booking.verification71.com Open in urlscan Pro
2606:4700:3034::6815:363b Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://iplogger.cn/2lyQw2
Effective URL:
https://booking.verification71.com/?utm=Q0eSiSB6
Submission: On January 17 via manual (January 17th 2024, 3:56:21 pm UTC) from RO — Scanned from DE

Summary HTTP 6 Redirects Links 6 Behaviour Indicators

Summary

This website contacted 3 IPs in 2 countries across 3 domains to perform 6 HTTP transactions. The main IP is 2606:4700:3034::6815:363b, located in United States and belongs to CLOUDFLARENET, US. The main domain is booking.verification71.com.
TLS certificate: Issued by GTS CA 1P5 on January 17th 2024. Valid for: 3 months.

This is the only time booking.verification71.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Booking (Travel)

Domain & IP information

	IP Address	AS Autonomous System
1 1	104.21.14.168 104.21.14.168	13335 (CLOUDFLAR...) (CLOUDFLARENET)
4	2606:4700:303... 2606:4700:3034::6815:363b	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a04:4e42:200... 2a04:4e42:200::649	54113 (FASTLY) (FASTLY)
6	3

1 104.21.14.168 (None, ) 1 redirects

ASN13335 (CLOUDFLARENET, US)

iplogger.cn	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2606:4700:3034::6815:363b (United States)

ASN13335 (CLOUDFLARENET, US)

booking.verification71.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a04:4e42:200::649 (United States)

ASN54113 (FASTLY, US)

code.jquery.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
4	verification71.com booking.verification71.com	87 KB
1	jquery.com code.jquery.com — Cisco Umbrella Rank: 760	30 KB
1	iplogger.cn 1 redirects iplogger.cn	804 B
6	3

	Domain	Requested by
4	booking.verification71.com	booking.verification71.com
1	code.jquery.com	booking.verification71.com
1	iplogger.cn	1 redirects
6	3

This site contains links to these domains. Also see Links.

Domain
partner.booking.com
join.booking.com
www.booking.com
admin.booking.com

Subject Issuer	Validity	Valid
verification71.com GTS CA 1P5	`2024-01-17` - `2024-04-16`	3 months	crt.sh
*.jquery.com Sectigo RSA Domain Validation Secure Server CA	`2023-07-11` - `2024-07-14`	a year	crt.sh

This page contains 2 frames:

Primary Page: https://booking.verification71.com/?utm=Q0eSiSB6
Frame ID: A2ED237ACAA8E9530D3C6D8962A784F9
Requests: 8 HTTP requests in this frame

Frame: data://truncated
Frame ID: 56BEF9B6995F3081DB3A3EF194C353FD
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Booking.com

Page URL History Show full URLs

https://iplogger.cn/2lyQw2 HTTP 302
https://booking.verification71.com/?utm=Q0eSiSB6 Page URL

Detected technologies

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

6
Requests

83 %
HTTPS

67 %
IPv6

3
Domains

3
Subdomains

3
IPs

2
Countries

118 kB
Transfer

547 kB
Size

4
Cookies

6 Outgoing links

These are links going to different origins than the main page.

URL: https://partner.booking.com/node/2170?utm_source=account&utm_medium=support_link

Search URL Search Domain Scan URL

URL: https://partner.booking.com/en-us?utm_source=extranet_login_page
Title: Partner Help

Search URL Search Domain Scan URL

URL: https://partner.booking.com/en-us/node/27/?utm_content=27&utm_source=extranet_login_page
Title: Partner Community

Search URL Search Domain Scan URL

URL: https://join.booking.com/?lang=en-us&aid=304142&utm_campaign=v1&utm_source=extranet_login_page&utm_medium=extranet&utm_content=default
Title: Create your partner account

Search URL Search Domain Scan URL

URL: https://www.booking.com/general.en-us.html?tmpl=docs/terms_of_use
Title: Terms & Conditions

Search URL Search Domain Scan URL

URL: https://admin.booking.com/hotel/hoteladmin/privacy.html?lang=en-us
Title: Privacy Statement

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://iplogger.cn/2lyQw2 HTTP 302
https://booking.verification71.com/?utm=Q0eSiSB6 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

