution=desktop&os_name=Windows&os_version=10.0&country=United%20States&country_code=US&isp=M247%20Europe%20SRL&ip=87.101.95.205&user_agent=Mozilla/5.0%20(Windows%20NT%2010.0;%20Win64;%20x64)%20AppleWebKit/537.36%20(KHTML,%20like%20Gecko)%20Chrome/96.0.4664.93%20Safari/537.36&lpkey=166040d27802742160&target=amz&device=DESKTOP&country=US&ts=Unknown&trafficsource=2&uclick=nta1sygm&uclickhash=nta1sygm-nta1sygm-2twj-hei4-3vi4-pmiri4-usfti4-20d337
Strict-Transport-Security
max-age=31536000
main_1_d.css
gobestreward.com/visitoronline_us_nonbr/css/ 		20 KB
5 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://gobestreward.com/visitoronline_us_nonbr/css/main_1_d.css
Requested by
Host: gobestreward.com
URL: https://gobestreward.com/visitoronline_us_nonbr/index_16_d.php?device_name=Desktop&browser_name=Chrome%20Mobile&language=en-US&city=New%20York&clickid=756efnta1sygm8a0&campaign=104&user_id=1&clickcost=0&lander=1417&time=1640743960&browser_version=96.0.4664.93&device_model=Desktop&device_brand=Desktop&resolution=desktop&os_name=Windows&os_version=10.0&country=United%20States&country_code=US&isp=M247%20Europe%20SRL&ip=87.101.95.205&user_agent=Mozilla/5.0%20(Windows%20NT%2010.0;%20Win64;%20x64)%20AppleWebKit/537.36%20(KHTML,%20like%20Gecko)%20Chrome/96.0.4664.93%20Safari/537.36&lpkey=166040d27802742160&target=amz&device=DESKTOP&country=US&ts=Unknown&trafficsource=2&uclick=nta1sygm&uclickhash=nta1sygm-nta1sygm-2twj-hei4-3vi4-pmiri4-usfti4-20d337
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
103.140.249.50 , Viet Nam, ASN24088 (HTCHCMC-AS-VN Hanoi Telecom Joint Stock Company - HCMC Branch, VN),
Reverse DNS
static-ptr.vndata.vn
Software
nginx /
Resource Hash
54fd3bda9421f5b009ef51984a7c555c4d89c332adee26549a847143d1d0367b

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://gobestreward.com/visitoronline_us_nonbr/index_16_d.php?device_name=Desktop&browser_name=Chrome%20Mobile&language=en-US&city=New%20York&clickid=756efnta1sygm8a0&campaign=104&user_id=1&clickcost=0&lander=1417&time=1640743960&browser_version=96.0.4664.93&device_model=Desktop&device_brand=Desktop&resolution=desktop&os_name=Windows&os_version=10.0&country=United%20States&country_code=US&isp=M247%20Europe%20SRL&ip=87.101.95.205&user_agent=Mozilla/5.0%20(Windows%20NT%2010.0;%20Win64;%20x64)%20AppleWebKit/537.36%20(KHTML,%20like%20Gecko)%20Chrome/96.0.4664.93%20Safari/537.36&lpkey=166040d27802742160&target=amz&device=DESKTOP&country=US&ts=Unknown&trafficsource=2&uclick=nta1sygm&uclickhash=nta1sygm-nta1sygm-2twj-hei4-3vi4-pmiri4-usfti4-20d337
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date
Wed, 29 Dec 2021 14:12:41 GMT
Content-Encoding
gzip
Last-Modified
Fri, 19 Nov 2021 12:50:51 GMT
Server
nginx
ETag
W/"61979dab-4f34"
Vary
Accept-Encoding
Content-Type
text/css
Cache-Control
max-age=315360000
Transfer-Encoding
chunked
Connection
keep-alive
Expires
Thu, 31 Dec 2037 23:55:55 GMT
bg.css
gobestreward.com/visitoronline_us_nonbr/css/ 		5 KB
889 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://gobestreward.com/visitoronline_us_nonbr/css/bg.css
Requested by
Host: gobestreward.com
URL: https://gobestreward.com/visitoronline_us_nonbr/index_16_d.php?device_name=Desktop&browser_name=Chrome%20Mobile&language=en-US&city=New%20York&clickid=756efnta1sygm8a0&campaign=104&user_id=1&clickcost=0&lander=1417&time=1640743960&browser_version=96.0.4664.93&device_model=Desktop&device_brand=Desktop&resolution=desktop&os_name=Windows&os_version=10.0&country=United%20States&country_code=US&isp=M247%20Europe%20SRL&ip=87.101.95.205&user_agent=Mozilla/5.0%20(Windows%20NT%2010.0;%20Win64;%20x64)%20AppleWebKit/537.36%20(KHTML,%20like%20Gecko)%20Chrome/96.0.4664.93%20Safari/537.36&lpkey=166040d27802742160&target=amz&device=DESKTOP&country=US&ts=Unknown&trafficsource=2&uclick=nta1sygm&uclickhash=nta1sygm-nta1sygm-2twj-hei4-3vi4-pmiri4-usfti4-20d337
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
103.140.249.50 , Viet Nam, ASN24088 (HTCHCMC-AS-VN Hanoi Telecom Joint Stock Company - HCMC Branch, VN),
Reverse DNS
static-ptr.vndata.vn
Software
nginx /
Resource Hash
9ea14fd6d9f81c18003968c53acce96cd7f89b3dfc7e61313344317adf6111ff

