testbookingfish.com Open in urlscan Pro
2606:4700:3032::ac43:cea2  Malicious Activity! Public Scan

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

8 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H3	200	Primary Request / Show response testbookingfish.com/	108 KB 15 KB	109ms 87ms	Document text/html	2606:4700:3032::ac43:cea2 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://testbookingfish.com/ Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3032::ac43:cea2 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash b451c7d27342ab8c87a2c59efbff77e78f8aa7ea0baa3c6ed71c99dd2c21be17 Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Response headers alt-svc h3=":443"; ma=86400 cache-control no-store, no-cache, must-revalidate cf-cache-status DYNAMIC cf-ray 8d7daaeecda83814-FRA content-encoding br content-type text/html; charset=UTF-8 date Thu, 24 Oct 2024 23:15:14 GMT expires Thu, 19 Nov 1981 08:52:00 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} pragma no-cache priority u=0,i report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=0kWgm6Zg7YhrwMHXsRUoQUehkZlUniUwVbb%2FWDZ4mYtBlxF3HhUO9q3uykTQ4LYQROuci9bumRFZUOMJeEK3owy9tTS1QvfweMhLb2HqxyI%2FuouUQ6CPQNZR9EY1%2Buo7A4JFa9YXXM2tLKfDtU%2BRTC1Z"}],"group":"cf-nel","max_age":604800} server cloudflare server-timing cfL4;desc="?proto=QUIC&rtt=6240&sent=12&recv=10&lost=0&retrans=0&sent_bytes=4163&recv_bytes=4422&delivery_rate=882&cwnd=12000&unsent_bytes=0&cid=6346229e07ef94a3&ts=93&x=1" cfExtPri cfHdrFlush;dur=0 vary Accept-Encoding
GET H3	200	45_1975cbc2f7eaad75f590.css testbookingfish.com/dist/	90 KB 17 KB	26ms 25ms	Stylesheet text/css	2606:4700:3032::ac43:cea2 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://testbookingfish.com/dist/45_1975cbc2f7eaad75f590.css Requested by Host: testbookingfish.com URL: https://testbookingfish.com/ Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3032::ac43:cea2 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 2d74100a825fc1a4af9272c442187ca4005d0dc1b7b8b61066e02059ada4ab13 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Referer https://testbookingfish.com/ Response headers server cloudflare cache-control max-age=14400 nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} content-encoding br cf-cache-status REVALIDATED etag W/"671a51a5-16992" report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3VNBwXJiqLOJpFJdkCaHinIPM7HohCv5k4WC%2FalTwQ2hKlYpeni7GZ43Lp0ekogwcCqB%2FIji39Dy%2F6m%2F0ANPo1RpumHKsXyTYXZQrnva007geWF2JcibDu3bbNaD1ycK7h1Om6J2Ed5mVoN2x5HXjJ3d"}],"group":"cf-nel","max_age":604800} cf-ray 8d7daaef5dde3814-FRA alt-svc h3=":443"; ma=86400 server-timing cfL4;desc="?proto=QUIC&rtt=6425&sent=35&recv=21&lost=0&retrans=0&sent_bytes=29378&recv_bytes=6115&delivery_rate=909729&cwnd=21600&unsent_bytes=0&cid=6346229e07ef94a3&ts=128&x=1", cfExtPri, cfHdrFlush;dur=0 date Thu, 24 Oct 2024 23:15:14 GMT content-type text/css last-modified Thu, 24 Oct 2024 13:54:45 GMT vary Accept-Encoding priority u=0,i=?0
GET H3	200	336_afde72b9aaa8302ff017.css testbookingfish.com/dist/	84 KB 9 KB	25ms 24ms	Stylesheet text/css	2606:4700:3032::ac43:cea2 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://testbookingfish.com/dist/336_afde72b9aaa8302ff017.css Requested by Host: testbookingfish.com URL: https://testbookingfish.com/ Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3032::ac43:cea2 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash bf2c83abbd7accceeb3546dae9680ee7c94e33f94c2dbeb3ab12e499a721ebed Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Referer https://testbookingfish.com/ Response headers server cloudflare cache-control max-age=14400 nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} content-encoding br cf-cache-status REVALIDATED etag W/"671a51a5-1507c" report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Oje91eXVslh%2BmizgT5HZBQ4StHr6UCkaKsRVsKlp67rSoyvL6ThXonZaLBtHpjxIlkU5RqQHR2pTsw7d%2FAVVVIceyMEgWsCQg9I7iPsks3xthuQbyStRsfzLqkcvSj3CCMrGSI7gUL1E87rfPAQPSlpW"}],"group":"cf-nel","max_age":604800} cf-ray 8d7daaef5de03814-FRA alt-svc h3=":443"; ma=86400 server-timing cfL4;desc="?proto=QUIC&rtt=6425&sent=27&recv=21&lost=0&retrans=0&sent_bytes=19986&recv_bytes=6115&delivery_rate=909729&cwnd=21600&unsent_bytes=0&cid=6346229e07ef94a3&ts=127&x=1", cfExtPri, cfHdrFlush;dur=0 date Thu, 24 Oct 2024 23:15:14 GMT content-type text/css last-modified Thu, 24 Oct 2024 13:54:45 GMT vary Accept-Encoding priority u=0,i=?0
