bestsignpst.subreact.com Open in urlscan Pro
2606:4700:3037::ac43:8a05 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://bestsignpst.subreact.com/50e0a726a6efa6a56d29/clients/
Submission: On March 21 via api (March 21st 2024, 4:19:29 pm UTC) from US — Scanned from US

Summary HTTP 13 Redirects Behaviour Indicators

Summary

This website contacted 1 IPs in 1 countries across 1 domains to perform 13 HTTP transactions. The main IP is 2606:4700:3037::ac43:8a05, located in United States and belongs to CLOUDFLARENET, US. The main domain is bestsignpst.subreact.com.
TLS certificate: Issued by GTS CA 1P5 on February 24th 2024. Valid for: 3 months.

This is the only time bestsignpst.subreact.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Postbank (Banking)

Domain & IP information

	IP Address		AS Autonomous System
2 15	2606:4700:303... 2606:4700:3037::ac43:8a05		13335 (CLOUDFLAR...) (CLOUDFLARENET)
13	1

15 2606:4700:3037::ac43:8a05 (United States) 2 redirects

ASN13335 (CLOUDFLARENET, US)

bestsignpst.subreact.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
15	subreact.com 2 redirects bestsignpst.subreact.com	2 MB
13	1

	Domain	Requested by
15	bestsignpst.subreact.com	2 redirects bestsignpst.subreact.com
13	1

This site contains no links.

Subject Issuer	Validity	Valid
subreact.com GTS CA 1P5	`2024-02-24` - `2024-05-24`	3 months	crt.sh

This page contains 2 frames:

Primary Page: https://bestsignpst.subreact.com/50e0a726a6efa6a56d29/clients/
Frame ID: 46D395569E53AB7E4AF573104B556592
Requests: 11 HTTP requests in this frame

Frame: https://bestsignpst.subreact.com/cdn-cgi/challenge-platform/h/b/scripts/jsd/de9364586261/main.js
Frame ID: 54E69B0679939E9AE1585416109459D4
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Login

Detected technologies

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

13
Requests

85 %
HTTPS

100 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

1552 kB
Transfer

1891 kB
Size

2
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 5

https://bestsignpst.subreact.com/50e0a726a6efa6a56d29/templates/js/popper.min.js HTTP 302
https://bestsignpst.subreact.com/50e0a726a6efa6a56d29/templates/index.php?redirection=

Request Chain 7

https://bestsignpst.subreact.com/cdn-cgi/challenge-platform/scripts/jsd/main.js HTTP 302
https://bestsignpst.subreact.com/cdn-cgi/challenge-platform/h/b/scripts/jsd/de9364586261/main.js

13 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request / Show response
bestsignpst.subreact.com/50e0a726a6efa6a56d29/clients/ 2 KB
2 KB 3080ms
2925ms Document
text/html 2606:4700:3037::ac43:8a05
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://bestsignpst.subreact.com/50e0a726a6efa6a56d29/clients/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3037::ac43:8a05 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / PHP/7.4.33

Resource Hash

4234c9d249b123ab48cc0a84aa28da79ad9aab9581a41616ed6b85f5a7f9d741

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: no-store, no-cache, must-revalidate
cf-cache-status: DYNAMIC
cf-ray: 867f432d6d774bd5-BUF
content-encoding: br
content-security-policy: upgrade-insecure-requests
content-type: text/html; charset=UTF-8
date: Thu, 21 Mar 2024 16:19:17 GMT
expires: Thu, 19 Nov 1981 08:52:00 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
pragma: no-cache
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ehPfc8Pu8c1IhTBFfzZQaKNlazZkGzMIn%2B4UhV1INGwhnOpn5mamPc8L1hcVCSalIxu9hDUSCPzkogar4fRiaVF3QhPGhLL77K8LqZzviqPYKcr6pH7iMgC3unM0Uqu1TzxOYAZhRDd%2B8NqDTpQLHIZFwgd46Y0%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
strict-transport-security: max-age=63072000; includeSubDomains; preload
vary: Accept-Encoding
x-powered-by: PHP/7.4.33
x-turbo-charged-by: LiteSpeed

