s3.us-central-1.wasabisys.com Open in urlscan Pro
38.91.42.11 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
http://s3.us-central-1.wasabisys.com/iaas-ota-cache-7d/911/4125/77657/769/Exc_637858174134667967_0001_1.html
Submission: On April 26 via manual (April 26th 2022, 1:27:26 pm UTC) from GB — Scanned from US

Summary HTTP 22 Redirects Links 18 Behaviour Indicators

Summary

This website contacted 5 IPs in 2 countries across 4 domains to perform 22 HTTP transactions. The main IP is 38.91.42.11, located in United States and belongs to BLUEARCHIVE-ZONE-1, US. The main domain is s3.us-central-1.wasabisys.com. The Cisco Umbrella rank of the primary domain is 250323.

This is the only time s3.us-central-1.wasabisys.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Booking (Travel)

Domain & IP information

	IP Address	AS Autonomous System
1	38.91.42.11 38.91.42.11	395717 (BLUEARCHI...) (BLUEARCHIVE-ZONE-1)
10	2600:9000:202... 2600:9000:202c:7600:15:9f56:b80:93a1	16509 (AMAZON-02) (AMAZON-02)
1	2607:f8b0:400... 2607:f8b0:4006:822::2008	15169 (GOOGLE) (GOOGLE)
1	185.28.222.12 185.28.222.12	43996 (BOOKING-B...) (BOOKING-BV Booking.com)
22	5

1 38.91.42.11 (United States)

ASN395717 (BLUEARCHIVE-ZONE-1, US)

s3.us-central-1.wasabisys.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 2600:9000:202c:7600:15:9f56:b80:93a1 (United States)

ASN16509 (AMAZON-02, US)

t-cf.bstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2607:f8b0:4006:822::2008 (Staten Island, United States)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.28.222.12 (Netherlands)

ASN43996 (BOOKING-BV Booking.com, NL)

secure.booking.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
10	bstatic.com t-cf.bstatic.com — Cisco Umbrella Rank: 18992	125 KB
1	booking.com secure.booking.com — Cisco Umbrella Rank: 19696	382 B
1	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 58
1	wasabisys.com s3.us-central-1.wasabisys.com — Cisco Umbrella Rank: 250323	421 KB
22	4

	Domain	Requested by
10	t-cf.bstatic.com	s3.us-central-1.wasabisys.com
1	secure.booking.com
1	www.googletagmanager.com	s3.us-central-1.wasabisys.com
1	s3.us-central-1.wasabisys.com
22	4

This site contains links to these domains. Also see Links.

Domain
secure.booking.com
www.booking.com
join.booking.com
account.booking.com

Subject Issuer	Validity	Valid
*.bstatic.com DigiCert TLS RSA SHA256 2020 CA1	`2021-11-30` - `2022-11-20`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2022-04-11` - `2022-07-04`	3 months	crt.sh
*.booking.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2021-09-28` - `2022-09-28`	a year	crt.sh

This page contains 1 frames:

Primary Page: http://s3.us-central-1.wasabisys.com/iaas-ota-cache-7d/911/4125/77657/769/Exc_637858174134667967_0001_1.html
Frame ID: D6723A0BFD57AD5420E3C4E56050DF00
Requests: 22 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Booking.com: Your details

Page Statistics

22
Requests

55 %
HTTPS

50 %
IPv6

4
Domains

4
Subdomains

5
IPs

2
Countries

546 kB
Transfer

1201 kB
Size

0
Cookies

18 Outgoing links

These are links going to different origins than the main page.

URL: https://secure.booking.com/book.html?hotel_id=402755&free_cancel_booking=0&dcid=1&lang=en-gb&sid=f2ccd1182ae6e9aa74caa226a0f7cbfb&error_url=&hostname=www.booking.com&stage=1&checkin=2022-05-18&room1=A%2CA&interval=3&children_extrabeds=&nr_rooms_40275501_94457493_2_0_0=1&selected_currency=BRL;changed_currency=1;top_currency=1&room2=#content
Title: Skip to main content

Search URL Search Domain Scan URL

URL: https://www.booking.com/index.en-gb.html?label=gen173nr-1DCBIoggI46AdICVgEaCCIAQGYAQm4ARjIAQzYAQPoAQH4AQiIAgGoAgS4At7J8pIGwAIB0gIkMjAzNmEwYTUtNmY4OC00ZDYyLWFlZmYtZDZmNjFlOGY2NzEz2AIE4AIB&sid=f2ccd1182ae6e9aa74caa226a0f7cbfb&click_from_logo=1

Search URL Search Domain Scan URL

URL: https://secure.booking.com/help.en-gb.html?label=gen173nr-1DCBIoggI46AdICVgEaCCIAQGYAQm4ARjIAQzYAQPoAQH4AQiIAgGoAgS4At7J8pIGwAIB0gIkMjAzNmEwYTUtNmY4OC00ZDYyLWFlZmYtZDZmNjFlOGY2NzEz2AIE4AIB&sid=f2ccd1182ae6e9aa74caa226a0f7cbfb
Title: Get help with your reservation

Search URL Search Domain Scan URL

URL: https://join.booking.com/?lang=en-gb&utm_source=topbar&utm_medium=frontend&label=gen173nr-1DCBIoggI46AdICVgEaCCIAQGYAQm4ARjIAQzYAQPoAQH4AQiIAgGoAgS4At7J8pIGwAIB0gIkMjAzNmEwYTUtNmY4OC00ZDYyLWFlZmYtZDZmNjFlOGY2NzEz2AIE4AIB&aid=304142
Title: List your property

