urlscan.io logo urlscan.io
SecurityTrails logo

booking.com-found-12313.net Open in urlscan Pro
2606:4700:3031::ac43:8580  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
URL: http://booking.com-found-12313.net/6362231279
Submission: On February 25 via automatic, source openphish — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 4 IPs in 1 countries across 4 domains to perform 17 HTTP transactions. The main IP is 2606:4700:3031::ac43:8580, located in United States and belongs to CLOUDFLARENET, US. The main domain is booking.com-found-12313.net.
This is the only time booking.com-found-12313.net was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Booking (Travel)

Domain & IP information

IP Address AS Autonomous System
1 15 2606:4700:303... 13335 (CLOUDFLAR...)
1 2600:9000:20c... 16509 (AMAZON-02)
1 2606:4700::68... 13335 (CLOUDFLAR...)
2 3 18.245.60.76 16509 (AMAZON-02)
17 4
Apex Domain
Subdomains		 Transfer
15 com-found-12313.net
booking.com-found-12313.net
202 KB
3 booking.com
booking.com — Cisco Umbrella Rank: 7442
www.booking.com — Cisco Umbrella Rank: 9295
2 KB
1 cloudflare.com
cdnjs.cloudflare.com — Cisco Umbrella Rank: 226
6 KB
1 bstatic.com
q-xx.bstatic.com — Cisco Umbrella Rank: 15560
130 KB
17 4
Domain Requested by
15 booking.com-found-12313.net 1 redirects booking.com-found-12313.net
2 www.booking.com 1 redirects
1 booking.com 1 redirects
1 cdnjs.cloudflare.com booking.com-found-12313.net
1 q-xx.bstatic.com booking.com-found-12313.net
17 5

This site contains no links.

Subject Issuer Validity Valid
*.bstatic.com
DigiCert Global G2 TLS RSA SHA256 2020 CA1		 2023-11-29 -
2024-11-28		 a year crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3		 2023-07-03 -
2024-07-02		 a year crt.sh

This page contains 2 frames:

Primary Page: http://booking.com-found-12313.net/6362231279
Frame ID: CDA641CA7680B6DC31E8FEF4C521347C
Requests: 9 HTTP requests in this frame

Frame: http://booking.com-found-12313.net/chat/6362231279
Frame ID: D7B11E249DD0DD52D651DC73152E4881
Requests: 8 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Booking.com | Official site | The best hotels & accommodation

Detected technologies

Overall confidence: 100%
Detected patterns
  • (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
Overall confidence: 100%
Detected patterns
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

17
Requests

12 %
HTTPS

75 %
IPv6

4
Domains

5
Subdomains

4
IPs

1
Countries

337 kB
Transfer

1860 kB
Size

2
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 15
  • http://booking.com-found-12313.net/chat/%7Bimage%7D HTTP 302
  • https://booking.com/ HTTP 301
  • https://www.booking.com/ HTTP 302
  • https://www.booking.com/index.de.html?label=gen173rf-1BCAEoggI46AdIM1gDaDuIAQGYAQe4ARjIAQzYAQHoAQGIAgGiAhtib29raW5nLmNvbS1mb3VuZC0xMjMxMy5uZXSoAgS4Av6x6q4GwAIB0gIkMWFjM2NmNTQtMDkyMC00MzliLWI3NWYtNzRlNmNiZjQyOTkw2AIF4AIB&sid=cb0806acb35bf57193650e59d961e461&keep_landing=1&sb_price_type=total&

17 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request 6362231279
booking.com-found-12313.net/ 		98 KB
18 KB 		Document
General
Check archive.org
Download Go to
Full URL
http://booking.com-found-12313.net/6362231279
Protocol
HTTP/1.1
Server
2606:4700:3031::ac43:8580 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d10a20061e817a460a88f25e0861c58f3f82d4b85aaff4e25e1bf1dc392febbe

