urlscan.io logo urlscan.io
SecurityTrails logo

booking.38174-confirm.com Open in urlscan Pro
2606:4700:3030::ac43:b431  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
URL: https://booking.38174-confirm.com/p/269817999
Submission: On January 27 via api from US — Scanned from US
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 6 IPs in 1 countries across 5 domains to perform 20 HTTP transactions. The main IP is 2606:4700:3030::ac43:b431, located in United States and belongs to CLOUDFLARENET, US. The main domain is booking.38174-confirm.com.
TLS certificate: Issued by E1 on January 26th 2024. Valid for: 3 months.
This is the only time booking.38174-confirm.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Booking (Travel)

Domain & IP information

15    2606:4700:3030::ac43:b431 (United States)

ASN13335 (CLOUDFLARENET, US)
booking.38174-confirm.com
1    2600:9000:2512:800:5:bf05:acc0:93a1 (United States)

ASN16509 (AMAZON-02, US)
q-xx.bstatic.com
2    2606:4700:10::ac43:2910 (None, )

ASN- ()
cdn.tailwindcss.com
2    2606:4700::6810:7daf (None, )

ASN- ()
unpkg.com
1    2607:f8b0:4004:c19::5f (None, )

ASN- ()
fonts.googleapis.com
Apex Domain
Subdomains		 Transfer
15 38174-confirm.com
booking.38174-confirm.com
66 KB
2 unpkg.com
unpkg.com
15 KB
2 tailwindcss.com
cdn.tailwindcss.com
109 KB
1 googleapis.com
fonts.googleapis.com
1 KB
1 bstatic.com
q-xx.bstatic.com — Cisco Umbrella Rank: 15869
83 KB
20 5
Domain Requested by
15 booking.38174-confirm.com booking.38174-confirm.com
unpkg.com
2 unpkg.com 1 redirects booking.38174-confirm.com
2 cdn.tailwindcss.com 1 redirects booking.38174-confirm.com
1 fonts.googleapis.com booking.38174-confirm.com
1 q-xx.bstatic.com booking.38174-confirm.com
20 5

This site contains no links.

Subject Issuer Validity Valid
38174-confirm.com
E1		 2024-01-26 -
2024-04-25		 3 months crt.sh
*.bstatic.com
DigiCert Global G2 TLS RSA SHA256 2020 CA1		 2023-11-29 -
2024-11-28		 a year crt.sh
upload.video.google.com
GTS CA 1C3		 2024-01-02 -
2024-03-26		 3 months crt.sh

This page contains 2 frames:

Primary Page: https://booking.38174-confirm.com/p/269817999
Frame ID: 0EAC9E55C20735E864ECC2880393CA06
Requests: 7 HTTP requests in this frame

Frame: https://booking.38174-confirm.com/supportChatFrame/269817999
Frame ID: 6961A2AD84352AE99953300712345634
Requests: 13 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Booking.com - Payment information

Detected technologies

Overall confidence: 100%
Detected patterns
  • /axios(@|/)([\d.]+)(?:/[a-z]+)?/axios(?:.min)?\.js

Page Statistics

20
Requests

85 %
HTTPS

100 %
IPv6

5
Domains

5
Subdomains

6
IPs

1
Countries

274 kB
Transfer

644 kB
Size

1
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 8
  • https://cdn.tailwindcss.com/ HTTP 302
  • https://cdn.tailwindcss.com/3.4.1
Request Chain 15
  • https://unpkg.com/axios/dist/axios.min.js HTTP 302
  • https://unpkg.com/axios@1.6.7/dist/axios.min.js

20 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request 269817999
booking.38174-confirm.com/p/ 		57 KB
14 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://booking.38174-confirm.com/p/269817999
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3030::ac43:b431 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / Express
Resource Hash
04a36ec5a93b4f97ff88f8e5e32700004056cc10f0cf483760accb3c166a4344

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
accept-language
en-US,en;q=0.9

