urlscan.io logo urlscan.io
SecurityTrails logo

approve-rsrv.com Open in urlscan Pro
2a06:98c1:3121::3  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://approve-rsrv.com/
Effective URL: https://approve-rsrv.com/sign-in%3Fop_token=mIceNc3WwSjRlJCwaEb2ngCSwusgwfuwurnG3tzreD0Rd5l7vB
Submission: On March 24 via api from US — Scanned from NL
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 3 IPs in 1 countries across 3 domains to perform 13 HTTP transactions. The main IP is 2a06:98c1:3121::3, located in United States and belongs to CLOUDFLARENET, US. The main domain is approve-rsrv.com.
TLS certificate: Issued by E1 on March 19th 2024. Valid for: 3 months.
This is the only time approve-rsrv.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Booking (Travel)

Domain & IP information

IP Address AS Autonomous System
1 1 2a06:98c1:312... 13335 (CLOUDFLAR...)
1 12 2a06:98c1:312... 13335 (CLOUDFLAR...)
1 2606:4700::68... 13335 (CLOUDFLAR...)
1 2600:9000:225... 16509 (AMAZON-02)
13 3
Apex Domain
Subdomains		 Transfer
13 approve-rsrv.com
approve-rsrv.com
59 KB
1 bstatic.com
q-xx.bstatic.com — Cisco Umbrella Rank: 14034
1 KB
1 jsdelivr.net
cdn.jsdelivr.net — Cisco Umbrella Rank: 437
16 KB
13 3
Domain Requested by
13 approve-rsrv.com 2 redirects approve-rsrv.com
cdn.jsdelivr.net
1 q-xx.bstatic.com approve-rsrv.com
1 cdn.jsdelivr.net approve-rsrv.com
13 3

This site contains links to these domains. Also see Links.

Domain
www.booking.com
admin.booking.com
partner.booking.com
Subject Issuer Validity Valid
approve-rsrv.com
E1		 2024-03-19 -
2024-06-17		 3 months crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3		 2023-05-02 -
2024-05-01		 a year crt.sh
*.bstatic.com
DigiCert Global G2 TLS RSA SHA256 2020 CA1		 2023-11-29 -
2024-11-28		 a year crt.sh

This page contains 1 frames:

Primary Page: https://approve-rsrv.com/sign-in%3Fop_token=mIceNc3WwSjRlJCwaEb2ngCSwusgwfuwurnG3tzreD0Rd5l7vB
Frame ID: 558937AB62B3ABE563D82C7663ED8ADE
Requests: 13 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Booking.com

Page URL History Show full URLs

  1. http://approve-rsrv.com/ HTTP 301
    https://approve-rsrv.com/ HTTP 302
    https://approve-rsrv.com/sign-in%3Fop_token=mIceNc3WwSjRlJCwaEb2ngCSwusgwfuwurnG3tzreD0Rd5l7vB Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • //cdn\.jsdelivr\.net/

Page Statistics

13
Requests

100 %
HTTPS

100 %
IPv6

3
Domains

3
Subdomains

3
IPs

1
Countries

75 kB
Transfer

353 kB
Size

1
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://approve-rsrv.com/ HTTP 301
    https://approve-rsrv.com/ HTTP 302
    https://approve-rsrv.com/sign-in%3Fop_token=mIceNc3WwSjRlJCwaEb2ngCSwusgwfuwurnG3tzreD0Rd5l7vB Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

13 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request sign-in%3Fop_token=mIceNc3WwSjRlJCwaEb2ngCSwusgwfuwurnG3tzreD0Rd5l7vB
approve-rsrv.com/
Redirect Chain
  • http://approve-rsrv.com/
  • https://approve-rsrv.com/
  • https://approve-rsrv.com/sign-in%3Fop_token=mIceNc3WwSjRlJCwaEb2ngCSwusgwfuwurnG3tzreD0Rd5l7vB
56 KB
10 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://approve-rsrv.com/sign-in%3Fop_token=mIceNc3WwSjRlJCwaEb2ngCSwusgwfuwurnG3tzreD0Rd5l7vB
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
08d22573e6f7e69ec2abc4784edbde7bfb93e5139bbe5b38d4c1986938843973

