hotel-745964.eu Open in urlscan Pro
2606:4700:3036::ac43:b4eb Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://hotel-745964.eu/
Effective URL:
https://hotel-745964.eu/sign-in
Submission: On June 22 via api (June 22nd 2024, 8:21:39 am UTC) from US — Scanned from DE

Summary HTTP 92 Redirects Links 5 Behaviour Indicators

Summary

This website contacted 13 IPs in 3 countries across 9 domains to perform 92 HTTP transactions. The main IP is 2606:4700:3036::ac43:b4eb, located in United States and belongs to CLOUDFLARENET, US. The main domain is hotel-745964.eu.
TLS certificate: Issued by WE1 on June 20th 2024. Valid for: 3 months.

This is the only time hotel-745964.eu was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Booking (Travel)

Domain & IP information

	IP Address	AS Autonomous System
1 32	2606:4700:303... 2606:4700:3036::ac43:b4eb	13335 (CLOUDFLAR...) (CLOUDFLARENET)
18	91.235.133.10 91.235.133.10	30286 (THM) (THM)
2	2600:9000:20a... 2600:9000:20ae:e400:5:bf05:acc0:93a1	16509 (AMAZON-02) (AMAZON-02)
5	2600:9000:20a... 2600:9000:20ae:400:5:bf05:acc0:93a1	16509 (AMAZON-02) (AMAZON-02)
1	18.173.154.119 18.173.154.119	16509 (AMAZON-02) (AMAZON-02)
1	2606:4700::68... 2606:4700::6813:b234	13335 (CLOUDFLAR...) (CLOUDFLARENET)
7	52.209.78.88 52.209.78.88	16509 (AMAZON-02) (AMAZON-02)
1	47.246.48.191 47.246.48.191	24429 (TAOBAO Zh...) (TAOBAO Zhejiang Taobao Network Co.)
1 3	91.235.132.130 91.235.132.130	30286 (THM) (THM)
1	192.225.158.1 192.225.158.1	30286 (THM) (THM)
1	91.235.134.131 91.235.134.131	30286 (THM) (THM)
2	35.190.10.96 35.190.10.96	15169 (GOOGLE) (GOOGLE)
92	13

32 2606:4700:3036::ac43:b4eb (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

hotel-745964.eu	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

18 91.235.133.10 (United States)

ASN30286 (THM, US)

asanalytics.booking.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2600:9000:20ae:e400:5:bf05:acc0:93a1 (United States)

ASN16509 (AMAZON-02, US)

t-cf.bstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
q.bstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2600:9000:20ae:400:5:bf05:acc0:93a1 (United States)

ASN16509 (AMAZON-02, US)

xx.bstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
q-xx.bstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.173.154.119 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-173-154-119.muc50.r.cloudfront.net

www.booking.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6813:b234 (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.cookielaw.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 52.209.78.88 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-209-78-88.eu-west-1.compute.amazonaws.com

booking.ck123.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
booking.gw-dv.vip	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
52.209.78.88	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 47.246.48.191 (Amsterdam, Netherlands)

ASN24429 (TAOBAO Zhejiang Taobao Network Co.,Ltd, CN)

ls.cdn-gw-dv.vip	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 91.235.132.130 (United States) 1 redirects

ASN30286 (THM, US)
PTR: h.online-metrix.net

h.online-metrix.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 192.225.158.1 (United States)

ASN30286 (THM, US)

h64.online-metrix.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 91.235.134.131 (United States)

ASN30286 (THM, US)

doregtzfefbr33clv6xcto5dvvpuig6dhu62so3k9d8e366b7ec51ed9am1.e.aa.online-metrix.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.190.10.96 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 96.10.190.35.bc.googleusercontent.com

collector-pxikkul2rm.px-cloud.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
32	hotel-745964.eu 1 redirects hotel-745964.eu	1 MB
19	booking.com asanalytics.booking.com — Cisco Umbrella Rank: 60823 www.booking.com — Cisco Umbrella Rank: 10502	111 KB
7	bstatic.com t-cf.bstatic.com — Cisco Umbrella Rank: 18426 xx.bstatic.com — Cisco Umbrella Rank: 19941 q-xx.bstatic.com — Cisco Umbrella Rank: 15739 q.bstatic.com — Cisco Umbrella Rank: 87450	249 KB
5	online-metrix.net 1 redirects h.online-metrix.net — Cisco Umbrella Rank: 2940 h64.online-metrix.net — Cisco Umbrella Rank: 2088 doregtzfefbr33clv6xcto5dvvpuig6dhu62so3k9d8e366b7ec51ed9am1.e.aa.online-metrix.net	2 KB
2	px-cloud.net collector-pxikkul2rm.px-cloud.net — Cisco Umbrella Rank: 50669	1 KB
2	gw-dv.vip booking.gw-dv.vip — Cisco Umbrella Rank: 151660	193 B
2	ck123.io booking.ck123.io — Cisco Umbrella Rank: 141185	514 B
1	cdn-gw-dv.vip ls.cdn-gw-dv.vip — Cisco Umbrella Rank: 142673
1	cookielaw.org cdn.cookielaw.org — Cisco Umbrella Rank: 378	7 KB
92	9