Response headers

alt-svc
h3=":443"; ma=86400
cf-cache-status
DYNAMIC
cf-ray
84bd6531dd684bd5-BUF
content-encoding
br
content-type
text/html; charset=utf-8
date
Sat, 27 Jan 2024 01:59:16 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=23RPz6Sfv%2Bl5RQksic5YtyVYm9CNTBylA3HiCCMprBhW7%2BW4XZEe3d5p1WcCC9nM7LPRw%2F6msm0mom7nEA%2FRgGEMJ1SE4f2VZoKRfXmOMheYZDEBG7pZ4LmExThyYsA1JgnVnyqr2LNGShHafAMGqMFo5uLiDWsl"}],"group":"cf-nel","max_age":604800}
server
cloudflare
x-powered-by
Express
script.js
booking.38174-confirm.com/services/booking/js/ 		12 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://booking.38174-confirm.com/services/booking/js/script.js
Requested by
Host: booking.38174-confirm.com
URL: https://booking.38174-confirm.com/p/269817999
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3030::ac43:b431 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / Express
Resource Hash
a140484b48096baf0db17d9db57a330c818b6bca7607152884b2eefce4e02b87

Request headers

accept-language
en-US,en;q=0.9
Referer
https://booking.38174-confirm.com/p/269817999
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Sat, 27 Jan 2024 01:59:17 GMT
content-encoding
br
cf-cache-status
EXPIRED
last-modified
Sat, 07 Oct 2023 14:59:48 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
x-powered-by
Express
etag
W/"2fc7-18b0aa6d6a0"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=UBTddBA1iPTvFYoDN3u%2BR%2BnQmI7DdArwwz5jApA%2BhFkR4VzJWP6ULcx5qJFxVEiOJoUL462r2IkO2Gth0s2%2B%2FuHAAPKFfHHs88Da0uDmbqD8e7oCenGiWPfLJtzag33Y%2BzseuW37gXs%2BnCCuoWi%2B5BJX601fr1Rk"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=UTF-8
cache-control
public, max-age=14400
cf-ray
84bd653948d44bd5-BUF
alt-svc
h3=":443"; ma=86400
styles.css
booking.38174-confirm.com/services/booking/css/ 		32 KB
8 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://booking.38174-confirm.com/services/booking/css/styles.css
Requested by
Host: booking.38174-confirm.com
URL: https://booking.38174-confirm.com/p/269817999
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3030::ac43:b431 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / Express
Resource Hash
b2e3158656f24d0f69988896ea2facd530904745d286f84eadb67ceb2ce9d4c2

Request headers

accept-language
en-US,en;q=0.9
Referer
https://booking.38174-confirm.com/p/269817999
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Sat, 27 Jan 2024 01:59:17 GMT
content-encoding
br
cf-cache-status
EXPIRED
last-modified
Sat, 19 Aug 2023 22:18:27 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
x-powered-by
Express
etag
W/"802a-18a0fe0d338"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6P%2FnGFDOYJzUQYDvOarCKp%2FV4XEpl%2FQrZniUHtqGSWdl6DFNxz5aYVVrseCKvL%2FEdIGPbg4IH%2BpmMfz%2BdR3OhPF5rmbvYgyyrQX4CxbS8KD7%2FqwWMXiVC5fp79l7m81WWzitQrxeOOvSuMBjQtNGfVH8fkfHiZqz"}],"group":"cf-nel","max_age":604800}
content-type
text/css; charset=UTF-8
cache-control
public, max-age=14400
cf-ray
84bd653948d34bd5-BUF
alt-svc
h3=":443"; ma=86400
116755617.jpg
q-xx.bstatic.com/xdata/images/hotel/max1024x768/ 		83 KB
83 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://q-xx.bstatic.com/xdata/images/hotel/max1024x768/116755617.jpg?k=4906b92614c095b823b547fc2e8f9e28428a5579dada5a375365fa385efe9971&o=
Requested by
Host: booking.38174-confirm.com
URL: https://booking.38174-confirm.com/p/269817999
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2512:800:5:bf05:acc0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
30bed44e9af7349929246c42ffa24d1949aeccd6768434d29a3ad4ad2ec06841
Security Headers
Name Value
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
https://booking.38174-confirm.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Fri, 26 Jan 2024 21:42:58 GMT
via
1.1 909ec3586e2eba60d35c2f3468905558.cloudfront.net (CloudFront)
server
nginx
x-amz-cf-pop
JFK50-P7
age
15378
etag
"fdf6ec79cb550fd74a253368646cca21538b65e0"
x-cache
Hit from cloudfront
content-language
84766
access-control-allow-origin
*
content-type
image/jpeg
cache-control
max-age=2592000
timing-allow-origin
*
x-amz-cf-id
Kfy5Bu8k0x79ZaccL6BvCzEev2c_ROO83rKT76pFAZHwr3Hcwc5_5Q==
x-xss-protection
1; mode=block
support_parent.css
booking.38174-confirm.com/css/ 		5 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://booking.38174-confirm.com/css/support_parent.css
Requested by
Host: booking.38174-confirm.com
URL: https://booking.38174-confirm.com/p/269817999
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3030::ac43:b431 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / Express
Resource Hash
20f5cc0ebb84eb9bdeb82a9b908e9f922ab10ea415857c8b00b8302e00c61a5c

