booking-safe.org Open in urlscan Pro
2606:4700:3033::ac43:bf23 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://booking-safe.org/secure-checkout/196547016
Submission: On January 13 via manual (January 13th 2023, 12:22:59 pm UTC) from ES — Scanned from ES

Summary HTTP 42 Redirects Links 13 Behaviour Indicators

Summary

This website contacted 7 IPs in 2 countries across 7 domains to perform 42 HTTP transactions. The main IP is 2606:4700:3033::ac43:bf23, located in United States and belongs to CLOUDFLARENET, US. The main domain is booking-safe.org.
TLS certificate: Issued by GTS CA 1P5 on January 6th 2023. Valid for: 3 months.

This is the only time booking-safe.org was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Booking (Travel)

Domain & IP information

	IP Address	AS Autonomous System
32	2606:4700:303... 2606:4700:3033::ac43:bf23	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2600:9000:214... 2600:9000:214f:6200:1f:e2ee:200:93a1	16509 (AMAZON-02) (AMAZON-02)
1	2606:4700::68... 2606:4700::6810:7daf	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6810:5714	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6811:190e	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2001:4de0:ac1... 2001:4de0:ac18::1:a:3a	20446 (STACKPATH...) (STACKPATH-CDN)
42	7

32 2606:4700:3033::ac43:bf23 (United States)

ASN13335 (CLOUDFLARENET, US)

booking-safe.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:214f:6200:1f:e2ee:200:93a1 (United States)

ASN16509 (AMAZON-02, US)

cf.bstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:7daf (United States)

ASN13335 (CLOUDFLARENET, US)

unpkg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:5714 (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.jsdelivr.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:190e (United States)

ASN13335 (CLOUDFLARENET, US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:4de0:ac18::1:a:3a (Netherlands)

ASN20446 (STACKPATH-CDN, US)

code.jquery.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
32	booking-safe.org booking-safe.org	634 KB
1	jquery.com code.jquery.com — Cisco Umbrella Rank: 672	31 KB
1	cloudflare.com cdnjs.cloudflare.com — Cisco Umbrella Rank: 199	5 KB
1	jsdelivr.net cdn.jsdelivr.net — Cisco Umbrella Rank: 357	13 KB
1	unpkg.com unpkg.com — Cisco Umbrella Rank: 767	2 KB
1	bstatic.com cf.bstatic.com — Cisco Umbrella Rank: 12787 Failed	2 KB
0	Failed function sub() { [native code] }. Failed
42	7

	Domain	Requested by
32	booking-safe.org	booking-safe.org
1	code.jquery.com	booking-safe.org
1	cdnjs.cloudflare.com	booking-safe.org
1	cdn.jsdelivr.net	booking-safe.org
1	unpkg.com	booking-safe.org
1	cf.bstatic.com	booking-safe.org
0	ljdobmomdgdljniojadhoplhkpialdid Failed	booking-safe.org
42	7

This site contains links to these domains. Also see Links.

Domain
www.booking.com
secure.booking.com
join.booking.com
account.booking.com

Subject Issuer	Validity	Valid
*.booking-safe.org GTS CA 1P5	`2023-01-06` - `2023-04-06`	3 months	crt.sh
*.bstatic.com DigiCert TLS RSA SHA256 2020 CA1	`2022-10-21` - `2023-10-11`	a year	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2022-06-01` - `2023-06-01`	a year	crt.sh
*.jquery.com Sectigo RSA Domain Validation Secure Server CA	`2022-08-03` - `2023-07-14`	a year	crt.sh

This page contains 2 frames:

Primary Page: https://booking-safe.org/secure-checkout/196547016
Frame ID: 647BF3CE2700C98E83FE938B34291AB0
Requests: 36 HTTP requests in this frame

Frame: https://booking-safe.org/supportChatFrame/196547016
Frame ID: AC0C7B60A2AC09613DCF9FB769D272C1
Requests: 7 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Booking.com | Official website | The best hotels and accommodation

Detected technologies

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

Axios (JavaScript libraries) Expand

Overall confidence: 100%
Detected patterns

/axios(@|/)([\d.]+)(?:/[a-z]+)?/axios(?:.min)?\.js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

jsDelivr (CDN) Expand

Overall confidence: 100%
Detected patterns

//cdn\.jsdelivr\.net/

Page Statistics

42
Requests

88 %
HTTPS

100 %
IPv6

7
Domains

7
Subdomains

7
IPs

2
Countries

687 kB
Transfer

2434 kB
Size

2
Cookies

13 Outgoing links

These are links going to different origins than the main page.