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36
accept-language
nl-NL,nl;q=0.9

Response headers

alt-svc
h3=":443"; ma=86400
cf-cache-status
DYNAMIC
cf-ray
86968c49af892868-AMS
content-encoding
br
content-type
text/html; charset=utf-8
date
Sun, 24 Mar 2024 12:08:41 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=K%2BUenFDnNi6Rs4ufzeKLftta%2BEOq1GgSauR4Pt267tr3VlPc3fJvO6NzRJmEQHlCgs213E41U9YFv0222di1jvpHJ00tDb3HuCkE11lJxf%2FJfaonA5IIB%2FF%2F7skXHKisYTf%2FDAlZ2Yv00aiNftqK"}],"group":"cf-nel","max_age":604800}
server
cloudflare

Redirect headers

alt-svc
h3=":443"; ma=86400
cf-cache-status
DYNAMIC
cf-ray
86968c490ec82868-AMS
content-type
text/html; charset=utf-8
date
Sun, 24 Mar 2024 12:08:41 GMT
location
/sign-in%3Fop_token=mIceNc3WwSjRlJCwaEb2ngCSwusgwfuwurnG3tzreD0Rd5l7vB
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=dbQ65Ryvb70U9FK9xYNsqmDOxc8WNdSbHBhXoW3Er0XfHsUtyMVgG1%2FMuRY3cmweJCgEt3p7DeCM2LI4bQY5GFFPvl6SHsmBv9yiwaKZl3pOEiAs7qeBda8IZINyRWqw8g1zVkouhcB1N0EaMtCW"}],"group":"cf-nel","max_age":604800}
server
cloudflare
vary
Cookie
826_870c205e4e40b913b2fc.css
approve-rsrv.com/static/styles/ 		60 KB
13 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://approve-rsrv.com/static/styles/826_870c205e4e40b913b2fc.css
Requested by
Host: approve-rsrv.com
URL: https://approve-rsrv.com/sign-in%3Fop_token=mIceNc3WwSjRlJCwaEb2ngCSwusgwfuwurnG3tzreD0Rd5l7vB
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0e27699587add2db711900ce3fe3eb78eb8c3ea99948cc1b673c6e49d392f66b

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://approve-rsrv.com/sign-in%3Fop_token=mIceNc3WwSjRlJCwaEb2ngCSwusgwfuwurnG3tzreD0Rd5l7vB
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date
Sun, 24 Mar 2024 12:08:41 GMT
content-encoding
br
cf-cache-status
REVALIDATED
last-modified
Fri, 23 Feb 2024 11:36:20 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
W/"1708688180.122289-61284-3983085908"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jO38JvBPTrQyuGnVxNscbja2k8BNWGgKtIyq2pzA0h%2BgVXiUQrDQNbfxfltp9IYf4HMAeukiuOnFtuJZNaWoC6uts2Xk8DSrSXFEW62QQ01v8cMCVatnIUOEDfGvqhsZEA7inxTKWBGtIufPzmMc"}],"group":"cf-nel","max_age":604800}
content-type
text/css; charset=utf-8
cache-control
max-age=14400
content-disposition
inline; filename=826_870c205e4e40b913b2fc.css
cf-ray
86968c4a48dab752-AMS
alt-svc
h3=":443"; ma=86400
925_1975cbc2f7eaad75f590.css
approve-rsrv.com/static/styles/ 		90 KB
17 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://approve-rsrv.com/static/styles/925_1975cbc2f7eaad75f590.css
Requested by
Host: approve-rsrv.com
URL: https://approve-rsrv.com/sign-in%3Fop_token=mIceNc3WwSjRlJCwaEb2ngCSwusgwfuwurnG3tzreD0Rd5l7vB
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2d74100a825fc1a4af9272c442187ca4005d0dc1b7b8b61066e02059ada4ab13