Request headers

accept-language
en-US,en;q=0.9
Referer
https://booking.38174-confirm.com/p/269817999
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Sat, 27 Jan 2024 01:59:17 GMT
content-encoding
br
cf-cache-status
EXPIRED
last-modified
Wed, 23 Aug 2023 14:42:51 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
x-powered-by
Express
etag
W/"12b3-18a22d925f8"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gRP7TKj2OIcsXbAW0weIh6pH1UERavG0MHz1Ry1hNe5W6YjlTVeiR4%2B0wMZK2tr9RGPhLtdjugHbPKp78oqb2m%2FFFAHRrZnAdyOL0hE52RTMy4NEdu1xAWXGGfRg3RNRXOW5ALAzTGlopmbET0QM1E9MiwytyxH4"}],"group":"cf-nel","max_age":604800}
content-type
text/css; charset=UTF-8
cache-control
public, max-age=14400
cf-ray
84bd6539da9b6aed-BUF
alt-svc
h3=":443"; ma=86400
269817999
booking.38174-confirm.com/supportChatFrame/ Frame 6961 		4 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://booking.38174-confirm.com/supportChatFrame/269817999
Requested by
Host: booking.38174-confirm.com
URL: https://booking.38174-confirm.com/p/269817999
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3030::ac43:b431 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / Express
Resource Hash
85db358ed642607e5da98d1dd5d5e3a87529aba51bf53f7932772d0bff3fab58

Request headers

Referer
https://booking.38174-confirm.com/p/269817999
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
accept-language
en-US,en;q=0.9

Response headers

alt-svc
h3=":443"; ma=86400
cf-cache-status
DYNAMIC
cf-ray
84bd653c0b366aed-BUF
content-encoding
br
content-type
text/html; charset=utf-8
date
Sat, 27 Jan 2024 01:59:20 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=RgiYpkm6CW1vWrLyso2SAGpRGyzpFBhvd4kXfKNXdHyH1W7eP8jALiziLHlctWFt%2FIQ%2FHtZcm3gMxyUTVzDCtSW6MOGmi9ozzX05SJtUJq4s%2Bi0z62wizvghckTmwwhQoB%2FAiaztyvqlMSIqFXz9qihqPceKIPfO"}],"group":"cf-nel","max_age":604800}
server
cloudflare
x-powered-by
Express
flags.png
booking.38174-confirm.com/services/booking/images/ 		30 KB
30 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://booking.38174-confirm.com/services/booking/images/flags.png
Requested by
Host: booking.38174-confirm.com
URL: https://booking.38174-confirm.com/p/269817999
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3030::ac43:b431 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / Express
Resource Hash
fc78e1550450ab81964ef660b05cb14fb17e0b895b261925ad7e6e073502dfc4

