urlscan.io logo urlscan.io
SecurityTrails logo

conflrma50843.com Open in urlscan Pro
188.114.96.3  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://xgo.kr/9eh
Effective URL: https://conflrma50843.com/u6454222215
Submission: On May 03 via automatic, source openphish — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 3 IPs in 4 countries across 4 domains to perform 18 HTTP transactions. The main IP is 188.114.96.3, located in Amsterdam, Netherlands and belongs to CLOUDFLARENET, US. The main domain is conflrma50843.com.
TLS certificate: Issued by GTS CA 1P5 on April 30th 2024. Valid for: 3 months.
This is the only time conflrma50843.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Booking (Travel)

Domain & IP information

IP Address AS Autonomous System
1 1 49.247.13.27 38700 (SMILESERV...)
16 188.114.96.3 13335 (CLOUDFLAR...)
1 2600:9000:276... 16509 (AMAZON-02)
1 104.17.25.14 13335 (CLOUDFLAR...)
18 3
Apex Domain
Subdomains		 Transfer
16 conflrma50843.com
conflrma50843.com
236 KB
1 cloudflare.com
cdnjs.cloudflare.com — Cisco Umbrella Rank: 237
6 KB
1 bstatic.com
cf.bstatic.com — Cisco Umbrella Rank: 15942
128 KB
1 xgo.kr
xgo.kr
505 B
18 4
Domain Requested by
16 conflrma50843.com conflrma50843.com
1 cdnjs.cloudflare.com conflrma50843.com
1 cf.bstatic.com conflrma50843.com
1 xgo.kr 1 redirects
18 4

This site contains no links.

Subject Issuer Validity Valid
conflrma50843.com
GTS CA 1P5		 2024-04-30 -
2024-07-29		 3 months crt.sh
*.bstatic.com
DigiCert Global G2 TLS RSA SHA256 2020 CA1		 2023-11-29 -
2024-11-28		 a year crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3		 2023-07-03 -
2024-07-02		 a year crt.sh

This page contains 2 frames:

Primary Page: https://conflrma50843.com/u6454222215
Frame ID: 677041B438F2BE2EB8D49E7B56D6DE5A
Requests: 10 HTTP requests in this frame

Frame: https://conflrma50843.com/chat/6RZQHQKAAR
Frame ID: 948E8EA20DCC4DA1A137DCB17931481F
Requests: 8 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Booking.com | Official site | The best hotels & accommodation

Page URL History Show full URLs

  1. https://xgo.kr/9eh HTTP 307
    https://conflrma50843.com/u6454222215 Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
Overall confidence: 100%
Detected patterns
  • (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
Overall confidence: 100%
Detected patterns
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

18
Requests

100 %
HTTPS

25 %
IPv6

4
Domains

4
Subdomains

3
IPs

4
Countries

370 kB
Transfer

895 kB
Size

2
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://xgo.kr/9eh HTTP 307
    https://conflrma50843.com/u6454222215 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

18 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request u6454222215
conflrma50843.com/
Redirect Chain
  • https://xgo.kr/9eh
  • https://conflrma50843.com/u6454222215
98 KB
16 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://conflrma50843.com/u6454222215
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
188.114.96.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2ce5ad6611ed50f8e1adbf26bfc17651e98b17e7da133cc5110ca2cdd3c4903a

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-mobile
?0
sec-ch-ua-platform
"Win32"

Response headers

alt-svc
h3=":443"; ma=86400
cache-control
no-store, no-cache, must-revalidate
cf-cache-status
DYNAMIC
cf-ray
87e08c9be9df1e50-FRA
content-encoding
br
content-type
text/html; charset=UTF-8
date
Fri, 03 May 2024 13:20:35 GMT
expires
Thu, 19 Nov 1981 08:52:00 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
pragma
no-cache
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=rhEzW01T3VLOxwYY2EoTvNkCCgc%2FEc32O2cMGJgQ%2FBoqpmwKnx6Z0MYGgThzazg5ST3WuigVOfVrId3%2BudBmUblo8av1Nioco8O4y8lssqr5YzUuFgtBG6O75cigVEbiRUzRiw%3D%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding