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

CF-Cache-Status
DYNAMIC
CF-RAY
85ac33ca7a4f6656-AMS
Cache-Control
no-store, no-cache, must-revalidate
Connection
keep-alive
Content-Encoding
gzip
Content-Type
text/html; charset=UTF-8
Date
Sun, 25 Feb 2024 01:33:48 GMT
Expires
Thu, 19 Nov 1981 08:52:00 GMT
NEL
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Pragma
no-cache
Report-To
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=I93s%2FIgM%2FwGA4uBsg8AivhvtP55GLA5FwAJHgmiSa9Q15iI%2FLHQXijfBOGOyZBApmCBolLiplCUJJIXR7mMX%2BIojwWcI8C5CgmbN4hMtXKldkMG1sQQV871NDx71jPf7GbnWF%2B69y6N0zWcjlGhzEGbXAbLOjgCPbSA%3D"}],"group":"cf-nel","max_age":604800}
Server
cloudflare
Transfer-Encoding
chunked
Vary
Accept-Encoding
alt-svc
h3=":443"; ma=86400
styles3.css
booking.com-found-12313.net/css/booking1/ 		34 KB
8 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
http://booking.com-found-12313.net/css/booking1/styles3.css
Requested by
Host: booking.com-found-12313.net
URL: http://booking.com-found-12313.net/6362231279
Protocol
HTTP/1.1
Server
2606:4700:3031::ac43:8580 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
dc052d928f0a7507aba9d381da1f927298df5c0cb802d302a77ba196d9f47317

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://booking.com-found-12313.net/6362231279
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

Date
Sun, 25 Feb 2024 01:33:49 GMT
Content-Encoding
gzip
CF-Cache-Status
REVALIDATED
Last-Modified
Sat, 03 Feb 2024 21:19:12 GMT
NEL
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server
cloudflare
ETag
W/"65beadd0-8950"
Transfer-Encoding
chunked
Report-To
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bmDVQzpyxi0grrbuuqADIr%2BImteYL0QtblUZVRbI9oQ0Uar9drBjRTzypG6rC5gLOjQClZsUeGp5hJqgWgzjJuSAeigdXQaKlLRm3EagK0ajwVZwkDLQab5gTFsIU3g4IPVN6ZweuLBlLvHdEe95Dq4Pwy9t%2BFMtOlQ%3D"}],"group":"cf-nel","max_age":604800}
Content-Type
text/css
Vary
Accept-Encoding
Cache-Control
max-age=14400
Connection
keep-alive
CF-RAY
85ac33cc784ed532-CDG
alt-svc
h3=":443"; ma=86400
chat.css
booking.com-found-12313.net/build/ 		3 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
http://booking.com-found-12313.net/build/chat.css
Requested by
Host: booking.com-found-12313.net
URL: http://booking.com-found-12313.net/6362231279
Protocol
HTTP/1.1
Server
2606:4700:3031::ac43:8580 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
1fc1e7ad40e4ae54f2dbd4b1f8b0b09482bbcae9524a3a1743f0f5da062740d8

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://booking.com-found-12313.net/6362231279
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

Date
Sun, 25 Feb 2024 01:33:49 GMT
Content-Encoding
gzip
CF-Cache-Status
REVALIDATED
Last-Modified
Sat, 03 Feb 2024 21:18:50 GMT
NEL
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server
cloudflare
ETag
W/"65beadba-a0e"
Transfer-Encoding
chunked
Report-To
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=olen1hYeiNqQ9O5RGD%2BDCO8TVRCYbQ7NxFhfW7gXzFK5AVCvbexFyRtPF7EPyBNIe3ozFaCVWi6v5EXM%2Fc5O31qDYRE3%2B8TfNEnGOyW30JyzlX9Ro%2BnDXd3zz7r5GsHtMyChTf2zOij6%2BFLeaWa6qr4MlZNkiZf2LSA%3D"}],"group":"cf-nel","max_age":604800}
Content-Type
text/css
Vary
Accept-Encoding
Cache-Control
max-age=14400
Connection
keep-alive
CF-RAY
85ac33ccac386656-AMS
alt-svc
h3=":443"; ma=86400
submit.js
booking.com-found-12313.net/css/booking1/ 		22 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
http://booking.com-found-12313.net/css/booking1/submit.js
Requested by
Host: booking.com-found-12313.net
URL: http://booking.com-found-12313.net/6362231279
Protocol
HTTP/1.1
Server
2606:4700:3031::ac43:8580 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
9cd9d78e7013b1d96cf305c9010d521a75f0bfabc5a0d79d46acc6d60b85ac82