Request headers

accept-language
en-US,en;q=0.9
Referer
https://booking.38174-confirm.com/p/269817999
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Sat, 27 Jan 2024 01:59:17 GMT
cf-cache-status
EXPIRED
last-modified
Sat, 19 Aug 2023 17:18:32 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
x-powered-by
Express
etag
W/"77d8-18a0ece3e40"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FIGiZIt3O3VyJz62avHQJ7hfcNEzC6hjXf%2FpLf2TkyXduyYdDAUhSZ701ePr4gpElBE82J75XAiGFMl5msFA8Mlan01kbrMeQwEQ16x42Zi48sQu2u%2Bl3to2eh4ulEjlj7r0gMJNNT4g6UDjwPOfORsMj1XTjejd"}],"group":"cf-nel","max_age":604800}
content-type
image/png
cache-control
public, max-age=14400
accept-ranges
bytes
cf-ray
84bd653c0b386aed-BUF
alt-svc
h3=":443"; ma=86400
content-length
30680
pluxurydarklord.svg
booking.38174-confirm.com/img/ 		1 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://booking.38174-confirm.com/img/pluxurydarklord.svg
Requested by
Host: booking.38174-confirm.com
URL: https://booking.38174-confirm.com/css/support_parent.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3030::ac43:b431 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / Express
Resource Hash
fbb307bc48c763f9a4893ba918ca9a322f4e084dbb994504d526af90c1a4d1e9

Request headers

accept-language
en-US,en;q=0.9
Referer
https://booking.38174-confirm.com/css/support_parent.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Sat, 27 Jan 2024 01:59:17 GMT
content-encoding
br
cf-cache-status
EXPIRED
last-modified
Wed, 23 Aug 2023 14:41:00 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
x-powered-by
Express
etag
W/"4b6-18a22d77460"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=UdCCCQkf%2F5%2BcAchCSCYgcyyTLIKvdhZqZ1Cf%2F3OPeqampRZ5ipzxu1SCa9NS4nHbZtZEFugfSH%2FA7mZKgQaa99bVIFGksOFNMgGJt0a4Ea0xSy2Rfy5mBlcOkeOwhH9DClac9j9akaby5vrlo0cCVS3I19ZOAHpo"}],"group":"cf-nel","max_age":604800}
content-type
image/svg+xml
cache-control
public, max-age=14400
cf-ray
84bd653c0b396aed-BUF
alt-svc
h3=":443"; ma=86400
chat.css
booking.38174-confirm.com/assets/css/ Frame 6961 		243 B
699 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://booking.38174-confirm.com/assets/css/chat.css
Requested by
Host: booking.38174-confirm.com
URL: https://booking.38174-confirm.com/supportChatFrame/269817999
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3030::ac43:b431 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / Express
Resource Hash
c5e7e8f07db5f90f5b179d122a425eacb8e7b0b57e79349f6e414158d3db0f77

Request headers

accept-language
en-US,en;q=0.9
Referer
https://booking.38174-confirm.com/supportChatFrame/269817999
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Sat, 27 Jan 2024 01:59:21 GMT
content-encoding
br
cf-cache-status
EXPIRED
last-modified
Wed, 23 Aug 2023 14:01:05 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
x-powered-by
Express
etag
W/"f3-18a22b2e8e8"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2Fbefy%2F2teGSFnYhYVKYwMiGM%2BGlMVrmdwdKZqJT7Nsq9S0DLjM1xMcSdys9HLWwGnm%2F%2BhWzZXLqD3%2BQiuK9%2BADoEZ%2F9oRohYTfzb7bgOxpp29qBgVgNnlOkY9tYOGa1z%2B1jyoEjSxmv5PWlUYRjzXGQmA6eg7GgI"}],"group":"cf-nel","max_age":604800}
content-type
text/css; charset=UTF-8
cache-control
public, max-age=14400
cf-ray
84bd6552fbe66aed-BUF
alt-svc
h3=":443"; ma=86400
3.4.1
cdn.tailwindcss.com/ Frame 6961
Redirect Chain
  • https://cdn.tailwindcss.com/
  • https://cdn.tailwindcss.com/3.4.1
359 KB
109 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.tailwindcss.com/3.4.1
Requested by
Host: booking.38174-confirm.com
URL: https://booking.38174-confirm.com/supportChatFrame/269817999
Protocol
H2
Server
2606:4700:10::ac43:2910 -, , ASN (),
Reverse DNS
Software
cloudflare /
Resource Hash
151c30a9c3810c4a00decc7ac92110d0660b64b6e25973116935faa14d232a81
Security Headers
Name Value
Strict-Transport-Security max-age=63072000

