urlscan.io logo urlscan.io
SecurityTrails logo

approve-rsrv.com Open in urlscan Pro
2a06:98c1:3120::3  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://approve-rsrv.com/
Effective URL: https://approve-rsrv.com/sign-in%3Fop_token=j4LvDRWVjBt8HJsItlZJyeZvqcXhm4hYOyGX7bnXKIUekSZCQz
Submission: On March 24 via api from US — Scanned from NL
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 3 IPs in 1 countries across 3 domains to perform 13 HTTP transactions. The main IP is 2a06:98c1:3120::3, located in United States and belongs to CLOUDFLARENET, US. The main domain is approve-rsrv.com.
TLS certificate: Issued by E1 on March 19th 2024. Valid for: 3 months.
This is the only time approve-rsrv.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Booking (Travel)

Domain & IP information

IP Address AS Autonomous System
1 1 2a06:98c1:312... 13335 (CLOUDFLAR...)
1 12 2a06:98c1:312... 13335 (CLOUDFLAR...)
1 2606:4700::68... 13335 (CLOUDFLAR...)
1 2600:9000:225... 16509 (AMAZON-02)
13 3
Apex Domain
Subdomains		 Transfer
13 approve-rsrv.com
approve-rsrv.com
59 KB
1 bstatic.com
q-xx.bstatic.com — Cisco Umbrella Rank: 14034
1 KB
1 jsdelivr.net
cdn.jsdelivr.net — Cisco Umbrella Rank: 437
16 KB
13 3
Domain Requested by
13 approve-rsrv.com 2 redirects approve-rsrv.com
cdn.jsdelivr.net
1 q-xx.bstatic.com approve-rsrv.com
1 cdn.jsdelivr.net approve-rsrv.com
13 3

This site contains links to these domains. Also see Links.

Domain
www.booking.com
admin.booking.com
partner.booking.com
Subject Issuer Validity Valid
approve-rsrv.com
E1		 2024-03-19 -
2024-06-17		 3 months crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3		 2023-05-02 -
2024-05-01		 a year crt.sh
*.bstatic.com
DigiCert Global G2 TLS RSA SHA256 2020 CA1		 2023-11-29 -
2024-11-28		 a year crt.sh

This page contains 1 frames:

Primary Page: https://approve-rsrv.com/sign-in%3Fop_token=j4LvDRWVjBt8HJsItlZJyeZvqcXhm4hYOyGX7bnXKIUekSZCQz
Frame ID: FF3426D07DC53AE16A4919A4CDA6CF7B
Requests: 13 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Booking.com

Page URL History Show full URLs

  1. http://approve-rsrv.com/ HTTP 301
    https://approve-rsrv.com/ HTTP 302
    https://approve-rsrv.com/sign-in%3Fop_token=j4LvDRWVjBt8HJsItlZJyeZvqcXhm4hYOyGX7bnXKIUekSZCQz Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • //cdn\.jsdelivr\.net/

Page Statistics

13
Requests

100 %
HTTPS

100 %
IPv6

3
Domains

3
Subdomains

3
IPs

1
Countries

75 kB
Transfer

353 kB
Size

1
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://approve-rsrv.com/ HTTP 301
    https://approve-rsrv.com/ HTTP 302
    https://approve-rsrv.com/sign-in%3Fop_token=j4LvDRWVjBt8HJsItlZJyeZvqcXhm4hYOyGX7bnXKIUekSZCQz Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

13 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request sign-in%3Fop_token=j4LvDRWVjBt8HJsItlZJyeZvqcXhm4hYOyGX7bnXKIUekSZCQz
approve-rsrv.com/
Redirect Chain
  • http://approve-rsrv.com/
  • https://approve-rsrv.com/
  • https://approve-rsrv.com/sign-in%3Fop_token=j4LvDRWVjBt8HJsItlZJyeZvqcXhm4hYOyGX7bnXKIUekSZCQz
56 KB
10 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://approve-rsrv.com/sign-in%3Fop_token=j4LvDRWVjBt8HJsItlZJyeZvqcXhm4hYOyGX7bnXKIUekSZCQz
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ba2cdfec42cc77391179bd31ee33f780380ff3d9230a925dc2a208914c1f052b