URL: https://www.booking.com/index.en.html?label=gen173nr-1DCAEoggI46AdIM1gEaMIBiAEBmAEhuAEXyAEM2AED6AEBiAIBqAIDuALA-qn5BcACAdICJDhkN2YyZGEyLWIyNTItNGYwOS1hY2IxLTM3NGE0ZGRmNmY3MNgCBOACAQ&sid=6f73057af334f8ad16d5eb35163b21c2&srpvid=22a0463f265f008b&click_from_logo=1

Search URL Search Domain Scan URL

URL: https://secure.booking.com/content/cs.en.html?label=gen173nr-1DCAEoggI46AdIM1gEaMIBiAEBmAEhuAEXyAEM2AED6AEBiAIBqAIDuALA-qn5BcACAdICJDhkN2YyZGEyLWIyNTItNGYwOS1hY2IxLTM3NGE0ZGRmNmY3MNgCBOACAQ&sid=6f73057af334f8ad16d5eb35163b21c2&srpvid=22a0463f265f008b&source=header

Search URL Search Domain Scan URL

URL: https://join.booking.com/?lang=ru&utm_source=topbar&utm_medium=frontend&label=gen173nr-1DCAEoggI46AdIM1gEaMIBiAEBmAEhuAEXyAEM2AED6AEBiAIBqAIDuALA-qn5BcACAdICJDhkN2YyZGEyLWIyNTItNGYwOS1hY2IxLTM3NGE0ZGRmNmY3MNgCBOACAQ&aid=304142
Title: Register your property

Search URL Search Domain Scan URL

URL: https://secure.booking.com/mydashboard.en.html
Title: Your account menu Your account

Search URL Search Domain Scan URL

URL: https://www.booking.com/general.en.html?label=gen173nr-1DCAEoggI46AdIM1gEaMIBiAEBmAEhuAEXyAEM2AED6AEBiAIBqAIDuALA-qn5BcACAdICJDhkN2YyZGEyLWIyNTItNGYwOS1hY2IxLTM3NGE0ZGRmNmY3MNgCBOACAQ;sid=6f73057af334f8ad16d5eb35163b21c2;srpvid=22a0463f265f008b&;tmpl=docs/about
Title: About Booking.com

Search URL Search Domain Scan URL

URL: https://www.booking.com/content/cs.en.html?label=gen173nr-1DCAEoggI46AdIM1gEaMIBiAEBmAEhuAEXyAEM2AED6AEBiAIBqAIDuALA-qn5BcACAdICJDhkN2YyZGEyLWIyNTItNGYwOS1hY2IxLTM3NGE0ZGRmNmY3MNgCBOACAQ;sid=6f73057af334f8ad16d5eb35163b21c2;srpvid=22a0463f265f008b&
Title: Support service

Search URL Search Domain Scan URL

URL: https://www.booking.com/content/terms.en.html?label=gen173nr-1DCAEoggI46AdIM1gEaMIBiAEBmAEhuAEXyAEM2AED6AEBiAIBqAIDuALA-qn5BcACAdICJDhkN2YyZGEyLWIyNTItNGYwOS1hY2IxLTM3NGE0ZGRmNmY3MNgCBOACAQ;sid=6f73057af334f8ad16d5eb35163b21c2;srpvid=22a0463f265f008b&
Title: Terms and Conditions