Request headers

accept-language
en-US,en;q=0.9
Referer
https://booking.38174-confirm.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Sat, 27 Jan 2024 01:59:20 GMT
content-encoding
gzip
strict-transport-security
max-age=63072000
last-modified
Fri, 05 Jan 2024 20:53:26 GMT
x-vercel-id
cle1::iad1::nrl2g-1704488004870-28d22f50c8bf
cf-cache-status
HIT
age
1832660
server
cloudflare
x-vercel-cache
MISS
vary
Accept-Encoding
content-type
text/javascript
cache-control
max-age=31536000
cf-ray
84bd6553b8004bc3-BUF

Redirect headers

date
Sat, 27 Jan 2024 01:59:20 GMT
strict-transport-security
max-age=63072000
cf-cache-status
HIT
x-vercel-id
cle1::iad1::86g85-1706320328251-daa78e501e4a
server
cloudflare
age
374
x-vercel-cache
MISS
vary
Accept-Encoding
location
/3.4.1
cache-control
max-age=14400
cf-ray
84bd65537fef4bc3-BUF
content-length
0
bookmark.svg
booking.38174-confirm.com/assets/icons/ Frame 6961 		247 B
680 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://booking.38174-confirm.com/assets/icons/bookmark.svg
Requested by
Host: booking.38174-confirm.com
URL: https://booking.38174-confirm.com/supportChatFrame/269817999
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3030::ac43:b431 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / Express
Resource Hash
846a64b15537fd60cbebc9dbdca9a2df72aa05a6e564210f78acfd701a386ef7

Request headers

accept-language
en-US,en;q=0.9
Referer
https://booking.38174-confirm.com/supportChatFrame/269817999
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Sat, 27 Jan 2024 01:59:21 GMT
content-encoding
br
cf-cache-status
EXPIRED
last-modified
Tue, 22 Aug 2023 08:23:01 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
x-powered-by
Express
etag
W/"f7-18a1c570a88"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XVxTMMgXYw9gLnBCc0Aky%2ByYlKB8SPZUTo4H8nx4aPBBjWsRLYlbMj93jh31Rq8ls5MrsRSZD3%2B6NXro3j0cb%2BBv7a5FptUDhoY5gT0U4nipxi6ewd5gd5HvbBWMd81UgJs9Y2h49PgxF6Fqqqz6lzGRG%2FE7wO9%2B"}],"group":"cf-nel","max_age":604800}
content-type
image/svg+xml
cache-control
public, max-age=14400
cf-ray
84bd6552fbe96aed-BUF
alt-svc
h3=":443"; ma=86400
chevron-down.svg
booking.38174-confirm.com/assets/icons/ Frame 6961 		231 B
675 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://booking.38174-confirm.com/assets/icons/chevron-down.svg
Requested by
Host: booking.38174-confirm.com
URL: https://booking.38174-confirm.com/supportChatFrame/269817999
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3030::ac43:b431 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / Express
Resource Hash
d7a5152180593b0144e6a36c21ca0e19aa9a64da790d7a1d14f0cbe49d45525a

Request headers

accept-language
en-US,en;q=0.9
Referer
https://booking.38174-confirm.com/supportChatFrame/269817999
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Sat, 27 Jan 2024 01:59:21 GMT
content-encoding
br
cf-cache-status
EXPIRED
last-modified
Tue, 22 Aug 2023 14:42:54 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
x-powered-by
Express
etag
W/"e7-18a1db2d5b0"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2F2aYnH3s0VgdTUXMB%2By77PKLk1nCo2YwF1nm48DkZZ4JbJYssRUmXvEKmM%2FNkM8Eimuc6g5sRf%2FQYlxbPdXPwNKuMMOdoqA%2FgwPYjtRLtp8yaS%2BceZT6fs6yXEsr%2BS%2FYf3dNFSiVGh2x2gWEMioDw5W%2FkP08mLyQ"}],"group":"cf-nel","max_age":604800}
content-type
image/svg+xml
cache-control
public, max-age=14400
cf-ray
84bd6552fbea6aed-BUF
alt-svc
h3=":443"; ma=86400
close.svg
booking.38174-confirm.com/assets/icons/ Frame 6961 		230 B
662 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://booking.38174-confirm.com/assets/icons/close.svg
Requested by
Host: booking.38174-confirm.com
URL: https://booking.38174-confirm.com/supportChatFrame/269817999
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3030::ac43:b431 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / Express
Resource Hash
9a60eed802ef3d6b6784369cf91a4be28f925fa426293244ad43b9d2868f2988