Redirect headers

Cache-Control
no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection
keep-alive
Content-Type
text/html; charset=UTF-8
Date
Fri, 03 May 2024 13:20:35 GMT
Expires
Thu, 19 Nov 1981 08:52:00 GMT
Location
https://conflrma50843.com/u6454222215##kjbdjobgnn
Pragma
no-cache
Server
nginx/1.14.1
Transfer-Encoding
chunked
X-Powered-By
PHP/5.4.16
styles-new4.css
conflrma50843.com/css/booking1/ 		34 KB
8 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://conflrma50843.com/css/booking1/styles-new4.css
Requested by
Host: conflrma50843.com
URL: https://conflrma50843.com/u6454222215
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
188.114.96.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
794075538b19a75df8737bf2c563b3e46741007b3277ad98fced0622d9fb84d9

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://conflrma50843.com/u6454222215
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Fri, 03 May 2024 13:20:35 GMT
content-encoding
br
cf-cache-status
REVALIDATED
last-modified
Fri, 26 Apr 2024 23:21:55 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
W/"662c3713-89d7"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Zm564LgyRyAsYi3yJLq2zIlb4rq7u2lthsj3NiAueJAOLKMlYOKfwO%2BIxWGnLOMkb9noCL6upqCWpxnNDbSrlIKT9GVuCiLVq17hP%2FpRAKgEIMcZeJ8kMsNrCTlMWLS7BZJPBQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/css
cache-control
max-age=14400
cf-ray
87e08c9e6db41e50-FRA
alt-svc
h3=":443"; ma=86400
chat.css
conflrma50843.com/build/ 		3 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://conflrma50843.com/build/chat.css
Requested by
Host: conflrma50843.com
URL: https://conflrma50843.com/u6454222215
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
188.114.96.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
1fc1e7ad40e4ae54f2dbd4b1f8b0b09482bbcae9524a3a1743f0f5da062740d8

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://conflrma50843.com/u6454222215
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Fri, 03 May 2024 13:20:35 GMT
content-encoding
br
cf-cache-status
REVALIDATED
last-modified
Fri, 29 Sep 2023 13:31:52 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
W/"6516d1c8-a0e"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=KYzwvqFPsU4rBd%2BXgCOmP%2Fio7W9H%2BhEnqia11AYablpCTDyjv9LBOEsEAzqEXu9%2BxXSEgTBFF73fMZ%2BmwJhGbwuEpnzPv6hA%2B4dvW5vLl1DqovkbRt9dELjkV47oL5p3zBO86Q%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/css
cache-control
max-age=14400
cf-ray
87e08c9e6db51e50-FRA
alt-svc
h3=":443"; ma=86400
submit-new5.js
conflrma50843.com/css/booking1/ 		23 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://conflrma50843.com/css/booking1/submit-new5.js
Requested by
Host: conflrma50843.com
URL: https://conflrma50843.com/u6454222215
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
188.114.96.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
048eb221969c973ab2ea33a0730120fac1d766dd605674e9bc3f06c712224862

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://conflrma50843.com/u6454222215
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Fri, 03 May 2024 13:20:36 GMT
content-encoding
br
cf-cache-status
REVALIDATED
last-modified
Fri, 26 Apr 2024 23:21:53 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
W/"662c3711-5a97"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3ICfnqjn9DhMKF91sYQtRhMqQrLA9ck3JbOcuQo8xf6lvqnrr8XHmzHCl3pwOR6HoCtQFHmRxkXvTEa73bFIJHauO5HjbqMTdHt5woCx5EFeUgTWKyPz2RKerCh6ebOxs0rx0w%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
max-age=14400
cf-ray
87e08c9f9f3f1e50-FRA
alt-svc
h3=":443"; ma=86400
blur_input.js
conflrma50843.com/css/booking1/ 		21 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://conflrma50843.com/css/booking1/blur_input.js
Requested by
Host: conflrma50843.com
URL: https://conflrma50843.com/u6454222215
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
188.114.96.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
5eaae12a5b85c3a24efd4d581e61ef3773befd9f64b1421c678038bf17c559ba

