urlscan.io logo urlscan.io
SecurityTrails logo

approve-rsrv.com Open in urlscan Pro
2a06:98c1:3120::3  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://approve-rsrv.com/
Effective URL: https://approve-rsrv.com/sign-in%3Fop_token=FGhJfXPJrJlkjmeqTYpeGOpGdb1Ys5S0OTVlkJdCKYtRDwJGvK
Submission: On March 24 via api from US — Scanned from NL
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 3 IPs in 1 countries across 3 domains to perform 12 HTTP transactions. The main IP is 2a06:98c1:3120::3, located in United States and belongs to CLOUDFLARENET, US. The main domain is approve-rsrv.com.
TLS certificate: Issued by E1 on March 19th 2024. Valid for: 3 months.
This is the only time approve-rsrv.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Booking (Travel)

Domain & IP information

IP Address AS Autonomous System
1 1 2a06:98c1:312... 13335 (CLOUDFLAR...)
1 11 2a06:98c1:312... 13335 (CLOUDFLAR...)
1 2606:4700::68... 13335 (CLOUDFLAR...)
1 2600:9000:225... 16509 (AMAZON-02)
12 3
Apex Domain
Subdomains		 Transfer
12 approve-rsrv.com
approve-rsrv.com
58 KB
1 bstatic.com
q-xx.bstatic.com — Cisco Umbrella Rank: 14034
1 KB
1 jsdelivr.net
cdn.jsdelivr.net — Cisco Umbrella Rank: 437
16 KB
12 3
Domain Requested by
12 approve-rsrv.com 2 redirects approve-rsrv.com
cdn.jsdelivr.net
1 q-xx.bstatic.com approve-rsrv.com
1 cdn.jsdelivr.net approve-rsrv.com
12 3

This site contains links to these domains. Also see Links.

Domain
www.booking.com
admin.booking.com
partner.booking.com
Subject Issuer Validity Valid
approve-rsrv.com
E1		 2024-03-19 -
2024-06-17		 3 months crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3		 2023-05-02 -
2024-05-01		 a year crt.sh
*.bstatic.com
DigiCert Global G2 TLS RSA SHA256 2020 CA1		 2023-11-29 -
2024-11-28		 a year crt.sh

This page contains 1 frames:

Primary Page: https://approve-rsrv.com/sign-in%3Fop_token=FGhJfXPJrJlkjmeqTYpeGOpGdb1Ys5S0OTVlkJdCKYtRDwJGvK
Frame ID: D05A5F8AEE5D57110B8202212A5E9D3B
Requests: 12 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Booking.com

Page URL History Show full URLs

  1. http://approve-rsrv.com/ HTTP 301
    https://approve-rsrv.com/ HTTP 302
    https://approve-rsrv.com/sign-in%3Fop_token=FGhJfXPJrJlkjmeqTYpeGOpGdb1Ys5S0OTVlkJdCKYtRDwJGvK Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • //cdn\.jsdelivr\.net/

Page Statistics

12
Requests

100 %
HTTPS

100 %
IPv6

3
Domains

3
Subdomains

3
IPs

1
Countries

74 kB
Transfer

348 kB
Size

1
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://approve-rsrv.com/ HTTP 301
    https://approve-rsrv.com/ HTTP 302
    https://approve-rsrv.com/sign-in%3Fop_token=FGhJfXPJrJlkjmeqTYpeGOpGdb1Ys5S0OTVlkJdCKYtRDwJGvK Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

12 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request sign-in%3Fop_token=FGhJfXPJrJlkjmeqTYpeGOpGdb1Ys5S0OTVlkJdCKYtRDwJGvK
approve-rsrv.com/
Redirect Chain
  • http://approve-rsrv.com/
  • https://approve-rsrv.com/
  • https://approve-rsrv.com/sign-in%3Fop_token=FGhJfXPJrJlkjmeqTYpeGOpGdb1Ys5S0OTVlkJdCKYtRDwJGvK
56 KB
10 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://approve-rsrv.com/sign-in%3Fop_token=FGhJfXPJrJlkjmeqTYpeGOpGdb1Ys5S0OTVlkJdCKYtRDwJGvK
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
291908d22bcc64a40c09a4237de294691b34ecb1150174fce874e7194cfda3e2