GET
H2 200 main.css
bestsignpst.subreact.com/50e0a726a6efa6a56d29/clients/css/ 50 KB
6 KB 50ms
47ms Stylesheet
text/css 2606:4700:3037::ac43:8a05
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://bestsignpst.subreact.com/50e0a726a6efa6a56d29/clients/css/main.css

Requested by

Host: bestsignpst.subreact.com
URL: https://bestsignpst.subreact.com/50e0a726a6efa6a56d29/clients/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3037::ac43:8a05 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

98f8b4b01ebae4460dd4c9b90a9c3a623f5263bfc51bcc3c8926ca3d4b8e9bdc

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

accept-language: en-US,en;q=0.9
Referer: https://bestsignpst.subreact.com/50e0a726a6efa6a56d29/clients/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Thu, 21 Mar 2024 16:19:17 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
content-encoding: br
content-security-policy: upgrade-insecure-requests
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-cache-status: HIT
age: 61282
alt-svc: h3=":443"; ma=86400
last-modified: Wed, 20 Mar 2024 18:18:25 GMT
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=V%2FknoCNgRfsc%2BnVnGS1iAKAxOUqD5GW2V5KVnnEw0p5Pe8QQN9rCy2nyM37wwvrec8aQVgefZJAHrr8D7pTZ0blVtWEzpoK3RndcONhpv2N0HscacSOBANxJMW1JC8CzFJWbtB0pg5KwfDpo0ADh8SV%2FtlwnNAo%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: public, max-age=604800
x-turbo-charged-by: LiteSpeed
cf-ray: 867f433fcc734bd5-BUF
expires: Wed, 27 Mar 2024 23:17:54 GMT

GET
H2 200 bootstrap.min.css
bestsignpst.subreact.com/50e0a726a6efa6a56d29/clients/css/ 201 KB
27 KB 47ms
45ms Stylesheet
text/css 2606:4700:3037::ac43:8a05
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://bestsignpst.subreact.com/50e0a726a6efa6a56d29/clients/css/bootstrap.min.css

Requested by

Host: bestsignpst.subreact.com
URL: https://bestsignpst.subreact.com/50e0a726a6efa6a56d29/clients/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3037::ac43:8a05 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ed32594ab88d0b8594b1978ff2cb2489ae234186e9e3d6c404731aa04fe20abd

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

accept-language: en-US,en;q=0.9
Referer: https://bestsignpst.subreact.com/50e0a726a6efa6a56d29/clients/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Thu, 21 Mar 2024 16:19:17 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
content-encoding: br
content-security-policy: upgrade-insecure-requests
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-cache-status: HIT
age: 61282
alt-svc: h3=":443"; ma=86400
last-modified: Wed, 20 Mar 2024 18:18:25 GMT
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=RPmj9LzZ9As2RB84ltMJ2Q9uknLvGXkeuNmmLEmKRyPJ2aLv0PUtvWHDeSlU7uYD0AsDdXH395JqXdiVmMdCyGgBPypDR%2FiaVPurXERq0auDL4hqh9LxGIH6G4rZE60M76XI4V%2BX5QuzFaLzeDUAabQkQC36dIE%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: public, max-age=604800
x-turbo-charged-by: LiteSpeed
cf-ray: 867f433fcc764bd5-BUF
expires: Wed, 27 Mar 2024 23:17:55 GMT

GET
H2 200 background.svg
bestsignpst.subreact.com/50e0a726a6efa6a56d29/clients/images/ 3 KB
2 KB 44ms
43ms Image
image/svg+xml 2606:4700:3037::ac43:8a05
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bestsignpst.subreact.com/50e0a726a6efa6a56d29/clients/images/background.svg