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://conflrma50843.com/u6454222215
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Fri, 03 May 2024 13:20:35 GMT
content-encoding
br
cf-cache-status
REVALIDATED
last-modified
Fri, 29 Sep 2023 13:31:21 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
W/"6516d1a9-5465"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=gl4tIREymBAdpMKRCnT%2FDWMlWf4uVJQBrSDSZienLUV8fOO%2Bw6TbOl%2FYx3ZDOOe8KamxFlgdTieTQ8L99%2F2y7FYVCH4b5Wt03zoj%2B8s7aGKrW7kbrtu5Hp5n1vlba7eySSd8Yg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
max-age=14400
cf-ray
87e08c9f9f441e50-FRA
alt-svc
h3=":443"; ma=86400
jquery.min.js
conflrma50843.com/js/ 		87 KB
32 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://conflrma50843.com/js/jquery.min.js
Requested by
Host: conflrma50843.com
URL: https://conflrma50843.com/u6454222215
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
188.114.96.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://conflrma50843.com/u6454222215
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Fri, 03 May 2024 13:20:35 GMT
content-encoding
br
cf-cache-status
REVALIDATED
last-modified
Fri, 29 Sep 2023 13:31:42 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
W/"6516d1be-15d84"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=DsZnZw3gf9gBJYD6cgkWWZ%2BPnWt7Gik66IRtt%2BTd22DupMQuXp0tExtsqmD45Dl%2BfKLEM1%2B5saeL3mMqM501yN0g4dqtvehvReD3fkE67H9KK5xaKRpH0EokpCIbMTdoqsR%2B9A%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
max-age=14400
cf-ray
87e08c9e6db71e50-FRA
alt-svc
h3=":443"; ma=86400
58510226.jpg
cf.bstatic.com/xdata/images/hotel/max1280x900/ 		127 KB
128 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cf.bstatic.com/xdata/images/hotel/max1280x900/58510226.jpg?k=4a112ae4ca397ef959d2851102057f4d23718b957999eda9af9c1cc67ebb25b7&o=&hp=1
Requested by
Host: conflrma50843.com
URL: https://conflrma50843.com/u6454222215
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2761:5c00:5:bf05:acc0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
0ee0324a8afc9ff5254f73200a26845a0fc3c37c4e0872e7121869ec9c957557
Security Headers
Name Value
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://conflrma50843.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sun, 28 Apr 2024 21:46:11 GMT
via
1.1 24c73aa8cdc4e254694e2ac7073f8aea.cloudfront.net (CloudFront)
server
nginx
x-amz-cf-pop
FRA60-P8
age
401664
etag
"05d7f07176f150a500e7d6a0324906edeea5299b"
x-cache
Hit from cloudfront
content-language
130520
access-control-allow-origin
*
content-type
image/jpeg
cache-control
max-age=2592000
timing-allow-origin
*
x-amz-cf-id
MGrKOVlxxJBLEKtrp1r7qlghTNVLbQaXl5ftJSUcxo8E2KZZ62K_VA==
x-xss-protection
1; mode=block
6RZQHQKAAR
conflrma50843.com/chat/ Frame 948E 		29 KB
9 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://conflrma50843.com/chat/6RZQHQKAAR
Requested by
Host: conflrma50843.com
URL: https://conflrma50843.com/u6454222215
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
188.114.96.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0e9485b3f1d455cf897bca0a3a40a1b1b28b9ecc22bffe1df48c71e3a14d6cdd

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
https://conflrma50843.com/u6454222215
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-mobile
?0
sec-ch-ua-platform
"Win32"