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://gobestreward.com/visitoronline_us_nonbr/index_16_d.php?device_name=Desktop&browser_name=Chrome%20Mobile&language=en-US&city=New%20York&clickid=756efnta1sygm8a0&campaign=104&user_id=1&clickcost=0&lander=1417&time=1640743960&browser_version=96.0.4664.93&device_model=Desktop&device_brand=Desktop&resolution=desktop&os_name=Windows&os_version=10.0&country=United%20States&country_code=US&isp=M247%20Europe%20SRL&ip=87.101.95.205&user_agent=Mozilla/5.0%20(Windows%20NT%2010.0;%20Win64;%20x64)%20AppleWebKit/537.36%20(KHTML,%20like%20Gecko)%20Chrome/96.0.4664.93%20Safari/537.36&lpkey=166040d27802742160&target=amz&device=DESKTOP&country=US&ts=Unknown&trafficsource=2&uclick=nta1sygm&uclickhash=nta1sygm-nta1sygm-2twj-hei4-3vi4-pmiri4-usfti4-20d337
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date
Wed, 29 Dec 2021 14:12:42 GMT
Content-Encoding
gzip
Last-Modified
Tue, 12 Oct 2021 17:59:04 GMT
Server
nginx
ETag
W/"6165cce8-1349"
Vary
Accept-Encoding
Content-Type
text/css
Cache-Control
max-age=315360000
Transfer-Encoding
chunked
Connection
keep-alive
Expires
Thu, 31 Dec 2037 23:55:55 GMT
christmas.css
gobestreward.com/ 		4 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://gobestreward.com/christmas.css
Requested by
Host: gobestreward.com
URL: https://gobestreward.com/visitoronline_us_nonbr/index_16_d.php?device_name=Desktop&browser_name=Chrome%20Mobile&language=en-US&city=New%20York&clickid=756efnta1sygm8a0&campaign=104&user_id=1&clickcost=0&lander=1417&time=1640743960&browser_version=96.0.4664.93&device_model=Desktop&device_brand=Desktop&resolution=desktop&os_name=Windows&os_version=10.0&country=United%20States&country_code=US&isp=M247%20Europe%20SRL&ip=87.101.95.205&user_agent=Mozilla/5.0%20(Windows%20NT%2010.0;%20Win64;%20x64)%20AppleWebKit/537.36%20(KHTML,%20like%20Gecko)%20Chrome/96.0.4664.93%20Safari/537.36&lpkey=166040d27802742160&target=amz&device=DESKTOP&country=US&ts=Unknown&trafficsource=2&uclick=nta1sygm&uclickhash=nta1sygm-nta1sygm-2twj-hei4-3vi4-pmiri4-usfti4-20d337
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
103.140.249.50 , Viet Nam, ASN24088 (HTCHCMC-AS-VN Hanoi Telecom Joint Stock Company - HCMC Branch, VN),
Reverse DNS
static-ptr.vndata.vn
Software
nginx /
Resource Hash
62dd9d9afb879ba49b028a9d0618a728ae03a54c353b0708408c90001d21f5f2

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://gobestreward.com/visitoronline_us_nonbr/index_16_d.php?device_name=Desktop&browser_name=Chrome%20Mobile&language=en-US&city=New%20York&clickid=756efnta1sygm8a0&campaign=104&user_id=1&clickcost=0&lander=1417&time=1640743960&browser_version=96.0.4664.93&device_model=Desktop&device_brand=Desktop&resolution=desktop&os_name=Windows&os_version=10.0&country=United%20States&country_code=US&isp=M247%20Europe%20SRL&ip=87.101.95.205&user_agent=Mozilla/5.0%20(Windows%20NT%2010.0;%20Win64;%20x64)%20AppleWebKit/537.36%20(KHTML,%20like%20Gecko)%20Chrome/96.0.4664.93%20Safari/537.36&lpkey=166040d27802742160&target=amz&device=DESKTOP&country=US&ts=Unknown&trafficsource=2&uclick=nta1sygm&uclickhash=nta1sygm-nta1sygm-2twj-hei4-3vi4-pmiri4-usfti4-20d337
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date
Wed, 29 Dec 2021 14:12:42 GMT
Content-Encoding
gzip
Last-Modified
Fri, 17 Dec 2021 10:46:44 GMT
Server
nginx
ETag
W/"61bc6a94-e8b"
Vary
Accept-Encoding
Content-Type
text/css
Cache-Control
max-age=315360000
Transfer-Encoding
chunked
Connection
keep-alive
Expires
Thu, 31 Dec 2037 23:55:55 GMT
jquery-1.11.1.min.js
code.jquery.com/ 		94 KB
33 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://code.jquery.com/jquery-1.11.1.min.js
Requested by
Host: gobestreward.com
URL: https://gobestreward.com/visitoronline_us_nonbr/index_16_d.php?device_name=Desktop&browser_name=Chrome%20Mobile&language=en-US&city=New%20York&clickid=756efnta1sygm8a0&campaign=104&user_id=1&clickcost=0&lander=1417&time=1640743960&browser_version=96.0.4664.93&device_model=Desktop&device_brand=Desktop&resolution=desktop&os_name=Windows&os_version=10.0&country=United%20States&country_code=US&isp=M247%20Europe%20SRL&ip=87.101.95.205&user_agent=Mozilla/5.0%20(Windows%20NT%2010.0;%20Win64;%20x64)%20AppleWebKit/537.36%20(KHTML,%20like%20Gecko)%20Chrome/96.0.4664.93%20Safari/537.36&lpkey=166040d27802742160&target=amz&device=DESKTOP&country=US&ts=Unknown&trafficsource=2&uclick=nta1sygm&uclickhash=nta1sygm-nta1sygm-2twj-hei4-3vi4-pmiri4-usfti4-20d337
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4de0:ac18::1:a:3a , Netherlands, ASN20446 (HIGHWINDS3, US),
Reverse DNS
Software
nginx /
Resource Hash
540bc6dec1dd4b92ea4d3fb903f69eabf6d919afd48f4e312b163c28cff0f441

