maverick.auconsultores.com Open in urlscan Pro
84.246.210.124 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://mail.indicar.memorialbomretiro.com.br/cerita.php
Effective URL:
https://maverick.auconsultores.com/booking.com/sign-in?c_ds_na=text%2Fhtml%2Capplication%2Fxhtml%2Bxml%2Capplication%2Fxml%3Bq%3D0....
Submission: On June 10 via manual (June 10th 2024, 1:25:43 pm UTC) from DE — Scanned from DE

Summary HTTP 9 Redirects Behaviour Indicators

Summary

This website contacted 2 IPs in 2 countries across 3 domains to perform 9 HTTP transactions. The main IP is 84.246.210.124, located in Spain and belongs to AXARNET-AS, ES. The main domain is maverick.auconsultores.com.
TLS certificate: Issued by R3 on May 19th 2024. Valid for: 3 months.

This is the only time maverick.auconsultores.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Booking (Travel)

Domain & IP information

	IP Address	AS Autonomous System
1 1	192.185.216.18 192.185.216.18	19871 (NETWORK-S...) (NETWORK-SOLUTIONS-HOSTING)
1 9	84.246.210.124 84.246.210.124	50926 (AXARNET-AS) (AXARNET-AS)
1	2600:9000:203... 2600:9000:2038:3600:5:bf05:acc0:93a1	16509 (AMAZON-02) (AMAZON-02)
9	2

1 192.185.216.18 (United States) 1 redirects

ASN19871 (NETWORK-SOLUTIONS-HOSTING, US)
PTR: srv54-ip05.prodns.com.br

mail.indicar.memorialbomretiro.com.br	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 84.246.210.124 (Spain) 1 redirects

ASN50926 (AXARNET-AS, ES)
PTR: auconsultores.servidoresdedicados.com

maverick.auconsultores.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:2038:3600:5:bf05:acc0:93a1 (United States)

ASN16509 (AMAZON-02, US)

t-cf.bstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
9	auconsultores.com 1 redirects maverick.auconsultores.com	91 KB
1	bstatic.com t-cf.bstatic.com — Cisco Umbrella Rank: 19499	25 KB
1	memorialbomretiro.com.br 1 redirects mail.indicar.memorialbomretiro.com.br	113 B
9	3

	Domain	Requested by
9	maverick.auconsultores.com	1 redirects maverick.auconsultores.com
1	t-cf.bstatic.com	maverick.auconsultores.com
1	mail.indicar.memorialbomretiro.com.br	1 redirects
9	3

This site contains no links.

Subject Issuer	Validity	Valid
maverick.auconsultores.com R3	`2024-05-19` - `2024-08-17`	3 months	crt.sh
*.bstatic.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-11-29` - `2024-11-28`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://maverick.auconsultores.com/booking.com/sign-in?c_ds_na=text%2Fhtml%2Capplication%2Fxhtml%2Bxml%2Capplication%2Fxml%3Bq%3D0.9%2Cimage%2Favif%2Cimage%2Fwebp%2Cimage%2Fapng%2C%2A%2F%2A%3Bq%3D0.8%2Capplication%2Fsigned-exchange%3Bv%3Db3%3Bq%3D0.7&c_ds_no=0JHvySlFFToohLlPNjayDIR8p8M7QvvG431tLdYgXc
Frame ID: B60A968C55CB9E98254E293C860080FE
Requests: 9 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Booking.com

Page URL History Show full URLs

https://mail.indicar.memorialbomretiro.com.br/cerita.php HTTP 302
https://maverick.auconsultores.com/booking.com/?verify HTTP 302
https://maverick.auconsultores.com/booking.com/sign-in?c_ds_na=text%2Fhtml%2Capplication%2Fxhtml%2Bxml%2Capplic... Page URL

Page Statistics

9
Requests

100 %
HTTPS

33 %
IPv6

3
Domains

3
Subdomains

2
IPs

2
Countries

116 kB
Transfer

603 kB
Size

1
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://mail.indicar.memorialbomretiro.com.br/cerita.php HTTP 302
https://maverick.auconsultores.com/booking.com/?verify HTTP 302
https://maverick.auconsultores.com/booking.com/sign-in?c_ds_na=text%2Fhtml%2Capplication%2Fxhtml%2Bxml%2Capplication%2Fxml%3Bq%3D0.9%2Cimage%2Favif%2Cimage%2Fwebp%2Cimage%2Fapng%2C%2A%2F%2A%3Bq%3D0.8%2Capplication%2Fsigned-exchange%3Bv%3Db3%3Bq%3D0.7&c_ds_no=0JHvySlFFToohLlPNjayDIR8p8M7QvvG431tLdYgXc Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