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36
accept-language
nl-NL,nl;q=0.9

Response headers

alt-svc
h3=":443"; ma=86400
cf-cache-status
DYNAMIC
cf-ray
86968c4f1d3f661a-AMS
content-encoding
br
content-type
text/html; charset=utf-8
date
Sun, 24 Mar 2024 12:08:42 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=swOvNha%2Fi0Ua1zpeGdljvMuAzULE0iIIOc85Vfz4GG4%2BHDJpTgFt6eV1KAJFHp9JDWANWwwz7NfT4YUU7iMR1f4VpwFnfQICBO7Xdwaat9gtLJqbsy0rheGKyEnHo5f9jH53CMMR2NDLdKk6ltp4"}],"group":"cf-nel","max_age":604800}
server
cloudflare

Redirect headers

alt-svc
h3=":443"; ma=86400
cf-cache-status
DYNAMIC
cf-ray
86968c4e7c83661a-AMS
content-type
text/html; charset=utf-8
date
Sun, 24 Mar 2024 12:08:42 GMT
location
/sign-in%3Fop_token=FGhJfXPJrJlkjmeqTYpeGOpGdb1Ys5S0OTVlkJdCKYtRDwJGvK
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=XfK51OeO6Z2N8RqP0Duv3QVYaWDKJZmt65n%2FLINmJJkGq5rk6EZ%2F6U%2FeolOvnh4DuvGCx2N0KqiYVwtRq5FK0d9MYvTEp6xVB3Q9UtlIx4cot8jVv6GGyLm%2F23%2BAvQxAnSFZzIJx1S6NrdW%2F6ogC"}],"group":"cf-nel","max_age":604800}
server
cloudflare
vary
Cookie
826_870c205e4e40b913b2fc.css
approve-rsrv.com/static/styles/ 		60 KB
13 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://approve-rsrv.com/static/styles/826_870c205e4e40b913b2fc.css
Requested by
Host: approve-rsrv.com
URL: https://approve-rsrv.com/sign-in%3Fop_token=FGhJfXPJrJlkjmeqTYpeGOpGdb1Ys5S0OTVlkJdCKYtRDwJGvK
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0e27699587add2db711900ce3fe3eb78eb8c3ea99948cc1b673c6e49d392f66b

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://approve-rsrv.com/sign-in%3Fop_token=FGhJfXPJrJlkjmeqTYpeGOpGdb1Ys5S0OTVlkJdCKYtRDwJGvK
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date
Sun, 24 Mar 2024 12:08:42 GMT
content-encoding
br
cf-cache-status
REVALIDATED
last-modified
Fri, 23 Feb 2024 11:36:20 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
W/"1708688180.122289-61284-3983085908"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=n%2BtO6O4%2F7Cf6%2FkqUIw1VG0AL6V8u6%2FxhOAbsJbHWGLnqE6NhxDQOvB5mv1VBw1nZDBIDebgT%2BmWSLzzE5xtVZpDZmhQIrhq%2BqoFzQyXHknbjOYMhsgcc%2F%2FQv6RmZkhnRNJHWQIwy4UUpwmglh9JD"}],"group":"cf-nel","max_age":604800}
content-type
text/css; charset=utf-8
cache-control
max-age=14400
content-disposition
inline; filename=826_870c205e4e40b913b2fc.css
cf-ray
86968c4fad94b93c-AMS
alt-svc
h3=":443"; ma=86400
925_1975cbc2f7eaad75f590.css
approve-rsrv.com/static/styles/ 		90 KB
17 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://approve-rsrv.com/static/styles/925_1975cbc2f7eaad75f590.css
Requested by
Host: approve-rsrv.com
URL: https://approve-rsrv.com/sign-in%3Fop_token=FGhJfXPJrJlkjmeqTYpeGOpGdb1Ys5S0OTVlkJdCKYtRDwJGvK
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2d74100a825fc1a4af9272c442187ca4005d0dc1b7b8b61066e02059ada4ab13