Search URL Search Domain Scan URL

URL: https://account.booking.com/auth/oauth2?dt=1650238691&redirect_uri=https%3A%2F%2Fsecure.booking.com%2Flogin.html%3Fop%3Doauth_return&aid=304142&response_type=code&lang=en-gb&bkng_action=book&state=UrwEgchx7n84IUfNmBhS1_NDsrm-nw_gE_NkxB6U8s7-bpglnJuuPoKknNGhKJMkNpcvvS_zf1kI7CSJNaVzRn4uIZTbJblpl_U8SIm7aEWtTEDfAw8kaJk21S8IrjSi8nW_QpCMIpRtqse400XIEefzron0zic15P5NxfJq-dKY7x92s1omVJYg8qqpxHjaRS8i6c_8d3S5kPSS-YzgiN0lFr4nk_VAdPKW5FHXIHZS6r_NmI4-NGCKCuorAQpir8NmnhYpOlVZntfMVTMPKFRQVuUVZ9P-RUvcokpsR7kUq2x1VnZk0iX2CzfiO9cvjUfL2f5JWYxB-FiVcFw5fjY4aMqQFq5E-_m4j01_rIZzhV-7zZgGZ4WuB-fU-HsMREQP2nqCh8rKCUd6jGQ4PbzBN7DjvO4E2CQBWBAOMS6zCWwlhbf4x75DRUkYuvJDWH1YbBiF4uXGw7E7KoVh8eS1e9UC-1mblN5SKWpHuWDqWW7cKmVwdupX4CqjrRpypfbf86uDcWuJB7WBXsiyehiAI-oklk6bklX_tlTl6joM0n-ctEdXEzI2KSKZ1tP9FNE3Ix3Aqq_wKL-uSE04K0i29HGjAGo_Upr76GZwNuplz0kWta3gZfP27YmZ5V1zcaJs_MjcZjT6mOu126ec26dlsOdu6d8E6zshR-hTyF4CLDjRmYpoeGAt-ItXi7TJ1me0G6Fbnx-6vmDHkdO9JIrjidDQYIzRhS-mkfQ_vdgnGodThKhqzuVPUEmXbM4&client_id=vO1Kblk7xX9tUn2cpZLS&prompt=register
Title: Register

Search URL Search Domain Scan URL

URL: https://account.booking.com/auth/oauth2?response_type=code&lang=en-gb&aid=304142&redirect_uri=https%3A%2F%2Fsecure.booking.com%2Flogin.html%3Fop%3Doauth_return&dt=1650238691&client_id=vO1Kblk7xX9tUn2cpZLS&bkng_action=book&state=UrwEgchx7n84IUcElvDMYnNGX8jMSCc-RW_JaQ1YseOsa2co0ipTEezyzrf-y6efbt2cRp30ewwGYn7BFvAG-k73AJ5NjzywGOIQUKai_DcP0r4Gepyi7LoH71fXwrJxxKwDxggESdw85LkJZ-LNuS04vd4ixvtslbHxCPSNEzQVVlVwS0yA4lMeeqjFBJZMiejUrFFq9oTDgLFCW4WXJMIan596GjhYvemo9mbhsWCbpVu-yttikeD8uqjsWHBoofDj33hImmi4ehpHz-hP5nMrUibw7TkkLQIyb5VWljh7-BsSJ9-gHf7BjsS8myPHVE_q4HSr1xLyjNU2E_nI8kdpMB0wqU2uzoKJ0AcFkK8BGz0b9LdQaDHuXjbaZ3RC8h2PQ2OiQpzmH5RrTHBzccRcRJAvVAoLVO1b2H1i-RSYF6Tt9C3jQGv5WXxl5gUgkWZl5LEm_XYX8wnvRt5JktsHMFkiGJ58_601Pfc-n7f3JYZj4edUkRoaj9m3EZGVmcd9Co0YWGx_e53Wy6Gg3ULYv3PWDaU2qpdf-eTLZw4aajXm7ntwkH5g1R3Q32HEHEI7R8LwdvdokmPYhTRmeMqGmydCSvMXFz8VZEhIC3tsY8FUuWeoFGRipExhcJTXtSZSqYWfpVlKl6wQoQaUzQsh-OJOe2Qyx6zxA0AK3zdSABPbOUq7eIk0cdAq8bYspfXKTXdQN_hpx51WGNbzP0ZlVy1sRS6tbKxgIhulBuj4dsTLRqhpBwSn6irMv7c
Title: Sign in

Search URL Search Domain Scan URL

URL: https://www.booking.com/hotel/br/windsor-copa.en-gb.html?label=gen173nr-1DCBIoggI46AdICVgEaCCIAQGYAQm4ARjIAQzYAQPoAQH4AQiIAgGoAgS4At7J8pIGwAIB0gIkMjAzNmEwYTUtNmY4OC00ZDYyLWFlZmYtZDZmNjFlOGY2NzEz2AIE4AIB&sid=f2ccd1182ae6e9aa74caa226a0f7cbfb&checkin=2022-05-18&checkout=2022-05-21&room1=A,A&from_bs2_modify=1
Title: Change your selection