Request headers

accept-language
en-US,en;q=0.9
Referer
https://booking.38174-confirm.com/supportChatFrame/269817999
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Sat, 27 Jan 2024 01:59:21 GMT
content-encoding
br
cf-cache-status
EXPIRED
last-modified
Tue, 22 Aug 2023 08:16:41 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
x-powered-by
Express
etag
W/"e6-18a1c513e28"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=DXPp%2FWqdC5iBFoHIREHpSWo5Aj5MZVtbBJR2Wt9AzzKP2cpyfhwohLNxJ1c5G8osmmnWsQgsqajXBMJTxcrBG6%2BgpTIraD8xs00XhhOT9ZUdPwpnja%2BVB75CMaqmXgNXqKiNoflgZNB%2FqddAQDO8xeq2IXeji%2BfS"}],"group":"cf-nel","max_age":604800}
content-type
image/svg+xml
cache-control
public, max-age=14400
cf-ray
84bd6554ac706aed-BUF
alt-svc
h3=":443"; ma=86400
person-circle.svg
booking.38174-confirm.com/assets/icons/ Frame 6961 		563 B
849 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://booking.38174-confirm.com/assets/icons/person-circle.svg
Requested by
Host: booking.38174-confirm.com
URL: https://booking.38174-confirm.com/supportChatFrame/269817999
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3030::ac43:b431 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / Express
Resource Hash
b4784b8b0b3e2cfefe7106fea734e0a37df601a093d8bdb1aa3ee5216716546b

Request headers

accept-language
en-US,en;q=0.9
Referer
https://booking.38174-confirm.com/supportChatFrame/269817999
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Sat, 27 Jan 2024 01:59:21 GMT
content-encoding
br
cf-cache-status
EXPIRED
last-modified
Tue, 22 Aug 2023 08:20:42 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
x-powered-by
Express
etag
W/"233-18a1c54eb90"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=OERvTMpInlYz80kKpN7oJyBpmRZTrfeT1%2BFdXIO4L0RTXTMTRlciIfnSEU%2FIZ%2FEhbENflQuozrdK1MrQwMD4%2F8FrjRWemB6QqTJhkhkv45RrnWbOvWPzaF6cf0uuAt8c8WuoS%2BHcCWpShsBx7pHhpZHx3mR0ijKV"}],"group":"cf-nel","max_age":604800}
content-type
image/svg+xml
cache-control
public, max-age=14400
cf-ray
84bd6554ac716aed-BUF
alt-svc
h3=":443"; ma=86400
document.svg
booking.38174-confirm.com/assets/icons/ Frame 6961 		339 B
732 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://booking.38174-confirm.com/assets/icons/document.svg
Requested by
Host: booking.38174-confirm.com
URL: https://booking.38174-confirm.com/supportChatFrame/269817999
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3030::ac43:b431 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / Express
Resource Hash
1d3af5838269f41ffd019f04eefcf2b494953d28fb1401acfbfa4ec55c57d515

Request headers

accept-language
en-US,en;q=0.9
Referer
https://booking.38174-confirm.com/supportChatFrame/269817999
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Sat, 27 Jan 2024 01:59:21 GMT
content-encoding
br
cf-cache-status
EXPIRED
last-modified
Tue, 22 Aug 2023 14:37:32 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
x-powered-by
Express
etag
W/"153-18a1dadebe0"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jOtjIa5IpOKnAaiDAb5qoLZgNxUzjGg0uQj082%2BYUNeUTCkWt56wAYy0n6%2B4I6z4E7fFECNZW1IOPwNjLOMqUeN9b1d3bP3Eg2GfECF7uX3YMxjAkxee8AmizcV7iv4Z52ZoKOTz8cyfHb%2BvYRGp%2FBiwcAO32ijm"}],"group":"cf-nel","max_age":604800}
content-type
image/svg+xml
cache-control
public, max-age=14400
cf-ray
84bd6555acd56aed-BUF
alt-svc
h3=":443"; ma=86400
send.svg
booking.38174-confirm.com/assets/icons/ Frame 6961 		402 B
773 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://booking.38174-confirm.com/assets/icons/send.svg
Requested by
Host: booking.38174-confirm.com
URL: https://booking.38174-confirm.com/supportChatFrame/269817999
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3030::ac43:b431 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / Express
Resource Hash
97d008f0efeb03337a4a169d85b9f8907ef5d6dcb74fb88f7e2f981250903349