Requested by

Host: bestsignpst.subreact.com
URL: https://bestsignpst.subreact.com/50e0a726a6efa6a56d29/clients/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3037::ac43:8a05 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

fe5103f855975085f28d2a255145a386f30d2afe2a1b26fa9943d74b54859b7b

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

accept-language: en-US,en;q=0.9
Referer: https://bestsignpst.subreact.com/50e0a726a6efa6a56d29/clients/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Thu, 21 Mar 2024 16:19:17 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
content-encoding: br
content-security-policy: upgrade-insecure-requests
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-cache-status: HIT
age: 61282
alt-svc: h3=":443"; ma=86400
last-modified: Wed, 20 Mar 2024 18:18:25 GMT
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Y54UqK0Y%2FNIzkcPh%2FO4b6s%2BlU%2Fzw9IakQ1YsY%2FOwQepqHFHNZjF23c3I%2Bg%2B5%2FhwIqPxEJ%2B6SuT5mQ%2BmvWGa0QNNv7K09ybIcEt%2BphRQ46QnQlZEiuPTQJ8uSBZLtVunXBpAgcQ4kSgsgMbHXqSOrUA7wY4csTtU%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/svg+xml
cache-control: public, max-age=604800
x-turbo-charged-by: LiteSpeed
cf-ray: 867f433fcc774bd5-BUF
expires: Wed, 27 Mar 2024 23:17:55 GMT

GET
H2 200 jquery.min.js Show response
bestsignpst.subreact.com/50e0a726a6efa6a56d29/js/ 91 KB
33 KB 50ms
49ms Script
application/javascript 2606:4700:3037::ac43:8a05
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://bestsignpst.subreact.com/50e0a726a6efa6a56d29/js/jquery.min.js

Requested by

Host: bestsignpst.subreact.com
URL: https://bestsignpst.subreact.com/50e0a726a6efa6a56d29/clients/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3037::ac43:8a05 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

89a15e9c40bc6b14809f236ee8cd3ed1ea42393c1f6ca55c7855cd779b3f922e

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

accept-language: en-US,en;q=0.9
Referer: https://bestsignpst.subreact.com/50e0a726a6efa6a56d29/clients/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Thu, 21 Mar 2024 16:19:17 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
content-encoding: br
content-security-policy: upgrade-insecure-requests
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-cache-status: HIT
age: 61282
alt-svc: h3=":443"; ma=86400
last-modified: Wed, 20 Mar 2024 18:18:26 GMT
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=bhpNlzDQbQJbIsg3%2FygrtepopnF%2FYVZmK9pgLvbt6Gx8vI9iQCTmN6IwR7eENhuGm%2BuLdBsPqE%2BQHyiIPgmia9Id5L%2FKLYB%2BBxxJnOtFBII%2BpMJQmtcjkLc7FnAnbzRkSZbm5GQLMtTt0UkvEDbnOrvr1h4%2F83Y%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=604800
x-turbo-charged-by: LiteSpeed
cf-ray: 867f433fcc784bd5-BUF
expires: Wed, 27 Mar 2024 23:17:55 GMT

GET
H2 200 jquery.min.js Show response
bestsignpst.subreact.com/50e0a726a6efa6a56d29/templates/js/ 86 KB
31 KB 82ms
81ms Script
application/javascript 2606:4700:3037::ac43:8a05
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://bestsignpst.subreact.com/50e0a726a6efa6a56d29/templates/js/jquery.min.js

Requested by

Host: bestsignpst.subreact.com
URL: https://bestsignpst.subreact.com/50e0a726a6efa6a56d29/clients/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3037::ac43:8a05 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4c24dfd28784ad2befb3dafaac6bf1ed4e7cd58cce713d9a0b228d426e812baf