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36
accept-language
nl-NL,nl;q=0.9

Response headers

alt-svc
h3=":443"; ma=86400
cf-cache-status
DYNAMIC
cf-ray
86968acb5ae1b918-AMS
content-encoding
br
content-type
text/html; charset=utf-8
date
Sun, 24 Mar 2024 12:07:40 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8liE8KH6UslvcFutApRi6clzTZyZoe7NiEZbXbKZqfJxaLSiX2a4ZQWnLuVQAiPSm%2BN8XK1tX1y3JqgKHbvnzMtL6igbbsYcCpGtYoE9FanWpaQlyTof27CtaJ45G1CdSRRiQCyjNcH3pzD0TPxd"}],"group":"cf-nel","max_age":604800}
server
cloudflare

Redirect headers

alt-svc
h3=":443"; ma=86400
cf-cache-status
DYNAMIC
cf-ray
86968acaba19b918-AMS
content-type
text/html; charset=utf-8
date
Sun, 24 Mar 2024 12:07:40 GMT
location
/sign-in%3Fop_token=j4LvDRWVjBt8HJsItlZJyeZvqcXhm4hYOyGX7bnXKIUekSZCQz
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=YNQY5BiRMjktI9gU0Qf4siw2HlO3RoV8RT7cUDXEkoqRnMG%2FQ0qL5uRSELYsmy0J%2FTb4yrYukP8JEkE6MIrFWIU%2Fi96CTmfHdWbU5sEoOb2VG0coMUMsE6xrxdI4tpp2tCwv0sbsrZ%2FJHeUYQ38i"}],"group":"cf-nel","max_age":604800}
server
cloudflare
vary
Cookie
826_870c205e4e40b913b2fc.css
approve-rsrv.com/static/styles/ 		60 KB
13 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://approve-rsrv.com/static/styles/826_870c205e4e40b913b2fc.css
Requested by
Host: approve-rsrv.com
URL: https://approve-rsrv.com/sign-in%3Fop_token=j4LvDRWVjBt8HJsItlZJyeZvqcXhm4hYOyGX7bnXKIUekSZCQz
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0e27699587add2db711900ce3fe3eb78eb8c3ea99948cc1b673c6e49d392f66b

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://approve-rsrv.com/sign-in%3Fop_token=j4LvDRWVjBt8HJsItlZJyeZvqcXhm4hYOyGX7bnXKIUekSZCQz
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date
Sun, 24 Mar 2024 12:07:40 GMT
content-encoding
br
cf-cache-status
REVALIDATED
last-modified
Fri, 23 Feb 2024 11:36:20 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
W/"1708688180.122289-61284-3983085908"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=QfDK4WGyAYtD1NmETyvVZEAfUgS8F0JmxhV7i28mUEH9iDf6Ri42r4t0ypYzhMhblSAhcqxai7PE54LFftFs2U1ZpYPqBesqyL9qhJ9G%2Ffc6aj4byqJs%2BEhP4X9pf3eQhFmumIMgy8eHLkgCAIZs"}],"group":"cf-nel","max_age":604800}
content-type
text/css; charset=utf-8
cache-control
max-age=14400
content-disposition
inline; filename=826_870c205e4e40b913b2fc.css
cf-ray
86968acbfe9728ac-AMS
alt-svc
h3=":443"; ma=86400
925_1975cbc2f7eaad75f590.css
approve-rsrv.com/static/styles/ 		90 KB
17 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://approve-rsrv.com/static/styles/925_1975cbc2f7eaad75f590.css
Requested by
Host: approve-rsrv.com
URL: https://approve-rsrv.com/sign-in%3Fop_token=j4LvDRWVjBt8HJsItlZJyeZvqcXhm4hYOyGX7bnXKIUekSZCQz
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2d74100a825fc1a4af9272c442187ca4005d0dc1b7b8b61066e02059ada4ab13

