URL: https://buscar.airlineuser.com/
Submission: On July 23 via automatic, source certstream-suspicious — Scanned from DE

Summary

This website contacted 11 IPs in 4 countries across 9 domains to perform 30 HTTP transactions. The main IP is 188.42.196.67, located in Luxembourg and belongs to SERVERS-COM, US. The main domain is buscar.airlineuser.com.
TLS certificate: Issued by R10 on July 23rd 2024. Valid for: 3 months.
This is the only time buscar.airlineuser.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
5 188.42.196.67 7979 (SERVERS-COM)
2 2a00:1450:400... 15169 (GOOGLE)
2 2001:4860:480... 15169 (GOOGLE)
3 2001:4860:480... 15169 (GOOGLE)
1 142.250.185.200 15169 (GOOGLE)
1 18.66.112.127 16509 (AMAZON-02)
4 188.42.198.44 7979 (SERVERS-COM)
2 188.42.198.252 7979 (SERVERS-COM)
1 2a00:1450:400... 15169 (GOOGLE)
1 142.250.185.131 15169 (GOOGLE)
30 11
Apex Domain
Subdomains
Transfer
5 airlineuser.com
buscar.airlineuser.com
airlineuser.com Failed
774 KB
4 aviasales.ru
mamka.aviasales.ru
1 KB
4 google-analytics.com
www.google-analytics.com — Cisco Umbrella Rank: 104
region1.google-analytics.com — Cisco Umbrella Rank: 3123
21 KB
3 googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 112
270 KB
2 travelpayouts.com
www.travelpayouts.com — Cisco Umbrella Rank: 180916 Failed
8 KB
1 google.de
www.google.de — Cisco Umbrella Rank: 6716
63 B
1 doubleclick.net
stats.g.doubleclick.net — Cisco Umbrella Rank: 252
258 B
1 google.com
region1.analytics.google.com — Cisco Umbrella Rank: 3773
1 aviasales.com
static.aviasales.com — Cisco Umbrella Rank: 172222
14 KB
30 9
Domain Requested by
5 buscar.airlineuser.com buscar.airlineuser.com
4 mamka.aviasales.ru buscar.airlineuser.com
3 www.googletagmanager.com buscar.airlineuser.com
www.googletagmanager.com
www.google-analytics.com
2 www.travelpayouts.com buscar.airlineuser.com
2 region1.google-analytics.com www.googletagmanager.com
2 www.google-analytics.com www.googletagmanager.com
www.google-analytics.com
1 www.google.de buscar.airlineuser.com
1 stats.g.doubleclick.net www.googletagmanager.com
1 region1.analytics.google.com www.googletagmanager.com
1 static.aviasales.com buscar.airlineuser.com
0 airlineuser.com Failed buscar.airlineuser.com
30 11

This site contains links to these domains. Also see Links.

Domain
airlineuser.com
www.travelpayouts.com
Subject Issuer Validity Valid
buscar.airlineuser.com
R10
2024-07-23 -
2024-10-21
3 months crt.sh
*.google-analytics.com
WR2
2024-07-01 -
2024-09-23
3 months crt.sh
aviasales.com
Amazon RSA 2048 M03
2023-12-24 -
2025-01-22
a year crt.sh
aviasales.ru
R3
2024-05-25 -
2024-08-23
3 months crt.sh
travelpayouts.com
R11
2024-06-22 -
2024-09-20
3 months crt.sh
*.g.doubleclick.net
WR2
2024-06-24 -
2024-09-16
3 months crt.sh
*.google.de
WR2
2024-07-01 -
2024-09-23
3 months crt.sh

This page contains 1 frames:

Primary Page: https://buscar.airlineuser.com/
Frame ID: CEBA9FBDC1197F99DC08EAFCAC794B65
Requests: 32 HTTP requests in this frame

Screenshot

Page Title

Search Flights and Hotels

Detected technologies

Overall confidence: 100%
Detected patterns
  • google-analytics\.com/(?:ga|urchin|analytics)\.js

Overall confidence: 100%
Detected patterns
  • googletagmanager\.com/gtm\.js
  • googletagmanager\.com/gtag/js