Search URL Search Domain Scan URL

URL: https://secure.booking.com/bookcancel.en-gb.html?label=gen173nr-1DCBIoggI46AdICVgEaCCIAQGYAQm4ARjIAQzYAQPoAQH4AQiIAgGoAgS4At7J8pIGwAIB0gIkMjAzNmEwYTUtNmY4OC00ZDYyLWFlZmYtZDZmNjFlOGY2NzEz2AIE4AIB;sid=f2ccd1182ae6e9aa74caa226a0f7cbfb;checkin=2022-05-18;checkout=2022-05-21;general=198525842;hotel_id=402755;is_family_search=0;is_group_search=0;persons=0;policygroup_room=2022-05-21%2C40275501%3A94457493%3A1%3AU3RhbmRhcmQgRG91YmxlIFJvb20gLSBObyBWaWV3IC0gTm9uLXJlZnVuZGFibGU%3D%0A%3A40275501_94457493_2_0_0;prepay_charge_detected=1;refund_text_global=%20You%20won%27t%20be%20eligible%20for%20a%20refund%20if%20you%20cancel%20this%20booking.&;popupit=1;
Title: What are my booking conditions?

Search URL Search Domain Scan URL

URL: http://www.booking.com/general.en-gb.html?label=gen173nr-1DCBIoggI46AdICVgEaCCIAQGYAQm4ARjIAQzYAQPoAQH4AQiIAgGoAgS4At7J8pIGwAIB0gIkMjAzNmEwYTUtNmY4OC00ZDYyLWFlZmYtZDZmNjFlOGY2NzEz2AIE4AIB;sid=f2ccd1182ae6e9aa74caa226a0f7cbfb;tmpl=docs/about
Title: About Booking.com

Search URL Search Domain Scan URL

URL: http://www.booking.com/content/terms.en-gb.html?label=gen173nr-1DCBIoggI46AdICVgEaCCIAQGYAQm4ARjIAQzYAQPoAQH4AQiIAgGoAgS4At7J8pIGwAIB0gIkMjAzNmEwYTUtNmY4OC00ZDYyLWFlZmYtZDZmNjFlOGY2NzEz2AIE4AIB;sid=f2ccd1182ae6e9aa74caa226a0f7cbfb
Title: Terms & Conditions

Search URL Search Domain Scan URL

URL: http://www.booking.com/content/privacy.en-gb.html?label=gen173nr-1DCBIoggI46AdICVgEaCCIAQGYAQm4ARjIAQzYAQPoAQH4AQiIAgGoAgS4At7J8pIGwAIB0gIkMjAzNmEwYTUtNmY4OC00ZDYyLWFlZmYtZDZmNjFlOGY2NzEz2AIE4AIB;sid=f2ccd1182ae6e9aa74caa226a0f7cbfb
Title: Privacy & Cookie Statement

Search URL Search Domain Scan URL

URL: https://account.booking.com/auth/oauth2?lang=en-gb&response_type=code&aid=304142&dt=1650238691&redirect_uri=https%3A%2F%2Fsecure.booking.com%2Flogin.html%3Fop%3Doauth_return&client_id=vO1Kblk7xX9tUn2cpZLS&state=UqUEgchx7n84IUf8PgYSBOv5g972QNDV0K4rNIU5BmdDNtUEbQM7eBVR_o0a-gWgAqWepVvo8sdM655Umf2eqlR6LxzPkHcGV8Xbal309ZLsOIkBjDlZsYWeuTFrZJ75Vu-hpPe0s9EWyaI8ETI_6_Cd3EKA871AZxF5EyTBDp9QsFX57aXu6w5eJh2ahkT-tkpG7grsl1HjcN_il1I0PzOdtjuBlrjKxdBcBOB6NQrtavW9rJkeecK7E1_KoMmjGgvEaV--wWGQ0xKQYk5gASW7nWIeVWEX5ojr7S-ZwqIRlP_FAc3mb1PfDRTQePI8GHvBGg64dQtOVNRzD8atnDnoYBLUQNb6mekWcwVvA0HmrNVy-_eIO8XTXSArUGR6v4PRhvB9ZH38HUeFkLIwN7768V_sJ_29KlLO9x-efThZslKbS_vATklXM6CeMvimltCVMXklN6FtMsBDHP829CXOyUMO6mWaEZDP--4bJdM7ZD7m69AwsdTqTMBqFLfxmemoH-5vxTu_lK4UURTnj3DroxVNSbjZt8i_BotpScJjoCW-mfk3NUUVpWRHkNGMJhgKDZlCQ0WjEPApxiWtVlycsqaefGI2ID6Kj2zEqfK3jtk0dg_UziDuom77XmbfmoipGG5BgK0-foiSoJP1X1EiJ7s4Zax0_2fkKg5Lh1UEsx3bcGnXPg4pYl0WWPh-5MT7hfOT0gRhdEjT5wC3wu3OCTJYpboQ&bkng_action=book
Title: Sign in to your account

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

22 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request Exc_637858174134667967_0001_1.html Show response
s3.us-central-1.wasabisys.com/iaas-ota-cache-7d/911/4125/77657/769/ 420 KB
421 KB 156ms
85ms Document
text/html 38.91.42.11
BLUEARCHIVE-ZONE-1

General

Check archive.org

Show headers Download Go to

Full URL: http://s3.us-central-1.wasabisys.com/iaas-ota-cache-7d/911/4125/77657/769/Exc_637858174134667967_0001_1.html
Protocol: HTTP/1.1
Server: 38.91.42.11 , United States, ASN395717 (BLUEARCHIVE-ZONE-1, US),
Reverse DNS
Software: WasabiS3/7.3.4467-2022-04-05-06b55176fe (head2) /
Resource Hash: c5755fc262a95f89e1e314a01cdbe0f1190413e268af5c742c93185955864eae