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://approve-rsrv.com/sign-in%3Fop_token=j4LvDRWVjBt8HJsItlZJyeZvqcXhm4hYOyGX7bnXKIUekSZCQz
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date
Sun, 24 Mar 2024 12:07:40 GMT
content-encoding
br
cf-cache-status
REVALIDATED
last-modified
Fri, 23 Feb 2024 11:36:20 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
W/"1708688180.6782835-92562-4144239045"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=MX%2F%2FH36V6LFbfNysRngy39%2BzkvNcoFRz15YULAQE9eLc5Tr6K%2BhdViy1GcY8ybSddYgY3XfpjOkhqXHGWo%2F0ns9nNHHW%2BRNqLCXZxSnP7Uk8zRPCAd2zo3bbWifJHRJTLB2W1LTnGINJ91wCm00f"}],"group":"cf-nel","max_age":604800}
content-type
text/css; charset=utf-8
cache-control
max-age=14400
content-disposition
inline; filename=925_1975cbc2f7eaad75f590.css
cf-ray
86968acbfe9a28ac-AMS
alt-svc
h3=":443"; ma=86400
146_afde72b9aaa8302ff017.css
approve-rsrv.com/static/styles/ 		73 KB
8 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://approve-rsrv.com/static/styles/146_afde72b9aaa8302ff017.css
Requested by
Host: approve-rsrv.com
URL: https://approve-rsrv.com/sign-in%3Fop_token=j4LvDRWVjBt8HJsItlZJyeZvqcXhm4hYOyGX7bnXKIUekSZCQz
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
4567d6213bc1480a45f493da8d292339522d45ac15c8ba1723aa342b155393f7

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://approve-rsrv.com/sign-in%3Fop_token=j4LvDRWVjBt8HJsItlZJyeZvqcXhm4hYOyGX7bnXKIUekSZCQz
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date
Sun, 24 Mar 2024 12:07:40 GMT
content-encoding
br
cf-cache-status
REVALIDATED
last-modified
Fri, 23 Feb 2024 11:36:20 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
W/"1708688180.094289-74745-4244509152"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5LR9hjMGP7hcvQwwh3wDIEwwRan631cctbH%2BYd9ZCXHMqbbu5uUAXQeCjfpeNlDjwVPPlOE%2B1NfDNIQjxw0XEf3o8XXv09QLSxy31V7v3VzsqxJc4ahMw7UBFP6bmG1WMv3ipABrMEy4mZifW%2Bcq"}],"group":"cf-nel","max_age":604800}
content-type
text/css; charset=utf-8
cache-control
max-age=14400
content-disposition
inline; filename=146_afde72b9aaa8302ff017.css
cf-ray
86968acbfe9b28ac-AMS
alt-svc
h3=":443"; ma=86400
stile.css
approve-rsrv.com/static/ 		0
0 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://approve-rsrv.com/static/stile.css
Requested by
Host: approve-rsrv.com
URL: https://approve-rsrv.com/sign-in%3Fop_token=j4LvDRWVjBt8HJsItlZJyeZvqcXhm4hYOyGX7bnXKIUekSZCQz
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://approve-rsrv.com/sign-in%3Fop_token=j4LvDRWVjBt8HJsItlZJyeZvqcXhm4hYOyGX7bnXKIUekSZCQz
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date
Sun, 24 Mar 2024 12:07:40 GMT
content-encoding
br
cf-cache-status
EXPIRED
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=nI16dtbKOhB8VbnLNnZnhy%2BxYHY2Bx59Q6d8Af7R6vLPsADW2SSkaq3Sgos81fc3Q%2BPXIZx%2FoZxK9deg0JpXne5CfcBQNq1DjxqbyCDSSSNjNSo0F3EYoGnNh8%2Fwr9i4RNWHB5zQJOFNOMWLizmr"}],"group":"cf-nel","max_age":604800}
content-type
text/html; charset=utf-8
cache-control
max-age=14400
cf-ray
86968acbfe9c28ac-AMS
alt-svc
h3=":443"; ma=86400
axios.min.js
cdn.jsdelivr.net/npm/axios/dist/ 		41 KB
16 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.jsdelivr.net/npm/axios/dist/axios.min.js
Requested by
Host: approve-rsrv.com
URL: https://approve-rsrv.com/sign-in%3Fop_token=j4LvDRWVjBt8HJsItlZJyeZvqcXhm4hYOyGX7bnXKIUekSZCQz
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:5714 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
29d600462a30694efd15b9848b4ca42d178cd067009275c35a30580121114304
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://approve-rsrv.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date
Sun, 24 Mar 2024 12:07:40 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age
26551
x-jsd-version
1.6.8
content-encoding
br
x-cache
HIT, HIT
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
x-served-by
cache-fra-etou8220107-FRA, cache-lga21926-LGA
x-jsd-version-type
version
server
cloudflare
etag
W/"a209-1jEH0JEv2zh1MNXOLVEsko1z0SI"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=rUadth86WXp%2Fb0JpMgtOLgvcoTmuL2X55oBbwVHmXPNMVyxmUCK6yl%2FRSnMoJ73tGWkTy7%2BDqoT13jSWoQXN7ZleijijbyLFFtkDMjKaIQmvRYKggrPTllPEQKETSJHZWsb7Yc1KksplJoEmco8%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
*
cache-control
public, max-age=604800, s-maxage=43200
timing-allow-origin
*
cf-ray
86968acc3b2e6708-AMS
jfalhwkfafwahkl.js
approve-rsrv.com/static/ 		7 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://approve-rsrv.com/static/jfalhwkfafwahkl.js
Requested by
Host: approve-rsrv.com
URL: https://approve-rsrv.com/sign-in%3Fop_token=j4LvDRWVjBt8HJsItlZJyeZvqcXhm4hYOyGX7bnXKIUekSZCQz
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0affa491a8f8bfe93a9c3be3a05f1952a9f4cb96f16871bfb5bdf4559dece37c