Page Statistics

30
Requests

73 %
HTTPS

40 %
IPv6

9
Domains

11
Subdomains

11
IPs

4
Countries

1088 kB
Transfer

3597 kB
Size

12
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

30 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request /
buscar.airlineuser.com/
22 KB
5 KB
Document
General
Full URL
https://buscar.airlineuser.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
188.42.196.67 , Luxembourg, ASN7979 (SERVERS-COM, US),
Reverse DNS
Software
/
Resource Hash
f71a470d2ba0e24d767d0d5f3d9a2a2b8ed75920b52f70c44fe04d6bb6287bef

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

content-encoding
br
content-type
text/html; charset=utf-8
date
Tue, 23 Jul 2024 22:54:30 GMT
vary
Accept-Encoding
x-request-id
a51e037332afae28af6589a7e63578d7
whitelabel_es.js
buscar.airlineuser.com/widgets/
0
0
Script
General
Full URL
https://buscar.airlineuser.com/widgets/whitelabel_es.js?v=002&rtl=false&locale=es
Requested by
Host: buscar.airlineuser.com
URL: https://buscar.airlineuser.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
188.42.196.67 , Luxembourg, ASN7979 (SERVERS-COM, US),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://buscar.airlineuser.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Tue, 23 Jul 2024 22:54:30 GMT
x-content-type-options
nosniff
x-robots-tag
noindex
content-length
7
x-request-id
341954f3d2684f864b5e520c9bf9860b
content-type
text/plain; charset=utf-8
main.es.js
buscar.airlineuser.com/
788 KB
226 KB
Script
General
Full URL
https://buscar.airlineuser.com/main.es.js
Requested by
Host: buscar.airlineuser.com
URL: https://buscar.airlineuser.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
188.42.196.67 , Luxembourg, ASN7979 (SERVERS-COM, US),
Reverse DNS
Software
/
Resource Hash
7f00927e506d27866a1d67d03eef38f67ff5e4dd41e8cc7a2ee82a3985aa3752

Request headers

Referer
https://buscar.airlineuser.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Tue, 23 Jul 2024 22:54:30 GMT
content-encoding
gzip
last-modified
Tuesday, 23-Jul-2024 22:54:30 UTC
etag
W/"669e4cc8-c4e24"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
cache-control
max-age=1800
x-request-id
e10f11d93785b97f4372187236cbc108
expires
Tue, 23 Jul 2024 23:24:30 GMT
main.css
buscar.airlineuser.com/
2 MB
542 KB
Stylesheet
General
Full URL
https://buscar.airlineuser.com/main.css
Requested by
Host: buscar.airlineuser.com
URL: https://buscar.airlineuser.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
188.42.196.67 , Luxembourg, ASN7979 (SERVERS-COM, US),
Reverse DNS
Software
/
Resource Hash
a6cb4c91723ee879e398f4eb4eaf98b23b91eb8d1ef8367fc22bce64d7332e2d

Request headers

Referer
https://buscar.airlineuser.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Tue, 23 Jul 2024 22:54:30 GMT
content-encoding
gzip
last-modified
Tuesday, 23-Jul-2024 22:54:30 UTC
etag
W/"669e4ba8-1b9126"
vary
Accept-Encoding
content-type
text/css
cache-control
max-age=1800
x-request-id
b4c1e0f5976772a2688513170c9c92a4
expires
Tue, 23 Jul 2024 23:24:30 GMT
logo.png
airlineuser.com/images/
0
0