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

Accept-Ranges: bytes
Content-Length: 430376
Content-Type: text/html;charset=UTF-8
Date: Tue, 26 Apr 2022 13:27:21 GMT
ETag: "af01ec2e649c45b3ad39cda12f28ab26"
Last-Modified: Sun, 17 Apr 2022 23:38:41 GMT
Server: WasabiS3/7.3.4467-2022-04-05-06b55176fe (head2)
x-amz-id-2: 0PCuQLmuJHG5FtxzPozjHsaNT2x16TMzcAxX6SWZDd5jDa/k3K/ycYwpt+LGLg0CJVfaZyt9WU02
x-amz-request-id: 970C36CACD20CDFA

GET
H2 404 cookie-banner.min.tss
t-cf.bstatic.com/libs/privacy-consent/releases/2.1.29/customer/ 0
0 207ms
97ms Script
text/html 2600:9000:202c:7600:15:9f56:b80:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://t-cf.bstatic.com/libs/privacy-consent/releases/2.1.29/customer/cookie-banner.min.tss
Requested by: Host: s3.us-central-1.wasabisys.com
URL: http://s3.us-central-1.wasabisys.com/iaas-ota-cache-7d/911/4125/77657/769/Exc_637858174134667967_0001_1.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:202c:7600:15:9f56:b80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash

Request headers

accept-language: en-US,en;q=0.9
Referer: http://s3.us-central-1.wasabisys.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

GET
H2 200 d3474e9e7ebf1ac57d3c6aaa9e736041c0c79298.css
t-cf.bstatic.com/static/css/main_book_cft.iq_ltr/ 306 KB
38 KB 118ms
8ms Stylesheet
text/css 2600:9000:202c:7600:15:9f56:b80:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://t-cf.bstatic.com/static/css/main_book_cft.iq_ltr/d3474e9e7ebf1ac57d3c6aaa9e736041c0c79298.css

Requested by

Host: s3.us-central-1.wasabisys.com
URL: http://s3.us-central-1.wasabisys.com/iaas-ota-cache-7d/911/4125/77657/769/Exc_637858174134667967_0001_1.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:202c:7600:15:9f56:b80:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

9bb396dd7838c630a3829d2e74c09d252cba108e6bc05f5b66a36dd467061a58

Security Headers

Name	Value
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: http://s3.us-central-1.wasabisys.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date: Mon, 28 Mar 2022 07:21:21 GMT
content-encoding: br
nel: {"report_to":"default","max_age":600}
age: 2527559
via: 1.1 b078462cffa3a81b6e262ef7f6040412.cloudfront.net (CloudFront)
x-cache: Hit from cloudfront
x-xss-protection: 1; mode=block
last-modified: Fri, 25 Mar 2022 08:36:29 GMT
server: nginx
etag: W/"623d7f0d-4c675"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https://nellie.booking.com/report"}],"max_age":600,"group":"default","failure_fraction":0.05}
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=2592000
x-amz-cf-pop: EWR52-C2
timing-allow-origin: *
x-amz-cf-id: hacgU013Xg1EdQk1eDiErGd2u3WSnAlw-CGTNU5uPQq4DA1WfgXv9A==
expires: Wed, 27 Apr 2022 07:21:21 GMT

GET
H2 200 7107a55ff53954fdeb0a80c49770416e12467292.css
t-cf.bstatic.com/static/css/gprof_icons_cft.iq_ltr/ 163 KB
27 KB 125ms
15ms Stylesheet
text/css 2600:9000:202c:7600:15:9f56:b80:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://t-cf.bstatic.com/static/css/gprof_icons_cft.iq_ltr/7107a55ff53954fdeb0a80c49770416e12467292.css

Requested by

Host: s3.us-central-1.wasabisys.com
URL: http://s3.us-central-1.wasabisys.com/iaas-ota-cache-7d/911/4125/77657/769/Exc_637858174134667967_0001_1.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:202c:7600:15:9f56:b80:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

6e086a9f12b095e5c6b959f232df165f95acbb383ce34fa8373bb601f3b39f89

Security Headers

Name	Value
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: http://s3.us-central-1.wasabisys.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date: Thu, 31 Mar 2022 17:07:15 GMT
content-encoding: br
nel: {"report_to":"default","max_age":600}
age: 2233205
via: 1.1 b078462cffa3a81b6e262ef7f6040412.cloudfront.net (CloudFront)
x-cache: Hit from cloudfront
x-xss-protection: 1; mode=block
last-modified: Wed, 30 Mar 2022 02:44:41 GMT
server: nginx
etag: W/"6243c419-28a00"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https://nellie.booking.com/report"}],"max_age":600,"group":"default","failure_fraction":0.05}
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=2592000
x-amz-cf-pop: EWR52-C2
timing-allow-origin: *
x-amz-cf-id: x-HV3T3drtuXkR6Fxd4shYMMB_RNRW3JA4teq_jsmvlWta5W_U3AjA==
expires: Sat, 30 Apr 2022 17:07:15 GMT

GET
H2 200 99dd39a77784003a8b61953fea282e5b48409c0b.css
t-cf.bstatic.com/static/css/book_cft.iq_ltr/ 301 KB
47 KB 453ms
343ms Stylesheet
text/css 2600:9000:202c:7600:15:9f56:b80:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://t-cf.bstatic.com/static/css/book_cft.iq_ltr/99dd39a77784003a8b61953fea282e5b48409c0b.css