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://gobestreward.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 29 Dec 2021 14:12:41 GMT
content-encoding
gzip
last-modified
Fri, 24 Oct 2014 00:16:07 GMT
server
nginx
etag
"54499a47-1762a"
vary
Accept-Encoding
x-hw
1640787161.dop027.ny3.t,1640787161.cds230.ny3.hn,1640787161.cds144.ny3.c
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=315360000, public
accept-ranges
bytes
content-length
33202
script_3_d.js
gobestreward.com/visitoronline_us_nonbr/js/ 		30 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://gobestreward.com/visitoronline_us_nonbr/js/script_3_d.js
Requested by
Host: gobestreward.com
URL: https://gobestreward.com/visitoronline_us_nonbr/index_16_d.php?device_name=Desktop&browser_name=Chrome%20Mobile&language=en-US&city=New%20York&clickid=756efnta1sygm8a0&campaign=104&user_id=1&clickcost=0&lander=1417&time=1640743960&browser_version=96.0.4664.93&device_model=Desktop&device_brand=Desktop&resolution=desktop&os_name=Windows&os_version=10.0&country=United%20States&country_code=US&isp=M247%20Europe%20SRL&ip=87.101.95.205&user_agent=Mozilla/5.0%20(Windows%20NT%2010.0;%20Win64;%20x64)%20AppleWebKit/537.36%20(KHTML,%20like%20Gecko)%20Chrome/96.0.4664.93%20Safari/537.36&lpkey=166040d27802742160&target=amz&device=DESKTOP&country=US&ts=Unknown&trafficsource=2&uclick=nta1sygm&uclickhash=nta1sygm-nta1sygm-2twj-hei4-3vi4-pmiri4-usfti4-20d337
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
103.140.249.50 , Viet Nam, ASN24088 (HTCHCMC-AS-VN Hanoi Telecom Joint Stock Company - HCMC Branch, VN),
Reverse DNS
static-ptr.vndata.vn
Software
nginx /
Resource Hash
d6d0e12414cd6cf2baa7ffd470c74e5c01b269c1e4cadbaade95e6608132d326

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://gobestreward.com/visitoronline_us_nonbr/index_16_d.php?device_name=Desktop&browser_name=Chrome%20Mobile&language=en-US&city=New%20York&clickid=756efnta1sygm8a0&campaign=104&user_id=1&clickcost=0&lander=1417&time=1640743960&browser_version=96.0.4664.93&device_model=Desktop&device_brand=Desktop&resolution=desktop&os_name=Windows&os_version=10.0&country=United%20States&country_code=US&isp=M247%20Europe%20SRL&ip=87.101.95.205&user_agent=Mozilla/5.0%20(Windows%20NT%2010.0;%20Win64;%20x64)%20AppleWebKit/537.36%20(KHTML,%20like%20Gecko)%20Chrome/96.0.4664.93%20Safari/537.36&lpkey=166040d27802742160&target=amz&device=DESKTOP&country=US&ts=Unknown&trafficsource=2&uclick=nta1sygm&uclickhash=nta1sygm-nta1sygm-2twj-hei4-3vi4-pmiri4-usfti4-20d337
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date
Wed, 29 Dec 2021 14:12:42 GMT
Content-Encoding
gzip
Last-Modified
Mon, 20 Dec 2021 10:25:23 GMT
Server
nginx
ETag
W/"61c05a13-78df"
Vary
Accept-Encoding
Content-Type
application/javascript
Cache-Control
max-age=315360000
Transfer-Encoding
chunked
Connection
keep-alive
Expires
Thu, 31 Dec 2037 23:55:55 GMT
giphy.gif
d3e1y4kxkqljcb.cloudfront.net/survey_us_d/nn_survey/ 		15 KB
16 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://d3e1y4kxkqljcb.cloudfront.net/survey_us_d/nn_survey/giphy.gif
Requested by
Host: gobestreward.com
URL: https://gobestreward.com/visitoronline_us_nonbr/index_16_d.php?device_name=Desktop&browser_name=Chrome%20Mobile&language=en-US&city=New%20York&clickid=756efnta1sygm8a0&campaign=104&user_id=1&clickcost=0&lander=1417&time=1640743960&browser_version=96.0.4664.93&device_model=Desktop&device_brand=Desktop&resolution=desktop&os_name=Windows&os_version=10.0&country=United%20States&country_code=US&isp=M247%20Europe%20SRL&ip=87.101.95.205&user_agent=Mozilla/5.0%20(Windows%20NT%2010.0;%20Win64;%20x64)%20AppleWebKit/537.36%20(KHTML,%20like%20Gecko)%20Chrome/96.0.4664.93%20Safari/537.36&lpkey=166040d27802742160&target=amz&device=DESKTOP&country=US&ts=Unknown&trafficsource=2&uclick=nta1sygm&uclickhash=nta1sygm-nta1sygm-2twj-hei4-3vi4-pmiri4-usfti4-20d337
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2201:5800:b:4623:cac0:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
9ba6662bdb40bb1a731890fe8a7612ab1724363831a0342e36c2fc4bddd4a7a1

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://gobestreward.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-amz-version-id
null
via
1.1 dbb8846e318a67b0e0e38822350301ae.cloudfront.net (CloudFront)
last-modified
Mon, 26 Oct 2020 15:58:58 GMT
server
AmazonS3
age
81200
etag
"45f10d30ce7014885a2d438941a16d3a"
x-cache
Hit from cloudfront
content-type
image/gif
date
Tue, 28 Dec 2021 15:39:23 GMT
x-amz-cf-pop
LAX50-C3
accept-ranges
bytes
content-length
15537
x-amz-cf-id
dBjanT8blexNhkl4_sfkNKlq26JFdUUdet5J717zDCPRZAIQ72a74w==
redirect_bin.js
gobestreward.com/ 		551 B
869 B 		Script
General
Check archive.org
Download Go to
Full URL
https://gobestreward.com/redirect_bin.js
Requested by
Host: gobestreward.com
URL: https://gobestreward.com/visitoronline_us_nonbr/index_16_d.php?device_name=Desktop&browser_name=Chrome%20Mobile&language=en-US&city=New%20York&clickid=756efnta1sygm8a0&campaign=104&user_id=1&clickcost=0&lander=1417&time=1640743960&browser_version=96.0.4664.93&device_model=Desktop&device_brand=Desktop&resolution=desktop&os_name=Windows&os_version=10.0&country=United%20States&country_code=US&isp=M247%20Europe%20SRL&ip=87.101.95.205&user_agent=Mozilla/5.0%20(Windows%20NT%2010.0;%20Win64;%20x64)%20AppleWebKit/537.36%20(KHTML,%20like%20Gecko)%20Chrome/96.0.4664.93%20Safari/537.36&lpkey=166040d27802742160&target=amz&device=DESKTOP&country=US&ts=Unknown&trafficsource=2&uclick=nta1sygm&uclickhash=nta1sygm-nta1sygm-2twj-hei4-3vi4-pmiri4-usfti4-20d337
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
103.140.249.50 , Viet Nam, ASN24088 (HTCHCMC-AS-VN Hanoi Telecom Joint Stock Company - HCMC Branch, VN),
Reverse DNS
static-ptr.vndata.vn
Software
nginx /
Resource Hash
595fc9d77aaa41cb01936f11d16d156a8c571faace86be0e10634aeaf3e924ce