gtm.js
www.googletagmanager.com/
225 KB
79 KB
Script
General
Full URL
https://www.googletagmanager.com/gtm.js?id=GTM-M47KB56
Requested by
Host: buscar.airlineuser.com
URL: https://buscar.airlineuser.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:829::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
36dcd9d3ab2c8de583ecbbc33b59c9a7a401812b5882fce523b6f9a73df38387
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Referer
https://buscar.airlineuser.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Tue, 23 Jul 2024 22:54:30 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
80960
x-xss-protection
0
last-modified
Tue, 23 Jul 2024 21:36:29 GMT
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Tue, 23 Jul 2024 22:54:30 GMT
js
www.googletagmanager.com/gtag/
284 KB
97 KB
Script
General
Full URL
https://www.googletagmanager.com/gtag/js?id=G-6C1GFWKMT9&l=dataLayer&cx=c
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-M47KB56
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:829::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
d9de0c37f78b69c2c5b8c2641495059962506bd0a44dc69ef96925e5cb9f7f5e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Referer
https://buscar.airlineuser.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Tue, 23 Jul 2024 22:54:30 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
access-control-allow-headers
Cache-Control
content-length
98711
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires
Tue, 23 Jul 2024 22:54:30 GMT
analytics.js
www.google-analytics.com/
52 KB
21 KB
Script
General
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-M47KB56
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4860:4802:38::178 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://buscar.airlineuser.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
date
Tue, 23 Jul 2024 22:29:07 GMT
last-modified
Tue, 12 Dec 2023 18:09:08 GMT
server
Golfe2
age
1523
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
20994
expires
Wed, 24 Jul 2024 00:29:07 GMT
collect
region1.google-analytics.com/g/
0
0
Fetch
General
Full URL
https://region1.google-analytics.com/g/collect?v=2&tid=G-6C1GFWKMT9&gtm=45je47h0v893968163z878526466za200zb78526466&_p=1721775270583&gcd=13l3l3l2l1&npa=1&dma_cps=syphamo&dma=1&tag_exp=0&cid=1250014940.1721775271&ul=de-de&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&frm=0&pscdl=noapi&_s=1&sid=1721775270&sct=1&seg=0&dl=https%3A%2F%2Fbuscar.airlineuser.com%2F&dt=Search%20Flights%20and%20Hotels&en=page_view&_fv=1&_nsi=1&_ss=1&tfd=1430&_z=fetch
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-6C1GFWKMT9&l=dataLayer&cx=c
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash

Request headers

Referer
https://buscar.airlineuser.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 23 Jul 2024 22:54:30 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://buscar.airlineuser.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
www.google-analytics.com/j/
15 B
225 B
XHR
General
Full URL
https://www.google-analytics.com/j/collect?v=1&_v=j101&a=1637960990&t=pageview&_s=1&dl=https%3A%2F%2Fbuscar.airlineuser.com%2F&ul=de-de&de=UTF-8&dt=Search%20Flights%20and%20Hotels&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YADAAEABAAAAACAAI~&jid=357631137&gjid=2015241241&cid=1250014940.1721775271&tid=UA-70090146-9&_gid=706813495.1721775271&_r=1&_slc=1&gtm=45He47h0n81M47KB56v78526466za200&gcd=13l3l3l2l1&dma_cps=syphamo&dma=1&tag_exp=95250753&npa=1&z=191665643
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4860:4802:38::178 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
10371d1a9b5f1dd1bacb5b706fdc5a10e5e72d5d26636bcaccd230a165f8b16b
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://buscar.airlineuser.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Tue, 23 Jul 2024 22:54:30 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://buscar.airlineuser.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
15
expires
Fri, 01 Jan 1990 00:00:00 GMT
js
www.googletagmanager.com/gtag/
272 KB
94 KB
Script
General
Full URL
https://www.googletagmanager.com/gtag/js?id=G-1HXW6H26GB&cx=c&_slc=1
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.200 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s52-in-f8.1e100.net
Software
Google Tag Manager /
Resource Hash
e7504d11d3e82501ee6651725fff3987c406dea7160a42db0c6b2eda1f3bd085
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Referer
https://buscar.airlineuser.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Tue, 23 Jul 2024 22:54:30 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
access-control-allow-headers
Cache-Control
content-length
96254
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires
Tue, 23 Jul 2024 22:54:30 GMT
sp.js
static.aviasales.com/snowplow/19.20.1/
43 KB
14 KB
Script
General
Full URL
https://static.aviasales.com/snowplow/19.20.1/sp.js
Requested by
Host: buscar.airlineuser.com
URL: https://buscar.airlineuser.com/main.es.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.112.127 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-112-127.fra56.r.cloudfront.net
Software
/
Resource Hash
5b7961e43ba73a1ec7a400060934040077aef584ce1a6ab0185d9c41ce029d32