GET H3	200	826_0d1737e180931a217647.css testbookingfish.com/dist/	75 KB 14 KB	37ms 36ms	Stylesheet text/css	2606:4700:3032::ac43:cea2 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://testbookingfish.com/dist/826_0d1737e180931a217647.css Requested by Host: testbookingfish.com URL: https://testbookingfish.com/ Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3032::ac43:cea2 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 2557c207a4d501971a46cee5192667f6f79f44bf4e8d404ef0326c14821ee536 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Referer https://testbookingfish.com/ Response headers server cloudflare cache-control max-age=14400 nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} content-encoding br cf-cache-status REVALIDATED etag W/"671a51a6-12ab5" report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=T8bcEy%2BsW2bPES3KMkeZUN9MWNr6DhaSUWURpkV3qmNeuBpJ3TqhHayNqnur8%2B%2BTqoVBsF3BaL%2BxkLPFpokpbeafiMCr%2FnA5OCZ7e%2BvLjesiL6lXROrNzKBA6HRRci2Gq1zyI9venTSFXamLDij05cND"}],"group":"cf-nel","max_age":604800} cf-ray 8d7daaef5de13814-FRA alt-svc h3=":443"; ma=86400 server-timing cfL4;desc="?proto=QUIC&rtt=6710&sent=79&recv=30&lost=0&retrans=0&sent_bytes=80083&recv_bytes=6502&delivery_rate=980664&cwnd=42000&unsent_bytes=0&cid=6346229e07ef94a3&ts=139&x=1", cfExtPri, cfHdrFlush;dur=0 date Thu, 24 Oct 2024 23:15:14 GMT content-type text/css last-modified Thu, 24 Oct 2024 13:54:46 GMT vary Accept-Encoding priority u=0,i=?0
GET H3	200	jquery-3.1.1.min.js Show response testbookingfish.com/dist/	85 KB 31 KB	31ms 31ms	Script application/javascript	2606:4700:3032::ac43:cea2 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://testbookingfish.com/dist/jquery-3.1.1.min.js Requested by Host: testbookingfish.com URL: https://testbookingfish.com/ Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3032::ac43:cea2 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 1ca6e9440f352a20fc8eb9d779d890eeb883a48051ce3653e4b9c142a1bd9e62 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Referer https://testbookingfish.com/ Response headers server cloudflare cache-control max-age=14400 nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} content-encoding br cf-cache-status REVALIDATED etag W/"671a51a6-1528e" report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=YA7Qugp2wiCnSTkjb25x7fkHqVm%2FdmSXJWsC5ymRv6cH2uXUZ%2B%2Fo9ARxz9vwV9jLduiCPCFTTy8WyRLPnDWHQ43me9xE3jMYbgbkHMvrxmK2aqvxK5TrsI7fJrwd0F30fNUZsvONly6EybhuhzM86zpB"}],"group":"cf-nel","max_age":604800} cf-ray 8d7daaef5de33814-FRA alt-svc h3=":443"; ma=86400 server-timing cfL4;desc="?proto=QUIC&rtt=6425&sent=46&recv=21&lost=0&retrans=0&sent_bytes=41586&recv_bytes=6115&delivery_rate=909729&cwnd=21600&unsent_bytes=0&cid=6346229e07ef94a3&ts=130&x=1", cfExtPri, cfHdrFlush;dur=3 date Thu, 24 Oct 2024 23:15:14 GMT content-type application/javascript last-modified Thu, 24 Oct 2024 13:54:46 GMT vary Accept-Encoding priority u=1,i=?0