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://approve-rsrv.com/sign-in%3Fop_token=j4LvDRWVjBt8HJsItlZJyeZvqcXhm4hYOyGX7bnXKIUekSZCQz
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date
Sun, 24 Mar 2024 12:07:40 GMT
content-encoding
br
cf-cache-status
REVALIDATED
last-modified
Fri, 23 Feb 2024 11:36:18 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
W/"1708688178.7263029-7260-4261154282"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=UtkHdMd0Ukruf9hRGxTpL4CEDij06Mpy54t%2BTM1WRrcxIZdrOJOhEKVaXYkJWljCas7hhAj81JD89BRA6CIyiWM1DguGuEC%2FamCk0%2BOm3kNC2ibaGO1dmkaA18i7k%2FqoQuseM0wCqRho6JXb1ZkU"}],"group":"cf-nel","max_age":604800}
content-type
text/javascript; charset=utf-8
cache-control
max-age=14400
content-disposition
inline; filename=jfalhwkfafwahkl.js
cf-ray
86968acc5ee528ac-AMS
alt-svc
h3=":443"; ma=86400
us.png
q-xx.bstatic.com/backend_static/common/flags/new/48-squared/ 		642 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://q-xx.bstatic.com/backend_static/common/flags/new/48-squared/us.png
Requested by
Host: approve-rsrv.com
URL: https://approve-rsrv.com/sign-in%3Fop_token=j4LvDRWVjBt8HJsItlZJyeZvqcXhm4hYOyGX7bnXKIUekSZCQz
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2251:5e00:5:bf05:acc0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
a333d02eedde7a4dd8643d58b0ea7947268a1762f35f517eb6000ec9e7fcfae8
Security Headers
Name Value
X-Xss-Protection 1; mode=block