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://gobestreward.com/visitoronline_us_nonbr/index_16_d.php?device_name=Desktop&browser_name=Chrome%20Mobile&language=en-US&city=New%20York&clickid=756efnta1sygm8a0&campaign=104&user_id=1&clickcost=0&lander=1417&time=1640743960&browser_version=96.0.4664.93&device_model=Desktop&device_brand=Desktop&resolution=desktop&os_name=Windows&os_version=10.0&country=United%20States&country_code=US&isp=M247%20Europe%20SRL&ip=87.101.95.205&user_agent=Mozilla/5.0%20(Windows%20NT%2010.0;%20Win64;%20x64)%20AppleWebKit/537.36%20(KHTML,%20like%20Gecko)%20Chrome/96.0.4664.93%20Safari/537.36&lpkey=166040d27802742160&target=amz&device=DESKTOP&country=US&ts=Unknown&trafficsource=2&uclick=nta1sygm&uclickhash=nta1sygm-nta1sygm-2twj-hei4-3vi4-pmiri4-usfti4-20d337
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date
Wed, 29 Dec 2021 14:12:42 GMT
Last-Modified
Sat, 20 Nov 2021 11:31:15 GMT
Server
nginx
ETag
"6198dc83-227"
Content-Type
application/javascript
Cache-Control
max-age=315360000
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
551
Expires
Thu, 31 Dec 2037 23:55:55 GMT
css2
fonts.googleapis.com/ 		8 KB
839 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css2?family=Roboto:ital,wght@0,400;0,700;1,300;1,700&display=swap
Requested by
Host: gobestreward.com
URL: https://gobestreward.com/visitoronline_us_nonbr/css/main_1_d.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:80e::200a , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
33284fe633022dc52abfaa8f476c0642cc34d552861bdd2924b60a3edd68b882
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://gobestreward.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Wed, 29 Dec 2021 14:06:31 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
date
Wed, 29 Dec 2021 14:12:42 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Wed, 29 Dec 2021 14:12:42 GMT
css2
fonts.googleapis.com/ 		2 KB
973 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css2?family=Barlow:wght@400;700&display=swap
Requested by
Host: gobestreward.com
URL: https://gobestreward.com/visitoronline_us_nonbr/css/main_1_d.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:80e::200a , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
baa5f5f917fb3ed0c1c2c52a17298805a10e6fa41a1adbcd6d06c85c882cfae1
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://gobestreward.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Wed, 29 Dec 2021 13:59:31 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
date
Wed, 29 Dec 2021 14:12:42 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Wed, 29 Dec 2021 14:12:42 GMT
falling-snow2.png
d3e1y4kxkqljcb.cloudfront.net/survey_us_d/ 		2 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://d3e1y4kxkqljcb.cloudfront.net/survey_us_d/falling-snow2.png
Requested by
Host: gobestreward.com
URL: https://gobestreward.com/christmas.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2201:5800:b:4623:cac0:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
bb27ddcadb53ddb3930f3ff592f9ce9af9dd78e48a6a7a6cab448ba0a0bb7843

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://gobestreward.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-amz-version-id
nVosIrPofS2G3jBcz6iA7mt4y6HsqB9U
via
1.1 dbb8846e318a67b0e0e38822350301ae.cloudfront.net (CloudFront)
etag
"7844791d4ebc43e393ff8b3f6caa19e1"
last-modified
Fri, 17 Dec 2021 10:12:50 GMT
server
AmazonS3
age
12810
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
content-type
image/png
date
Wed, 29 Dec 2021 10:39:13 GMT
x-amz-cf-pop
LAX50-C3
accept-ranges
bytes
content-length
2311
x-amz-cf-id
pVcgvPukxlDlHUHTFb8mRONTOvv5BDqaZ7TyffX7O619MHFLPRfgLA==
new_sprite_8.png
d3e1y4kxkqljcb.cloudfront.net/survey_us_d/ 		22 KB
23 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://d3e1y4kxkqljcb.cloudfront.net/survey_us_d/new_sprite_8.png
Requested by
Host: gobestreward.com
URL: https://gobestreward.com/visitoronline_us_nonbr/css/main_1_d.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2201:5800:b:4623:cac0:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
703b205caa6038e17c88e792100955746b321bd0497970bc9c6b2f967749f8ec

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://gobestreward.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-amz-version-id
9ej7nRvFwrLI5itWKzvrD34ghG5wlzfS
via
1.1 dbb8846e318a67b0e0e38822350301ae.cloudfront.net (CloudFront)
etag
"070a2d22130ab75690b701c22a1e2974"
last-modified
Fri, 19 Nov 2021 12:44:09 GMT
server
AmazonS3
age
15387
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
content-type
image/png
date
Wed, 29 Dec 2021 09:56:16 GMT
x-amz-cf-pop
LAX50-C3
accept-ranges
bytes
content-length
22737
x-amz-cf-id
8oFnPCbZ0nt2URIzdh3G0a_bhJJKGCChNnKzYzXn9Nmc2c6mgUCNVw==
line_background4.png
d3e1y4kxkqljcb.cloudfront.net/survey_us_d/ 		61 KB
62 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://d3e1y4kxkqljcb.cloudfront.net/survey_us_d/line_background4.png
Requested by
Host: gobestreward.com
URL: https://gobestreward.com/visitoronline_us_nonbr/index_16_d.php?device_name=Desktop&browser_name=Chrome%20Mobile&language=en-US&city=New%20York&clickid=756efnta1sygm8a0&campaign=104&user_id=1&clickcost=0&lander=1417&time=1640743960&browser_version=96.0.4664.93&device_model=Desktop&device_brand=Desktop&resolution=desktop&os_name=Windows&os_version=10.0&country=United%20States&country_code=US&isp=M247%20Europe%20SRL&ip=87.101.95.205&user_agent=Mozilla/5.0%20(Windows%20NT%2010.0;%20Win64;%20x64)%20AppleWebKit/537.36%20(KHTML,%20like%20Gecko)%20Chrome/96.0.4664.93%20Safari/537.36&lpkey=166040d27802742160&target=amz&device=DESKTOP&country=US&ts=Unknown&trafficsource=2&uclick=nta1sygm&uclickhash=nta1sygm-nta1sygm-2twj-hei4-3vi4-pmiri4-usfti4-20d337
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2201:5800:b:4623:cac0:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
9144afcf99db928e2f67372c78684c5e4d37352700f47abb00992fe60155fae7