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://approve-rsrv.com/sign-in%3Fop_token=FGhJfXPJrJlkjmeqTYpeGOpGdb1Ys5S0OTVlkJdCKYtRDwJGvK
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date
Sun, 24 Mar 2024 12:08:42 GMT
content-encoding
br
cf-cache-status
REVALIDATED
last-modified
Fri, 23 Feb 2024 11:36:20 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
W/"1708688180.6782835-92562-4144239045"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=OBoFM%2BBH6Z3stlry31iVQZHCy%2BwUwZrh6QLyMfMkbfYnjpeeN%2Bh3vbDSThNSekAaiaKtoQIvuTkwoBdFo1JZzev%2FfMJx178UjvRpqkmWoMzH0pRf7h34UtyxvrwJNkuPYSELK%2FYYEoloDL6NDA9A"}],"group":"cf-nel","max_age":604800}
content-type
text/css; charset=utf-8
cache-control
max-age=14400
content-disposition
inline; filename=925_1975cbc2f7eaad75f590.css
cf-ray
86968c4fad97b93c-AMS
alt-svc
h3=":443"; ma=86400
146_afde72b9aaa8302ff017.css
approve-rsrv.com/static/styles/ 		73 KB
8 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://approve-rsrv.com/static/styles/146_afde72b9aaa8302ff017.css
Requested by
Host: approve-rsrv.com
URL: https://approve-rsrv.com/sign-in%3Fop_token=FGhJfXPJrJlkjmeqTYpeGOpGdb1Ys5S0OTVlkJdCKYtRDwJGvK
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
4567d6213bc1480a45f493da8d292339522d45ac15c8ba1723aa342b155393f7