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://approve-rsrv.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date
Sat, 24 Feb 2024 23:20:54 GMT
via
1.1 d262e104d5d9dd6a4a52f090bdf9395c.cloudfront.net (CloudFront)
nel
{"report_to":"default","max_age":600}
x-amz-cf-pop
FRA60-P3
age
2465206
x-cache
Hit from cloudfront
content-length
642
x-xss-protection
1; mode=block
last-modified
Mon, 07 Sep 2020 09:08:23 GMT
server
nginx
etag
"5f55f887-282"
report-to
{"endpoints":[{"url":"https://nellie.booking.com/report"}],"max_age":600,"group":"default","failure_fraction":0.05}
content-type
image/png
access-control-allow-origin
*
cache-control
max-age=2592000
accept-ranges
bytes
timing-allow-origin
*
x-amz-cf-id
kbOAKI2fg9DpuV8-Jmt2isD0VawxZWRh4fMvdey_CDu3XWPFVT_ifw==
expires
Mon, 25 Mar 2024 23:20:54 GMT
getMessages
approve-rsrv.com/api/support/ 		5 KB
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://approve-rsrv.com/api/support/getMessages
Requested by
Host: cdn.jsdelivr.net
URL: https://cdn.jsdelivr.net/npm/axios/dist/axios.min.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
dd4e75c0baebbe9e43bf139c1a566f7ebed4685b58050f9e11837b138a606564

Request headers

Accept
application/json, text/plain, */*
Referer
https://approve-rsrv.com/sign-in%3Fop_token=j4LvDRWVjBt8HJsItlZJyeZvqcXhm4hYOyGX7bnXKIUekSZCQz
accept-language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date
Sun, 24 Mar 2024 12:07:40 GMT
content-encoding
br
cf-cache-status
DYNAMIC
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=zR%2BdCXw7bav85iYlxr1zxH2g66HioqQaKiJRW%2FTLrnKVVtCzHp%2BPZr2Vq5QgyhBG8CuFJZZaR7lvSqmw%2FOZOH3SD%2FPWLyfeSs5mcdTrV1yqnsXc8o8NJi3E2%2Fjfr9fK0v9h6mSRgYpFca8QPcU0y"}],"group":"cf-nel","max_age":604800}
content-type
application/json
cf-ray
86968accef8128ac-AMS
alt-svc
h3=":443"; ma=86400
getMessages
approve-rsrv.com/api/support/ 		5 KB
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://approve-rsrv.com/api/support/getMessages
Requested by
Host: cdn.jsdelivr.net
URL: https://cdn.jsdelivr.net/npm/axios/dist/axios.min.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
dd4e75c0baebbe9e43bf139c1a566f7ebed4685b58050f9e11837b138a606564

Request headers

Accept
application/json, text/plain, */*
Referer
https://approve-rsrv.com/sign-in%3Fop_token=j4LvDRWVjBt8HJsItlZJyeZvqcXhm4hYOyGX7bnXKIUekSZCQz
accept-language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date
Sun, 24 Mar 2024 12:07:41 GMT
content-encoding
br
cf-cache-status
DYNAMIC
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=D2Bz4zgI4%2F4732EVqFHQOuTu8RRlLQ1RuK92aHiaaoINibPZJZP9lUzIrQ%2Bwcm8EfZ3dnnYHof4dAeZyecmn6yBjheI6mSsTEW0szO2e8j%2Fp6bOhofSPNHwAFkL%2Bk%2FJQMPEvSmvtE3Lm4rFG9WI7"}],"group":"cf-nel","max_age":604800}
content-type
application/json
cf-ray
86968ad32c7d28ac-AMS
alt-svc
h3=":443"; ma=86400
getMessages
approve-rsrv.com/api/support/ 		5 KB
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://approve-rsrv.com/api/support/getMessages
Requested by
Host: cdn.jsdelivr.net
URL: https://cdn.jsdelivr.net/npm/axios/dist/axios.min.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
dd4e75c0baebbe9e43bf139c1a566f7ebed4685b58050f9e11837b138a606564

Request headers

Accept
application/json, text/plain, */*
Referer
https://approve-rsrv.com/sign-in%3Fop_token=j4LvDRWVjBt8HJsItlZJyeZvqcXhm4hYOyGX7bnXKIUekSZCQz
accept-language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date
Sun, 24 Mar 2024 12:07:42 GMT
content-encoding
br
cf-cache-status
DYNAMIC
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=JOrbymzrzE0xYjQ2fgmxbR709tRvrPajTHrOMQhO%2FStmmYS5Zi2%2FaivH9RokSeW3ArSxhYiugCBTrhU3jP64uOVAR7PH4x%2FRDl%2BaqDZEu0PxZWTDM%2FmdYT2d8PKQLE9BujgfrLEzhiDSeIXc9PNs"}],"group":"cf-nel","max_age":604800}
content-type
application/json
cf-ray
86968ad969a528ac-AMS
alt-svc
h3=":443"; ma=86400
getMessages
approve-rsrv.com/api/support/ 		5 KB
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://approve-rsrv.com/api/support/getMessages
Requested by
Host: cdn.jsdelivr.net
URL: https://cdn.jsdelivr.net/npm/axios/dist/axios.min.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
dd4e75c0baebbe9e43bf139c1a566f7ebed4685b58050f9e11837b138a606564