9 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request sign-in Show response maverick.auconsultores.com/booking.com/ Redirect Chain https://mail.indicar.memorialbomretiro.com.br/cerita.php https://maverick.auconsultores.com/booking.com/?verify https://maverick.auconsultores.com/booking.com/sign-in?c_ds_na=text%2Fhtml%2Capplication%2Fxhtml%2Bxml%2Capplication%2Fxml%3Bq%3D0.9%2Cimage%2Favif%2Cimage%2Fwebp%2Cimage%2Fapng%2C%2A%2F%2A%3Bq%3D0...	64 KB 11 KB	53ms 53ms	Document text/html	84.246.210.124 AXARNET-AS
General Check archive.org Show headers Download Go to Full URL https://maverick.auconsultores.com/booking.com/sign-in?c_ds_na=text%2Fhtml%2Capplication%2Fxhtml%2Bxml%2Capplication%2Fxml%3Bq%3D0.9%2Cimage%2Favif%2Cimage%2Fwebp%2Cimage%2Fapng%2C%2A%2F%2A%3Bq%3D0.8%2Capplication%2Fsigned-exchange%3Bv%3Db3%3Bq%3D0.7&c_ds_no=0JHvySlFFToohLlPNjayDIR8p8M7QvvG431tLdYgXc Protocol H2 Security TLS 1.3, , AES_256_GCM Server 84.246.210.124 , Spain, ASN50926 (AXARNET-AS, ES), Reverse DNS auconsultores.servidoresdedicados.com Software nginx / PHP/5.6.40 PleskLin Resource Hash `23f3887f7f2a2f0a95e5efd090f3c4c4949c70c90ec047c489d5e0fcce439403` Request headers Accept-Language de-DE,de;q=0.9;q=0.9 Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" sec-ch-ua-mobile ?0 sec-ch-ua-platform "Win32" Response headers cache-control no-store, no-cache, must-revalidate, post-check=0, pre-check=0 content-encoding br content-type text/html; charset=UTF-8 date Mon, 10 Jun 2024 13:25:39 GMT expires Thu, 19 Nov 1981 08:52:00 GMT pragma no-cache server nginx x-powered-by PHP/5.6.40 PleskLin Redirect headers cache-control no-store, no-cache, must-revalidate, post-check=0, pre-check=0 content-type text/html; charset=UTF-8 date Mon, 10 Jun 2024 13:25:38 GMT expires Thu, 19 Nov 1981 08:52:00 GMT location sign-in?c_ds_na=text%2Fhtml%2Capplication%2Fxhtml%2Bxml%2Capplication%2Fxml%3Bq%3D0.9%2Cimage%2Favif%2Cimage%2Fwebp%2Cimage%2Fapng%2C%2A%2F%2A%3Bq%3D0.8%2Capplication%2Fsigned-exchange%3Bv%3Db3%3Bq%3D0.7&c_ds_no=0JHvySlFFToohLlPNjayDIR8p8M7QvvG431tLdYgXc pragma no-cache server nginx x-powered-by PHP/5.6.40 PleskLin
GET H2	200	826_c32002792e35c69191e8.css maverick.auconsultores.com/booking.com/assets/css/	226 KB 35 KB	97ms 96ms	Stylesheet text/css	84.246.210.124 AXARNET-AS
General Check archive.org Show headers Download Go to Full URL https://maverick.auconsultores.com/booking.com/assets/css/826_c32002792e35c69191e8.css Requested by Host: maverick.auconsultores.com URL: https://maverick.auconsultores.com/booking.com/sign-in?c_ds_na=text%2Fhtml%2Capplication%2Fxhtml%2Bxml%2Capplication%2Fxml%3Bq%3D0.9%2Cimage%2Favif%2Cimage%2Fwebp%2Cimage%2Fapng%2C%2A%2F%2A%3Bq%3D0.8%2Capplication%2Fsigned-exchange%3Bv%3Db3%3Bq%3D0.7&c_ds_no=0JHvySlFFToohLlPNjayDIR8p8M7QvvG431tLdYgXc Protocol H2 Security TLS 1.3, , AES_256_GCM Server 84.246.210.124 , Spain, ASN50926 (AXARNET-AS, ES), Reverse DNS auconsultores.servidoresdedicados.com Software nginx / PleskLin Resource Hash `1623411f7208516b214a1b1cfb5b544dfdebb718721e871b1aa31c898c21e2d5` Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Referer https://maverick.auconsultores.com/booking.com/sign-in?c_ds_na=text%2Fhtml%2Capplication%2Fxhtml%2Bxml%2Capplication%2Fxml%3Bq%3D0.9%2Cimage%2Favif%2Cimage%2Fwebp%2Cimage%2Fapng%2C%2A%2F%2A%3Bq%3D0.8%2Capplication%2Fsigned-exchange%3Bv%3Db3%3Bq%3D0.7&c_ds_no=0JHvySlFFToohLlPNjayDIR8p8M7QvvG431tLdYgXc Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Mon, 10 Jun 2024 13:25:39 GMT content-encoding br last-modified Mon, 10 Jun 2024 10:30:20 GMT server nginx etag W/"6666d5bc-38894" x-powered-by PleskLin content-type text/css