6 HTTP transactions
3 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request / Show response booking.verification71.com/ Redirect Chain https://iplogger.cn/2lyQw2 https://booking.verification71.com/?utm=Q0eSiSB6	459 KB 86 KB	269ms 185ms	Document text/html	2606:4700:3034::6815:363b CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://booking.verification71.com/?utm=Q0eSiSB6 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3034::6815:363b , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / PHP/7.2.24 Resource Hash `b6d55b2a1b76892b242a3fde00f42661a5e6601702b4c68ca1574ac695084be7` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers alt-svc h3=":443"; ma=86400 cf-cache-status DYNAMIC cf-ray 846fc98cafcc3a6e-FRA content-encoding br content-type text/html; charset=UTF-8 date Wed, 17 Jan 2024 15:56:16 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=j5w%2FBLDWcHkPlYVAnuz2cOhIIxVq9cJad1n8AxIggpZhQV8f9X2vrNUs7qAGgSxlLRSyRFFv0ARw1VFbKtvuZ2zHKDyqxscetO3HRoKWKrS%2BrmInNQSC%2FeS%2Fi51G5FGVsIacbs5oGP1bXXKnaFOUsLh48UKOT4yQkg%3D%3D"}],"group":"cf-nel","max_age":604800} server cloudflare x-powered-by PHP/7.2.24 Redirect headers alt-svc h3=":443"; ma=86400 cache-control no-store, no-cache, must-revalidate cf-cache-status DYNAMIC cf-ray 846fc98b5ca6b8fa-AMS content-security-policy img-src https: data:; upgrade-insecure-requests content-type text/html; charset=UTF-8 date Wed, 17 Jan 2024 15:56:16 GMT expires Wed, 17 Jan 2024 15:56:16 +0000 location https://booking.verification71.com/?utm=Q0eSiSB6 memory 0.42413330078125 nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Oa4taWZaJ3J5bhao%2FOBzvVY1%2BJYhgdsh%2BycO6TEkrWXQpddg2nEuHRIIp35EaYJGl5tFxCiFkaVFApCsteHrxYvLEoWExdLyfI7oRHNEaCst6jMA18PUG4Psl5xAAw%3D%3D"}],"group":"cf-nel","max_age":604800} server cloudflare strict-transport-security max-age=604800 max-age=31536000 x-frame-options SAMEORIGIN
GET DATA	200 OK	truncated /	642 B 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `a333d02eedde7a4dd8643d58b0ea7947268a1762f35f517eb6000ec9e7fcfae8` Request headers accept-language de-DE,de;q=0.9 Referer https://booking.verification71.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36 Response headers Content-Type image/png
GET DATA	200 OK	truncated /	35 B 0		Image image/gif
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `9b9265c69a5cc295d1ab0d04e0273b3677db1a6216ce2ccf4efc8c277ed84b39` Request headers accept-language de-DE,de;q=0.9 Referer https://booking.verification71.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36 Response headers Content-Type image/gif
GET H2	200	jquery-3.6.0.min.js Show response code.jquery.com/	87 KB 30 KB	89ms 29ms	Script application/javascript	2a04:4e42:200::649 FASTLY
General Check archive.org Show headers Download Go to Full URL https://code.jquery.com/jquery-3.6.0.min.js Requested by Host: booking.verification71.com URL: https://booking.verification71.com/?utm=Q0eSiSB6 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a04:4e42:200::649 , United States, ASN54113 (FASTLY, US), Reverse DNS Software nginx / Resource Hash `ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e` Request headers Referer https://booking.verification71.com/ Origin https://booking.verification71.com accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36 Response headers date Wed, 17 Jan 2024 15:56:17 GMT content-encoding gzip via 1.1 varnish, 1.1 varnish age 4904360 x-cache HIT, HIT content-length 30875 x-served-by cache-lga21931-LGA, cache-fra-eddf8230117-FRA last-modified Fri, 18 Oct 1991 12:00:00 GMT server nginx x-timer S1705506977.056185,VS0,VE0 etag W/"28feccc0-15d9d" vary Accept-Encoding content-type application/javascript; charset=utf-8 access-control-allow-origin * cache-control public, max-age=31536000, stale-while-revalidate=604800 accept-ranges bytes x-cache-hits 4, 2898501
GET DATA	200 OK	truncated / Frame 56BE	81 B 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `95518cbec0d55a574a9c8ef72a2a7d62ac0d40a4de5dfe67a76a7d214dc8b743` Request headers accept-language de-DE,de;q=0.9 Referer https://booking.verification71.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36 Response headers Content-Type image/png
POST H2	200	window.php Show response booking.verification71.com/	17 B 340 B	1146ms 1145ms	XHR text/html	2606:4700:3034::6815:363b CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://booking.verification71.com/window.php Requested by Host: booking.verification71.com URL: https://booking.verification71.com/?utm=Q0eSiSB6 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3034::6815:363b , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / PHP/7.2.24 Resource Hash `3dd6ce6d6c16a472bbb56ad171ecd50420232dc8c55e8fac71709c806527bd24` Request headers Referer https://booking.verification71.com/?utm=Q0eSiSB6 accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36 Content-type application/x-www-form-urlencoded Response headers date Wed, 17 Jan 2024 15:56:19 GMT content-encoding br cf-cache-status DYNAMIC nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare x-powered-by PHP/7.2.24 report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WTktoFFlV%2FcChZgYiBO%2BEFkbsh87U1En7Z7waNj4axZJaD6zVm7VelUxnDkZrCLdOrCCIgajHZQpariJ%2F8esedcMXlwgs6bEE53lOjTAQfq8KHxwzR8wjsMM%2FR3otlROuxWz49hu7i2g4k3rg8DMk7RdZrHxS%2BAfqg%3D%3D"}],"group":"cf-nel","max_age":604800} content-type text/html; charset=UTF-8 cf-ray 846fc99529063a6e-FRA alt-svc h3=":443"; ma=86400
POST H3	200	window.php Show response booking.verification71.com/	17 B 504 B	1175ms 1174ms	XHR text/html	2606:4700:3034::6815:363b CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://booking.verification71.com/window.php Requested by Host: booking.verification71.com URL: https://booking.verification71.com/?utm=Q0eSiSB6 Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3034::6815:363b , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / PHP/7.2.24 Resource Hash `3dd6ce6d6c16a472bbb56ad171ecd50420232dc8c55e8fac71709c806527bd24` Request headers Referer https://booking.verification71.com/?utm=Q0eSiSB6 accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36 Content-type application/x-www-form-urlencoded Response headers date Wed, 17 Jan 2024 15:56:20 GMT content-encoding br cf-cache-status DYNAMIC nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare x-powered-by PHP/7.2.24 report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vbL1O%2FuPB6OIWTVCqnGQpYllMXnC7PDQHPDXKF6GPe9SvphSeghY0JeQcC55aLN7biYNuoEAVmLNY01J1niCvD%2F23n55F0ZVWaoNTj5BOpuhHgEyAvfEFD0taTgmjT4qD2Kid%2BGeGu1itN9FYa9QaUGHZOgtjZWWtA%3D%3D"}],"group":"cf-nel","max_age":604800} content-type text/html; charset=UTF-8 cf-ray 846fc99b6bbd6ec7-CDG alt-svc h3=":443"; ma=86400
POST H3	200	window.php Show response booking.verification71.com/	17 B 469 B	1202ms 1202ms	XHR text/html	2606:4700:3034::6815:363b CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://booking.verification71.com/window.php Requested by Host: booking.verification71.com URL: https://booking.verification71.com/?utm=Q0eSiSB6 Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3034::6815:363b , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / PHP/7.2.24 Resource Hash `3dd6ce6d6c16a472bbb56ad171ecd50420232dc8c55e8fac71709c806527bd24` Request headers Referer https://booking.verification71.com/?utm=Q0eSiSB6 accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36 Content-type application/x-www-form-urlencoded Response headers date Wed, 17 Jan 2024 15:56:21 GMT content-encoding br cf-cache-status DYNAMIC nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare x-powered-by PHP/7.2.24 report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GGMBYvtAMG4VcwTiQOvUIuZYEgkmXzgS8m8J5zXE2dpOuT%2FTqZfMFPLwuIRzVqMroajwFwzhYd90rWaBgKRPvXBO8bousS1ieDs9dAE%2Bd4EFShs8o6N7ghP1jtARgB%2BGrfWTnF6cthGttBUHgbW0po71lwyGiyKvKQ%3D%3D"}],"group":"cf-nel","max_age":604800} content-type text/html; charset=UTF-8 cf-ray 846fc9a1ae3a6ec7-CDG alt-svc h3=":443"; ma=86400
POST		window.php booking.verification71.com/	0 0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: booking.verification71.com
URL: https://booking.verification71.com/window.php