Search URL Search Domain Scan URL

URL: https://www.booking.com/content/privacy.en.html?label=gen173nr-1DCAEoggI46AdIM1gEaMIBiAEBmAEhuAEXyAEM2AED6AEBiAIBqAIDuALA-qn5BcACAdICJDhkN2YyZGEyLWIyNTItNGYwOS1hY2IxLTM3NGE0ZGRmNmY3MNgCBOACAQ;sid=6f73057af334f8ad16d5eb35163b21c2;srpvid=22a0463f265f008b&
Title: Privacy and cookie statement

Search URL Search Domain Scan URL

URL: https://account.booking.com/auth/oauth2?redirect_uri=https%3A%2F%2Fsecure.booking.com%2Flogin.html%3Fop%3Doauth_return&dt=1596655942&client_id=vO1Kblk7xX9tUn2cpZLS&response_type=code&aid=304142&lang=ru&state=UvEJYljhO8yNv9Pun3yJE_uwF5smKqIzb5ScDK-1A9S75CA59V8ryBI-094lYFIYYFYhKYLOBzI_W6WFcii2_Ko-ATcHM6clk3f7YN_xm3MP6zKFSsUrx6Gq_AsWgd3rzw9CNGWn66WcWC3x6_iiOfLZmn3rMXdsIye8_2FnBH5BqA6QNO6jtj4Vv7ZGHQpbuqdL2wmOaimFPdzagCYLNLqQPLzch1CT9K-C04wUCwJM7OPSq_VkxV9O511Mk1HS904_HSwXEH_35qvGRwCUsPciJU6jEkZEpHSbHMNjIrbuLyhGp6iPPajU7A1fHBeglXno8bJNl3RUiHKnKQTU_CWBNxB_NSjwwTOHyrhV06L1k-KkMZQwNAJCEyWF_LBSV2UYabKQzU_J9XaxDzoFyZVkaKsgYhx-Haux63U7fUT9O6tBic-BeXiAaWMPq3DDbpD8evkhHV6qS7-lX1ap_I-8vA4lHqIiIN0VBaBy4o2g-NS_whuloZE75wfAkQZWnIfqaQgGcq6WaGrhQmxq1TxyP02BHrzYbF25okr7eBN-fCGyto3wXuYCrEYxSwJjstGq-_W9AZ4cT1SnIlYA7_LwE_TXZjJEDYpwjn3xupWBrBpE4w1cW51IBzoVkKtduRhjKDU3AnO0WcyT6ngHsPB5b7txE0Ii7JVEYFkIiEkVVP5jJ5BVZuF8VI_bqvIsQkTyB4cgZo1hzQRpirRKwLuWJA1UwkQvxR3SKsweIlhuGPlWD0w020qqI9BaAVx6iQg68RexRt2v5vaZOFaGe9FDedo5BUc7YBL54b2RNhTkWavGy9CKodP5Z1JhidFBVMIHE-2RlaQTnFGjUsSYz5SEFdhIXnvMsSVGPYRgNH1f-S-tKJalkij-TYCLnfyEaQFkmT4rdmvX3quO6RsUQHeYLMsnglLH3fWwHZM5SFyr1ngd46UVZelR8TfP-ieOQsAPxRkEFWNpK47-EdgNHCbcmcmnfQNUnKWE5MXbRi38ey0rmwMvCL6zTyeOhA9vCE9wueFpikmfYDCdH731M-DlFihxamuN-lshBZa88vSo-hGckFIAREq1XcdaaMpkg0CA7DJOyVeiYirBDRlDNNFbmWD6ygl3fEznb8N_S9I05ORAe7VwBXPeMJfk2SmMNainCe4AjUNmpvjeK0vHrcWY7naQ79c00_vO3pShxkP4Hy1vHSrklH7AQCl_IG7IqMaZxPtEINkJ5Wcan9HyJUq2hLleEvE_t_djyzVsrF2D2rwTrOAa62lWrIM0--Vz_ZBLYJu-KL71Sz4CW8ioMQFdiQiNfPGLCBD_ouxFfNKNW6a0UiPZ2hlmlygxKeFYpyyfS-kYPIyw9rHfLs8I4RAwkEschfd_tgDk5vSk5B6o8so6SSjjYsDulF8JNKUoqM5NUDd2TNL_lWJaCpGCfvYwPAstGe9sS37g4Rhg1VnbKJnPGe2HAwXLP9XqV631Dj095RtUb4IRZE_BWjB-0_p0FggdzS0UcqFFwReYlkYSPWIv87RBjRjXqWiCEVJbQNLhIei04x8iqoD0VlAq3EV1bHRSHsD9nv5oHcjHhww_PimfvOZJWiGnbNgqr-S6GnSTRwT0YMUy7Wiw9OLA_WXdJGlRSTlqO-ZwaCXAOUYCRZoPOa2LEiV1_MhrW12HH0wFI29SxPWzLzW-hbj-2OzhmsQ
Title: Log in

