hotel-75075.eu Open in urlscan Pro
172.67.217.173 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://hotel-75075.eu/auth/74972850
Submission: On August 07 via manual (August 7th 2024, 7:33:40 am UTC) from PH — Scanned from DE

Summary HTTP 9 Redirects Links 3 Behaviour Indicators

Summary

This website contacted 6 IPs in 2 countries across 5 domains to perform 9 HTTP transactions. The main IP is 172.67.217.173, located in United States and belongs to CLOUDFLARENET, US. The main domain is hotel-75075.eu.
TLS certificate: Issued by WE1 on July 28th 2024. Valid for: 3 months.

This is the only time hotel-75075.eu was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Booking (Travel)

Domain & IP information

	IP Address	AS Autonomous System
3	172.67.217.173 172.67.217.173	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6812:ba1f	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a04:4e42:200... 2a04:4e42:200::649	54113 (FASTLY) (FASTLY)
2	104.17.24.14 104.17.24.14	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2600:9000:266... 2600:9000:266e:a600:5:bf05:acc0:93a1	16509 (AMAZON-02) (AMAZON-02)
9	6

3 172.67.217.173 (United States)

ASN13335 (CLOUDFLARENET, US)

hotel-75075.eu	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6812:ba1f (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.jsdelivr.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a04:4e42:200::649 (United States)

ASN54113 (FASTLY, US)

code.jquery.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.17.24.14 (None, )

ASN13335 (CLOUDFLARENET, US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:266e:a600:5:bf05:acc0:93a1 (United States)

ASN16509 (AMAZON-02, US)

cf.bstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
3	hotel-75075.eu hotel-75075.eu	29 KB
2	cloudflare.com cdnjs.cloudflare.com — Cisco Umbrella Rank: 336	28 KB
1	bstatic.com cf.bstatic.com — Cisco Umbrella Rank: 19480	3 KB
1	jquery.com code.jquery.com — Cisco Umbrella Rank: 1211	31 KB
1	jsdelivr.net cdn.jsdelivr.net — Cisco Umbrella Rank: 410	31 KB
9	5

	Domain	Requested by
3	hotel-75075.eu	code.jquery.com
2	cdnjs.cloudflare.com	hotel-75075.eu
1	cf.bstatic.com	hotel-75075.eu
1	code.jquery.com	hotel-75075.eu
1	cdn.jsdelivr.net	hotel-75075.eu
9	5

This site contains links to these domains. Also see Links.

Domain
partner.booking.com
www.booking.com
admin.booking.com

Subject Issuer	Validity	Valid
hotel-75075.eu WE1	`2024-07-28` - `2024-10-26`	3 months	crt.sh
*.jsdelivr.net Sectigo RSA Domain Validation Secure Server CA	`2024-05-04` - `2025-05-04`	a year	crt.sh
*.jquery.com Sectigo ECC Domain Validation Secure Server CA	`2024-06-25` - `2025-06-25`	a year	crt.sh
cdnjs.cloudflare.com WE1	`2024-07-31` - `2024-10-29`	3 months	crt.sh
*.bstatic.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-11-29` - `2024-11-28`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://hotel-75075.eu/auth/74972850
Frame ID: 6B03F6C1C12EE2F058F2BC141ACA78E7
Requests: 9 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Login | Booking.com

Detected technologies

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

jsDelivr (CDN) Expand

Overall confidence: 100%
Detected patterns

<link [^>]*?href="?[a-zA-Z]*?:?//cdn\.jsdelivr\.net/
//cdn\.jsdelivr\.net/

Page Statistics

9
Requests

89 %
HTTPS

60 %
IPv6

5
Domains

5
Subdomains

6
IPs

2
Countries

121 kB
Transfer

643 kB
Size

0
Cookies

3 Outgoing links

These are links going to different origins than the main page.