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://booking.com-found-12313.net/6362231279
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

Date
Sun, 25 Feb 2024 01:33:49 GMT
Content-Encoding
gzip
CF-Cache-Status
REVALIDATED
Last-Modified
Sat, 03 Feb 2024 21:19:13 GMT
NEL
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server
cloudflare
ETag
W/"65beadd1-56f2"
Transfer-Encoding
chunked
Report-To
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5HRQOQwVBuBBkbWLKrD04lrhD3tmgS2Dr3OSQGNgwNsef4vYQy5LSwDdYaYV1TaqV7WSSeS66ut6pBDki2EUmt0Po6Tqp%2F4wNrOSFjHvwZS6VTFQi%2BMk3RxgnSGlDxq4JdfaIvXfsaS8dgWAOzVBMUtbcRbnMKyxRTo%3D"}],"group":"cf-nel","max_age":604800}
Content-Type
application/javascript
Vary
Accept-Encoding
Cache-Control
max-age=14400
Connection
keep-alive
CF-RAY
85ac33cdc88ad532-CDG
alt-svc
h3=":443"; ma=86400
blur_input.js
booking.com-found-12313.net/css/booking1/ 		21 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
http://booking.com-found-12313.net/css/booking1/blur_input.js
Requested by
Host: booking.com-found-12313.net
URL: http://booking.com-found-12313.net/6362231279
Protocol
HTTP/1.1
Server
2606:4700:3031::ac43:8580 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
5eaae12a5b85c3a24efd4d581e61ef3773befd9f64b1421c678038bf17c559ba

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://booking.com-found-12313.net/6362231279
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

Date
Sun, 25 Feb 2024 01:33:49 GMT
Content-Encoding
gzip
CF-Cache-Status
REVALIDATED
Last-Modified
Sat, 03 Feb 2024 21:19:12 GMT
NEL
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server
cloudflare
ETag
W/"65beadd0-5465"
Transfer-Encoding
chunked
Report-To
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=uip%2FaqlEg7mX2m6ZELxha9dP0ys%2FoBGGFWQ1lbOX1pRhYcYz5MoMN5OwonytKArNTnRQR5QvsKf%2FW3FxKq%2BPNLwK4rMXewCdn1ffmRujQoSiOmuVekL2olqPAP%2F2jZ6xngWgVJSKTMeJLM8ZLKWRSF6Ne9kxGYO1Lgc%3D"}],"group":"cf-nel","max_age":604800}
Content-Type
application/javascript
Vary
Accept-Encoding
Cache-Control
max-age=14400
Connection
keep-alive
CF-RAY
85ac33cded4d6656-AMS
alt-svc
h3=":443"; ma=86400
jquery.min.js
booking.com-found-12313.net/js/ 		87 KB
31 KB 		Script
General
Check archive.org
Download Go to
Full URL
http://booking.com-found-12313.net/js/jquery.min.js
Requested by
Host: booking.com-found-12313.net
URL: http://booking.com-found-12313.net/6362231279
Protocol
HTTP/1.1
Server
2606:4700:3031::ac43:8580 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://booking.com-found-12313.net/6362231279
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