GET H2	200	551_8e0f43f6ce9d2e229cb8.css maverick.auconsultores.com/booking.com/assets/css/	265 KB 37 KB	138ms 137ms	Stylesheet text/css	84.246.210.124 AXARNET-AS
General Check archive.org Show headers Download Go to Full URL https://maverick.auconsultores.com/booking.com/assets/css/551_8e0f43f6ce9d2e229cb8.css Requested by Host: maverick.auconsultores.com URL: https://maverick.auconsultores.com/booking.com/sign-in?c_ds_na=text%2Fhtml%2Capplication%2Fxhtml%2Bxml%2Capplication%2Fxml%3Bq%3D0.9%2Cimage%2Favif%2Cimage%2Fwebp%2Cimage%2Fapng%2C%2A%2F%2A%3Bq%3D0.8%2Capplication%2Fsigned-exchange%3Bv%3Db3%3Bq%3D0.7&c_ds_no=0JHvySlFFToohLlPNjayDIR8p8M7QvvG431tLdYgXc Protocol H2 Security TLS 1.3, , AES_256_GCM Server 84.246.210.124 , Spain, ASN50926 (AXARNET-AS, ES), Reverse DNS auconsultores.servidoresdedicados.com Software nginx / PleskLin Resource Hash `5349c36c334d9ec28f1b1e12023668426011f3602ed29f87fb687222a2baf16c` Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Referer https://maverick.auconsultores.com/booking.com/sign-in?c_ds_na=text%2Fhtml%2Capplication%2Fxhtml%2Bxml%2Capplication%2Fxml%3Bq%3D0.9%2Cimage%2Favif%2Cimage%2Fwebp%2Cimage%2Fapng%2C%2A%2F%2A%3Bq%3D0.8%2Capplication%2Fsigned-exchange%3Bv%3Db3%3Bq%3D0.7&c_ds_no=0JHvySlFFToohLlPNjayDIR8p8M7QvvG431tLdYgXc Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Mon, 10 Jun 2024 13:25:39 GMT content-encoding br last-modified Mon, 10 Jun 2024 10:30:20 GMT server nginx etag W/"6666d5bc-425f9" x-powered-by PleskLin content-type text/css
GET H2	200	57_21f66738ac9c52ae5b72.css maverick.auconsultores.com/booking.com/assets/css/	20 KB 5 KB	137ms 137ms	Stylesheet text/css	84.246.210.124 AXARNET-AS
General Check archive.org Show headers Download Go to Full URL https://maverick.auconsultores.com/booking.com/assets/css/57_21f66738ac9c52ae5b72.css Requested by Host: maverick.auconsultores.com URL: https://maverick.auconsultores.com/booking.com/sign-in?c_ds_na=text%2Fhtml%2Capplication%2Fxhtml%2Bxml%2Capplication%2Fxml%3Bq%3D0.9%2Cimage%2Favif%2Cimage%2Fwebp%2Cimage%2Fapng%2C%2A%2F%2A%3Bq%3D0.8%2Capplication%2Fsigned-exchange%3Bv%3Db3%3Bq%3D0.7&c_ds_no=0JHvySlFFToohLlPNjayDIR8p8M7QvvG431tLdYgXc Protocol H2 Security TLS 1.3, , AES_256_GCM Server 84.246.210.124 , Spain, ASN50926 (AXARNET-AS, ES), Reverse DNS auconsultores.servidoresdedicados.com Software nginx / PleskLin Resource Hash `aa4a2a016c5043607067c762013b700818948eb4a4e85ba7ac718af311ebfc81` Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Referer https://maverick.auconsultores.com/booking.com/sign-in?c_ds_na=text%2Fhtml%2Capplication%2Fxhtml%2Bxml%2Capplication%2Fxml%3Bq%3D0.9%2Cimage%2Favif%2Cimage%2Fwebp%2Cimage%2Fapng%2C%2A%2F%2A%3Bq%3D0.8%2Capplication%2Fsigned-exchange%3Bv%3Db3%3Bq%3D0.7&c_ds_no=0JHvySlFFToohLlPNjayDIR8p8M7QvvG431tLdYgXc Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Mon, 10 Jun 2024 13:25:39 GMT content-encoding br last-modified Mon, 10 Jun 2024 10:30:20 GMT server nginx etag W/"6666d5bc-50ec" x-powered-by PleskLin content-type text/css