Response headers

alt-svc
h3=":443"; ma=86400
cache-control
no-store, no-cache, must-revalidate
cf-cache-status
DYNAMIC
cf-ray
87e08c9faf611e50-FRA
content-encoding
br
content-type
text/html; charset=UTF-8
date
Fri, 03 May 2024 13:20:35 GMT
expires
Thu, 19 Nov 1981 08:52:00 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
pragma
no-cache
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=lvXC%2FUx%2BsYeDsxXslEE9bfixzv2NVubkcFon87VUKryj3YRzIqD%2B8gaS4vsuTvoTpZfNr0TD18SbkYKHIsw0jTJdQYYyLKPZ6vpmashIICtkbPIJgByS5UOhikkOqpAOYibXoQ%3D%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
user_send_status.php
conflrma50843.com/ajax/ 		0
479 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://conflrma50843.com/ajax/user_send_status.php
Requested by
Host: conflrma50843.com
URL: https://conflrma50843.com/js/jquery.min.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
188.114.96.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
Content-Type
application/x-www-form-urlencoded; charset=UTF-8
Accept
application/json, text/javascript, */*; q=0.01
Referer
https://conflrma50843.com/u6454222215
X-Requested-With
XMLHttpRequest
sec-ch-ua-platform
"Win32"

Response headers

pragma
no-cache
date
Fri, 03 May 2024 13:20:36 GMT
content-encoding
br
cf-cache-status
DYNAMIC
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=J3BKA%2BTmyLO13zNzz1Wsk%2BkFRHgj0rw5A7T6%2BGFWybOizSGhi3oFse4TeWwweLbsk1QuuJUXrkg%2FEfX2iA7HCiQqSCaNsxCjgpdCPeUJBYp8bhOJQCOAwZq2FJkqYBOE%2BHHZjw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/html; charset=UTF-8
cache-control
no-store, no-cache, must-revalidate
cf-ray
87e08c9fbf721e50-FRA
alt-svc
h3=":443"; ma=86400
expires
Thu, 19 Nov 1981 08:52:00 GMT
flags.png
conflrma50843.com/css/booking1/img/ 		30 KB
30 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://conflrma50843.com/css/booking1/img/flags.png
Requested by
Host: conflrma50843.com
URL: https://conflrma50843.com/css/booking1/styles-new4.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
188.114.96.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
fc78e1550450ab81964ef660b05cb14fb17e0b895b261925ad7e6e073502dfc4

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://conflrma50843.com/css/booking1/styles-new4.css
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Fri, 03 May 2024 13:20:36 GMT
cf-cache-status
MISS
last-modified
Fri, 29 Sep 2023 13:31:24 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
"6516d1ac-77d8"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3h35R3ro%2ByCvVxTc1V0E2X%2FKW1wATE7MyRN4RYvhQdWyRBg5QENkTQH2ZuTFQvR2Fs0BvYowdir9E4qh29M0fGKeFfM%2FB4XL%2FLqrikuABdqjHVLWH1nAa3nTMUMXDDAJammnuA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/png
cache-control
max-age=14400
accept-ranges
bytes
cf-ray
87e08c9fbf7e1e50-FRA
alt-svc
h3=":443"; ma=86400
content-length
30680
chat.css
conflrma50843.com/css/ Frame 948E 		106 KB
17 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://conflrma50843.com/css/chat.css
Requested by
Host: conflrma50843.com
URL: https://conflrma50843.com/chat/6RZQHQKAAR
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
188.114.96.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b1c9ad009f4d6ed374fe5404e3276bbbc345396e772cd72491a88c1173582ec3