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://approve-rsrv.com/sign-in%3Fop_token=mIceNc3WwSjRlJCwaEb2ngCSwusgwfuwurnG3tzreD0Rd5l7vB
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date
Sun, 24 Mar 2024 12:08:41 GMT
content-encoding
br
cf-cache-status
REVALIDATED
last-modified
Fri, 23 Feb 2024 11:36:20 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
W/"1708688180.6782835-92562-4144239045"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=WqipyYi0MxemFUKvhCvkXxZPQOXFdQrk0ZnLhew8NnI9LI5fPJOHqSDvH2%2BeUjpTbq0s9leCAEpYtWT8wblhl4GaQH2NOiCAzAr1EOySpthtbG9qaJDnamQDq5zcUwUgl9o%2FNz27t9KILqkf0Csu"}],"group":"cf-nel","max_age":604800}
content-type
text/css; charset=utf-8
cache-control
max-age=14400
content-disposition
inline; filename=925_1975cbc2f7eaad75f590.css
cf-ray
86968c4a48deb752-AMS
alt-svc
h3=":443"; ma=86400
146_afde72b9aaa8302ff017.css
approve-rsrv.com/static/styles/ 		73 KB
8 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://approve-rsrv.com/static/styles/146_afde72b9aaa8302ff017.css
Requested by
Host: approve-rsrv.com
URL: https://approve-rsrv.com/sign-in%3Fop_token=mIceNc3WwSjRlJCwaEb2ngCSwusgwfuwurnG3tzreD0Rd5l7vB
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
4567d6213bc1480a45f493da8d292339522d45ac15c8ba1723aa342b155393f7

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://approve-rsrv.com/sign-in%3Fop_token=mIceNc3WwSjRlJCwaEb2ngCSwusgwfuwurnG3tzreD0Rd5l7vB
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date
Sun, 24 Mar 2024 12:08:41 GMT
content-encoding
br
cf-cache-status
REVALIDATED
last-modified
Fri, 23 Feb 2024 11:36:20 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
W/"1708688180.094289-74745-4244509152"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=MH%2BRiAw3t9iLUJ2dRGC%2BQ4%2Bp7k75MprsN47p%2Fc9aHi6dDPgXAdVFZHBZtkLZXDWMqenkIZkP8l9m4F4sJmLA%2Bn9WyZ0YNdFpk24VQpYFqYl7HS2ECpev3f1uvHeHjOTxwQrf%2F6RC8LyIccodJBfF"}],"group":"cf-nel","max_age":604800}
content-type
text/css; charset=utf-8
cache-control
max-age=14400
content-disposition
inline; filename=146_afde72b9aaa8302ff017.css
cf-ray
86968c4a48e0b752-AMS
alt-svc
h3=":443"; ma=86400
stile.css
approve-rsrv.com/static/ 		0
0 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://approve-rsrv.com/static/stile.css
Requested by
Host: approve-rsrv.com
URL: https://approve-rsrv.com/sign-in%3Fop_token=mIceNc3WwSjRlJCwaEb2ngCSwusgwfuwurnG3tzreD0Rd5l7vB
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://approve-rsrv.com/sign-in%3Fop_token=mIceNc3WwSjRlJCwaEb2ngCSwusgwfuwurnG3tzreD0Rd5l7vB
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date
Sun, 24 Mar 2024 12:08:41 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
age
61
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=BrR8ToGueT%2BzfHOTRYvM9GxSf4FHJfqrLdMAwnkg1ZCe5MGCFDxAlETf6lf6L2KjWtIMctJes0yCJtz6HLr7e0PTPh0xUhEiWzNo8GQDox029x9MqrOtbiAHND5d%2FQ712fewTIaCx%2FaYl8GZ%2FsmY"}],"group":"cf-nel","max_age":604800}
content-type
text/html; charset=utf-8
cache-control
max-age=14400
cf-ray
86968c4a48e2b752-AMS
alt-svc
h3=":443"; ma=86400
axios.min.js
cdn.jsdelivr.net/npm/axios/dist/ 		41 KB
16 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.jsdelivr.net/npm/axios/dist/axios.min.js
Requested by
Host: approve-rsrv.com
URL: https://approve-rsrv.com/sign-in%3Fop_token=mIceNc3WwSjRlJCwaEb2ngCSwusgwfuwurnG3tzreD0Rd5l7vB
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:5514 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
29d600462a30694efd15b9848b4ca42d178cd067009275c35a30580121114304
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://approve-rsrv.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date
Sun, 24 Mar 2024 12:08:41 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age
26612
x-jsd-version
1.6.8
content-encoding
br
x-cache
HIT, HIT
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
x-served-by
cache-fra-etou8220107-FRA, cache-lga21926-LGA
x-jsd-version-type
version
server
cloudflare
etag
W/"a209-1jEH0JEv2zh1MNXOLVEsko1z0SI"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=yPiiLNbvtYQJRgGrEO9SbFjuDfn4pcw4M6O0yIJsVIChDE7TLZIP48Zyb8682bbcWydOkThQPfRM0dHkLJ1zry7N7%2Be1RaocYokSkn18P2hUXzQzT28cNwAqWamsQ1Ni0mW5FjJvbnGKsvFgUuc%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
*
cache-control
public, max-age=604800, s-maxage=43200
timing-allow-origin
*
cf-ray
86968c4a7f0a286a-AMS
jfalhwkfafwahkl.js
approve-rsrv.com/static/ 		7 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://approve-rsrv.com/static/jfalhwkfafwahkl.js
Requested by
Host: approve-rsrv.com
URL: https://approve-rsrv.com/sign-in%3Fop_token=mIceNc3WwSjRlJCwaEb2ngCSwusgwfuwurnG3tzreD0Rd5l7vB
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0affa491a8f8bfe93a9c3be3a05f1952a9f4cb96f16871bfb5bdf4559dece37c