GET H3	200	us.png testbookingfish.com/dist/	642 B 1 KB	24ms 24ms	Image image/png	2606:4700:3032::ac43:cea2 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://testbookingfish.com/dist/us.png Requested by Host: testbookingfish.com URL: https://testbookingfish.com/ Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3032::ac43:cea2 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash a333d02eedde7a4dd8643d58b0ea7947268a1762f35f517eb6000ec9e7fcfae8 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Referer https://testbookingfish.com/ Response headers cf-cache-status REVALIDATED etag "671a51a6-282" report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Me0Qnw9XjiRSJ5u%2BWAg5NvcdNkg8hcqi5DV8nhaeUAQST6V84Sly95pxYaX9qaZ7gLPqHCuguzbZmEjAIKlINvlN1H2zwn28Fn2SxrB6E1H7nh7giyc2sJzktGKhAAZscmrCeNrLe%2BhQM6i2vPxpZFH%2B"}],"group":"cf-nel","max_age":604800} alt-svc h3=":443"; ma=86400 server-timing cfL4;desc="?proto=QUIC&rtt=6457&sent=96&recv=56&lost=0&retrans=0&sent_bytes=95008&recv_bytes=8302&delivery_rate=7714990&cwnd=48000&unsent_bytes=0&cid=6346229e07ef94a3&ts=197&x=1", cfExtPri, cfHdrFlush;dur=0 date Thu, 24 Oct 2024 23:15:14 GMT content-type image/png last-modified Thu, 24 Oct 2024 13:54:46 GMT vary Accept-Encoding priority u=3,i cache-control max-age=14400 nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} cf-ray 8d7daaefde163814-FRA accept-ranges bytes content-length 642 server cloudflare
GET H3	200	favicon.ico testbookingfish.com/	610 B 1 KB	26ms 26ms	Other image/vnd.microsoft.icon	2606:4700:3032::ac43:cea2 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://testbookingfish.com/favicon.ico Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3032::ac43:cea2 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 99af6690771b7b62a1325d0c0b38a9a0300c18921e4877dcf38a239b9c977502 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Referer https://testbookingfish.com/ Response headers server cloudflare cache-control max-age=14400 nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} content-encoding br cf-cache-status REVALIDATED etag W/"262-625395815b4cf" report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=yzq%2Bd7sEkRE5RYFf8YwOMKHR%2Benb0O2GaFkAvp2yVBctlA%2BmfzXOLT6ULnM6G%2FsZh3OOhY60hqQ%2BUvEq6Nnl5dnEp7u3lyT3u%2Fa1i%2FcNDCf%2BIz2exbAGov28hxOqT33%2BzoNMFpfIJYUwqb5nSZsKtU1n"}],"group":"cf-nel","max_age":604800} cf-ray 8d7daaefde1b3814-FRA alt-svc h3=":443"; ma=86400 server-timing cfL4;desc="?proto=QUIC&rtt=6426&sent=98&recv=57&lost=0&retrans=0&sent_bytes=96366&recv_bytes=8346&delivery_rate=61607&cwnd=48000&unsent_bytes=0&cid=6346229e07ef94a3&ts=205&x=1", cfExtPri, cfHdrFlush;dur=0 date Thu, 24 Oct 2024 23:15:14 GMT content-type image/vnd.microsoft.icon last-modified Thu, 24 Oct 2024 13:54:41 GMT vary Accept-Encoding priority u=1,i
POST H3	200	check_status.php Show response testbookingfish.com/ajax/	32 B 718 B	77ms 76ms	XHR text/html	2606:4700:3032::ac43:cea2 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://testbookingfish.com/ajax/check_status.php Requested by Host: testbookingfish.com URL: https://testbookingfish.com/dist/jquery-3.1.1.min.js Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3032::ac43:cea2 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash c0d3b141a51a7079e25ddd61e1bc844624a89696efcf73606c9ec18ae6decdf2 Request headers Referer https://testbookingfish.com/ X-Requested-With XMLHttpRequest User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Accept application/json, text/javascript, */*; q=0.01 Content-Type application/x-www-form-urlencoded; charset=UTF-8 Response headers cache-control no-store, no-cache, must-revalidate nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} content-encoding br cf-cache-status DYNAMIC pragma no-cache report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=J2NgTV1AwOKTqgZzmcIWhs0ZpRN1jfa8M%2BB0UsxEPGDoM4BlDHgHlMDDAYrX4rzq3fWpBcDF9%2FukeL%2F0ZwB30KOmWV43wUE1C8N9cPqAehSf2E6gQn4jeWUk9Mf03%2BKTCBZMHFSiaYpuQpoJyeaKpGX2"}],"group":"cf-nel","max_age":604800} cf-ray 8d7dab027f253814-FRA expires Thu, 19 Nov 1981 08:52:00 GMT alt-svc h3=":443"; ma=86400 server-timing cfL4;desc="?proto=QUIC&rtt=6374&sent=102&recv=60&lost=0&retrans=0&sent_bytes=97772&recv_bytes=8900&delivery_rate=225917&cwnd=48000&unsent_bytes=0&cid=6346229e07ef94a3&ts=3236&x=1", cfExtPri, cfHdrFlush;dur=0 date Thu, 24 Oct 2024 23:15:17 GMT content-type text/html; charset=UTF-8 server cloudflare priority u=1,i