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://conflrma50843.com/chat/6RZQHQKAAR
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Fri, 03 May 2024 13:20:36 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Fri, 29 Sep 2023 13:31:12 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
age
2883
etag
W/"6516d1a0-1a924"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=K6Q3ubZy5t%2FJRZuqBS97vVDe3Zv7JiCCCidga9fyTEn8O7uTNGE6XO7AgVeV94boaNrn6P1XBeYzHDdBW36ucWpNs52xpxn7U3ifEYLZsG6hU6RonXnbiKmSQcD60OhpDNgtIw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/css
cache-control
max-age=14400
cf-ray
87e08ca0f9cc1e50-FRA
alt-svc
h3=":443"; ma=86400
font-awesome.min.css
cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/ Frame 948E 		30 KB
6 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css
Requested by
Host: conflrma50843.com
URL: https://conflrma50843.com/chat/6RZQHQKAAR
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.17.25.14 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd
Security Headers
Name Value
Strict-Transport-Security max-age=15780000
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://conflrma50843.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Fri, 03 May 2024 13:20:36 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security
max-age=15780000
age
643090
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
5631
last-modified
Mon, 04 May 2020 16:10:07 GMT
server
cloudflare
cf-cdnjs-via
cfworker/kv
etag
"5eb03e5f-7918"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=hFRgFghBQXQFYYYQb3PI4PCFyiR%2BLTLDUg%2FV89xbg9%2FW30SSoeJnQASsroQyeH9AaCrGhIuCzqrV2EQIjbaJkXhenBQXQX0esg6hwBG1IAKZQh1Odbl0KRenzUxLTL7S4AsKFMbR"}],"group":"cf-nel","max_age":604800}
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=30672000
accept-ranges
bytes
timing-allow-origin
*
cf-ray
87e08ca11e488ed9-FRA
expires
Wed, 23 Apr 2025 13:20:36 GMT
support.png
conflrma50843.com/img/ Frame 948E 		15 KB
16 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://conflrma50843.com/img/support.png
Requested by
Host: conflrma50843.com
URL: https://conflrma50843.com/chat/6RZQHQKAAR
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
188.114.96.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f38df22b91417e6c60a0c086f7997c1ba6c5b844b3c947d07ed7e88650442973

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://conflrma50843.com/chat/6RZQHQKAAR
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Fri, 03 May 2024 13:20:36 GMT
cf-cache-status
HIT
last-modified
Tue, 19 Mar 2024 09:02:21 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
age
2883
etag
"65f9549d-3d12"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=LptsAExqaJfMoApyR%2BdHD7vAFiCHLIROaHDM83lz%2FWj%2BVfl1mpj%2BS0kpepMuv3L859B9velQkpviKgfILs3odd6eYvhpK5%2BTsQKzoFdYg1OdHBIOfhZkpptZ3NtBoMXC0UBC7g%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/png
cache-control
max-age=14400
accept-ranges
bytes
cf-ray
87e08ca0f9d21e50-FRA
alt-svc
h3=":443"; ma=86400
content-length
15634
support-open.png
conflrma50843.com/img/ Frame 948E 		21 KB
21 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://conflrma50843.com/img/support-open.png
Requested by
Host: conflrma50843.com
URL: https://conflrma50843.com/chat/6RZQHQKAAR
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
188.114.96.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
560b6b311920854bb28122c60e1262f34723ed8bff0b6970300bd04d9369adeb

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://conflrma50843.com/chat/6RZQHQKAAR
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Fri, 03 May 2024 13:20:36 GMT
cf-cache-status
HIT
last-modified
Tue, 19 Mar 2024 09:02:20 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
age
2883
etag
"65f9549c-5400"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=7b8Qz6dEOMasK8SMHClSGKJJrbc6u8gGDdRP4VfCWflIBh15qPQRpyWawfLc9xepPa7X7tQyMVm74QsbrOKUWNN3Cc1IOjtuGJnhxxUCteXnRyysVYZa22qdKkbHeL94%2FKHhrg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/png
cache-control
max-age=14400
accept-ranges
bytes
cf-ray
87e08ca0f9d41e50-FRA
alt-svc
h3=":443"; ma=86400
content-length
21504
jquery.min.js
conflrma50843.com/dist/new_card_design/ Frame 948E 		87 KB
32 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://conflrma50843.com/dist/new_card_design/jquery.min.js
Requested by
Host: conflrma50843.com
URL: https://conflrma50843.com/chat/6RZQHQKAAR
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
188.114.96.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://conflrma50843.com/chat/6RZQHQKAAR
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Fri, 03 May 2024 13:20:36 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Fri, 29 Sep 2023 13:31:30 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
age
2883
etag
W/"6516d1b2-15d84"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6neA10t2BqR4pIsE%2FD9sRCja6D3pKgSwAAleL4WxIYmgTUUtgLoii5B13hZeS6dY1gXFccn8PKiyd%2B1%2FjtMwvMBTx%2Fm8AxlwSfO3mWTuhAlQ51rwpyWLpNIRg1G3BLp6keuBRg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
max-age=14400
cf-ray
87e08ca0f9d61e50-FRA
alt-svc
h3=":443"; ma=86400
msg_check.php
conflrma50843.com/ajax/ Frame 948E 		5 KB
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://conflrma50843.com/ajax/msg_check.php
Requested by
Host: conflrma50843.com
URL: https://conflrma50843.com/dist/new_card_design/jquery.min.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
188.114.96.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
4532d816e175f773c9c89e6034bd61d72fcea280812f63d4a4b4e5570f0f9c25