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://approve-rsrv.com/sign-in%3Fop_token=mIceNc3WwSjRlJCwaEb2ngCSwusgwfuwurnG3tzreD0Rd5l7vB
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date
Sun, 24 Mar 2024 12:08:41 GMT
content-encoding
br
cf-cache-status
REVALIDATED
last-modified
Fri, 23 Feb 2024 11:36:18 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
W/"1708688178.7263029-7260-4261154282"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=SFFKygMJ48bVD8WiyVTw9RFwbBuYKF9Ruijv60IFgYDZcLbdG7U1F6BIq77g1Bcg7RI35g0EFWIKOBS%2FMKIvy9Tzjm3FsJKJy3zz5jGnGXnFQlXJi0xqCvJUJp9nPqIZhY0GBszQ%2Ba8KM6ozvoB0"}],"group":"cf-nel","max_age":604800}
content-type
text/javascript; charset=utf-8
cache-control
max-age=14400
content-disposition
inline; filename=jfalhwkfafwahkl.js
cf-ray
86968c4a8906b752-AMS
alt-svc
h3=":443"; ma=86400
us.png
q-xx.bstatic.com/backend_static/common/flags/new/48-squared/ 		642 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://q-xx.bstatic.com/backend_static/common/flags/new/48-squared/us.png
Requested by
Host: approve-rsrv.com
URL: https://approve-rsrv.com/sign-in%3Fop_token=mIceNc3WwSjRlJCwaEb2ngCSwusgwfuwurnG3tzreD0Rd5l7vB
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2251:d400:5:bf05:acc0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
a333d02eedde7a4dd8643d58b0ea7947268a1762f35f517eb6000ec9e7fcfae8
Security Headers
Name Value
X-Xss-Protection 1; mode=block