Requested by

Host: s3.us-central-1.wasabisys.com
URL: http://s3.us-central-1.wasabisys.com/iaas-ota-cache-7d/911/4125/77657/769/Exc_637858174134667967_0001_1.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:202c:7600:15:9f56:b80:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

4d3525bfc20e22e7177bd37b252cfc2f1c248a3e68ca1847c187d4080b2d88ed

Security Headers

Name	Value
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: http://s3.us-central-1.wasabisys.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date: Tue, 26 Apr 2022 13:27:21 GMT
content-encoding: br
nel: {"report_to":"default","max_age":600}
x-amz-cf-pop: EWR52-C2
via: 1.1 b078462cffa3a81b6e262ef7f6040412.cloudfront.net (CloudFront)
x-cache: Miss from cloudfront
x-xss-protection: 1; mode=block
last-modified: Tue, 29 Mar 2022 07:16:44 GMT
server: nginx
etag: W/"6242b25c-4b41d"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https://nellie.booking.com/report"}],"max_age":600,"group":"default","failure_fraction":0.05}
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=2592000
timing-allow-origin: *
x-amz-cf-id: IIj0J5nGYyZtpb3QYYB6CZ_0PAmu6NchdQSwZG91gcOSBsGG-Izbog==
expires: Thu, 26 May 2022 13:27:21 GMT

GET
H2 200 06a49853391d5d387d46abea291b4277763fb855.css
t-cf.bstatic.com/static/css/incentives_bp_cft.iq_ltr/ 1 KB
1 KB 116ms
6ms Stylesheet
text/css 2600:9000:202c:7600:15:9f56:b80:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://t-cf.bstatic.com/static/css/incentives_bp_cft.iq_ltr/06a49853391d5d387d46abea291b4277763fb855.css

Requested by

Host: s3.us-central-1.wasabisys.com
URL: http://s3.us-central-1.wasabisys.com/iaas-ota-cache-7d/911/4125/77657/769/Exc_637858174134667967_0001_1.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:202c:7600:15:9f56:b80:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

21d1c440ffe24170fe64b00e2ed1415bb98dc51311c8494ea626df9f57abc189

Security Headers

Name	Value
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: http://s3.us-central-1.wasabisys.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date: Fri, 15 Apr 2022 12:33:16 GMT
content-encoding: br
nel: {"report_to":"default","max_age":600}
age: 953645
via: 1.1 b078462cffa3a81b6e262ef7f6040412.cloudfront.net (CloudFront)
x-cache: Hit from cloudfront
x-xss-protection: 1; mode=block
last-modified: Tue, 08 Mar 2022 17:36:47 GMT
server: nginx
etag: W/"6227942f-5e8"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https://nellie.booking.com/report"}],"max_age":600,"group":"default","failure_fraction":0.05}
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=2592000
x-amz-cf-pop: EWR52-C2
timing-allow-origin: *
x-amz-cf-id: hYTjt6C_P4_aEHFSocvWFefYQt3TTGG_5w2KvpXxLWrAC8dS3iCgWw==
expires: Sun, 15 May 2022 12:33:16 GMT

GET 4e2203ea8e576ee9aaab4ddd52b59054ec915695.tss
t-cf.bstatic.com/static/js/core-deps-inlinedet_cft/ 0
0

GET b7d9d30c56875df3553b561b0a06e5edf66aa9fe.tss
t-cf.bstatic.com/static/js/jquery_cft/ 0
0

GET 0e7e458079e39d5e5c4242c992daebed146c6e79.tss
t-cf.bstatic.com/static/js/main_cft/ 0
0

GET 88f8f7dd29eee9ebcc205e1296870ecfc16a77bc.tss
t-cf.bstatic.com/static/js/searchbox_cft/ 0
0

GET 282f83b6049fe9bacd964cb6ea8a6d5447528b14.tss
t-cf.bstatic.com/static/js/error_catcher_bec_cft/ 0
0

GET
H2 200 daba79fdd4066d133e8bf59070fd6819b951c403.png
t-cf.bstatic.com/static/img/flags/new/48-squared/gb/ 522 B
1 KB 5ms
4ms Image
image/png 2600:9000:202c:7600:15:9f56:b80:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://t-cf.bstatic.com/static/img/flags/new/48-squared/gb/daba79fdd4066d133e8bf59070fd6819b951c403.png

Requested by

Host: s3.us-central-1.wasabisys.com
URL: http://s3.us-central-1.wasabisys.com/iaas-ota-cache-7d/911/4125/77657/769/Exc_637858174134667967_0001_1.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:202c:7600:15:9f56:b80:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

996b0e99fcc7a553eac6f51569be5429b1bf8c071a708289fab808d7660cf74c

Security Headers

Name	Value
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: http://s3.us-central-1.wasabisys.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date: Thu, 14 Apr 2022 20:39:57 GMT
via: 1.1 b078462cffa3a81b6e262ef7f6040412.cloudfront.net (CloudFront)
nel: {"report_to":"default","max_age":600}
age: 1575243
x-cache: Hit from cloudfront
content-length: 522
x-xss-protection: 1; mode=block
last-modified: Mon, 07 Sep 2020 09:08:23 GMT
server: nginx
etag: "5f55f887-20a"
report-to: {"endpoints":[{"url":"https://nellie.booking.com/report"}],"max_age":600,"group":"default","failure_fraction":0.05}
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=2592000
x-amz-cf-pop: EWR52-C2
accept-ranges: bytes
timing-allow-origin: *
x-amz-cf-id: Q80jzd1yuauqK-OUAWDjtmzoVX0s91J4OJrJi0Y_R_AoIJU89TBHOg==
expires: Sun, 08 May 2022 07:53:18 GMT