URL: https://partner.booking.com/en?utm_source=extranet_login_page
Title: Partner Help Center

Search URL Search Domain Scan URL

URL: https://www.booking.com/general.ru.html?tmpl=docs/terms_of_use
Title: Terms and Conditions

Search URL Search Domain Scan URL

URL: https://admin.booking.com/hotel/hoteladmin/privacy.html?lang=ru
Title: Privacy Statement

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

9 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H3 200 Primary Request 74972850 Show response
hotel-75075.eu/auth/ 163 KB
28 KB 277ms
196ms Document
text/html 172.67.217.173
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://hotel-75075.eu/auth/74972850
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.217.173 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: eeec279ff4d7dfa3d7ebd212f4ea9beadfa280b8ab571dc28cda92ee44ffb989

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 8af59455cc991c3c-FRA
content-encoding: br
content-type: text/html; charset=UTF-8
date: Wed, 07 Aug 2024 07:33:36 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=tqudbBP9bj01gYX3FrfShxlf7k6IXQ9Ty9%2Fc8dUgl23UursMiXbv7SgdqJRO7k5L%2FRZfTE3f%2FYFgkXuOcHrRhN7EoaFCzn2m4aCvIPxwJvwZJhnmykOMr2YIEqIJWBVv%2FA%3D%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed

GET
H2 200 bootstrap.min.css
cdn.jsdelivr.net/npm/bootstrap@5.3.2/dist/css/ 227 KB
31 KB 79ms
28ms Stylesheet
text/css 2606:4700::6812:ba1f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/npm/bootstrap@5.3.2/dist/css/bootstrap.min.css

Requested by

Host: hotel-75075.eu
URL: https://hotel-75075.eu/auth/74972850

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:ba1f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3017df4a76db5f01c2b99b603d88b03106df13bcfe18e67b7c13c2341d3a67df

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://hotel-75075.eu/
Origin: https://hotel-75075.eu
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Wed, 07 Aug 2024 07:33:36 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 12672033
x-jsd-version: 5.3.2
x-cache: HIT, MISS
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 30835
x-served-by: cache-fra-etou8220083-FRA, cache-lga21980-LGA
x-jsd-version-type: version
server: cloudflare
etag: W/"38df4-HxOZgbm0enZu+gphu3ito1HxbEs"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=c8oi8ETzNitA7KMZiyByRqr0g%2By1rG5eS%2FU67cd1KEHemEhQMeJcRCSbvpdiDOrlzZ4ay1%2BuyABXb632nn8yfS5y%2FW1XPBvp6hTj0mtM50EApZSawaA6QYfOObath4KNfVx5mFUqXmE8c0cgDts%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 8af594576ee6360e-FRA

GET
H2 200 jquery-3.6.0.min.js Show response
code.jquery.com/ 87 KB
31 KB 64ms
18ms Script
application/javascript 2a04:4e42:200::649
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://code.jquery.com/jquery-3.6.0.min.js
Requested by: Host: hotel-75075.eu
URL: https://hotel-75075.eu/auth/74972850
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:4e42:200::649 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e

Request headers

Referer: https://hotel-75075.eu/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Wed, 07 Aug 2024 07:33:36 GMT
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
age: 1033762
x-cache: HIT, HIT
cross-origin-resource-policy: cross-origin
content-length: 30875
x-served-by: cache-lga21931-LGA, cache-fra-etou8220066-FRA
last-modified: Fri, 18 Oct 1991 12:00:00 GMT
server: nginx
x-timer: S1723016017.538609,VS0,VE0
etag: W/"28feccc0-15d9d"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=604800
accept-ranges: bytes
x-cache-hits: 8, 56990

GET
H3 200 all.min.css
cdnjs.cloudflare.com/ajax/libs/font-awesome/6.6.0/css/ 94 KB
19 KB 71ms
41ms Stylesheet
text/css 104.17.24.14
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.6.0/css/all.min.css

Requested by

Host: hotel-75075.eu
URL: https://hotel-75075.eu/auth/74972850

Protocol

Security

QUIC, , AES_128_GCM

Server

104.17.24.14 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e5e202e3c899507992952533f57b634722b69b34241d271963559d31aa33ef81