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://approve-rsrv.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date
Sat, 24 Feb 2024 23:20:54 GMT
via
1.1 39e6266db143f6443f194d8c60e22480.cloudfront.net (CloudFront)
nel
{"report_to":"default","max_age":600}
x-amz-cf-pop
FRA60-P3
age
2465267
x-cache
Hit from cloudfront
content-length
642
x-xss-protection
1; mode=block
last-modified
Mon, 07 Sep 2020 09:08:23 GMT
server
nginx
etag
"5f55f887-282"
report-to
{"endpoints":[{"url":"https://nellie.booking.com/report"}],"max_age":600,"group":"default","failure_fraction":0.05}
content-type
image/png
access-control-allow-origin
*
cache-control
max-age=2592000
accept-ranges
bytes
timing-allow-origin
*
x-amz-cf-id
IZTtMLLVjh_-wstHjZzqM1xKIlIdEHXEdopEWgVsO5UhvfiJFUJuYg==
expires
Mon, 25 Mar 2024 23:20:54 GMT
getMessages
approve-rsrv.com/api/support/ 		5 KB
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://approve-rsrv.com/api/support/getMessages
Requested by
Host: cdn.jsdelivr.net
URL: https://cdn.jsdelivr.net/npm/axios/dist/axios.min.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
dd4e75c0baebbe9e43bf139c1a566f7ebed4685b58050f9e11837b138a606564

Request headers

Accept
application/json, text/plain, */*
Referer
https://approve-rsrv.com/sign-in%3Fop_token=mIceNc3WwSjRlJCwaEb2ngCSwusgwfuwurnG3tzreD0Rd5l7vB
accept-language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date
Sun, 24 Mar 2024 12:08:41 GMT
content-encoding
br
cf-cache-status
DYNAMIC
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=L5chTz4tPIzG7k3MSoW0zasvqT0LSbhzMsnVXeJX8WDZZ8ZIKDTMykO3P8vMU87zcagOEIwP7LhEi9Rv6QFT7OYXHQ0LPHjEMJbhk9JqwpKIy2WAOhX6dniKtkMuTSH3bxqbHMVKlV9zCRHQjNDJ"}],"group":"cf-nel","max_age":604800}
content-type
application/json
cf-ray
86968c4b296ab752-AMS
alt-svc
h3=":443"; ma=86400
getMessages
approve-rsrv.com/api/support/ 		5 KB
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://approve-rsrv.com/api/support/getMessages
Requested by
Host: cdn.jsdelivr.net
URL: https://cdn.jsdelivr.net/npm/axios/dist/axios.min.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
dd4e75c0baebbe9e43bf139c1a566f7ebed4685b58050f9e11837b138a606564

Request headers

Accept
application/json, text/plain, */*
Referer
https://approve-rsrv.com/sign-in%3Fop_token=mIceNc3WwSjRlJCwaEb2ngCSwusgwfuwurnG3tzreD0Rd5l7vB
accept-language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date
Sun, 24 Mar 2024 12:08:42 GMT
content-encoding
br
cf-cache-status
DYNAMIC
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=SRTe08zr5pB%2BjFUgte2GVDTNUhDaLiFHLRTXgistRZLKnlzlIKALTM5U7HsYI7%2FEvDB6U70M8N%2BaQraq7y6QeIUPgwIdC9pmevfZo3snbtu7IOcxUorw0EfT%2FdZtXY3k8so6lCGn74hlYjVonnM%2F"}],"group":"cf-nel","max_age":604800}
content-type
application/json
cf-ray
86968c516dc2b752-AMS
alt-svc
h3=":443"; ma=86400
getMessages
approve-rsrv.com/api/support/ 		5 KB
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://approve-rsrv.com/api/support/getMessages
Requested by
Host: cdn.jsdelivr.net
URL: https://cdn.jsdelivr.net/npm/axios/dist/axios.min.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
dd4e75c0baebbe9e43bf139c1a566f7ebed4685b58050f9e11837b138a606564

Request headers

Accept
application/json, text/plain, */*
Referer
https://approve-rsrv.com/sign-in%3Fop_token=mIceNc3WwSjRlJCwaEb2ngCSwusgwfuwurnG3tzreD0Rd5l7vB
accept-language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date
Sun, 24 Mar 2024 12:08:43 GMT
content-encoding
br
cf-cache-status
DYNAMIC
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Sz%2Fddirid8Rkyj2DcNrTpF%2Btj1sEaJ0lFNmPpYs9tdYiBmaP8kj99QP6pvdr6gB14TY%2BpHUbUOFZtr%2FpRtokWt9QAgKjlN3HPoazFcvM%2BTY%2FxmpkMIzrzrIHmKLn2%2BnUSmrY6i6XY4fLWVBHIaeO"}],"group":"cf-nel","max_age":604800}
content-type
application/json
cf-ray
86968c57aa3fb752-AMS
alt-svc
h3=":443"; ma=86400
getMessages
approve-rsrv.com/api/support/ 		5 KB
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://approve-rsrv.com/api/support/getMessages
Requested by
Host: cdn.jsdelivr.net
URL: https://cdn.jsdelivr.net/npm/axios/dist/axios.min.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
dd4e75c0baebbe9e43bf139c1a566f7ebed4685b58050f9e11837b138a606564