Request headers

Referer
https://buscar.airlineuser.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Mon, 22 Apr 2024 00:25:22 GMT
content-encoding
gzip
via
1.1 b6be6ee8d445cfa291adcacd75a3fb12.cloudfront.net (CloudFront)
last-modified
Wed, 20 Dec 2023 07:57:47 GMT
x-amz-cf-pop
FRA56-P5
age
8029749
etag
W/"56c168eae5c685d285eeaf940c1f21d5"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/x-javascript
cache-control
public,max-age=31536000
alt-svc
h3=":443"; ma=86400
x-amz-cf-id
m2UG0OTxS1DxRM0URlO1xQjUcDxb66AsiNkgke5fFemH6LvXL-_WMw==
widget.js
www.travelpayouts.com/weedle/
0
0

widget.js
www.travelpayouts.com/weedle/
0
0

widget.js
www.travelpayouts.com/weedle/
0
0

widget.js
www.travelpayouts.com/weedle/
0
0

widget.js
www.travelpayouts.com/weedle/
0
0

widget.js
www.travelpayouts.com/weedle/
0
0

scripts_es.js
www.travelpayouts.com/ducklett/
0
0

set
mamka.aviasales.ru/third_party_cookies/
0
277 B
Image
General
Full URL
https://mamka.aviasales.ru/third_party_cookies/set?mamka_version=0.0.13&mamka_utc_datetime=2024-07-23T22%3A54%3A30.992Z
Requested by
Host: buscar.airlineuser.com
URL: https://buscar.airlineuser.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
188.42.198.44 , Luxembourg, ASN7979 (SERVERS-COM, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://buscar.airlineuser.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Tue, 23 Jul 2024 22:54:31 GMT
server
nginx
access-control-max-age
1728000
access-control-allow-methods
GET, POST, OPTIONS
content-type
text/plain charset=UTF-8
access-control-allow-origin
*
access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length
0
tp.png
www.travelpayouts.com/powered_by/img/
4 KB
4 KB
Image
General
Full URL
https://www.travelpayouts.com/powered_by/img/tp.png
Requested by
Host: buscar.airlineuser.com
URL: https://buscar.airlineuser.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
188.42.198.252 , Luxembourg, ASN7979 (SERVERS-COM, US),
Reverse DNS
Software
nginx /
Resource Hash
2485b6352182e9b84c6010dedea330b64058983d22008327a64fd7d9b10df905

Request headers

Referer
https://buscar.airlineuser.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Tue, 23 Jul 2024 22:54:31 GMT
last-modified
Mon, 08 Jul 2024 10:55:27 GMT
server
nginx
content-type
image/png
cache-control
no-store, no-cache
accept-ranges
bytes
x-robots-tag
noindex
content-length
3584
x-request-id
fbefab432609c89c8d4f06c8ed27f127
collect
region1.analytics.google.com/g/
0
0
Fetch
General
Full URL
https://region1.analytics.google.com/g/collect?v=2&tid=G-1HXW6H26GB&gtm=45je47h0v9126237212za200&_p=1721775270583&_gaz=1&gcd=13l3l3l2l3&npa=1&dma_cps=syphamo&dma=1&tag_exp=95250753&ul=de-de&sr=1600x1200&cid=1250014940.1721775271&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&frm=0&pscdl=noapi&_eu=ABAI&_s=1&dl=https%3A%2F%2Fbuscar.airlineuser.com%2F&dt=Search%20Flights%20and%20Hotels&sid=1721775271&sct=1&seg=0&en=page_view&_fv=1&_ss=1&_ee=1&tfd=1701&_z=fetch
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-1HXW6H26GB&cx=c&_slc=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash

Request headers

Referer
https://buscar.airlineuser.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 23 Jul 2024 22:54:31 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://buscar.airlineuser.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
stats.g.doubleclick.net/g/
0
258 B
Ping
General
Full URL
https://stats.g.doubleclick.net/g/collect?v=2&tid=G-1HXW6H26GB&cid=1250014940.1721775271&gtm=45je47h0v9126237212za200&aip=1&dma=1&dma_cps=syphamo&gcd=13l3l3l2l3&npa=1&frm=0
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-1HXW6H26GB&cx=c&_slc=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:400c:c00::9a Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://buscar.airlineuser.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 23 Jul 2024 22:54:31 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://buscar.airlineuser.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
ga-audiences
www.google.de/ads/
42 B
63 B
Image
General
Full URL
https://www.google.de/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-1HXW6H26GB&cid=1250014940.1721775271&gtm=45je47h0v9126237212za200&aip=1&dma=1&dma_cps=syphamo&gcd=13l3l3l2l3&npa=1&frm=0&z=2132111557
Requested by
Host: buscar.airlineuser.com
URL: https://buscar.airlineuser.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.131 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s50-in-f3.1e100.net
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://buscar.airlineuser.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 23 Jul 2024 22:54:31 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
set
mamka.aviasales.ru/third_party_cookies/
0
276 B
Image
General
Full URL
https://mamka.aviasales.ru/third_party_cookies/set?mamka_version=0.0.13&mamka_utc_datetime=2024-07-23T22%3A54%3A31.346Z&mamka_attempts=1
Requested by
Host: buscar.airlineuser.com
URL: https://buscar.airlineuser.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
188.42.198.44 , Luxembourg, ASN7979 (SERVERS-COM, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://buscar.airlineuser.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Tue, 23 Jul 2024 22:54:31 GMT
server
nginx
access-control-max-age
1728000
access-control-allow-methods
GET, POST, OPTIONS
content-type
text/plain charset=UTF-8
access-control-allow-origin
*
access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length
0
truncated
/
140 KB
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
b09ab6f105976cdbfba0fcd686b6f1580bca2d1940c873db2d380e05c4a8aefb

Request headers

Referer
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Content-Type
image/svg+xml;charset=utf-8
currency-regular-webfont.woff2
www.travelpayouts.com/currency_fonts/
4 KB
4 KB
Font
General
Full URL
https://www.travelpayouts.com/currency_fonts/currency-regular-webfont.woff2
Requested by
Host: buscar.airlineuser.com
URL: https://buscar.airlineuser.com/main.css
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
188.42.198.252 , Luxembourg, ASN7979 (SERVERS-COM, US),
Reverse DNS
Software
nginx /
Resource Hash
4ba3cac275ae4d06824607aa55da87e077a60cc9608aa0d6d8b6004922573d2e

Request headers

Referer
https://buscar.airlineuser.com/
Origin
https://buscar.airlineuser.com
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Tue, 23 Jul 2024 22:54:31 GMT
last-modified
Tue, 14 May 2024 12:08:58 GMT
server
nginx
etag
"6643545a-e08"
content-type
application/octet-stream
access-control-allow-origin
*
cache-control
max-age=315360000, public
accept-ranges
bytes
content-length
3592
x-request-id
1acbff487f0a8f2b8689c4f727b6242b
expires
Thu, 31 Dec 2037 23:55:55 GMT
truncated
/
348 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
0cd533223411d5bab615e57af6eab20ecd15e20bc76f12487a38c0daf82e54cc