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

accept-language: en-US,en;q=0.9
Referer: https://bestsignpst.subreact.com/50e0a726a6efa6a56d29/clients/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Thu, 21 Mar 2024 16:19:17 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
content-encoding: br
content-security-policy: upgrade-insecure-requests
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-cache-status: HIT
age: 61282
alt-svc: h3=":443"; ma=86400
last-modified: Wed, 20 Mar 2024 18:18:26 GMT
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Gi%2FbzXp4yV%2FAduAZzA5TKwgHd0ycD5PEKsF3opjUjz2x1VV1%2BY3XwWKSoafS2xttvU7SDf5zGsq6yjOzNtK0MHk1PU4abfIJEoIeLj6xTSQ%2BdVaKqaW5G%2FrKvNU3MwL8XUEHFfM611QclTZPd9oPpBfG0RVCcvA%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=604800
x-turbo-charged-by: LiteSpeed
cf-ray: 867f433fcc794bd5-BUF
expires: Wed, 27 Mar 2024 23:17:55 GMT

GET
H3

500

index.php
bestsignpst.subreact.com/50e0a726a6efa6a56d29/templates/
Redirect Chain

https://bestsignpst.subreact.com/50e0a726a6efa6a56d29/templates/js/popper.min.js
https://bestsignpst.subreact.com/50e0a726a6efa6a56d29/templates/index.php?redirection=

0
0

488ms
488ms

Script
text/html

2606:4700:3037::ac43:8a05
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://bestsignpst.subreact.com/50e0a726a6efa6a56d29/templates/index.php?redirection=

Requested by

Host: bestsignpst.subreact.com
URL: https://bestsignpst.subreact.com/50e0a726a6efa6a56d29/clients/

Protocol

Server

2606:4700:3037::ac43:8a05 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / PHP/7.4.33

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

accept-language: en-US,en;q=0.9
Referer: https://bestsignpst.subreact.com/50e0a726a6efa6a56d29/clients/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Thu, 21 Mar 2024 16:19:18 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
content-security-policy: upgrade-insecure-requests
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
x-powered-by: PHP/7.4.33
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2Kq%2BkqRT7ZnZ3y%2BVJXSsjiQAy8I3IlVfR%2BrSoL2766OHnsvvS9r6wbNySaI2v%2F6RQauwfTgjdduvZRjlc265I8uLAZCwUnRZje7PvbpcJdygbLQxiOLoSMroQ4dMOzZONvGt%2F08%2F7Q2ktN0sqDkQmGvTTaXRb%2Bo%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/html; charset=UTF-8
x-turbo-charged-by: LiteSpeed
cf-ray: 867f4346ff8e4bc6-BUF
alt-svc: h3=":443"; ma=86400

Redirect headers

date: Thu, 21 Mar 2024 16:19:18 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
content-security-policy: upgrade-insecure-requests
cf-cache-status: BYPASS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-powered-by: PHP/7.4.33
alt-svc: h3=":443"; ma=86400
pragma: no-cache
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jo2d4x1NGvgGhAT12h9lhgNnhmUkywIQMD8SOFSyXsxm8MlZX%2BCGsJbiJLqItU%2BIM3Rg%2BJUAXQU8Q1fmWWNGMlDaFki6%2FUlbaPzGnxQSqvSB1gdXpPFx79ofp7fSvgleDXyQPrZrmnvabs8oUo1xehfrnGn4TQA%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/html; charset=UTF-8
location: ../index.php?redirection=
cache-control: no-cache, no-store, must-revalidate, max-age=0
x-turbo-charged-by: LiteSpeed
cf-ray: 867f433fcc7a4bd5-BUF
expires: Thu, 19 Nov 1981 08:52:00 GMT

GET
H2 200 main.js Show response
bestsignpst.subreact.com/50e0a726a6efa6a56d29/clients/ 7 KB
2 KB 45ms
44ms Script
application/javascript 2606:4700:3037::ac43:8a05
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://bestsignpst.subreact.com/50e0a726a6efa6a56d29/clients/main.js