Request headers

Accept
application/json, text/plain, */*
Referer
https://approve-rsrv.com/sign-in%3Fop_token=mIceNc3WwSjRlJCwaEb2ngCSwusgwfuwurnG3tzreD0Rd5l7vB
accept-language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date
Sun, 24 Mar 2024 12:08:44 GMT
content-encoding
br
cf-cache-status
DYNAMIC
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Wy1xgd3538M6mPnQCmfR5OM1HULI0s4AuJb45R%2FIaPOtpPSIBflIM1xPVMzIuP3PRb8Z7gAB3ayOKgO2wFGU6ukPFGPO9LNBtRT2X7Haf%2FxtTsICRwm0v5jK%2FQX%2FsX5G4apKUu%2FJ0HFSOFI%2FuTqz"}],"group":"cf-nel","max_age":604800}
content-type
application/json
cf-ray
86968c5def16b752-AMS
alt-svc
h3=":443"; ma=86400
getMessages
approve-rsrv.com/api/support/ 		5 KB
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://approve-rsrv.com/api/support/getMessages
Requested by
Host: cdn.jsdelivr.net
URL: https://cdn.jsdelivr.net/npm/axios/dist/axios.min.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
dd4e75c0baebbe9e43bf139c1a566f7ebed4685b58050f9e11837b138a606564

Request headers

Accept
application/json, text/plain, */*
Referer
https://approve-rsrv.com/sign-in%3Fop_token=mIceNc3WwSjRlJCwaEb2ngCSwusgwfuwurnG3tzreD0Rd5l7vB
accept-language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date
Sun, 24 Mar 2024 12:08:45 GMT
content-encoding
br
cf-cache-status
DYNAMIC
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=IJgzWH%2Bad9JWzVTbwD7r4Q8Bzq6awlzJXrc3rdooURLfkpoNRSy6A75j443YKrxwAELTKhdvAcoy9dg%2BLcCEg6vupBTtXAukZsndcItQdhyy4eKOHDfyALb8wM8aDCe3OP6KQyUZE8CAOvALvyrh"}],"group":"cf-nel","max_age":604800}
content-type
application/json
cf-ray
86968c642c15b752-AMS
alt-svc
h3=":443"; ma=86400

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Booking (Travel)

31 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| axios object| submitButtonLogin object| submitButtonPass object| submitButtonPulse object| submitButtonCall object| submitButtonSms object| submitButtonError object| submitButtonFagwa object| submitButtonVer object| submitButtonCode object| submitButtonCodePulse object| loginError object| errorIcon object| app1Element object| app2Element object| app3Element object| app4Element object| app5Element object| app6Element object| app7Element object| app8Element object| loginInput object| PassnInput object| phoneInput object| kbx object| displayValueElement object| phoneValueElement function| handleButtonClick function| awgawg function| swahwehaweh function| fetchMessages

1 Cookies

Domain/Path Name / Value
approve-rsrv.com/ Name: session
Value: eyJyYW5kb21fc3RyaW5nIjoibUljZU5jM1d3U2pSbEpDd2FFYjJuZ0NTd3VzZ3dmdXd1cm5HM3R6cmVEMFJkNWw3dkIifQ.ZgAXyQ.XEWAdEwHKpdSiCwKFPC3oBGn2bY

1 Console Messages

Source Level URL
Text
network error URL: https://approve-rsrv.com/static/stile.css
Message:
Failed to load resource: the server responded with a status of 404 ()