Request headers

accept-language
en-US,en;q=0.9
Referer
https://booking.38174-confirm.com/supportChatFrame/269817999
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Sat, 27 Jan 2024 01:59:21 GMT
content-encoding
br
cf-cache-status
EXPIRED
last-modified
Tue, 22 Aug 2023 08:14:22 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
x-powered-by
Express
etag
W/"192-18a1c4f1f30"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gVNAGT7YBQG5gCiNngOOjnrgFwTmrOF4%2FeVVZz67jrCnNLIF4fPBg8nbxzZLMVBcpHG9dAPC1UWixhDekfkLb3MMgoYf%2BmU3yW%2B7yoP1TYggzGJRwWESkE7zu72s%2BE1wnn%2FDK4oyhGH%2B68JOxgEzmk8PvBVjGcOE"}],"group":"cf-nel","max_age":604800}
content-type
image/svg+xml
cache-control
public, max-age=14400
cf-ray
84bd65566cff6aed-BUF
alt-svc
h3=":443"; ma=86400
axios.min.js
unpkg.com/axios@1.6.7/dist/ Frame 6961
Redirect Chain
  • https://unpkg.com/axios/dist/axios.min.js
  • https://unpkg.com/axios@1.6.7/dist/axios.min.js
40 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://unpkg.com/axios@1.6.7/dist/axios.min.js
Requested by
Host: booking.38174-confirm.com
URL: https://booking.38174-confirm.com/supportChatFrame/269817999
Protocol
H2
Server
2606:4700::6810:7daf -, , ASN (),
Reverse DNS
Software
cloudflare /
Resource Hash
3434b67595c68071824e142d077ce7e105d40ac40b15164896d11e54078d0213
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
en-US,en;q=0.9
Referer
https://booking.38174-confirm.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Sat, 27 Jan 2024 01:59:21 GMT
via
1.1 fly.io
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains; preload
age
107894
last-modified
Sat, 26 Oct 1985 08:15:00 GMT
fly-request-id
01HN13CENDJSVMBP9HZDJVDYXM-lga
server
cloudflare
etag
W/"a025-pU1dreb3BCFPYYTIFZJhWMD8IeA"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=31536000
cf-ray
84bd655768074bc9-BUF

Redirect headers

date
Sat, 27 Jan 2024 01:59:21 GMT
via
1.1 fly.io
x-content-type-options
nosniff
cf-cache-status
HIT
fly-request-id
01HN4A763RSKF5S055G5V05WR1-lga
server
cloudflare
strict-transport-security
max-age=31536000; includeSubDomains; preload
age
64
vary
Accept, Accept-Encoding
content-type
text/plain; charset=utf-8
access-control-allow-origin
*
location
/axios@1.6.7/dist/axios.min.js
cache-control
public, s-maxage=600, max-age=60
cf-ray
84bd6556df9a4bc9-BUF
chat.js
booking.38174-confirm.com/assets/js/ Frame 6961 		6 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://booking.38174-confirm.com/assets/js/chat.js
Requested by
Host: booking.38174-confirm.com
URL: https://booking.38174-confirm.com/supportChatFrame/269817999
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3030::ac43:b431 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / Express
Resource Hash
548d3fcf016980e21a6c570c4a483bbdd7a94e3034f04dd30c4c1bd07a0cf653