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Booking (Travel)

8 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

4 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
iplogger.cn/	1970-01-21 02:32:09	Name: 523005483240163564 Value: 3
iplogger.cn/	1970-01-21 02:32:09	Name: clhf03028ja Value: 193.32.248.236
booking.verification71.com/	1969-12-31 23:59:59	Name: bk-utm Value: Q0eSiSB6
booking.verification71.com/	1969-12-31 23:59:59	Name: admin-bk Value: 83224954

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

booking.verification71.com
code.jquery.com
iplogger.cn
booking.verification71.com
104.21.14.168
2606:4700:3034::6815:363b
2a04:4e42:200::649
3dd6ce6d6c16a472bbb56ad171ecd50420232dc8c55e8fac71709c806527bd24
95518cbec0d55a574a9c8ef72a2a7d62ac0d40a4de5dfe67a76a7d214dc8b743
9b9265c69a5cc295d1ab0d04e0273b3677db1a6216ce2ccf4efc8c277ed84b39
a333d02eedde7a4dd8643d58b0ea7947268a1762f35f517eb6000ec9e7fcfae8
b6d55b2a1b76892b242a3fde00f42661a5e6601702b4c68ca1574ac695084be7
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e

booking.verification71.com Open in urlscan Pro 2606:4700:3034::6815:363b Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

6 Requests

83 %HTTPS

67 %IPv6

3 Domains

3 Subdomains

3 IPs

2 Countries

118 kBTransfer

547 kBSize

4 Cookies

6 Outgoing links

Page URL History

Redirected requests

6 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 3 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

8 JavaScript Global Variables

4 Cookies

Indicators

booking.verification71.com Open in urlscan Pro
2606:4700:3034::6815:363b Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

6
Requests

83 %
HTTPS

67 %
IPv6

3
Domains

3
Subdomains

3
IPs

2
Countries

118 kB
Transfer

547 kB
Size

4
Cookies

6 HTTP transactions
3 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!