Date
Sun, 25 Feb 2024 01:33:49 GMT
Content-Encoding
gzip
CF-Cache-Status
HIT
NEL
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Age
940
Transfer-Encoding
chunked
Connection
keep-alive
alt-svc
h3=":443"; ma=86400
Last-Modified
Sat, 03 Feb 2024 21:19:39 GMT
Server
cloudflare
ETag
W/"65beadeb-15d84"
Vary
Accept-Encoding
Report-To
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=midtaiv9BQOnCDelVx2Q2oSaR4bj94qQ1X%2Fn5G6RHnJsErx9cSd8eMzMnbQHAtbwJXVo%2B3Yg9CzNBJicER87zTNA39mf9nLs0kWtCgqQjmnyWWPovzjCQu8v9YxG3hpX3ptIX4U1E9bp%2BEPJnh2VcbOoiMiKByVcsdw%3D"}],"group":"cf-nel","max_age":604800}
Content-Type
application/javascript
Cache-Control
max-age=14400
CF-RAY
85ac33cd3dbe42b8-EWR
527264061.jpg
q-xx.bstatic.com/xdata/images/hotel/max1024x768/ 		130 KB
130 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://q-xx.bstatic.com/xdata/images/hotel/max1024x768/527264061.jpg?k=e1d0625677e498356918c49d8ef447ea674a12f207f9a233a304c766de729f14&o=
Requested by
Host: booking.com-found-12313.net
URL: http://booking.com-found-12313.net/6362231279
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:20c3:ec00:5:bf05:acc0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
c3874ee4d16dcefd8c01f6edbac77e142788150469d7880dc049e13b7cf8ff74
Security Headers
Name Value
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://booking.com-found-12313.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date
Fri, 23 Feb 2024 11:36:15 GMT
via
1.1 af3abf09293a5c762de5e451f8d6a912.cloudfront.net (CloudFront)
server
nginx
x-amz-cf-pop
MUC50-C1
age
136653
etag
"9b4407ba8ec6ef8c23aad3b7c3e3ce403e02a1eb"
x-cache
Hit from cloudfront
content-language
132791
access-control-allow-origin
*
content-type
image/jpeg
cache-control
max-age=2592000
timing-allow-origin
*
x-amz-cf-id
8AXLuucrsgNKKiTffokbZj9KD68vl1Bm4BATqr0_E1htMdaQeqsorQ==
x-xss-protection
1; mode=block
6362231279
booking.com-found-12313.net/chat/ Frame D7B1 		29 KB
9 KB 		Document
General
Check archive.org
Download Go to
Full URL
http://booking.com-found-12313.net/chat/6362231279
Requested by
Host: booking.com-found-12313.net
URL: http://booking.com-found-12313.net/6362231279
Protocol
HTTP/1.1
Server
2606:4700:3031::ac43:8580 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d00b0249e2f03fc62f3f67b6316cfed445099ea3a5c495e3209fa11b2f5bbe01

Request headers

Referer
http://booking.com-found-12313.net/6362231279
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

CF-Cache-Status
DYNAMIC
CF-RAY
85ac33ce3f3942b8-EWR
Cache-Control
no-store, no-cache, must-revalidate
Connection
keep-alive
Content-Encoding
gzip
Content-Type
text/html; charset=UTF-8
Date
Sun, 25 Feb 2024 01:33:49 GMT
Expires
Thu, 19 Nov 1981 08:52:00 GMT
NEL
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Pragma
no-cache
Report-To
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pDQ1gR72RpEwv5vB0HnR12MeNIp65sXpfxEc6Wyqf2Pf65citpiAPYw%2Bbo4NaUkhjDIXkhCZorQcGqaJHnUpxy4kTpRgHC1cqQrMCc3IFfDsR60ToJ4jw7QCCB6CgupMcYrVWTMtwQqZ7DRb3o5UdD3EzAwU6mipigA%3D"}],"group":"cf-nel","max_age":604800}
Server
cloudflare
Transfer-Encoding
chunked
Vary
Accept-Encoding
alt-svc
h3=":443"; ma=86400
user_send_status.php
booking.com-found-12313.net/ajax/ 		0
778 B 		XHR
General
Check archive.org
Download Go to
Full URL
http://booking.com-found-12313.net/ajax/user_send_status.php
Requested by
Host: booking.com-found-12313.net
URL: http://booking.com-found-12313.net/js/jquery.min.js
Protocol
HTTP/1.1
Server
2606:4700:3031::ac43:8580 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept
application/json, text/javascript, */*; q=0.01
Referer
http://booking.com-found-12313.net/6362231279
X-Requested-With
XMLHttpRequest
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36
Content-Type
application/x-www-form-urlencoded; charset=UTF-8