GET H2	200	etnht.gif maverick.auconsultores.com/booking.com/assets/images/	35 B 202 B	123ms 122ms	Image image/gif	84.246.210.124 AXARNET-AS
General Check archive.org Show headers Download Go to Show image Full URL https://maverick.auconsultores.com/booking.com/assets/images/etnht.gif Requested by Host: maverick.auconsultores.com URL: https://maverick.auconsultores.com/booking.com/sign-in?c_ds_na=text%2Fhtml%2Capplication%2Fxhtml%2Bxml%2Capplication%2Fxml%3Bq%3D0.9%2Cimage%2Favif%2Cimage%2Fwebp%2Cimage%2Fapng%2C%2A%2F%2A%3Bq%3D0.8%2Capplication%2Fsigned-exchange%3Bv%3Db3%3Bq%3D0.7&c_ds_no=0JHvySlFFToohLlPNjayDIR8p8M7QvvG431tLdYgXc Protocol H2 Security TLS 1.3, , AES_256_GCM Server 84.246.210.124 , Spain, ASN50926 (AXARNET-AS, ES), Reverse DNS auconsultores.servidoresdedicados.com Software nginx / PleskLin Resource Hash `9b9265c69a5cc295d1ab0d04e0273b3677db1a6216ce2ccf4efc8c277ed84b39` Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Referer https://maverick.auconsultores.com/booking.com/sign-in?c_ds_na=text%2Fhtml%2Capplication%2Fxhtml%2Bxml%2Capplication%2Fxml%3Bq%3D0.9%2Cimage%2Favif%2Cimage%2Fwebp%2Cimage%2Fapng%2C%2A%2F%2A%3Bq%3D0.8%2Capplication%2Fsigned-exchange%3Bv%3Db3%3Bq%3D0.7&c_ds_no=0JHvySlFFToohLlPNjayDIR8p8M7QvvG431tLdYgXc Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Mon, 10 Jun 2024 13:25:39 GMT last-modified Mon, 10 Jun 2024 10:30:20 GMT server nginx x-accel-version 0.01 etag "23-61a86a2ddb0d5" x-powered-by PleskLin content-type image/gif accept-ranges bytes content-length 35
GET H2	200	BookingExtraBold.woff t-cf.bstatic.com/design-assets/assets/v3.58.1/fonts-brand/	25 KB 25 KB	129ms 39ms	Font font/woff	2600:9000:2038:3600:5:bf05:acc0:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://t-cf.bstatic.com/design-assets/assets/v3.58.1/fonts-brand/BookingExtraBold.woff Requested by Host: maverick.auconsultores.com URL: https://maverick.auconsultores.com/booking.com/assets/css/551_8e0f43f6ce9d2e229cb8.css Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:2038:3600:5:bf05:acc0:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software AmazonS3 / Resource Hash `e63d9656c13baf8786714c53106a0ec404cf8ed4a4b6038345d9029864a3abb6` Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Referer https://maverick.auconsultores.com/ Origin https://maverick.auconsultores.com Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Mon, 10 Jun 2024 08:46:53 GMT via 1.1 db89633bf3348e057f316c437d2aee7a.cloudfront.net (CloudFront) x-amz-cf-pop HEL50-C2 age 16729 x-amz-server-side-encryption AES256 x-cache Hit from cloudfront content-length 25328 last-modified Fri, 27 Jan 2023 14:42:26 GMT server AmazonS3 etag "1ce83dba9b028d54997f401fcc88ee88" vary Accept-Encoding content-type font/woff access-control-allow-origin * access-control-expose-headers * accept-ranges bytes x-amz-cf-id Ayf82HEnf2dD2j-BnJpbgNtsZxeYfZGy4aE2GrbPi9EBM36UcrDXoA==
GET H2	200	us.png maverick.auconsultores.com/booking.com/assets/images/	642 B 811 B	43ms 42ms	Image image/png	84.246.210.124 AXARNET-AS