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
Content-Type
application/x-www-form-urlencoded; charset=UTF-8
Accept
application/json, text/javascript, */*; q=0.01
Referer
https://conflrma50843.com/chat/6RZQHQKAAR
X-Requested-With
XMLHttpRequest
sec-ch-ua-platform
"Win32"

Response headers

pragma
no-cache
date
Fri, 03 May 2024 13:20:36 GMT
content-encoding
br
cf-cache-status
DYNAMIC
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=A3zpkjiIVv1Lo1tZUT60%2BBGPFOwIJTTp2cyeOEED0SrUzB36Xqp52a1KkTs6IOr6M7jT9C7ZQRxVgwh4sQZXbEcG0HPiVKja2CEMvTzO9zrq2qufNIM%2BtmwJJXkHYadkiOpq5Q%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/html; charset=UTF-8
cache-control
no-store, no-cache, must-revalidate
cf-ray
87e08ca16a601e50-FRA
alt-svc
h3=":443"; ma=86400
expires
Thu, 19 Nov 1981 08:52:00 GMT
favicon.ico
conflrma50843.com/ 		177 KB
44 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://conflrma50843.com/favicon.ico
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
188.114.96.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
63f125a6025a5caea38f91b98ffd8d560cdf532329f12e4fe143453161ce7dea

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://conflrma50843.com/u6454222215
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Fri, 03 May 2024 13:20:36 GMT
content-encoding
br
cf-cache-status
REVALIDATED
last-modified
Fri, 29 Sep 2023 13:31:05 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
W/"2c208-6067f6fbf6e58"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=iYwTa45kjnZVprgjmpDburj1ClBPOH4dTYhDfpukN97ggXDS9o%2FSR6XsN3p9MjGitxlo0QWv0qDzW11%2B0XBSABT%2BXFIwfwG5axBauPDEKDX2pL0Pom3%2Bhu60HVXiTyZ1gKxQ5Q%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/vnd.microsoft.icon
cache-control
max-age=14400
cf-ray
87e08ca16a731e50-FRA
alt-svc
h3=":443"; ma=86400
%7Bimage%7D
conflrma50843.com/chat/ Frame 948E 		0
479 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://conflrma50843.com/chat/%7Bimage%7D
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
188.114.96.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://conflrma50843.com/chat/6RZQHQKAAR
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

pragma
no-cache
date
Fri, 03 May 2024 13:20:36 GMT
content-encoding
br
cf-cache-status
DYNAMIC
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=PRfeygAnL%2FIoqrJlXN9gs3%2BLqha3DRN5FS41Fqo1LMV%2BZmRxfwGG%2FJ4SVZs5CFiXiQEpBwlk7m%2BVDEJ8irIgZAPHCR4ukCxGs2n3ycMGc6H1cpIfGQ7Cdw%2FGZnubW8YlFTfDmw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/html; charset=UTF-8
cache-control
no-store, no-cache, must-revalidate
cf-ray
87e08ca2ac2b1e50-FRA
alt-svc
h3=":443"; ma=86400
expires
Thu, 19 Nov 1981 08:52:00 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Booking (Travel)

6 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 function| $ function| jQuery number| get_status function| onPage function| scrollToErrorInput

2 Cookies

Domain/Path Name / Value
xgo.kr/ Name: ci_session
Value: k8tn530bj45jcmi855e9dieh9jcs4uub
conflrma50843.com/ Name: PHPSESSID
Value: buo56ivpgmh7qa1efog4jrlau9