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://gobestreward.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-amz-version-id
MhoF05G5kGnYWTDTNUZnmaMztuyzUHC3
via
1.1 dbb8846e318a67b0e0e38822350301ae.cloudfront.net (CloudFront)
etag
"375e3524d7f8353cb120bb59e9b66c05"
last-modified
Mon, 23 Aug 2021 15:43:45 GMT
server
AmazonS3
age
75585
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
content-type
image/png
date
Tue, 28 Dec 2021 17:12:58 GMT
x-amz-cf-pop
LAX50-C3
accept-ranges
bytes
content-length
62543
x-amz-cf-id
cb9R87C2CGg9gJROCHdAAoEsbVCrAyYjbLfeqmVsjAtjl_f6acoEzg==
falling-snow1.png
d3e1y4kxkqljcb.cloudfront.net/survey_us_d/ 		3 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://d3e1y4kxkqljcb.cloudfront.net/survey_us_d/falling-snow1.png
Requested by
Host: gobestreward.com
URL: https://gobestreward.com/christmas.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2201:5800:b:4623:cac0:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
b4a1c1882fc1c4a2173198e586f779aed4ac11dfbd7fa175ae98a328cfe22b77

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://gobestreward.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-amz-version-id
dNCSbC6HNEeFGIBuK_WmtHNhUDfhtB.j
via
1.1 dbb8846e318a67b0e0e38822350301ae.cloudfront.net (CloudFront)
etag
"be8c42fc30e83e7a82ee34460c0aa9fa"
last-modified
Fri, 17 Dec 2021 10:12:50 GMT
server
AmazonS3
age
12810
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
content-type
image/png
date
Wed, 29 Dec 2021 10:39:12 GMT
x-amz-cf-pop
LAX50-C3
accept-ranges
bytes
content-length
3390
x-amz-cf-id
5MmcbPHE0Q-xjF4HdPm6benMUcPsA2SBnRbMa8cs2KiZ-M5j2sz5AQ==
KFOlCnqEu92Fr1MmWUlfBBc4.woff2
fonts.gstatic.com/s/roboto/v29/ 		15 KB
16 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/roboto/v29/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Roboto:ital,wght@0,400;0,700;1,300;1,700&display=swap
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:80c::2003 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
0eaeadb58e6995ba85eccb6198aaef77eeb1d4b66699e4e1f3fc10eb6adfcdb9
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://gobestreward.com
Accept-Language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Fri, 24 Dec 2021 01:28:42 GMT
x-content-type-options
nosniff
age
477840
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
15828
x-xss-protection
0
last-modified
Wed, 22 Sep 2021 16:13:28 GMT
server
sffe
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="apps-themes"
expires
Sat, 24 Dec 2022 01:28:42 GMT
KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v29/ 		15 KB
15 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/roboto/v29/KFOmCnqEu92Fr1Mu4mxK.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Roboto:ital,wght@0,400;0,700;1,300;1,700&display=swap
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:80c::2003 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
cc46322d5c4d41da447f26f7fa714827f2ec9a112968c12ef5736c7494985eca
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://gobestreward.com
Accept-Language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Tue, 28 Dec 2021 16:23:56 GMT
x-content-type-options
nosniff
age
78526
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
15688
x-xss-protection
0
last-modified
Wed, 22 Sep 2021 16:13:19 GMT
server
sffe
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="apps-themes"
expires
Wed, 28 Dec 2022 16:23:56 GMT
7cHqv4kjgoGqM7E3t-4s51os.woff2
fonts.gstatic.com/s/barlow/v5/ 		21 KB
21 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/barlow/v5/7cHqv4kjgoGqM7E3t-4s51os.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Barlow:wght@400;700&display=swap
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:80c::2003 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
4c52e4274ebdbe29cd5b4983d888c247496b6d3bb55e05d4c0769d1b946d14f8
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://gobestreward.com
Accept-Language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Fri, 24 Dec 2021 01:35:33 GMT
x-content-type-options
nosniff
age
477429
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
21080
x-xss-protection
0
last-modified
Thu, 10 Sep 2020 17:05:19 GMT
server
sffe
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="apps-themes"
expires
Sat, 24 Dec 2022 01:35:33 GMT
KFOjCnqEu92Fr1Mu51TjASc6CsQ.woff2
fonts.gstatic.com/s/roboto/v29/ 		17 KB
17 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/roboto/v29/KFOjCnqEu92Fr1Mu51TjASc6CsQ.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Roboto:ital,wght@0,400;0,700;1,300;1,700&display=swap
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:80c::2003 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
4c7856c0d39606a745670d4c03525f3644fe65304191be208516def923cc3762
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://gobestreward.com
Accept-Language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Sat, 25 Dec 2021 19:07:16 GMT
x-content-type-options
nosniff
age
327926
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
17484
x-xss-protection
0
last-modified
Wed, 22 Sep 2021 16:13:21 GMT
server
sffe
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="apps-themes"
expires
Sun, 25 Dec 2022 19:07:16 GMT
new_footer2.png
d3e1y4kxkqljcb.cloudfront.net/survey_us_d/ 		8 KB
9 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://d3e1y4kxkqljcb.cloudfront.net/survey_us_d/new_footer2.png
Requested by
Host: gobestreward.com
URL: https://gobestreward.com/visitoronline_us_nonbr/index_16_d.php?device_name=Desktop&browser_name=Chrome%20Mobile&language=en-US&city=New%20York&clickid=756efnta1sygm8a0&campaign=104&user_id=1&clickcost=0&lander=1417&time=1640743960&browser_version=96.0.4664.93&device_model=Desktop&device_brand=Desktop&resolution=desktop&os_name=Windows&os_version=10.0&country=United%20States&country_code=US&isp=M247%20Europe%20SRL&ip=87.101.95.205&user_agent=Mozilla/5.0%20(Windows%20NT%2010.0;%20Win64;%20x64)%20AppleWebKit/537.36%20(KHTML,%20like%20Gecko)%20Chrome/96.0.4664.93%20Safari/537.36&lpkey=166040d27802742160&target=amz&device=DESKTOP&country=US&ts=Unknown&trafficsource=2&uclick=nta1sygm&uclickhash=nta1sygm-nta1sygm-2twj-hei4-3vi4-pmiri4-usfti4-20d337
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2201:5800:b:4623:cac0:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
38698bd6030ccf4376df80dc1080041bad75f3ea78d7aae8482c190398f36efc