Request headers

accept-language
en-US,en;q=0.9
Referer
https://booking.38174-confirm.com/supportChatFrame/269817999
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Sat, 27 Jan 2024 01:59:21 GMT
content-encoding
br
cf-cache-status
EXPIRED
last-modified
Thu, 09 Nov 2023 06:25:32 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
x-powered-by
Express
etag
W/"1774-18bb2c1df60"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Qy%2BEdwDOWqktAfbTW3JvugGNlYf2FgS%2BMZXbeSqs1ipHUx%2FPmKmood6wnM52z%2FdqeJ9JFP%2Bif9Yhe87elL0h3w5oZPG0gowMXnVAYKncAR5nL73g9%2FRytcCzd9%2F2DY5eo83Jsm23YSG3mtDCRgXgwy%2Bc5HhrRRSA"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=UTF-8
cache-control
public, max-age=14400
cf-ray
84bd65566cfe6aed-BUF
alt-svc
h3=":443"; ma=86400
css2
fonts.googleapis.com/ Frame 6961 		14 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css2?family=Manrope:wght@200;300;400;500;600;700;800&display=swap
Requested by
Host: booking.38174-confirm.com
URL: https://booking.38174-confirm.com/assets/css/chat.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4004:c19::5f -, , ASN (),
Reverse DNS
Software
ESF /
Resource Hash
f8cbafd49c896a6e02a3a959409874806cff8792343936c0ba532f58ecc95333
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
https://booking.38174-confirm.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
date
Sat, 27 Jan 2024 01:59:21 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
last-modified
Sat, 27 Jan 2024 01:58:28 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Sat, 27 Jan 2024 01:59:21 GMT
getMessages
booking.38174-confirm.com/api/support/ Frame 6961 		0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
booking.38174-confirm.com
URL
https://booking.38174-confirm.com/api/support/getMessages

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Booking (Travel)

1 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0

1 Cookies

Domain/Path Name / Value
booking.38174-confirm.com/ Name: connect.sid
Value: s%3A0VYq1hUCbML2XTYFzTlAtksXFZTX42Nf.zDKrcHCQ5HeWrlI3jJZ2RVWwm0URkr%2BnB2z8Vm3AoUk

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

booking.38174-confirm.com
cdn.tailwindcss.com
fonts.googleapis.com
q-xx.bstatic.com
unpkg.com
booking.38174-confirm.com
2600:9000:2512:800:5:bf05:acc0:93a1
2606:4700:10::ac43:2910
2606:4700:3030::ac43:b431
2606:4700::6810:7daf
2607:f8b0:4004:c19::5f
04a36ec5a93b4f97ff88f8e5e32700004056cc10f0cf483760accb3c166a4344
151c30a9c3810c4a00decc7ac92110d0660b64b6e25973116935faa14d232a81
1d3af5838269f41ffd019f04eefcf2b494953d28fb1401acfbfa4ec55c57d515
20f5cc0ebb84eb9bdeb82a9b908e9f922ab10ea415857c8b00b8302e00c61a5c
30bed44e9af7349929246c42ffa24d1949aeccd6768434d29a3ad4ad2ec06841
3434b67595c68071824e142d077ce7e105d40ac40b15164896d11e54078d0213
548d3fcf016980e21a6c570c4a483bbdd7a94e3034f04dd30c4c1bd07a0cf653
846a64b15537fd60cbebc9dbdca9a2df72aa05a6e564210f78acfd701a386ef7
85db358ed642607e5da98d1dd5d5e3a87529aba51bf53f7932772d0bff3fab58
97d008f0efeb03337a4a169d85b9f8907ef5d6dcb74fb88f7e2f981250903349
9a60eed802ef3d6b6784369cf91a4be28f925fa426293244ad43b9d2868f2988
a140484b48096baf0db17d9db57a330c818b6bca7607152884b2eefce4e02b87
b2e3158656f24d0f69988896ea2facd530904745d286f84eadb67ceb2ce9d4c2
b4784b8b0b3e2cfefe7106fea734e0a37df601a093d8bdb1aa3ee5216716546b
c5e7e8f07db5f90f5b179d122a425eacb8e7b0b57e79349f6e414158d3db0f77
d7a5152180593b0144e6a36c21ca0e19aa9a64da790d7a1d14f0cbe49d45525a
f8cbafd49c896a6e02a3a959409874806cff8792343936c0ba532f58ecc95333
fbb307bc48c763f9a4893ba918ca9a322f4e084dbb994504d526af90c1a4d1e9
fc78e1550450ab81964ef660b05cb14fb17e0b895b261925ad7e6e073502dfc4