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://approve-rsrv.com/sign-in%3Fop_token=FGhJfXPJrJlkjmeqTYpeGOpGdb1Ys5S0OTVlkJdCKYtRDwJGvK
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date
Sun, 24 Mar 2024 12:08:42 GMT
content-encoding
br
cf-cache-status
REVALIDATED
last-modified
Fri, 23 Feb 2024 11:36:20 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
W/"1708688180.094289-74745-4244509152"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=KWGUj042lPY3WxqjRrhHw9vJo2uzvuu15TUnOveE%2B2Gmx6aiD4cfqfQToHjpEd7pcvA5okHMEdxumeV1ltlTU%2FFLn8pYpTll0Od%2FhoWlOazL75gEZXR8UIrvFyIMfP9lt%2FmyFSd4HtIwrAndug61"}],"group":"cf-nel","max_age":604800}
content-type
text/css; charset=utf-8
cache-control
max-age=14400
content-disposition
inline; filename=146_afde72b9aaa8302ff017.css
cf-ray
86968c4fad99b93c-AMS
alt-svc
h3=":443"; ma=86400
stile.css
approve-rsrv.com/static/ 		0
0 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://approve-rsrv.com/static/stile.css
Requested by
Host: approve-rsrv.com
URL: https://approve-rsrv.com/sign-in%3Fop_token=FGhJfXPJrJlkjmeqTYpeGOpGdb1Ys5S0OTVlkJdCKYtRDwJGvK
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://approve-rsrv.com/sign-in%3Fop_token=FGhJfXPJrJlkjmeqTYpeGOpGdb1Ys5S0OTVlkJdCKYtRDwJGvK
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date
Sun, 24 Mar 2024 12:08:42 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
age
62
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=UJwOul%2F%2ByAnASgNjRU2JDRbEKeKiiE%2B533r%2FVFPrdavUacq2DEIC0tCympdm0LOaEsX8f%2Fr2kRGstXJyvMyxu0%2BAznNXOsW3E7Spp4gGcTO4alu1edkbgKaqE5WyCuUerNeNF8IKDh7LeVq4MkI4"}],"group":"cf-nel","max_age":604800}
content-type
text/html; charset=utf-8
cache-control
max-age=14400
cf-ray
86968c4fad9ab93c-AMS
alt-svc
h3=":443"; ma=86400
axios.min.js
cdn.jsdelivr.net/npm/axios/dist/ 		41 KB
16 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.jsdelivr.net/npm/axios/dist/axios.min.js
Requested by
Host: approve-rsrv.com
URL: https://approve-rsrv.com/sign-in%3Fop_token=FGhJfXPJrJlkjmeqTYpeGOpGdb1Ys5S0OTVlkJdCKYtRDwJGvK
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:5514 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
29d600462a30694efd15b9848b4ca42d178cd067009275c35a30580121114304
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://approve-rsrv.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date
Sun, 24 Mar 2024 12:08:42 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age
26613
x-jsd-version
1.6.8
content-encoding
br
x-cache
HIT, HIT
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
x-served-by
cache-fra-etou8220107-FRA, cache-lga21926-LGA
x-jsd-version-type
version
server
cloudflare
etag
W/"a209-1jEH0JEv2zh1MNXOLVEsko1z0SI"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=suKr49l983KcDdz4vYHdwDYIK7R8fLnmfl1O5DMHM1%2FQc8tMGIl2dKQV0zSJsNg7S1Lb%2BxkodHQ1eO5KZIUF%2Bu8dmTGAmKncRUMN4QJJ1dWJw4XE58Le1CRRfRkxWQ8DMfCK2WHdy3jSGz91%2FUw%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
*
cache-control
public, max-age=604800, s-maxage=43200
timing-allow-origin
*
cf-ray
86968c4fdc819f8a-AMS
jfalhwkfafwahkl.js
approve-rsrv.com/static/ 		7 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://approve-rsrv.com/static/jfalhwkfafwahkl.js
Requested by
Host: approve-rsrv.com
URL: https://approve-rsrv.com/sign-in%3Fop_token=FGhJfXPJrJlkjmeqTYpeGOpGdb1Ys5S0OTVlkJdCKYtRDwJGvK
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0affa491a8f8bfe93a9c3be3a05f1952a9f4cb96f16871bfb5bdf4559dece37c

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://approve-rsrv.com/sign-in%3Fop_token=FGhJfXPJrJlkjmeqTYpeGOpGdb1Ys5S0OTVlkJdCKYtRDwJGvK
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date
Sun, 24 Mar 2024 12:08:42 GMT
content-encoding
br
cf-cache-status
REVALIDATED
last-modified
Fri, 23 Feb 2024 11:36:18 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
W/"1708688178.7263029-7260-4261154282"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Ih2VhbUcS%2F8XlaT5uuUBtINtZcDy%2Fmogv32JRlwyyjngXAOg0xhberZMOHoVW2f1l4s%2BqNRTvgllmLzp3hPQCWNOUyISZ0kkGK6WJsNyLhGyekH49nXcIckp%2BCwKZYDz4%2FfC5pmOUly%2FtFSCYTSy"}],"group":"cf-nel","max_age":604800}
content-type
text/javascript; charset=utf-8
cache-control
max-age=14400
content-disposition
inline; filename=jfalhwkfafwahkl.js
cf-ray
86968c4ffddeb93c-AMS
alt-svc
h3=":443"; ma=86400
us.png
q-xx.bstatic.com/backend_static/common/flags/new/48-squared/ 		642 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://q-xx.bstatic.com/backend_static/common/flags/new/48-squared/us.png
Requested by
Host: approve-rsrv.com
URL: https://approve-rsrv.com/sign-in%3Fop_token=FGhJfXPJrJlkjmeqTYpeGOpGdb1Ys5S0OTVlkJdCKYtRDwJGvK
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2251:d400:5:bf05:acc0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
a333d02eedde7a4dd8643d58b0ea7947268a1762f35f517eb6000ec9e7fcfae8
Security Headers
Name Value
X-Xss-Protection 1; mode=block