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

42 HTTP transactions
1 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request 196547016 Show response
booking-safe.org/secure-checkout/ 836 KB
368 KB 370ms
189ms Document
text/html 2606:4700:3033::ac43:bf23
CLOUDFLARENET

General

			Domain/Path	Expires	Name / Value
			booking-safe.org/	1970-01-20 08:53:32	Name: sol Value: solevoi
			booking-safe.org/	1969-12-31 23:59:59	Name: connect.sid Value: s%3Aw4Q9oh87nBTeX7AnXwz9cjlXan1QbQM9.ZKCsL3Fr82JypymL2EZWNZXdepLjawbovU%2BCXOJf7cs

Source	Level	URL Text
network	error	URL: chrome-extension://ljdobmomdgdljniojadhoplhkpialdid/page/prompt.js Message: Failed to load resource: net::ERR_UNKNOWN_URL_SCHEME
network	error	URL: chrome-extension://ljdobmomdgdljniojadhoplhkpialdid/page/runScript.js Message: Failed to load resource: net::ERR_UNKNOWN_URL_SCHEME
network	error	URL: https://booking-safe.org/booking_pc_files/62ece2a237898912e9616349 Message: Failed to load resource: the server responded with a status of 404 ()
security	error	URL: https://booking-safe.org/secure-checkout/196547016(Line 117) Message: Refused to execute script from 'https://booking-safe.org/booking_pc_files/62ece2a237898912e9616349' because its MIME type ('text/html') is not executable, and strict MIME type checking is enabled.
javascript	error	URL: https://booking-safe.org/secure-checkout/196547016(Line 122) Message: Access to script at 'https://cf.bstatic.com/static/js/core-deps-inlinedet_cloudfront_sd/f9643a69f02b9c76991392f48a052af55b539c89.js' from origin 'https://booking-safe.org' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://cf.bstatic.com/static/js/core-deps-inlinedet_cloudfront_sd/f9643a69f02b9c76991392f48a052af55b539c89.js Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: https://booking-safe.org/secure-checkout/196547016(Line 122) Message: Access to script at 'https://cf.bstatic.com/static/js/searchbox_cloudfront_sd/a21d916ee7e8654fa1fcb34dcafd94f83454830d.js' from origin 'https://booking-safe.org' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://cf.bstatic.com/static/js/searchbox_cloudfront_sd/a21d916ee7e8654fa1fcb34dcafd94f83454830d.js Message: Failed to load resource: net::ERR_FAILED
network	error	URL: https://booking-safe.org/booking_pc_files/jquery.min.js.%C3%90_%C3%90%C2%B5%C3%90%C2%B7%20%C3%90%C2%BD%C3%90%C2%B0%C3%90%C2%B7%C3%90%C2%B2%C3%90%C2%B0%C3%90%C2%BD%C3%90%C2%B8%C3%91_ Message: Failed to load resource: the server responded with a status of 404 ()
security	error	URL: https://booking-safe.org/secure-checkout/196547016 Message: Refused to execute script from 'https://booking-safe.org/booking_pc_files/jquery.min.js.%C3%90_%C3%90%C2%B5%C3%90%C2%B7%20%C3%90%C2%BD%C3%90%C2%B0%C3%90%C2%B7%C3%90%C2%B2%C3%90%C2%B0%C3%90%C2%BD%C3%90%C2%B8%C3%91_' because its MIME type ('text/html') is not executable, and strict MIME type checking is enabled.
rendering	error	URL: https://booking-safe.org/secure-checkout/196547016(Line 233) Message: Error: <path> attribute d: Expected number, "…170.055 88.0306 \u20AC 167.702 86.642…".
rendering	error	URL: https://booking-safe.org/secure-checkout/196547016(Line 234) Message: Error: <path> attribute d: Expected path command, "…90.5177 59.2306 \u20ACC83.1063 59.157…".