Response headers

Pragma
no-cache
Date
Sun, 25 Feb 2024 01:33:49 GMT
Content-Encoding
gzip
CF-Cache-Status
DYNAMIC
NEL
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server
cloudflare
Transfer-Encoding
chunked
Report-To
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Kt2R1dHjbV9zSeEvJgHSMt42jiqkkKmn0jhnP2dIRL%2BfnavJhOOVdD0gfuGFynAMRcVbzmZP4Le9czAiEoDqbwNWvRLgmT8Of8gkdiZcTA7IqWM0Q4IOnFBm6Ag3uNAlB%2BcFiE3FEzW%2BQHppxI0tTA%2FnpOE67jwJMsY%3D"}],"group":"cf-nel","max_age":604800}
Content-Type
text/html; charset=UTF-8
Cache-Control
no-store, no-cache, must-revalidate
Connection
keep-alive
CF-RAY
85ac33ce3bad2082-IAD
alt-svc
h3=":443"; ma=86400
Expires
Thu, 19 Nov 1981 08:52:00 GMT
flags.png
booking.com-found-12313.net/css/booking1/img/ 		30 KB
31 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://booking.com-found-12313.net/css/booking1/img/flags.png
Requested by
Host: booking.com-found-12313.net
URL: http://booking.com-found-12313.net/css/booking1/styles3.css
Protocol
HTTP/1.1
Server
2606:4700:3031::ac43:8580 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
fc78e1550450ab81964ef660b05cb14fb17e0b895b261925ad7e6e073502dfc4

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://booking.com-found-12313.net/css/booking1/styles3.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

Date
Sun, 25 Feb 2024 01:33:49 GMT
CF-Cache-Status
MISS
Last-Modified
Sat, 03 Feb 2024 21:19:15 GMT
NEL
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server
cloudflare
ETag
"65beadd3-77d8"
Vary
Accept-Encoding
Report-To
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=btjX52Ai%2FOQZQHOoQF0iYcYea5J8LmIOecWvMtoZFaOdWktQLCzZeQhp%2FyaawvUoyxjEJNkXiwrqr3dsyiBvugfZtcLV1koUoHgOk0y6eLOT570AzwcEo2wt0Tt12aUNPoC59KNjt1Ag4W6Hw9X4erEOjDqr19kyVGI%3D"}],"group":"cf-nel","max_age":604800}
Content-Type
image/png
Cache-Control
max-age=14400
Connection
keep-alive
Accept-Ranges
bytes
CF-RAY
85ac33ce1a1d791e-CDG
alt-svc
h3=":443"; ma=86400
Content-Length
30680
chat.css
booking.com-found-12313.net/css/ Frame D7B1 		106 KB
16 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
http://booking.com-found-12313.net/css/chat.css
Requested by
Host: booking.com-found-12313.net
URL: http://booking.com-found-12313.net/chat/6362231279
Protocol
HTTP/1.1
Server
2606:4700:3031::ac43:8580 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b1c9ad009f4d6ed374fe5404e3276bbbc345396e772cd72491a88c1173582ec3

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://booking.com-found-12313.net/chat/6362231279
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