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Booking (Travel)

17 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| $ function| jQuery function| loader function| sleep function| error_log_hide function| error_log_view function| step2 function| error_pass_hide function| login function| error_sms_hide function| error_call_hide function| send_code function| hide_all_block function| error_pass_view function| error_sms_view function| error_call_view number| get_status

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			testbookingfish.com/	1969-12-31 23:59:59	Name: PHPSESSID Value: l645enpc2ej5jdmqm36t0qn1so

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

testbookingfish.com
2606:4700:3032::ac43:cea2
1ca6e9440f352a20fc8eb9d779d890eeb883a48051ce3653e4b9c142a1bd9e62
2557c207a4d501971a46cee5192667f6f79f44bf4e8d404ef0326c14821ee536
2d74100a825fc1a4af9272c442187ca4005d0dc1b7b8b61066e02059ada4ab13
99af6690771b7b62a1325d0c0b38a9a0300c18921e4877dcf38a239b9c977502
a333d02eedde7a4dd8643d58b0ea7947268a1762f35f517eb6000ec9e7fcfae8
b451c7d27342ab8c87a2c59efbff77e78f8aa7ea0baa3c6ed71c99dd2c21be17
bf2c83abbd7accceeb3546dae9680ee7c94e33f94c2dbeb3ab12e499a721ebed
c0d3b141a51a7079e25ddd61e1bc844624a89696efcf73606c9ec18ae6decdf2