Requested by

Host: bestsignpst.subreact.com
URL: https://bestsignpst.subreact.com/50e0a726a6efa6a56d29/clients/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3037::ac43:8a05 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

cb1b7d8d4cb4f503be126aaab18302b91acebb80d5f49b476c834c10fb9d76d3

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

accept-language: en-US,en;q=0.9
Referer: https://bestsignpst.subreact.com/50e0a726a6efa6a56d29/clients/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Thu, 21 Mar 2024 16:19:17 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
content-encoding: br
content-security-policy: upgrade-insecure-requests
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-cache-status: HIT
age: 61282
alt-svc: h3=":443"; ma=86400
last-modified: Wed, 20 Mar 2024 18:18:25 GMT
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=yQosOmwqW6e5IQrRVXohcvc%2BJ%2FAqJoMwEbNq9gEcR9%2FCGt6TmQrK%2FN%2FWg4IVE9CwugmGK6nND1YjCrSG7hoz66eZtFv7bl6WL664BmSjb%2B2RdfcmhKY13hMYoyBxskLpLROMEGn7iQrObH7EiLX7K6eNXwAmf%2FA%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=604800
x-turbo-charged-by: LiteSpeed
cf-ray: 867f433fcc7b4bd5-BUF
expires: Wed, 27 Mar 2024 23:17:55 GMT

GET
H3

200

main.js Show response
bestsignpst.subreact.com/cdn-cgi/challenge-platform/h/b/scripts/jsd/de9364586261/ Frame 54E6
Redirect Chain

https://bestsignpst.subreact.com/cdn-cgi/challenge-platform/scripts/jsd/main.js
https://bestsignpst.subreact.com/cdn-cgi/challenge-platform/h/b/scripts/jsd/de9364586261/main.js

8 KB
4 KB

40ms
40ms

Script
application/javascript

2606:4700:3037::ac43:8a05
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://bestsignpst.subreact.com/cdn-cgi/challenge-platform/h/b/scripts/jsd/de9364586261/main.js

Protocol

Server

2606:4700:3037::ac43:8a05 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

53faa6160e2e2c98ad0fc6a557b888d94d2400a0156a7dfe05584501704fc52d

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Thu, 21 Mar 2024 16:19:18 GMT
content-encoding: br
x-content-type-options: nosniff
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: accept-encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=14nQylQf9W477qAreboUs1b6yaKNxZxKp2qW2Qc7CEovPhIcfxxFv6VGFd0P0umrB5Fq4jJkamdaOLUf1VDDaH1lGBrD4AbD4%2BcmbSchnSL8%2BXMnkq4w8OH95%2FxEUDQfP9hOKIDzgPD6YOUaymPhSR%2FEyZNB%2BwY%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=UTF-8
cache-control: max-age=14400, public
cf-ray: 867f434b59294bc6-BUF
alt-svc: h3=":443"; ma=86400

Redirect headers

date: Thu, 21 Mar 2024 16:19:18 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6R40mXUvSU2nQz3b0oIUD03q1OB93EKRmcOWd3JSq7o250zpV5HLcDDrOEf%2BRFMuE4DCyGWcKzHhVU8SJnzKokFsfoJ3G7e5LazxgVlqIUt3U6HlYWtMYFnyp1LzqZZ%2FeNDkmGRenDRO5sb43AnYhWrITUG6xHc%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-origin: *
location: /cdn-cgi/challenge-platform/h/b/scripts/jsd/de9364586261/main.js
cache-control: max-age=300, public
cf-ray: 867f434a38bd4bc6-BUF
alt-svc: h3=":443"; ma=86400
content-length: 0

GET
H3 200 img1.jpg
bestsignpst.subreact.com/50e0a726a6efa6a56d29/templates/img/ 1 MB
1 MB 6495ms
6494ms Image
image/jpeg 2606:4700:3037::ac43:8a05
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bestsignpst.subreact.com/50e0a726a6efa6a56d29/templates/img/img1.jpg

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3037::ac43:8a05 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