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://approve-rsrv.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date
Sat, 24 Feb 2024 23:20:54 GMT
via
1.1 b4904c5988fd0eaae341a12cc47f3766.cloudfront.net (CloudFront)
nel
{"report_to":"default","max_age":600}
x-amz-cf-pop
FRA60-P3
age
2465268
x-cache
Hit from cloudfront
content-length
642
x-xss-protection
1; mode=block
last-modified
Mon, 07 Sep 2020 09:08:23 GMT
server
nginx
etag
"5f55f887-282"
report-to
{"endpoints":[{"url":"https://nellie.booking.com/report"}],"max_age":600,"group":"default","failure_fraction":0.05}
content-type
image/png
access-control-allow-origin
*
cache-control
max-age=2592000
accept-ranges
bytes
timing-allow-origin
*
x-amz-cf-id
MqOIlI8J0lM688xrjz5ldqSLshIXhn40LIckGVevJL_ycNZ9WycdjA==
expires
Mon, 25 Mar 2024 23:20:54 GMT
getMessages
approve-rsrv.com/api/support/ 		5 KB
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://approve-rsrv.com/api/support/getMessages
Requested by
Host: cdn.jsdelivr.net
URL: https://cdn.jsdelivr.net/npm/axios/dist/axios.min.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
dd4e75c0baebbe9e43bf139c1a566f7ebed4685b58050f9e11837b138a606564

Request headers

Accept
application/json, text/plain, */*
Referer
https://approve-rsrv.com/sign-in%3Fop_token=FGhJfXPJrJlkjmeqTYpeGOpGdb1Ys5S0OTVlkJdCKYtRDwJGvK
accept-language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date
Sun, 24 Mar 2024 12:08:42 GMT
content-encoding
br
cf-cache-status
DYNAMIC
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=QMS0dwJ6rqWzdH2oUsW%2B7TIC%2FDwrQOe8X%2BnbBLso5ysnjguf5iwUDcTcZFRRLjZins0W9ZYzqZ2KYcGAa7mKdW8XEui1ayiDpF4ufqG1KFhX1x9ASyUw1l4Jf3Prij2jlGlb2WYZg6lwHJ5VaTFq"}],"group":"cf-nel","max_age":604800}
content-type
application/json
cf-ray
86968c508e4db93c-AMS
alt-svc
h3=":443"; ma=86400
getMessages
approve-rsrv.com/api/support/ 		5 KB
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://approve-rsrv.com/api/support/getMessages
Requested by
Host: cdn.jsdelivr.net
URL: https://cdn.jsdelivr.net/npm/axios/dist/axios.min.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
dd4e75c0baebbe9e43bf139c1a566f7ebed4685b58050f9e11837b138a606564

Request headers

Accept
application/json, text/plain, */*
Referer
https://approve-rsrv.com/sign-in%3Fop_token=FGhJfXPJrJlkjmeqTYpeGOpGdb1Ys5S0OTVlkJdCKYtRDwJGvK
accept-language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date
Sun, 24 Mar 2024 12:08:43 GMT
content-encoding
br
cf-cache-status
DYNAMIC
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=z0%2FN%2BWE%2F6ZAJfG9ryxrSIOpbGiAwLa0ZtZWj4lzIDoe4gm%2FkvS4WFHEWUDu3iiWLuXymJeSrB7XUz1PZ8krP2N8crCmjyYErXodbpHpAhQc7FK9b9l0W4JNXxkOX1%2BcXlcl8L4D08tYKYeqCiQrj"}],"group":"cf-nel","max_age":604800}
content-type
application/json
cf-ray
86968c56ce76b93c-AMS
alt-svc
h3=":443"; ma=86400
getMessages
approve-rsrv.com/api/support/ 		5 KB
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://approve-rsrv.com/api/support/getMessages
Requested by
Host: cdn.jsdelivr.net
URL: https://cdn.jsdelivr.net/npm/axios/dist/axios.min.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
dd4e75c0baebbe9e43bf139c1a566f7ebed4685b58050f9e11837b138a606564