GET
H2 200 43319555.jpg
t-cf.bstatic.com/xdata/images/hotel/square200/ 10 KB
10 KB 15ms
15ms Image
image/jpeg 2600:9000:202c:7600:15:9f56:b80:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://t-cf.bstatic.com/xdata/images/hotel/square200/43319555.jpg?k=005ccf855eea0fb5cc3b7653be56a609c1b8919d601c712b43278aa30c8f1b41&o=

Requested by

Host: s3.us-central-1.wasabisys.com
URL: http://s3.us-central-1.wasabisys.com/iaas-ota-cache-7d/911/4125/77657/769/Exc_637858174134667967_0001_1.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:202c:7600:15:9f56:b80:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

ffbd73e2ca9663535c7839d600eae3f58b9687fb7d3f3ec8382fde72d795a8ed

Security Headers

Name	Value
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: http://s3.us-central-1.wasabisys.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date: Sun, 24 Apr 2022 11:15:19 GMT
via: 1.1 b078462cffa3a81b6e262ef7f6040412.cloudfront.net (CloudFront)
server: nginx
age: 180722
etag: "cfa5911e593e9a16df046540abab39d110093ffc"
x-cache: Hit from cloudfront
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=2592000
x-amz-cf-pop: EWR52-C2
timing-allow-origin: *
content-length: 9833
x-xss-protection: 1; mode=block
x-amz-cf-id: foIta5hLgTO_JZwWX0LCDE067g9sK0kb_dPprEOShjPnGQLeiHxjKA==
expires: Tue, 24 May 2022 11:15:19 GMT

GET
H2 200 85e02501df1560d359a473f544224481a83c9aa7.png
t-cf.bstatic.com/static/img/transparent/ 95 B
659 B 6ms
6ms Image
image/png 2600:9000:202c:7600:15:9f56:b80:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://t-cf.bstatic.com/static/img/transparent/85e02501df1560d359a473f544224481a83c9aa7.png

Requested by

Host: s3.us-central-1.wasabisys.com
URL: http://s3.us-central-1.wasabisys.com/iaas-ota-cache-7d/911/4125/77657/769/Exc_637858174134667967_0001_1.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:202c:7600:15:9f56:b80:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

d1f997e9d36cab74d9b7c82335b21734e1c74b284d17a8b3df2aa3f4661d2f6c

Security Headers

Name	Value
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: http://s3.us-central-1.wasabisys.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date: Sat, 16 Apr 2022 19:40:20 GMT
via: 1.1 b078462cffa3a81b6e262ef7f6040412.cloudfront.net (CloudFront)
nel: {"report_to":"default","max_age":600}
age: 2496570
x-cache: Hit from cloudfront
content-length: 95
x-xss-protection: 1; mode=block
last-modified: Wed, 10 Apr 2019 11:21:56 GMT
server: nginx
etag: "5cadd1d4-5f"
report-to: {"endpoints":[{"url":"https://nellie.booking.com/report"}],"max_age":600,"group":"default","failure_fraction":0.05}
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=2592000
x-amz-cf-pop: EWR52-C2
accept-ranges: bytes
timing-allow-origin: *
x-amz-cf-id: wR1UoL8g5UxB7crN0nAv-XH0p8KkvPVBTZPow95IUYSGgM0rx5Xabg==
expires: Wed, 27 Apr 2022 15:57:51 GMT

GET f137d86a00a91a0237118704ad06ee2f87a9a3f8.tss
t-cf.bstatic.com/static/js/calendar2_legacy_cft/ 0
0

GET 6ed4742ed4775eef0e92f036b430325ef3c02600.tss
t-cf.bstatic.com/static/js/sp-on-maps_cft/ 0
0

GET
H2 404 0a752d26f0c6066d3f3d4e6cfa5e3fc13f5cc1e7.tss
t-cf.bstatic.com/static/js/book_cft/ 0
0 105ms
105ms Script
text/html 2600:9000:202c:7600:15:9f56:b80:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://t-cf.bstatic.com/static/js/book_cft/0a752d26f0c6066d3f3d4e6cfa5e3fc13f5cc1e7.tss
Requested by: Host: s3.us-central-1.wasabisys.com
URL: http://s3.us-central-1.wasabisys.com/iaas-ota-cache-7d/911/4125/77657/769/Exc_637858174134667967_0001_1.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:202c:7600:15:9f56:b80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash

Request headers

accept-language: en-US,en;q=0.9
Referer: http://s3.us-central-1.wasabisys.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

GET 642cfdc6d1d34ad857e28dcc567fe7b4e397e206.tss
t-cf.bstatic.com/static/js/raf_cft/ 0
0

GET
H2 404 dd685ff96bc359affdb3a99ff8e8f9b266534ba0.tss
t-cf.bstatic.com/static/js/refp2_cft/ 0
0 102ms
101ms Other
text/html 2600:9000:202c:7600:15:9f56:b80:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://t-cf.bstatic.com/static/js/refp2_cft/dd685ff96bc359affdb3a99ff8e8f9b266534ba0.tss
Requested by: Host: s3.us-central-1.wasabisys.com
URL: http://s3.us-central-1.wasabisys.com/iaas-ota-cache-7d/911/4125/77657/769/Exc_637858174134667967_0001_1.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:202c:7600:15:9f56:b80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash

Request headers

accept-language: en-US,en;q=0.9
Referer: http://s3.us-central-1.wasabisys.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

GET
H2 404 gtm.tss
www.googletagmanager.com/ 0
0 22ms
4ms Script
text/html 2607:f8b0:4006:822::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://www.googletagmanager.com/gtm.tss?id=GTM-5Q664QZ
Requested by: Host: s3.us-central-1.wasabisys.com
URL: http://s3.us-central-1.wasabisys.com/iaas-ota-cache-7d/911/4125/77657/769/Exc_637858174134667967_0001_1.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2607:f8b0:4006:822::2008 Staten Island, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

accept-language: en-US,en;q=0.9
Referer: http://s3.us-central-1.wasabisys.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

GET
H/1.1 200
OK logo
secure.booking.com/ 12 B
382 B 249ms
105ms Image
image/gif 185.28.222.12
BOOKING-BV Bookin...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://secure.booking.com/logo?ver=1&sid=f2ccd1182ae6e9aa74caa226a0f7cbfb&t=16502386861

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

185.28.222.12 , Netherlands, ASN43996 (BOOKING-BV Booking.com, NL),

Reverse DNS

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=17280000
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: http://s3.us-central-1.wasabisys.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date: Tue, 26 Apr 2022 13:27:21 GMT
content-encoding: br
server: nginx
vary: Accept-Encoding, User-Agent
content-type: image/gif
strict-transport-security: max-age=17280000
content-length: 35
x-xss-protection: 1; mode=block

GET px.v7.5.3.min.tss
t-cf.bstatic.com/libs/perimeterx/ 0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: t-cf.bstatic.com
URL: https://t-cf.bstatic.com/static/js/core-deps-inlinedet_cft/4e2203ea8e576ee9aaab4ddd52b59054ec915695.tss

Domain: t-cf.bstatic.com
URL: https://t-cf.bstatic.com/static/js/jquery_cft/b7d9d30c56875df3553b561b0a06e5edf66aa9fe.tss

Domain: t-cf.bstatic.com
URL: https://t-cf.bstatic.com/static/js/main_cft/0e7e458079e39d5e5c4242c992daebed146c6e79.tss

Domain: t-cf.bstatic.com
URL: https://t-cf.bstatic.com/static/js/searchbox_cft/88f8f7dd29eee9ebcc205e1296870ecfc16a77bc.tss

Domain: t-cf.bstatic.com
URL: https://t-cf.bstatic.com/static/js/error_catcher_bec_cft/282f83b6049fe9bacd964cb6ea8a6d5447528b14.tss

Domain: t-cf.bstatic.com
URL: https://t-cf.bstatic.com/static/js/calendar2_legacy_cft/f137d86a00a91a0237118704ad06ee2f87a9a3f8.tss

Domain: t-cf.bstatic.com
URL: https://t-cf.bstatic.com/static/js/sp-on-maps_cft/6ed4742ed4775eef0e92f036b430325ef3c02600.tss

Domain: t-cf.bstatic.com
URL: https://t-cf.bstatic.com/static/js/raf_cft/642cfdc6d1d34ad857e28dcc567fe7b4e397e206.tss

Domain: t-cf.bstatic.com
URL: https://t-cf.bstatic.com/libs/perimeterx/px.v7.5.3.min.tss

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Booking (Travel)