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://gobestreward.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-amz-version-id
yBLYCULXABmGaPHdCaVR884WdkPQwV4V
via
1.1 dbb8846e318a67b0e0e38822350301ae.cloudfront.net (CloudFront)
etag
"619490af4a1c1203e96f1971f8c5a754"
last-modified
Thu, 16 Dec 2021 14:42:21 GMT
server
AmazonS3
age
76362
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
content-type
image/png
date
Tue, 28 Dec 2021 17:00:01 GMT
x-amz-cf-pop
LAX50-C3
accept-ranges
bytes
content-length
8408
x-amz-cf-id
SDqllfImr1XddAdItNTd7_ayzUQ3Xz47M8I2qrWSD7I1Of-DT4GTCw==
gift.css
gobestreward.com/visitoronline_us_nonbr/css/ 		790 B
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://gobestreward.com/visitoronline_us_nonbr/css/gift.css
Requested by
Host: code.jquery.com
URL: https://code.jquery.com/jquery-1.11.1.min.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
103.140.249.50 , Viet Nam, ASN24088 (HTCHCMC-AS-VN Hanoi Telecom Joint Stock Company - HCMC Branch, VN),
Reverse DNS
static-ptr.vndata.vn
Software
nginx /
Resource Hash
bd1acc174c163ada5660f8d2ebd24a6d3cefea2728ba12d3e712c1b25eef5672

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://gobestreward.com/visitoronline_us_nonbr/index_16_d.php?device_name=Desktop&browser_name=Chrome%20Mobile&language=en-US&city=New%20York&clickid=756efnta1sygm8a0&campaign=104&user_id=1&clickcost=0&lander=1417&time=1640743960&browser_version=96.0.4664.93&device_model=Desktop&device_brand=Desktop&resolution=desktop&os_name=Windows&os_version=10.0&country=United%20States&country_code=US&isp=M247%20Europe%20SRL&ip=87.101.95.205&user_agent=Mozilla/5.0%20(Windows%20NT%2010.0;%20Win64;%20x64)%20AppleWebKit/537.36%20(KHTML,%20like%20Gecko)%20Chrome/96.0.4664.93%20Safari/537.36&lpkey=166040d27802742160&target=amz&device=DESKTOP&country=US&ts=Unknown&trafficsource=2&uclick=nta1sygm&uclickhash=nta1sygm-nta1sygm-2twj-hei4-3vi4-pmiri4-usfti4-20d337
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date
Wed, 29 Dec 2021 14:12:43 GMT
Last-Modified
Wed, 24 Nov 2021 12:33:18 GMT
Server
nginx
ETag
"619e310e-316"
Content-Type
text/css
Cache-Control
max-age=315360000
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
790
Expires
Thu, 31 Dec 2037 23:55:55 GMT
amz.css
gobestreward.com/visitoronline_us_nonbr/css/ 		4 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://gobestreward.com/visitoronline_us_nonbr/css/amz.css
Requested by
Host: code.jquery.com
URL: https://code.jquery.com/jquery-1.11.1.min.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
103.140.249.50 , Viet Nam, ASN24088 (HTCHCMC-AS-VN Hanoi Telecom Joint Stock Company - HCMC Branch, VN),
Reverse DNS
static-ptr.vndata.vn
Software
nginx /
Resource Hash
4b6cf80a7dd80e223e45edee5654eecfb915cae309fa90117d96303cb6dbad51

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://gobestreward.com/visitoronline_us_nonbr/index_16_d.php?device_name=Desktop&browser_name=Chrome%20Mobile&language=en-US&city=New%20York&clickid=756efnta1sygm8a0&campaign=104&user_id=1&clickcost=0&lander=1417&time=1640743960&browser_version=96.0.4664.93&device_model=Desktop&device_brand=Desktop&resolution=desktop&os_name=Windows&os_version=10.0&country=United%20States&country_code=US&isp=M247%20Europe%20SRL&ip=87.101.95.205&user_agent=Mozilla/5.0%20(Windows%20NT%2010.0;%20Win64;%20x64)%20AppleWebKit/537.36%20(KHTML,%20like%20Gecko)%20Chrome/96.0.4664.93%20Safari/537.36&lpkey=166040d27802742160&target=amz&device=DESKTOP&country=US&ts=Unknown&trafficsource=2&uclick=nta1sygm&uclickhash=nta1sygm-nta1sygm-2twj-hei4-3vi4-pmiri4-usfti4-20d337
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date
Wed, 29 Dec 2021 14:12:43 GMT
Content-Encoding
gzip
Last-Modified
Thu, 09 Dec 2021 15:16:45 GMT
Server
nginx
ETag
W/"61b21ddd-fa1"
Vary
Accept-Encoding
Content-Type
text/css
Cache-Control
max-age=315360000
Transfer-Encoding
chunked
Connection
keep-alive
Expires
Thu, 31 Dec 2037 23:55:55 GMT
amz.json
gobestreward.com/visitoronline_us_nonbr/datas/ 		778 B
1021 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://gobestreward.com/visitoronline_us_nonbr/datas/amz.json
Requested by
Host: code.jquery.com
URL: https://code.jquery.com/jquery-1.11.1.min.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
103.140.249.50 , Viet Nam, ASN24088 (HTCHCMC-AS-VN Hanoi Telecom Joint Stock Company - HCMC Branch, VN),
Reverse DNS
static-ptr.vndata.vn
Software
nginx /
Resource Hash
a0ec19384aa4febfafa95f360e7919637ccd995636258d0805126ed90e8b8223