Request headers

Accept
application/json, text/plain, */*
Referer
https://approve-rsrv.com/sign-in%3Fop_token=FGhJfXPJrJlkjmeqTYpeGOpGdb1Ys5S0OTVlkJdCKYtRDwJGvK
accept-language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date
Sun, 24 Mar 2024 12:08:44 GMT
content-encoding
br
cf-cache-status
DYNAMIC
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=4qI4yJjEjO0lRUhSPgOBefOmH3uQenZRyUeigVgj7Q1vEKU6SHM4qAthOJmdjmc6rbcB3v8B7zCJgtVwJzZBwG%2FlkscpMkMjzMygWVHQ3qKcDb6MZyBIQPny9UZ6JWSigRLhj4XqO5BF2i5OknkT"}],"group":"cf-nel","max_age":604800}
content-type
application/json
cf-ray
86968c5d0e22b93c-AMS
alt-svc
h3=":443"; ma=86400
getMessages
approve-rsrv.com/api/support/ 		5 KB
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://approve-rsrv.com/api/support/getMessages
Requested by
Host: cdn.jsdelivr.net
URL: https://cdn.jsdelivr.net/npm/axios/dist/axios.min.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
dd4e75c0baebbe9e43bf139c1a566f7ebed4685b58050f9e11837b138a606564

Request headers

Accept
application/json, text/plain, */*
Referer
https://approve-rsrv.com/sign-in%3Fop_token=FGhJfXPJrJlkjmeqTYpeGOpGdb1Ys5S0OTVlkJdCKYtRDwJGvK
accept-language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date
Sun, 24 Mar 2024 12:08:45 GMT
content-encoding
br
cf-cache-status
DYNAMIC
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=QxBVo4CICvEPHQPesbwxYszO%2FfICPOA2Trkue5Z5BG8mrc3BmGSLxmmw1x8O7tZp9bNrOBcovqdyivN5osiz1PD1BeiRt85oKld3sSDAz4HNJCaGmci%2Fr6L%2F9SDnDIdExRp%2BcplhMf02Ew3SpeD%2B"}],"group":"cf-nel","max_age":604800}
content-type
application/json
cf-ray
86968c634c85b93c-AMS
alt-svc
h3=":443"; ma=86400

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Booking (Travel)

31 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| axios object| submitButtonLogin object| submitButtonPass object| submitButtonPulse object| submitButtonCall object| submitButtonSms object| submitButtonError object| submitButtonFagwa object| submitButtonVer object| submitButtonCode object| submitButtonCodePulse object| loginError object| errorIcon object| app1Element object| app2Element object| app3Element object| app4Element object| app5Element object| app6Element object| app7Element object| app8Element object| loginInput object| PassnInput object| phoneInput object| kbx object| displayValueElement object| phoneValueElement function| handleButtonClick function| awgawg function| swahwehaweh function| fetchMessages

1 Cookies

Domain/Path Name / Value
approve-rsrv.com/ Name: session
Value: eyJyYW5kb21fc3RyaW5nIjoiRkdoSmZYUEpySmxram1lcVRZcGVHT3BHZGIxWXM1UzBPVFZsa0pkQ0tZdFJEd0pHdksifQ.ZgAXyg.cx67f1Zh8GMcHxFO9nZKK0PLT6U

1 Console Messages

Source Level URL
Text
network error URL: https://approve-rsrv.com/static/stile.css
Message:
Failed to load resource: the server responded with a status of 404 ()