29 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

22 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://t-cf.bstatic.com/libs/privacy-consent/releases/2.1.29/customer/cookie-banner.min.tss Message: Failed to load resource: the server responded with a status of 404 ()
javascript	error	URL: http://s3.us-central-1.wasabisys.com/iaas-ota-cache-7d/911/4125/77657/769/Exc_637858174134667967_0001_1.html(Line 129) Message: Access to script at 'https://t-cf.bstatic.com/static/js/searchbox_cft/88f8f7dd29eee9ebcc205e1296870ecfc16a77bc.tss' from origin 'http://s3.us-central-1.wasabisys.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://t-cf.bstatic.com/static/js/searchbox_cft/88f8f7dd29eee9ebcc205e1296870ecfc16a77bc.tss Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: http://s3.us-central-1.wasabisys.com/iaas-ota-cache-7d/911/4125/77657/769/Exc_637858174134667967_0001_1.html(Line 129) Message: Access to script at 'https://t-cf.bstatic.com/static/js/core-deps-inlinedet_cft/4e2203ea8e576ee9aaab4ddd52b59054ec915695.tss' from origin 'http://s3.us-central-1.wasabisys.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://t-cf.bstatic.com/static/js/core-deps-inlinedet_cft/4e2203ea8e576ee9aaab4ddd52b59054ec915695.tss Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: http://s3.us-central-1.wasabisys.com/iaas-ota-cache-7d/911/4125/77657/769/Exc_637858174134667967_0001_1.html Message: Access to script at 'https://t-cf.bstatic.com/static/js/main_cft/0e7e458079e39d5e5c4242c992daebed146c6e79.tss' from origin 'http://s3.us-central-1.wasabisys.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://t-cf.bstatic.com/static/js/main_cft/0e7e458079e39d5e5c4242c992daebed146c6e79.tss Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: http://s3.us-central-1.wasabisys.com/iaas-ota-cache-7d/911/4125/77657/769/Exc_637858174134667967_0001_1.html Message: Access to script at 'https://t-cf.bstatic.com/static/js/jquery_cft/b7d9d30c56875df3553b561b0a06e5edf66aa9fe.tss' from origin 'http://s3.us-central-1.wasabisys.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://t-cf.bstatic.com/static/js/jquery_cft/b7d9d30c56875df3553b561b0a06e5edf66aa9fe.tss Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: http://s3.us-central-1.wasabisys.com/iaas-ota-cache-7d/911/4125/77657/769/Exc_637858174134667967_0001_1.html Message: Access to script at 'https://t-cf.bstatic.com/static/js/error_catcher_bec_cft/282f83b6049fe9bacd964cb6ea8a6d5447528b14.tss' from origin 'http://s3.us-central-1.wasabisys.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://t-cf.bstatic.com/static/js/error_catcher_bec_cft/282f83b6049fe9bacd964cb6ea8a6d5447528b14.tss Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: http://s3.us-central-1.wasabisys.com/iaas-ota-cache-7d/911/4125/77657/769/Exc_637858174134667967_0001_1.html Message: Access to script at 'https://t-cf.bstatic.com/static/js/calendar2_legacy_cft/f137d86a00a91a0237118704ad06ee2f87a9a3f8.tss' from origin 'http://s3.us-central-1.wasabisys.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://t-cf.bstatic.com/static/js/calendar2_legacy_cft/f137d86a00a91a0237118704ad06ee2f87a9a3f8.tss Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: http://s3.us-central-1.wasabisys.com/iaas-ota-cache-7d/911/4125/77657/769/Exc_637858174134667967_0001_1.html Message: Access to script at 'https://t-cf.bstatic.com/static/js/sp-on-maps_cft/6ed4742ed4775eef0e92f036b430325ef3c02600.tss' from origin 'http://s3.us-central-1.wasabisys.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://t-cf.bstatic.com/static/js/sp-on-maps_cft/6ed4742ed4775eef0e92f036b430325ef3c02600.tss Message: Failed to load resource: net::ERR_FAILED
network	error	URL: https://t-cf.bstatic.com/static/js/book_cft/0a752d26f0c6066d3f3d4e6cfa5e3fc13f5cc1e7.tss Message: Failed to load resource: the server responded with a status of 404 ()
javascript	error	URL: http://s3.us-central-1.wasabisys.com/iaas-ota-cache-7d/911/4125/77657/769/Exc_637858174134667967_0001_1.html(Line 4703) Message: Access to script at 'https://t-cf.bstatic.com/static/js/raf_cft/642cfdc6d1d34ad857e28dcc567fe7b4e397e206.tss' from origin 'http://s3.us-central-1.wasabisys.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://t-cf.bstatic.com/static/js/raf_cft/642cfdc6d1d34ad857e28dcc567fe7b4e397e206.tss Message: Failed to load resource: net::ERR_FAILED
network	error	URL: https://www.googletagmanager.com/gtm.tss?id=GTM-5Q664QZ Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://t-cf.bstatic.com/static/js/refp2_cft/dd685ff96bc359affdb3a99ff8e8f9b266534ba0.tss Message: Failed to load resource: the server responded with a status of 404 ()
javascript	error	URL: http://s3.us-central-1.wasabisys.com/iaas-ota-cache-7d/911/4125/77657/769/Exc_637858174134667967_0001_1.html Message: Access to script at 'https://t-cf.bstatic.com/libs/perimeterx/px.v7.5.3.min.tss' from origin 'http://s3.us-central-1.wasabisys.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://t-cf.bstatic.com/libs/perimeterx/px.v7.5.3.min.tss Message: Failed to load resource: net::ERR_FAILED

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

s3.us-central-1.wasabisys.com
secure.booking.com
t-cf.bstatic.com
www.googletagmanager.com
t-cf.bstatic.com
185.28.222.12
2600:9000:202c:7600:15:9f56:b80:93a1
2607:f8b0:4006:822::2008
38.91.42.11
21d1c440ffe24170fe64b00e2ed1415bb98dc51311c8494ea626df9f57abc189
4d3525bfc20e22e7177bd37b252cfc2f1c248a3e68ca1847c187d4080b2d88ed
6e086a9f12b095e5c6b959f232df165f95acbb383ce34fa8373bb601f3b39f89
996b0e99fcc7a553eac6f51569be5429b1bf8c071a708289fab808d7660cf74c
9bb396dd7838c630a3829d2e74c09d252cba108e6bc05f5b66a36dd467061a58
c5755fc262a95f89e1e314a01cdbe0f1190413e268af5c742c93185955864eae
d1f997e9d36cab74d9b7c82335b21734e1c74b284d17a8b3df2aa3f4661d2f6c
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
ffbd73e2ca9663535c7839d600eae3f58b9687fb7d3f3ec8382fde72d795a8ed

s3.us-central-1.wasabisys.com Open in urlscan Pro 38.91.42.11 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page Statistics

22 Requests

55 %HTTPS

50 %IPv6

4 Domains

4 Subdomains

5 IPs

2 Countries

546 kBTransfer

1201 kBSize

0 Cookies

18 Outgoing links

Redirected requests

22 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

29 JavaScript Global Variables

0 Cookies

22 Console Messages

Indicators

s3.us-central-1.wasabisys.com Open in urlscan Pro
38.91.42.11 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

22
Requests

55 %
HTTPS

50 %
IPv6

4
Domains

4
Subdomains

5
IPs

2
Countries

546 kB
Transfer

1201 kB
Size

0
Cookies

22 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!