08e44df79f033daeb0375efd0c62ec5e3b13467388ed36815062f89ab2662940

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

accept-language: en-US,en;q=0.9
Referer: https://bestsignpst.subreact.com/50e0a726a6efa6a56d29/clients/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Thu, 21 Mar 2024 16:19:25 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
content-security-policy: upgrade-insecure-requests
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-cache-status: MISS
alt-svc: h3=":443"; ma=86400
content-length: 1181415
last-modified: Wed, 20 Mar 2024 18:18:26 GMT
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8MKG4auDrWOZqNUrzI2zDqukWDVDP5qqn8das0McwKpvR7JnI5QSIefB28c4EGmptDR7N%2FTHuWaZyQTojtnwEFDEiejtWNl9iIRdy4Lq7MhuZO7fyWce5b6YS4Gt1tamr8eBaoXt9tW9JvPTpg2OpVRk8BjUsUw%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: public, max-age=604800
x-turbo-charged-by: LiteSpeed
accept-ranges: bytes
cf-ray: 867f434ab8e94bc6-BUF
expires: Thu, 28 Mar 2024 16:19:23 GMT

GET
H3 200 img2.jpg
bestsignpst.subreact.com/50e0a726a6efa6a56d29/templates/img/ 15 KB
16 KB 5958ms
5957ms Image
image/jpeg 2606:4700:3037::ac43:8a05
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bestsignpst.subreact.com/50e0a726a6efa6a56d29/templates/img/img2.jpg

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3037::ac43:8a05 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

550778f7050b2f39fc38c8e326c78e0a53921774f9f39dd3685f1c73efee2613

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

accept-language: en-US,en;q=0.9
Referer: https://bestsignpst.subreact.com/50e0a726a6efa6a56d29/clients/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Thu, 21 Mar 2024 16:19:24 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
content-security-policy: upgrade-insecure-requests
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-cache-status: MISS
alt-svc: h3=":443"; ma=86400
content-length: 15808
last-modified: Wed, 20 Mar 2024 18:18:25 GMT
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=4JvgCAVG2H8fNF7mpR9t2UiYSZ9z2kZ0glwFA0KhZ2kgsJrOnmwyjpAR3jjBpn6MLWmhrxUsfX3P6hzmAQvfrmJRqX0VN0hPn9QXP98%2BAPrT4pxIZE6QJXFJXvxM3zlaCc98vPIUWt58wQmvgh97xbFZhuy85ek%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: public, max-age=604800
x-turbo-charged-by: LiteSpeed
accept-ranges: bytes
cf-ray: 867f434ab8ea4bc6-BUF
expires: Thu, 28 Mar 2024 16:19:24 GMT

GET
H3 200 img3.jpg
bestsignpst.subreact.com/50e0a726a6efa6a56d29/templates/img/ 274 KB
275 KB 6532ms
6531ms Image
image/jpeg 2606:4700:3037::ac43:8a05
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bestsignpst.subreact.com/50e0a726a6efa6a56d29/templates/img/img3.jpg

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3037::ac43:8a05 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0caf058c53fc03f37915f7f4738582b863b20f34bf1bc53c890436bdf465dae0

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

accept-language: en-US,en;q=0.9
Referer: https://bestsignpst.subreact.com/50e0a726a6efa6a56d29/clients/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Thu, 21 Mar 2024 16:19:25 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
content-security-policy: upgrade-insecure-requests
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-cache-status: MISS
alt-svc: h3=":443"; ma=86400
content-length: 280533
last-modified: Wed, 20 Mar 2024 18:18:25 GMT
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=kpf8CXV7lAPZD2fTh7oEYYAZqdgs3uBi%2BkLogQn2gaXeenk3l3KuoDygz%2BKqZK7kpo8jC1mwSSuE8PBTZciPMWh%2BchRO2pl%2BlOdfH6GkeUYxnIpzSffQXq0XU39w2KAw1E7gYSjVe%2BORpWaMl9ssQe5fDUv6vOU%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: public, max-age=604800
x-turbo-charged-by: LiteSpeed
accept-ranges: bytes
cf-ray: 867f434ab8eb4bc6-BUF
expires: Thu, 28 Mar 2024 16:19:24 GMT