General Check archive.org Show headers Download Go to Show image Full URL https://maverick.auconsultores.com/booking.com/assets/images/us.png Requested by Host: maverick.auconsultores.com URL: https://maverick.auconsultores.com/booking.com/sign-in?c_ds_na=text%2Fhtml%2Capplication%2Fxhtml%2Bxml%2Capplication%2Fxml%3Bq%3D0.9%2Cimage%2Favif%2Cimage%2Fwebp%2Cimage%2Fapng%2C%2A%2F%2A%3Bq%3D0.8%2Capplication%2Fsigned-exchange%3Bv%3Db3%3Bq%3D0.7&c_ds_no=0JHvySlFFToohLlPNjayDIR8p8M7QvvG431tLdYgXc Protocol H2 Security TLS 1.3, , AES_256_GCM Server 84.246.210.124 , Spain, ASN50926 (AXARNET-AS, ES), Reverse DNS auconsultores.servidoresdedicados.com Software nginx / PleskLin Resource Hash `a333d02eedde7a4dd8643d58b0ea7947268a1762f35f517eb6000ec9e7fcfae8` Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Referer https://maverick.auconsultores.com/booking.com/sign-in?c_ds_na=text%2Fhtml%2Capplication%2Fxhtml%2Bxml%2Capplication%2Fxml%3Bq%3D0.9%2Cimage%2Favif%2Cimage%2Fwebp%2Cimage%2Fapng%2C%2A%2F%2A%3Bq%3D0.8%2Capplication%2Fsigned-exchange%3Bv%3Db3%3Bq%3D0.7&c_ds_no=0JHvySlFFToohLlPNjayDIR8p8M7QvvG431tLdYgXc Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Mon, 10 Jun 2024 13:25:39 GMT last-modified Mon, 10 Jun 2024 10:30:20 GMT server nginx x-accel-version 0.01 etag "282-61a86a2ddb0d5" x-powered-by PleskLin content-type image/png accept-ranges bytes content-length 642
GET H2	200	favicon.svg maverick.auconsultores.com/booking.com/assets/images/	1 KB 1 KB	47ms 47ms	Other image/svg+xml	84.246.210.124 AXARNET-AS
General Check archive.org Show headers Download Go to Full URL https://maverick.auconsultores.com/booking.com/assets/images/favicon.svg Protocol H2 Security TLS 1.3, , AES_256_GCM Server 84.246.210.124 , Spain, ASN50926 (AXARNET-AS, ES), Reverse DNS auconsultores.servidoresdedicados.com Software nginx / PleskLin Resource Hash `c80b9838465a2c5aa19e06c25631cd22d81dd8c76563875ebfb4d35304dfba47` Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Referer https://maverick.auconsultores.com/booking.com/sign-in?c_ds_na=text%2Fhtml%2Capplication%2Fxhtml%2Bxml%2Capplication%2Fxml%3Bq%3D0.9%2Cimage%2Favif%2Cimage%2Fwebp%2Cimage%2Fapng%2C%2A%2F%2A%3Bq%3D0.8%2Capplication%2Fsigned-exchange%3Bv%3Db3%3Bq%3D0.7&c_ds_no=0JHvySlFFToohLlPNjayDIR8p8M7QvvG431tLdYgXc Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Mon, 10 Jun 2024 13:25:39 GMT last-modified Mon, 10 Jun 2024 10:30:20 GMT server nginx etag "6666d5bc-4ad" x-powered-by PleskLin content-type image/svg+xml accept-ranges bytes content-length 1197
GET H2	200	favicon.ico maverick.auconsultores.com/booking.com/assets/images/	610 B 789 B	44ms 43ms	Other image/vnd.microsoft.icon	84.246.210.124 AXARNET-AS
General Check archive.org Show headers Download Go to Full URL https://maverick.auconsultores.com/booking.com/assets/images/favicon.ico Protocol H2 Security TLS 1.3, , AES_256_GCM Server 84.246.210.124 , Spain, ASN50926 (AXARNET-AS, ES), Reverse DNS auconsultores.servidoresdedicados.com Software nginx / PleskLin Resource Hash `99af6690771b7b62a1325d0c0b38a9a0300c18921e4877dcf38a239b9c977502` Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Referer https://maverick.auconsultores.com/booking.com/sign-in?c_ds_na=text%2Fhtml%2Capplication%2Fxhtml%2Bxml%2Capplication%2Fxml%3Bq%3D0.9%2Cimage%2Favif%2Cimage%2Fwebp%2Cimage%2Fapng%2C%2A%2F%2A%3Bq%3D0.8%2Capplication%2Fsigned-exchange%3Bv%3Db3%3Bq%3D0.7&c_ds_no=0JHvySlFFToohLlPNjayDIR8p8M7QvvG431tLdYgXc Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Mon, 10 Jun 2024 13:25:39 GMT last-modified Mon, 10 Jun 2024 10:30:20 GMT server nginx x-accel-version 0.01 etag "262-61a86a2ddaced" x-powered-by PleskLin content-type image/vnd.microsoft.icon accept-ranges bytes content-length 610