Request headers

Accept
application/json, text/javascript, */*; q=0.01
Referer
https://gobestreward.com/visitoronline_us_nonbr/index_16_d.php?device_name=Desktop&browser_name=Chrome%20Mobile&language=en-US&city=New%20York&clickid=756efnta1sygm8a0&campaign=104&user_id=1&clickcost=0&lander=1417&time=1640743960&browser_version=96.0.4664.93&device_model=Desktop&device_brand=Desktop&resolution=desktop&os_name=Windows&os_version=10.0&country=United%20States&country_code=US&isp=M247%20Europe%20SRL&ip=87.101.95.205&user_agent=Mozilla/5.0%20(Windows%20NT%2010.0;%20Win64;%20x64)%20AppleWebKit/537.36%20(KHTML,%20like%20Gecko)%20Chrome/96.0.4664.93%20Safari/537.36&lpkey=166040d27802742160&target=amz&device=DESKTOP&country=US&ts=Unknown&trafficsource=2&uclick=nta1sygm&uclickhash=nta1sygm-nta1sygm-2twj-hei4-3vi4-pmiri4-usfti4-20d337
X-Requested-With
XMLHttpRequest
Accept-Language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date
Wed, 29 Dec 2021 14:12:43 GMT
Last-Modified
Mon, 12 Jul 2021 15:13:58 GMT
Server
nginx
ETag
"30a-5c6ee9209b612"
Content-Type
application/json
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
778
gift_card_amz.png
d3e1y4kxkqljcb.cloudfront.net/survey_us_d/gift_card/ 		39 KB
39 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://d3e1y4kxkqljcb.cloudfront.net/survey_us_d/gift_card/gift_card_amz.png
Requested by
Host: gobestreward.com
URL: https://gobestreward.com/visitoronline_us_nonbr/index_16_d.php?device_name=Desktop&browser_name=Chrome%20Mobile&language=en-US&city=New%20York&clickid=756efnta1sygm8a0&campaign=104&user_id=1&clickcost=0&lander=1417&time=1640743960&browser_version=96.0.4664.93&device_model=Desktop&device_brand=Desktop&resolution=desktop&os_name=Windows&os_version=10.0&country=United%20States&country_code=US&isp=M247%20Europe%20SRL&ip=87.101.95.205&user_agent=Mozilla/5.0%20(Windows%20NT%2010.0;%20Win64;%20x64)%20AppleWebKit/537.36%20(KHTML,%20like%20Gecko)%20Chrome/96.0.4664.93%20Safari/537.36&lpkey=166040d27802742160&target=amz&device=DESKTOP&country=US&ts=Unknown&trafficsource=2&uclick=nta1sygm&uclickhash=nta1sygm-nta1sygm-2twj-hei4-3vi4-pmiri4-usfti4-20d337
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2201:5800:b:4623:cac0:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
5440ef1b78aee47120227ae8580aa1fb8bb4b0e64299bda26510c2cc22d3c0d9

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://gobestreward.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-amz-version-id
LdeBqNEce.jsiMotdcMReJgW2LOArgw6
via
1.1 dbb8846e318a67b0e0e38822350301ae.cloudfront.net (CloudFront)
etag
"197ecf0d4b7d53620aa17d7965751b84"
last-modified
Mon, 22 Nov 2021 15:28:57 GMT
server
AmazonS3
age
83877
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
content-type
image/png
date
Tue, 28 Dec 2021 14:54:47 GMT
x-amz-cf-pop
LAX50-C3
accept-ranges
bytes
content-length
39724
x-amz-cf-id
fVX2JgoKT-419-d5w2OZPQGtZP2OUFtfsiAnvlsgkfF_8J6No0kkuQ==
chr_banner4.jpg
d3e1y4kxkqljcb.cloudfront.net/survey_us_d/ 		94 KB
95 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://d3e1y4kxkqljcb.cloudfront.net/survey_us_d/chr_banner4.jpg
Requested by
Host: gobestreward.com
URL: https://gobestreward.com/christmas.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2201:5800:b:4623:cac0:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
c2d5918dfa2aa3d50425697bc297164d66a8c943d1a13f7321a503b78dccf513

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://gobestreward.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-amz-version-id
0WHpBqtT2iPkrQMYdGhqgsdbPf8ScWO3
via
1.1 dbb8846e318a67b0e0e38822350301ae.cloudfront.net (CloudFront)
etag
"d6b4fb0f8839402b084f0965c3b3bec8"
last-modified
Fri, 03 Dec 2021 09:35:18 GMT
server
AmazonS3
age
18309
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
content-type
image/jpeg
date
Wed, 29 Dec 2021 09:11:06 GMT
x-amz-cf-pop
LAX50-C3
accept-ranges
bytes
content-length
96338
x-amz-cf-id
wLVTr7jNltNYFgZb8aO7SqP19Bl32GtBOj8urkJ3-0rUQHh9hbtp3g==
shopper_logo.png
d3e1y4kxkqljcb.cloudfront.net/survey_us_d/ 		9 KB
10 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://d3e1y4kxkqljcb.cloudfront.net/survey_us_d/shopper_logo.png
Requested by
Host: gobestreward.com
URL: https://gobestreward.com/visitoronline_us_nonbr/css/amz.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2201:5800:b:4623:cac0:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
d4dda9a3dc558faa9ea0932700b2cf97fc2482517860273572c562ae7edd5c3c