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Referer
Origin: https://hotel-75075.eu
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Wed, 07 Aug 2024 07:33:36 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
age: 106945
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 18714
last-modified: Tue, 16 Jul 2024 17:07:36 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "6696a8d8-491a"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=OtedZS8rPjFC0dRvELF7eIioIgGCHEYmcdQgVpioINVnAa11B4ankxt4COJHIF1KHBMYlUz85wka43m1TlAArMwZrRE9JlCDG%2F790vvd8lgfwZxO1YuZe%2FLRio5A8lZRZIhHj0mW"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 8af5945748ea049b-FRA
expires: Mon, 28 Jul 2025 07:33:36 GMT

GET
H3 200 bootstrap-icons.min.css
cdnjs.cloudflare.com/ajax/libs/bootstrap-icons/1.8.1/font/ 69 KB
9 KB 77ms
47ms Stylesheet
text/css 104.17.24.14
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/bootstrap-icons/1.8.1/font/bootstrap-icons.min.css

Requested by

Host: hotel-75075.eu
URL: https://hotel-75075.eu/auth/74972850

Protocol

Security

QUIC, , AES_128_GCM

Server

104.17.24.14 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a46889667faf91041d80d4d87110333e8ecd12fb712c8c6a04460840cfbe7ed6

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Referer: https://hotel-75075.eu/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Wed, 07 Aug 2024 07:33:36 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
age: 387852
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 8381
last-modified: Tue, 08 Feb 2022 09:30:35 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "6202383b-20bd"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ITEwU%2FgIzy5EyNAfYalP6GeEgGaMhRHNNLcNTFW9YHJDWB7119ACQQ%2FqEcXxBFZtSHUSbmHyXQvhCn%2Bor9g7cUehh%2B1mW%2FqUD9x4iXCXXCjg0C3RtAelTK5vFxOn0uhJu4d3FlfX"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 8af5945748971973-FRA
expires: Mon, 28 Jul 2025 07:33:36 GMT

GET
H2 200 48b93bb3ece86daba8f14ceb399d2d14e1f98e17.png
cf.bstatic.com/static/img/propertyapp/pulse-icon/ 3 KB
3 KB 74ms
20ms Image
image/png 2600:9000:266e:a600:5:bf05:acc0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cf.bstatic.com/static/img/propertyapp/pulse-icon/48b93bb3ece86daba8f14ceb399d2d14e1f98e17.png

Requested by

Host: hotel-75075.eu
URL: https://hotel-75075.eu/auth/74972850

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:266e:a600:5:bf05:acc0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

7981ede89a44f2569f030222c9dd4f48fa3c97ef6d6eb43ee7d7adde3ba47abd

Security Headers

Name	Value
X-Xss-Protection	1; mode=block

Request headers

Referer: https://hotel-75075.eu/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Sat, 20 Jul 2024 23:04:08 GMT
via: 1.1 fbd2b51fce9ee4f3aa7b93dbbda3d698.cloudfront.net (CloudFront)
nel: {"report_to":"default","max_age":600}
x-amz-cf-pop: FRA56-P8
age: 1499368
x-cache: Hit from cloudfront
content-length: 2585
x-xss-protection: 1; mode=block
last-modified: Tue, 19 Sep 2023 07:57:21 GMT
server: nginx
etag: "65095461-a19"
report-to: {"endpoints":[{"url":"https://nellie.booking.com/report"}],"max_age":600,"group":"default","failure_fraction":0.05}
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=2592000
accept-ranges: bytes
timing-allow-origin: *
x-amz-cf-id: GoLm2fOFHmrTuU83ulTmENegryxsGGVEh7-9zBd-cHi6U9vIeGhWRQ==
expires: Mon, 19 Aug 2024 23:04:08 GMT

GET
H3 404 favicon.ico
hotel-75075.eu/ 17 B
474 B 58ms
57ms Other
text/html 172.67.217.173
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://hotel-75075.eu/favicon.ico
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.217.173 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5affa53505dd2db30933985f200d163b5b5cd70581993cdb33360cebab66a7c1