POST
H3 200 867f432d6d774bd5 Show response
bestsignpst.subreact.com/cdn-cgi/challenge-platform/h/b/jsd/r/ Frame 54E6 0
609 B 57ms
56ms XHR
text/plain 2606:4700:3037::ac43:8a05
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://bestsignpst.subreact.com/cdn-cgi/challenge-platform/h/b/jsd/r/867f432d6d774bd5
Requested by: Host: bestsignpst.subreact.com
URL: https://bestsignpst.subreact.com/cdn-cgi/challenge-platform/scripts/jsd/main.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3037::ac43:8a05 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36
Content-Type: application/json

Response headers

date: Thu, 21 Mar 2024 16:19:19 GMT
content-encoding: br
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=J3HqVicX4qI3hWCcKlJl9HjhNOTTF8BfDKh9e9BxDmsniTZz2p6XJfNsRbbH%2B7Tg%2FzhNKutIIdZ1Q6hL9qUHv8jhRNfVbpPVY6nQpTS2W0AkS0g%2FsffAu9%2FUHaVcLw7N0oHbWDsK4i3EkOIsTJdSTQQ3YGLBWxo%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/plain; charset=UTF-8
cf-ray: 867f434cc9b34bc6-BUF
alt-svc: h3=":443"; ma=86400

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Postbank (Banking)

3 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 function| $ function| jQuery

2 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			bestsignpst.subreact.com/	1969-12-31 23:59:59	Name: PHPSESSID Value: ae00d5cc2619fdc54dc970d901634e9b
			.subreact.com/	1970-01-21 04:02:53	Name: cf_clearance Value: ieTNP02WJZ2HnSJGjiuZmUdO9T2tfDNP3wf.y9.dfM4-1711037959-1.0.1.1-WlV0yE1Rh5sgfAvV_sLCuqb4nFeqW3iZADgsoEGUO.koMCj0h83HTfGGiRZOVNr83uojdBYlNOr1D.THHbejYQ

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://bestsignpst.subreact.com/50e0a726a6efa6a56d29/templates/index.php?redirection= Message: Failed to load resource: the server responded with a status of 500 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

bestsignpst.subreact.com
2606:4700:3037::ac43:8a05
08e44df79f033daeb0375efd0c62ec5e3b13467388ed36815062f89ab2662940
0caf058c53fc03f37915f7f4738582b863b20f34bf1bc53c890436bdf465dae0
4234c9d249b123ab48cc0a84aa28da79ad9aab9581a41616ed6b85f5a7f9d741
4c24dfd28784ad2befb3dafaac6bf1ed4e7cd58cce713d9a0b228d426e812baf
53faa6160e2e2c98ad0fc6a557b888d94d2400a0156a7dfe05584501704fc52d
550778f7050b2f39fc38c8e326c78e0a53921774f9f39dd3685f1c73efee2613
89a15e9c40bc6b14809f236ee8cd3ed1ea42393c1f6ca55c7855cd779b3f922e
98f8b4b01ebae4460dd4c9b90a9c3a623f5263bfc51bcc3c8926ca3d4b8e9bdc
cb1b7d8d4cb4f503be126aaab18302b91acebb80d5f49b476c834c10fb9d76d3
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
ed32594ab88d0b8594b1978ff2cb2489ae234186e9e3d6c404731aa04fe20abd
fe5103f855975085f28d2a255145a386f30d2afe2a1b26fa9943d74b54859b7b

bestsignpst.subreact.com Open in urlscan Pro 2606:4700:3037::ac43:8a05 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

13 Requests

85 %HTTPS

100 %IPv6

1 Domains

1 Subdomains

1 IPs

1 Countries

1552 kBTransfer

1891 kBSize

2 Cookies

0 Outgoing links

Redirected requests

13 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

3 JavaScript Global Variables

2 Cookies

1 Console Messages

Security Headers

Indicators

bestsignpst.subreact.com Open in urlscan Pro
2606:4700:3037::ac43:8a05 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

13
Requests

85 %
HTTPS

100 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

1552 kB
Transfer

1891 kB
Size

2
Cookies

13 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!