Date
Sun, 25 Feb 2024 01:33:49 GMT
Content-Encoding
gzip
CF-Cache-Status
HIT
NEL
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Age
4824
Transfer-Encoding
chunked
Connection
keep-alive
alt-svc
h3=":443"; ma=86400
Last-Modified
Sat, 03 Feb 2024 21:19:04 GMT
Server
cloudflare
ETag
W/"65beadc8-1a924"
Vary
Accept-Encoding
Report-To
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=aUVAZvNHl9VZWEq1RwmgON%2BnUSS5RNA3ehvhJs5yj4E6Rt%2FdniOmnCs94cZOAnNZmvj3XBxZW3qPZG%2F8aDp0XThfiGp6ku9ZDeH5A5wEnuzvJn76R8RDmRP7jYvB%2FxmY37fzc113bIsCHyzqLbbB919HcRDnaGTbXRA%3D"}],"group":"cf-nel","max_age":604800}
Content-Type
text/css
Cache-Control
max-age=14400
CF-RAY
85ac33d1f8242082-IAD
font-awesome.min.css
cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/ Frame D7B1 		30 KB
6 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css
Requested by
Host: booking.com-found-12313.net
URL: http://booking.com-found-12313.net/chat/6362231279
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:180e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd
Security Headers
Name Value
Strict-Transport-Security max-age=15780000
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://booking.com-found-12313.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date
Sun, 25 Feb 2024 01:33:49 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security
max-age=15780000
age
248353
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
5631
last-modified
Mon, 04 May 2020 16:10:07 GMT
server
cloudflare
cf-cdnjs-via
cfworker/kv
etag
"5eb03e5f-7918"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=JU2HCtDtK6%2Bw6iw%2BiYRQZ5KRUtyJnOWxevT4%2FJqK8O9dJH%2FSyMeMBCLkjEOby01cl%2Fsv9FykxzFsM52byXueZqZpLd2%2B6JdT0WFrUEaOqxgV0%2B98NCTORiDXfc0bu2uiJMMp3%2B9OSFqMYaJO8tOOOfK%2F"}],"group":"cf-nel","max_age":604800}
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=30672000
accept-ranges
bytes
timing-allow-origin
*
cf-ray
85ac33d1cd9a3662-FRA
expires
Fri, 14 Feb 2025 01:33:49 GMT
support.png
booking.com-found-12313.net/img/ Frame D7B1 		15 KB
16 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://booking.com-found-12313.net/img/support.png
Requested by
Host: booking.com-found-12313.net
URL: http://booking.com-found-12313.net/chat/6362231279
Protocol
HTTP/1.1
Server
2606:4700:3031::ac43:8580 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f38df22b91417e6c60a0c086f7997c1ba6c5b844b3c947d07ed7e88650442973

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://booking.com-found-12313.net/chat/6362231279
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

Date
Sun, 25 Feb 2024 01:33:49 GMT
CF-Cache-Status
HIT
NEL
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Age
6492
Connection
keep-alive
alt-svc
h3=":443"; ma=86400
Content-Length
15634
Last-Modified
Sat, 03 Feb 2024 21:19:32 GMT
Server
cloudflare
ETag
"65beade4-3d12"
Vary
Accept-Encoding
Report-To
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Jsy3%2Fw%2BbhCLSYYSS%2BVtu3WpkK2w8MLfNDZarAAWEnn73GOnX5a5nFvF2Q9FzsvjdBSaZkHiCmUlj5G01ptLCfOPUp0bwIBoZqo%2Bl19J636LYOSQWINHbGnDjgMVBVdLEVi5xF3DNWZjNqO1YdVtLUAqkZ7xYA3soIw8%3D"}],"group":"cf-nel","max_age":604800}
Content-Type
image/png
Cache-Control
max-age=14400
Accept-Ranges
bytes
CF-RAY
85ac33d1fc9b42b8-EWR
support-open.png
booking.com-found-12313.net/img/ Frame D7B1 		21 KB
22 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://booking.com-found-12313.net/img/support-open.png
Requested by
Host: booking.com-found-12313.net
URL: http://booking.com-found-12313.net/chat/6362231279
Protocol
HTTP/1.1
Server
2606:4700:3031::ac43:8580 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
560b6b311920854bb28122c60e1262f34723ed8bff0b6970300bd04d9369adeb

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://booking.com-found-12313.net/chat/6362231279
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