Request headers

Referer: https://hotel-75075.eu/auth/74972850
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Wed, 07 Aug 2024 07:33:36 GMT
content-encoding: br
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=vY0%2BJGHXW%2BDV8IVOeqOk2m1JUp7GflnMMP7j1Ks9uh4m%2FBNwfGdp4lrlDGyQLgyDFsjy%2BCu8s0rTYlwqe9sfzCUDnWffSHH3edznrYBMYksdif2LUEJKGhA1PinQSqBwtg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/html; charset=UTF-8
cache-control: max-age=14400
x-turbo-charged-by: LiteSpeed
cf-ray: 8af59457df1a1c3c-FRA
alt-svc: h3=":443"; ma=86400

POST
H3 200 74972850 Show response
hotel-75075.eu/auth/ 0
424 B 79ms
77ms XHR
text/html 172.67.217.173
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://hotel-75075.eu/auth/74972850
Requested by: Host: code.jquery.com
URL: https://code.jquery.com/jquery-3.6.0.min.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.217.173 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: */*
Referer: https://hotel-75075.eu/auth/74972850
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8

Response headers

date: Wed, 07 Aug 2024 07:33:38 GMT
content-encoding: br
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=NicTo48OUsXan3wtAJYEsI5dQ2Y0XxQATjnO%2FYf%2B748NAbUKQwQ684kTa5m7f%2BNVowew3ytlayGJNiiLbifQJJuiTe3uVGzKqeImJML461nCvFGd2gDOiQkSK48Jt13KpA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/html; charset=UTF-8
x-turbo-charged-by: LiteSpeed
cf-ray: 8af594645d641c3c-FRA
alt-svc: h3=":443"; ma=86400

POST 74972850
hotel-75075.eu/auth/ 0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: hotel-75075.eu
URL: https://hotel-75075.eu/auth/74972850

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Booking (Travel)

27 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

2 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
recommendation	verbose	URL: https://hotel-75075.eu/auth/74972850 Message: [DOM] Password field is not contained in a form: (More info: https://goo.gl/9p2vKq) %o
network	error	URL: https://hotel-75075.eu/favicon.ico Message: Failed to load resource: the server responded with a status of 404 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

cdn.jsdelivr.net
cdnjs.cloudflare.com
cf.bstatic.com
code.jquery.com
hotel-75075.eu
hotel-75075.eu
104.17.24.14
172.67.217.173
2600:9000:266e:a600:5:bf05:acc0:93a1
2606:4700::6812:ba1f
2a04:4e42:200::649
3017df4a76db5f01c2b99b603d88b03106df13bcfe18e67b7c13c2341d3a67df
5affa53505dd2db30933985f200d163b5b5cd70581993cdb33360cebab66a7c1
7981ede89a44f2569f030222c9dd4f48fa3c97ef6d6eb43ee7d7adde3ba47abd
a46889667faf91041d80d4d87110333e8ecd12fb712c8c6a04460840cfbe7ed6
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e5e202e3c899507992952533f57b634722b69b34241d271963559d31aa33ef81
eeec279ff4d7dfa3d7ebd212f4ea9beadfa280b8ab571dc28cda92ee44ffb989
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e

hotel-75075.eu Open in urlscan Pro 172.67.217.173 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

9 Requests

89 %HTTPS

60 %IPv6

5 Domains

5 Subdomains

6 IPs

2 Countries

121 kBTransfer

643 kBSize

0 Cookies

3 Outgoing links

Redirected requests

9 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

27 JavaScript Global Variables

0 Cookies

2 Console Messages

Indicators

hotel-75075.eu Open in urlscan Pro
172.67.217.173 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

9
Requests

89 %
HTTPS

60 %
IPv6

5
Domains

5
Subdomains

6
IPs

2
Countries

121 kB
Transfer

643 kB
Size

0
Cookies

9 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!