booking.validation-confi.info Open in urlscan Pro
2606:4700:3032::6815:4bbe Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://booking.validation-confi.info/u6549127672
Submission: On May 31 via api (May 31st 2024, 8:40:10 am UTC) from GB — Scanned from GB

Summary HTTP 18 Redirects Behaviour Indicators

Summary

This website contacted 3 IPs in 2 countries across 3 domains to perform 18 HTTP transactions. The main IP is 2606:4700:3032::6815:4bbe, located in United States and belongs to CLOUDFLARENET, US. The main domain is booking.validation-confi.info.
TLS certificate: Issued by GTS CA 1P5 on May 30th 2024. Valid for: 3 months.

This is the only time booking.validation-confi.info was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Booking (Travel)

Domain & IP information

	IP Address	AS Autonomous System
16	2606:4700:303... 2606:4700:3032::6815:4bbe	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	149.154.164.13 149.154.164.13	62041 (TELEGRAM) (TELEGRAM)
1	2606:4700::68... 2606:4700::6811:190e	13335 (CLOUDFLAR...) (CLOUDFLARENET)
18	3

16 2606:4700:3032::6815:4bbe (United States)

ASN13335 (CLOUDFLARENET, US)

booking.validation-confi.info	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 149.154.164.13 (London, United Kingdom)

ASN62041 (TELEGRAM, VG)

telegra.ph	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:190e (United States)

ASN13335 (CLOUDFLARENET, US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
16	validation-confi.info booking.validation-confi.info	236 KB
1	cloudflare.com cdnjs.cloudflare.com — Cisco Umbrella Rank: 237	6 KB
1	telegra.ph telegra.ph — Cisco Umbrella Rank: 81811	40 KB
18	3

	Domain	Requested by
16	booking.validation-confi.info	booking.validation-confi.info
1	cdnjs.cloudflare.com	booking.validation-confi.info
1	telegra.ph	booking.validation-confi.info
18	3

This site contains no links.

Subject Issuer	Validity	Valid
validation-confi.info GTS CA 1P5	`2024-05-30` - `2024-08-28`	3 months	crt.sh
*.telegra.ph Go Daddy Secure Certificate Authority - G2	`2023-09-05` - `2024-10-06`	a year	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2023-07-03` - `2024-07-02`	a year	crt.sh

This page contains 2 frames:

Primary Page: https://booking.validation-confi.info/u6549127672
Frame ID: EAACF907E653C52B52CDBD5319C8B2AF
Requests: 10 HTTP requests in this frame

Frame: https://booking.validation-confi.info/chat/477ESY7FB
Frame ID: 8075337D10AC8988EE734B10551AF2F8
Requests: 8 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Booking.com | Official site | The best hotels & accommodation

Detected technologies

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

18
Requests

100 %
HTTPS

67 %
IPv6

3
Domains

3
Subdomains

3
IPs

2
Countries

283 kB
Transfer

805 kB
Size

1
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

18 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H3 200 Primary Request u6549127672 Show response
booking.validation-confi.info/ 98 KB
16 KB 745ms
602ms Document
text/html 2606:4700:3032::6815:4bbe
CLOUDFLARENET

General

booking.validation-confi.info Open in urlscan Pro 2606:4700:3032::6815:4bbe Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

18 Requests

100 %HTTPS

67 %IPv6

3 Domains

3 Subdomains

3 IPs

2 Countries

283 kBTransfer

805 kBSize

1 Cookies

0 Outgoing links

Redirected requests

18 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

6 JavaScript Global Variables

1 Cookies

Indicators

booking.validation-confi.info Open in urlscan Pro
2606:4700:3032::6815:4bbe Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

18
Requests

100 %
HTTPS

67 %
IPv6

3
Domains

3
Subdomains

3
IPs

2
Countries

283 kB
Transfer

805 kB
Size

1
Cookies

18 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!