Request headers

Referer
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Content-Type
image/svg+xml;charset=utf-8
favicon.ico
buscar.airlineuser.com/
19 B
179 B
Other
General
Full URL
https://buscar.airlineuser.com/favicon.ico
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
188.42.196.67 , Luxembourg, ASN7979 (SERVERS-COM, US),
Reverse DNS
Software
/
Resource Hash
b16e15764b8bc06c5c3f9f19bc8b99fa48e7894aa5a6ccdad65da49bbf564793
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://buscar.airlineuser.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Tue, 23 Jul 2024 22:54:31 GMT
x-content-type-options
nosniff
content-length
19
x-request-id
2d360fcbe3adf38ad264d2de819f2b3e
content-type
text/plain; charset=utf-8
set
mamka.aviasales.ru/third_party_cookies/
0
276 B
Image
General
Full URL
https://mamka.aviasales.ru/third_party_cookies/set?mamka_version=0.0.13&mamka_utc_datetime=2024-07-23T22%3A54%3A31.897Z&mamka_attempts=2
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
188.42.198.44 , Luxembourg, ASN7979 (SERVERS-COM, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://buscar.airlineuser.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Tue, 23 Jul 2024 22:54:31 GMT
server
nginx
access-control-max-age
1728000
access-control-allow-methods
GET, POST, OPTIONS
content-type
text/plain charset=UTF-8
access-control-allow-origin
*
access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length
0
set
mamka.aviasales.ru/third_party_cookies/
0
276 B
Image
General
Full URL
https://mamka.aviasales.ru/third_party_cookies/set?mamka_version=0.0.13&mamka_utc_datetime=2024-07-23T22%3A54%3A34.444Z&mamka_attempts=3
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
188.42.198.44 , Luxembourg, ASN7979 (SERVERS-COM, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://buscar.airlineuser.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Tue, 23 Jul 2024 22:54:34 GMT
server
nginx
access-control-max-age
1728000
access-control-allow-methods
GET, POST, OPTIONS
content-type
text/plain charset=UTF-8
access-control-allow-origin
*
access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length
0
collect
region1.google-analytics.com/g/
0
0
Fetch
General
Full URL
https://region1.google-analytics.com/g/collect?v=2&tid=G-6C1GFWKMT9&gtm=45je47h0v893968163za200zb78526466&_p=1721775270583&gcd=13l3l3l2l1&npa=1&dma_cps=syphamo&dma=1&tag_exp=0&cid=1250014940.1721775271&ul=de-de&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&frm=0&pscdl=noapi&_eu=AEA&_s=2&sid=1721775270&sct=1&seg=0&dl=https%3A%2F%2Fbuscar.airlineuser.com%2F&dt=Search%20Flights%20and%20Hotels&en=scroll&epn.percent_scrolled=90&_et=9&tfd=6441&_z=fetch
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-6C1GFWKMT9&l=dataLayer&cx=c
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash

Request headers

Referer
https://buscar.airlineuser.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 23 Jul 2024 22:54:35 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://buscar.airlineuser.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
airlineuser.com
URL
https://airlineuser.com/images/logo.png
Domain
www.travelpayouts.com
URL
https://www.travelpayouts.com/weedle/widget.js?multiple=true&width=300px&marker=297920.$1489&host=buscar.airlineuser.com&locale=es&currency=usd&destination=LAS&destination_name=
Domain
www.travelpayouts.com
URL
https://www.travelpayouts.com/weedle/widget.js?multiple=true&width=300px&marker=297920.$1489&host=buscar.airlineuser.com&locale=es&currency=usd&destination=LAX&destination_name=
Domain
www.travelpayouts.com
URL
https://www.travelpayouts.com/weedle/widget.js?multiple=true&width=300px&marker=297920.$1489&host=buscar.airlineuser.com&locale=es&currency=usd&destination=NYC&destination_name=
Domain
www.travelpayouts.com
URL
https://www.travelpayouts.com/weedle/widget.js?multiple=true&width=300px&marker=297920.$1489&host=buscar.airlineuser.com&locale=es&currency=usd&destination=ORL&destination_name=
Domain
www.travelpayouts.com
URL
https://www.travelpayouts.com/weedle/widget.js?multiple=true&width=300px&marker=297920.$1489&host=buscar.airlineuser.com&locale=es&currency=usd&destination=MIA&destination_name=
Domain
www.travelpayouts.com
URL
https://www.travelpayouts.com/weedle/widget.js?multiple=true&width=300px&marker=297920.$1489&host=buscar.airlineuser.com&locale=es&currency=usd&destination=CHI&destination_name=
Domain
www.travelpayouts.com
URL
https://www.travelpayouts.com/ducklett/scripts_es.js?powered_by=false&widget_type=brickwork&currency=usd&host=buscar.airlineuser.com&marker=297920.$1489&limit=6&locale=es