Request headers

Accept
application/json, text/plain, */*
Referer
https://approve-rsrv.com/sign-in%3Fop_token=j4LvDRWVjBt8HJsItlZJyeZvqcXhm4hYOyGX7bnXKIUekSZCQz
accept-language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date
Sun, 24 Mar 2024 12:07:43 GMT
content-encoding
br
cf-cache-status
DYNAMIC
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ELD10ztwLI1ku3ii7eeqq2eriBbh%2BZD%2B7dbBElD%2BrV7jp5%2BH9rKQju0QRl6FRVzhfSg%2F0zjQF9YgtcfuiHuZdUEnEMNhmbTRqwLBH1mIvofbRIfsTR4RnnMXiLq%2B4xP7KyJfIYoEHobtYpFIES7S"}],"group":"cf-nel","max_age":604800}
content-type
application/json
cf-ray
86968adfaeff28ac-AMS
alt-svc
h3=":443"; ma=86400
getMessages
approve-rsrv.com/api/support/ 		5 KB
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://approve-rsrv.com/api/support/getMessages
Requested by
Host: cdn.jsdelivr.net
URL: https://cdn.jsdelivr.net/npm/axios/dist/axios.min.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
dd4e75c0baebbe9e43bf139c1a566f7ebed4685b58050f9e11837b138a606564

Request headers

Accept
application/json, text/plain, */*
Referer
https://approve-rsrv.com/sign-in%3Fop_token=j4LvDRWVjBt8HJsItlZJyeZvqcXhm4hYOyGX7bnXKIUekSZCQz
accept-language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date
Sun, 24 Mar 2024 12:07:44 GMT
content-encoding
br
cf-cache-status
DYNAMIC
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5HvV%2FHAqPGuZCTXzFgRt1encCB8hoByiLqbkpzd5d4nOCt6jFlp57S0alo5LPa7zK8%2F8tBahAJuImojrM6pk01DKqPIPUlarlL6Kyn%2BwkMD%2FIVYDzhK6q7FIMzH2ClsM%2FcZS86iY%2BW87XIexOLun"}],"group":"cf-nel","max_age":604800}
content-type
application/json
cf-ray
86968ae5ecd828ac-AMS
alt-svc
h3=":443"; ma=86400

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Booking (Travel)

31 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| axios object| submitButtonLogin object| submitButtonPass object| submitButtonPulse object| submitButtonCall object| submitButtonSms object| submitButtonError object| submitButtonFagwa object| submitButtonVer object| submitButtonCode object| submitButtonCodePulse object| loginError object| errorIcon object| app1Element object| app2Element object| app3Element object| app4Element object| app5Element object| app6Element object| app7Element object| app8Element object| loginInput object| PassnInput object| phoneInput object| kbx object| displayValueElement object| phoneValueElement function| handleButtonClick function| awgawg function| swahwehaweh function| fetchMessages

1 Cookies

Domain/Path Name / Value
approve-rsrv.com/ Name: session
Value: eyJyYW5kb21fc3RyaW5nIjoiajRMdkRSV1ZqQnQ4SEpzSXRsWkp5ZVp2cWNYaG00aFlPeUdYN2JuWEtJVWVrU1pDUXoifQ.ZgAXjA.-J5Q9UhasPPe-mP-lK_ArgQLuJU

1 Console Messages

Source Level URL
Text
network error URL: https://approve-rsrv.com/static/stile.css
Message:
Failed to load resource: the server responded with a status of 404 ()