Date
Sun, 25 Feb 2024 01:33:49 GMT
CF-Cache-Status
REVALIDATED
Last-Modified
Sat, 03 Feb 2024 21:19:32 GMT
NEL
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server
cloudflare
ETag
"65beade4-5400"
Vary
Accept-Encoding
Report-To
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2t374XXxfZm1QCBnqilR69XCvWP0FZrLPs9iO%2FkpEBdA41jDsiDyh6sraEaPQmLeA67EOVl3GLDVRjwiBjypg0TWFWqDHbeMwSU9XydLWBksoh1Tx84p%2BleLX5TeB0GSasRDeup9wJvWtqjtF8z9gLoUSOU4pKKqo%2Bg%3D"}],"group":"cf-nel","max_age":604800}
Content-Type
image/png
Cache-Control
max-age=14400
Connection
keep-alive
Accept-Ranges
bytes
CF-RAY
85ac33d1bbb6791e-CDG
alt-svc
h3=":443"; ma=86400
Content-Length
21504
jquery.min.js
booking.com-found-12313.net/dist/new_card_design/ Frame D7B1 		87 KB
31 KB 		Script
General
Check archive.org
Download Go to
Full URL
http://booking.com-found-12313.net/dist/new_card_design/jquery.min.js
Requested by
Host: booking.com-found-12313.net
URL: http://booking.com-found-12313.net/chat/6362231279
Protocol
HTTP/1.1
Server
2606:4700:3031::ac43:8580 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://booking.com-found-12313.net/chat/6362231279
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

Date
Sun, 25 Feb 2024 01:33:49 GMT
Content-Encoding
gzip
CF-Cache-Status
REVALIDATED
Last-Modified
Sat, 03 Feb 2024 21:19:22 GMT
NEL
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server
cloudflare
ETag
W/"65beadda-15d84"
Transfer-Encoding
chunked
Report-To
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GY0KUk3HiXB%2FTCIYSXfkrKxSS5Tcjsi2NW497K7eUmbkS%2B8xLr2GStICY4LSL2xkw6wJPKzH03DOwzkIvdCCDd85uFt5l9ybXxSOWTVgIXRLr0DgDtxyBKs2AhDmRf35fiP9t7SAVmOyeWFHVxQ7riwinRUeLKQTLHs%3D"}],"group":"cf-nel","max_age":604800}
Content-Type
application/javascript
Vary
Accept-Encoding
Cache-Control
max-age=14400
Connection
keep-alive
CF-RAY
85ac33d1b8806656-AMS
alt-svc
h3=":443"; ma=86400
msg_check.php
booking.com-found-12313.net/ajax/ Frame D7B1 		1 MB
9 KB 		XHR
General
Check archive.org
Download Go to
Full URL
http://booking.com-found-12313.net/ajax/msg_check.php
Requested by
Host: booking.com-found-12313.net
URL: http://booking.com-found-12313.net/dist/new_card_design/jquery.min.js
Protocol
HTTP/1.1
Server
2606:4700:3031::ac43:8580 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
c7d44d9d92cbcd86f4581b3b8f1fe20b6545bc49b0d2c0f157271940cbfef986

Request headers

Accept
application/json, text/javascript, */*; q=0.01
Referer
http://booking.com-found-12313.net/chat/6362231279
X-Requested-With
XMLHttpRequest
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36
Content-Type
application/x-www-form-urlencoded; charset=UTF-8