Verdicts & Comments Add Verdict or Comment

26 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| dataLayer object| GEOIP object| TPWLCONFIG function| loadCSS object| google_tag_manager object| google_tag_data string| GoogleAnalyticsObject function| ga function| onYouTubeIframeAPIReady object| gaGlobal object| gaplugins object| gaData object| mamka_queue function| setImmediate function| clearImmediate function| cssx string| TP_WL_LOCALE function| ResizeSensor object| TP_DISPATCHER function| f object| GSN function| mamka object| TP_POWERED_BY_DATA boolean| TP_MEWTWO_SKIPSTYLES object| TP_FORM_SETTINGS string| _location

12 Cookies

Domain/Path Name / Value
.airlineuser.com/ Name: _ga_6C1GFWKMT9
Value: GS1.1.1721775270.1.0.1721775270.0.0.0
.airlineuser.com/ Name: _ga
Value: GA1.2.1250014940.1721775271
.airlineuser.com/ Name: _gid
Value: GA1.2.706813495.1721775271
.airlineuser.com/ Name: _gat_UA-70090146-9
Value: 1
.airlineuser.com/ Name: mtdc_UWJMq
Value: true
buscar.airlineuser.com/ Name: locale
Value: es
.airlineuser.com/ Name: marker
Value: 297920.%241489
buscar.airlineuser.com/ Name: cookie_policy_accepted
Value: true
buscar.airlineuser.com/ Name: currency
Value: USD
.airlineuser.com/ Name: _ga_1HXW6H26GB
Value: GS1.2.1721775271.1.0.1721775271.60.0.0
.airlineuser.com/ Name: _sp_ses.cac2
Value: *
.airlineuser.com/ Name: _sp_id.cac2
Value: c004996a-f838-49c6-a582-f5983602c65c.1721775271.1.1721775271.1721775271.b14c0ca8-be75-4ea3-802a-23b4c62657c1

2 Console Messages

Source Level URL
Text
network error URL: https://buscar.airlineuser.com/widgets/whitelabel_es.js?v=002&rtl=false&locale=es
Message:
Failed to load resource: the server responded with a status of 403 ()
network error URL: https://buscar.airlineuser.com/favicon.ico
Message:
Failed to load resource: the server responded with a status of 404 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

airlineuser.com
buscar.airlineuser.com
mamka.aviasales.ru
region1.analytics.google.com
region1.google-analytics.com
static.aviasales.com
stats.g.doubleclick.net
www.google-analytics.com
www.google.de
www.googletagmanager.com
www.travelpayouts.com
airlineuser.com
www.travelpayouts.com
142.250.185.131
142.250.185.200
18.66.112.127
188.42.196.67
188.42.198.252
188.42.198.44
2001:4860:4802:32::36
2001:4860:4802:38::178
2a00:1450:4001:829::2008
2a00:1450:400c:c00::9a
0cd533223411d5bab615e57af6eab20ecd15e20bc76f12487a38c0daf82e54cc
10371d1a9b5f1dd1bacb5b706fdc5a10e5e72d5d26636bcaccd230a165f8b16b
2485b6352182e9b84c6010dedea330b64058983d22008327a64fd7d9b10df905
36dcd9d3ab2c8de583ecbbc33b59c9a7a401812b5882fce523b6f9a73df38387
4ba3cac275ae4d06824607aa55da87e077a60cc9608aa0d6d8b6004922573d2e
5b7961e43ba73a1ec7a400060934040077aef584ce1a6ab0185d9c41ce029d32
7f00927e506d27866a1d67d03eef38f67ff5e4dd41e8cc7a2ee82a3985aa3752
a6cb4c91723ee879e398f4eb4eaf98b23b91eb8d1ef8367fc22bce64d7332e2d
b09ab6f105976cdbfba0fcd686b6f1580bca2d1940c873db2d380e05c4a8aefb
b16e15764b8bc06c5c3f9f19bc8b99fa48e7894aa5a6ccdad65da49bbf564793
d9de0c37f78b69c2c5b8c2641495059962506bd0a44dc69ef96925e5cb9f7f5e
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e7504d11d3e82501ee6651725fff3987c406dea7160a42db0c6b2eda1f3bd085
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f71a470d2ba0e24d767d0d5f3d9a2a2b8ed75920b52f70c44fe04d6bb6287bef