rendering	error	URL: https://booking-safe.org/secure-checkout/196547016(Line 235) Message: Error: <path> attribute d: Expected number, "…72.1131 265.306 \u20AC 72.0167 264.59…".
rendering	error	URL: https://booking-safe.org/secure-checkout/196547016(Line 650) Message: Error: <path> attribute d: Expected path command, "…64 1.218H10.306 \u20ACC16.737 1.218 2…".
network	error	URL: https://booking-safe.org/booking_pc_files/maskedinput.js.%C3%90_%C3%90%C2%B5%C3%90%C2%B7%20%C3%90%C2%BD%C3%90%C2%B0%C3%90%C2%B7%C3%90%C2%B2%C3%90%C2%B0%C3%90%C2%BD%C3%90%C2%B8%C3%91_ Message: Failed to load resource: the server responded with a status of 404 ()
security	error	URL: https://booking-safe.org/secure-checkout/196547016 Message: Refused to execute script from 'https://booking-safe.org/booking_pc_files/maskedinput.js.%C3%90_%C3%90%C2%B5%C3%90%C2%B7%20%C3%90%C2%BD%C3%90%C2%B0%C3%90%C2%B7%C3%90%C2%B2%C3%90%C2%B0%C3%90%C2%BD%C3%90%C2%B8%C3%91_' because its MIME type ('text/html') is not executable, and strict MIME type checking is enabled.
network	error	URL: https://booking-safe.org/booking_pc_files/jquery-1.11.2.min.js.sta%C5%BEen%C3%BD%20soubor Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://booking-safe.org/booking_pc_files/howler.min.js.sta%C5%BEen%C3%BD%20soubor Message: Failed to load resource: the server responded with a status of 404 ()
rendering	error	URL: https://booking-safe.org/secure-checkout/196547016(Line 978) Message: Error: <path> attribute d: Expected path command, "…64 1.218H10.306 \u20ACC16.737 1.218 2…".
security	error	URL: https://booking-safe.org/secure-checkout/196547016 Message: Refused to execute script from 'https://booking-safe.org/booking_pc_files/jquery-1.11.2.min.js.sta%C5%BEen%C3%BD%20soubor' because its MIME type ('text/html') is not executable, and strict MIME type checking is enabled.
security	error	URL: https://booking-safe.org/secure-checkout/196547016 Message: Refused to execute script from 'https://booking-safe.org/booking_pc_files/howler.min.js.sta%C5%BEen%C3%BD%20soubor' because its MIME type ('text/html') is not executable, and strict MIME type checking is enabled.
network	error	URL: https://booking-safe.org/images/224ab63b8018e821722b2d8eec90aeaa8be168c7.png Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://booking-safe.org/fonts/29bca18dce5a8e111855e31314a9b1d750ea9beb.woff2 Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://booking-safe.org/fonts/ca3edd97ae7e70e02d4deab5e4f53caf934229e1.woff Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://booking-safe.org/fonts/e133f2b3f9778b23512ad50c3d726c068cf41f7c.ttf Message: Failed to load resource: the server responded with a status of 404 ()

booking-safe.org Open in urlscan Pro 2606:4700:3033::ac43:bf23 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

42 Requests

88 %HTTPS

100 %IPv6

7 Domains

7 Subdomains

7 IPs

2 Countries

687 kBTransfer

2434 kBSize

2 Cookies

13 Outgoing links

Redirected requests

42 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

booking-safe.org Open in urlscan Pro
2606:4700:3033::ac43:bf23 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

42
Requests

88 %
HTTPS

100 %
IPv6

7
Domains

7
Subdomains

7
IPs

2
Countries

687 kB
Transfer

2434 kB
Size

2
Cookies

42 HTTP transactions
1 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!