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Booking (Travel)

0 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			maverick.auconsultores.com/	1969-12-31 23:59:59	Name: PHPSESSID Value: 3s51fanp5elufbk0hn4o34l6l2

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
recommendation	verbose	URL: https://maverick.auconsultores.com/booking.com/sign-in?c_ds_na=text%2Fhtml%2Capplication%2Fxhtml%2Bxml%2Capplication%2Fxml%3Bq%3D0.9%2Cimage%2Favif%2Cimage%2Fwebp%2Cimage%2Fapng%2C%2A%2F%2A%3Bq%3D0.8%2Capplication%2Fsigned-exchange%3Bv%3Db3%3Bq%3D0.7&c_ds_no=0JHvySlFFToohLlPNjayDIR8p8M7QvvG431tLdYgXc Message: [DOM] Password forms should have (optionally hidden) username fields for accessibility: (More info: https://goo.gl/9p2vKq) %o

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

mail.indicar.memorialbomretiro.com.br
maverick.auconsultores.com
t-cf.bstatic.com
192.185.216.18
2600:9000:2038:3600:5:bf05:acc0:93a1
84.246.210.124
1623411f7208516b214a1b1cfb5b544dfdebb718721e871b1aa31c898c21e2d5
23f3887f7f2a2f0a95e5efd090f3c4c4949c70c90ec047c489d5e0fcce439403
5349c36c334d9ec28f1b1e12023668426011f3602ed29f87fb687222a2baf16c
99af6690771b7b62a1325d0c0b38a9a0300c18921e4877dcf38a239b9c977502
9b9265c69a5cc295d1ab0d04e0273b3677db1a6216ce2ccf4efc8c277ed84b39
a333d02eedde7a4dd8643d58b0ea7947268a1762f35f517eb6000ec9e7fcfae8
aa4a2a016c5043607067c762013b700818948eb4a4e85ba7ac718af311ebfc81
c80b9838465a2c5aa19e06c25631cd22d81dd8c76563875ebfb4d35304dfba47
e63d9656c13baf8786714c53106a0ec404cf8ed4a4b6038345d9029864a3abb6

maverick.auconsultores.com Open in urlscan Pro 84.246.210.124 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Page Statistics

9 Requests

100 %HTTPS

33 %IPv6

3 Domains

3 Subdomains

2 IPs

2 Countries

116 kBTransfer

603 kBSize

1 Cookies

0 Outgoing links

Page URL History

Redirected requests

9 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

0 JavaScript Global Variables

1 Cookies

1 Console Messages

Indicators

maverick.auconsultores.com Open in urlscan Pro
84.246.210.124 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

9
Requests

100 %
HTTPS

33 %
IPv6

3
Domains

3
Subdomains

2
IPs

2
Countries

116 kB
Transfer

603 kB
Size

1
Cookies

9 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!