Response headers

Pragma
no-cache
Date
Sun, 25 Feb 2024 01:33:50 GMT
Content-Encoding
gzip
CF-Cache-Status
DYNAMIC
NEL
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server
cloudflare
Transfer-Encoding
chunked
Vary
Accept-Encoding
Content-Type
text/html; charset=UTF-8
Report-To
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=AezvaZ2Axf%2BWl%2FbJIUxC5%2BBfmB5Hebkj6sZriwzSmH%2B8ubxxABQPuySlfdzubnq137Sj%2FqzGOkBR9%2FUo03lnefvWw92UqAd3A1HGSo6ZzYBZOgkhqEy0xUTSKnxgF%2FFxKPyvv9ZJ1q1CcUEV4J51MbFTGRgpM%2BQD0TY%3D"}],"group":"cf-nel","max_age":604800}
Cache-Control
no-store, no-cache, must-revalidate
Connection
keep-alive
CF-RAY
85ac33d329ab6656-AMS
alt-svc
h3=":443"; ma=86400
Expires
Thu, 19 Nov 1981 08:52:00 GMT
index.de.html
www.booking.com/ Frame D7B1
Redirect Chain
  • http://booking.com-found-12313.net/chat/%7Bimage%7D
  • https://booking.com/
  • https://www.booking.com/
  • https://www.booking.com/index.de.html?label=gen173rf-1BCAEoggI46AdIM1gDaDuIAQGYAQe4ARjIAQzYAQHoAQGIAgGiAhtib29raW5nLmNvbS1mb3VuZC0xMjMxMy5uZXSoAgS4Av6x6q4GwAIB0gIkMWFjM2NmNTQtMDkyMC00MzliLWI3NWYtNz...
0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.booking.com/index.de.html?label=gen173rf-1BCAEoggI46AdIM1gDaDuIAQGYAQe4ARjIAQzYAQHoAQGIAgGiAhtib29raW5nLmNvbS1mb3VuZC0xMjMxMy5uZXSoAgS4Av6x6q4GwAIB0gIkMWFjM2NmNTQtMDkyMC00MzliLWI3NWYtNzRlNmNiZjQyOTkw2AIF4AIB&sid=cb0806acb35bf57193650e59d961e461&keep_landing=1&sb_price_type=total&
Protocol
H2
Server
18.245.60.76 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-245-60-76.fra60.r.cloudfront.net
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://booking.com-found-12313.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

Redirect headers

date
Sun, 25 Feb 2024 01:33:50 GMT
strict-transport-security
max-age=604800; includeSubDomains
via
1.1 bc841916063a49c638b48e73f77a28e8.cloudfront.net (CloudFront)
nel
{"report_to":"default","max_age":604800}
server
nginx
x-amz-cf-pop
FRA60-P5
x-recruiting
Like HTTP headers? Come write ours: https://careers.booking.com
report-to
{"endpoints":[{"url":"https://nellie.booking.com/report"}],"group":"default","max_age":604800}
x-cache
Miss from cloudfront
location
/index.de.html?label=gen173rf-1BCAEoggI46AdIM1gDaDuIAQGYAQe4ARjIAQzYAQHoAQGIAgGiAhtib29raW5nLmNvbS1mb3VuZC0xMjMxMy5uZXSoAgS4Av6x6q4GwAIB0gIkMWFjM2NmNTQtMDkyMC00MzliLWI3NWYtNzRlNmNiZjQyOTkw2AIF4AIB&sid=cb0806acb35bf57193650e59d961e461&keep_landing=1&sb_price_type=total&
x-terms-of-service
https://www.booking.com/content/terms.html
x-amz-cf-id
jQNXYDhasmjExht4mst2HVaYSwLBb9jaxg5JeGLdjZtrqia-FEbSHQ==
x-xss-protection
1; mode=block

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Booking (Travel)

6 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 function| $ function| jQuery number| get_status function| onPage function| scrollToErrorInput

2 Cookies

Domain/Path Name / Value
booking.com-found-12313.net/ Name: PHPSESSID
Value: 2ko7uj2ehh095vmfnktobtccn5
.booking.com/ Name: bkng
Value: 11UmFuZG9tSVYkc2RlIyh9Yaa29%2F3xUOLbKE7bjkbYWzmHcWJXtJOYfeeWTx2MKl%2B3M4IpUierZDMH%2F2kQQ8DdI6UosjNZ9Tp8ONSiIrfWnrKUbzbjff0fpPYVv5oVaiwD1xWbuGDJ%2FzsCHwH946Dr3SrHsgT8CZohH1EkCQqEzLpHcJy2iS4XOAv2tunaslFf8i5N0c99Fiw%3D

3 Console Messages

Source Level URL
Text
other warning URL: http://booking.com-found-12313.net/6362231279
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: http://booking.com-found-12313.net/6362231279
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: http://booking.com-found-12313.net/6362231279
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.