Request headers

Accept-Language
en-US,en;q=0.9
Referer
https://gobestreward.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-amz-version-id
KvFaCj8BHSDSI95nOjmFpAxxaMkW1j39
via
1.1 dbb8846e318a67b0e0e38822350301ae.cloudfront.net (CloudFront)
etag
"939996ece79bec1d1ed7f5a7d3335514"
last-modified
Thu, 09 Dec 2021 15:04:45 GMT
server
AmazonS3
age
83878
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
content-type
image/png
date
Tue, 28 Dec 2021 14:54:47 GMT
x-amz-cf-pop
LAX50-C3
accept-ranges
bytes
content-length
9689
x-amz-cf-id
TS6Y_wziBvIK2lISsTPJPklj8oo2pB2JJqcIysXXW3FEooWUxy1N9Q==
KFOjCnqEu92Fr1Mu51TzBic6CsQ.woff2
fonts.gstatic.com/s/roboto/v29/ 		17 KB
17 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/roboto/v29/KFOjCnqEu92Fr1Mu51TzBic6CsQ.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Roboto:ital,wght@0,400;0,700;1,300;1,700&display=swap
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:80c::2003 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
2a42cc82f30fbf25a268f6d5a10158e8312a838222da6847158ea4175fa289d4
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://gobestreward.com
Accept-Language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 22 Dec 2021 17:50:02 GMT
x-content-type-options
nosniff
age
591762
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
17004
x-xss-protection
0
last-modified
Wed, 22 Sep 2021 16:13:24 GMT
server
sffe
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="apps-themes"
expires
Thu, 22 Dec 2022 17:50:02 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Customer Survey Spam (Consumer)

34 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| $ function| jQuery function| $_GET object| months object| days object| time object| d string| dateNow object| now string| targets string| ip string| src string| gift string| css function| loadingData function| drawszlider function| timer string| target object| jQuery111109994866097655546 string| redirect_url string| back_url_link function| isIE object| comments function| startTimer number| slidewhere number| holvanszlider function| loadingOffers function| timer1 object| mydate number| year number| day number| month number| daym string| titleOut

5 Cookies

Domain/Path Name / Value
.desklegger.com/ Name: som
Value: J6Jly0qBAhOhd9tmO5TJIvFNKTSV6O+YVcNOC/r7GA/D01S+ZNKfBg==
.desklegger.com/ Name: tib
Value: uIpRL9mP06dJ3ouCgjx9IvFNKTSV6O+YVcNOC/r7GA/D01S+ZNKfBg==
.desklegger.com/ Name: c11039
Value: J6Jly0qBAhOzbVMKYZvIuSsxZqHkzLp6S80y+kNzb3v63DbdZ7FYZg==
lpstrk.com/ Name: uclick
Value: nta1sygm
lpstrk.com/ Name: uclickhash
Value: nta1sygm-nta1sygm-2twj-hei4-3vi4-pmiri4-usfti4-20d337

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

code.jquery.com
d3e1y4kxkqljcb.cloudfront.net
desklegger.com
fgbnvbncvortyrty.s3.us-west-1.amazonaws.com
fonts.googleapis.com
fonts.gstatic.com
gobestreward.com
jinkan.selectorks.com
lpstrk.com
103.140.249.49
103.140.249.50
185.254.198.158
2001:4de0:ac18::1:a:3a
2600:9000:2201:5800:b:4623:cac0:21
2607:f8b0:4006:80c::2003
2607:f8b0:4006:80e::200a
35.204.218.225
52.219.112.65
0eaeadb58e6995ba85eccb6198aaef77eeb1d4b66699e4e1f3fc10eb6adfcdb9
2a42cc82f30fbf25a268f6d5a10158e8312a838222da6847158ea4175fa289d4
33284fe633022dc52abfaa8f476c0642cc34d552861bdd2924b60a3edd68b882
38698bd6030ccf4376df80dc1080041bad75f3ea78d7aae8482c190398f36efc
4b6cf80a7dd80e223e45edee5654eecfb915cae309fa90117d96303cb6dbad51
4c52e4274ebdbe29cd5b4983d888c247496b6d3bb55e05d4c0769d1b946d14f8
4c7856c0d39606a745670d4c03525f3644fe65304191be208516def923cc3762
540bc6dec1dd4b92ea4d3fb903f69eabf6d919afd48f4e312b163c28cff0f441
5440ef1b78aee47120227ae8580aa1fb8bb4b0e64299bda26510c2cc22d3c0d9
54fd3bda9421f5b009ef51984a7c555c4d89c332adee26549a847143d1d0367b
595fc9d77aaa41cb01936f11d16d156a8c571faace86be0e10634aeaf3e924ce
62dd9d9afb879ba49b028a9d0618a728ae03a54c353b0708408c90001d21f5f2
703b205caa6038e17c88e792100955746b321bd0497970bc9c6b2f967749f8ec
9144afcf99db928e2f67372c78684c5e4d37352700f47abb00992fe60155fae7
9ba6662bdb40bb1a731890fe8a7612ab1724363831a0342e36c2fc4bddd4a7a1
9ea14fd6d9f81c18003968c53acce96cd7f89b3dfc7e61313344317adf6111ff
a0ec19384aa4febfafa95f360e7919637ccd995636258d0805126ed90e8b8223
b4a1c1882fc1c4a2173198e586f779aed4ac11dfbd7fa175ae98a328cfe22b77
baa5f5f917fb3ed0c1c2c52a17298805a10e6fa41a1adbcd6d06c85c882cfae1
bb27ddcadb53ddb3930f3ff592f9ce9af9dd78e48a6a7a6cab448ba0a0bb7843
bd1acc174c163ada5660f8d2ebd24a6d3cefea2728ba12d3e712c1b25eef5672
c2d5918dfa2aa3d50425697bc297164d66a8c943d1a13f7321a503b78dccf513
cc46322d5c4d41da447f26f7fa714827f2ec9a112968c12ef5736c7494985eca
d4dda9a3dc558faa9ea0932700b2cf97fc2482517860273572c562ae7edd5c3c
d6d0e12414cd6cf2baa7ffd470c74e5c01b269c1e4cadbaade95e6608132d326
ffc777c347e5874ab8195637fa7f3deb637d8d193bd3245003cb68099e1feeae