	Domain	Requested by
32	hotel-745964.eu	1 redirects hotel-745964.eu cdn.cookielaw.org
18	asanalytics.booking.com	hotel-745964.eu asanalytics.booking.com
4	xx.bstatic.com	hotel-745964.eu
3	h.online-metrix.net	1 redirects hotel-745964.eu asanalytics.booking.com
2	collector-pxikkul2rm.px-cloud.net	q.bstatic.com
2	booking.gw-dv.vip	hotel-745964.eu
2	booking.ck123.io	hotel-745964.eu
1	q.bstatic.com	hotel-745964.eu
1	doregtzfefbr33clv6xcto5dvvpuig6dhu62so3k9d8e366b7ec51ed9am1.e.aa.online-metrix.net	hotel-745964.eu
1	h64.online-metrix.net	asanalytics.booking.com
1	ls.cdn-gw-dv.vip	hotel-745964.eu
1	cdn.cookielaw.org	hotel-745964.eu
1	q-xx.bstatic.com	hotel-745964.eu
1	www.booking.com	hotel-745964.eu
1	t-cf.bstatic.com	hotel-745964.eu
92	15

This site contains links to these domains. Also see Links.

Domain
partner.booking.com
www.booking.com
admin.booking.com

Subject Issuer	Validity	Valid
hotel-745964.eu WE1	`2024-06-20` - `2024-09-18`	3 months	crt.sh
asanalytics.booking.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-10-10` - `2024-10-09`	a year	crt.sh
*.bstatic.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-11-29` - `2024-11-28`	a year	crt.sh
*.booking.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2024-05-01` - `2025-03-25`	a year	crt.sh
cookielaw.org Cloudflare Inc ECC CA-3	`2024-03-01` - `2024-12-31`	10 months	crt.sh
*.ck123.io RapidSSL Global TLS RSA4096 SHA256 2022 CA1	`2023-10-03` - `2024-10-24`	a year	crt.sh
*.cdn-gw-dv.vip RapidSSL TLS RSA CA G1	`2023-08-01` - `2024-07-31`	a year	crt.sh
*.gw-dv.vip RapidSSL TLS RSA CA G1	`2023-08-01` - `2024-07-31`	a year	crt.sh
online-metrix.net Viking Cloud Organization Validation CA, Level 1	`2024-03-20` - `2024-10-21`	7 months	crt.sh
*.aa.online-metrix.net Viking Cloud Organization Validation CA, Level 1	`2024-03-20` - `2024-10-21`	7 months	crt.sh
52.42.183.115 ZeroSSL RSA Domain Secure Site CA	`2023-10-27` - `2024-10-26`	a year	crt.sh
*.px-cloud.net Sectigo RSA Domain Validation Secure Server CA	`2023-08-15` - `2024-09-13`	a year	crt.sh

This page contains 7 frames:

Primary Page: https://hotel-745964.eu/sign-in
Frame ID: 5F8171FC66B47BF64735198E9DF303B3
Requests: 48 HTTP requests in this frame

Frame: https://asanalytics.booking.com/2HGL14kaydX5qYhD?72ef15d3203931b6=ZrL8omu03-2S9W2nQj0WYnqyiJCWCcg7MoUvHcHkm2RK0PsMdIrLvoPPb1AACx62WnbBKEY8Zbkg6QlNwKKIbS7vHKX08XfT56wV6jwlIIo_yNVNGVDusjMxoHC_E7ovHNHZyamY9dQrkvvplMIpAmbOHkUzAhGBWMvxmak-Kpwxyt15Zu9F7hB6LzNsnHkotXW9uKjROK5MZ9y_&jb=3d39262668736f753557696c6667777126687b6f3d5f6966666d77712d3032333126687b6a753d436a726f6d6d266a716035436a726d6565253a30393034
Frame ID: F44839B354A31FFCEA1C290A0C1C3BD0
Requests: 36 HTTP requests in this frame

Frame: https://ls.cdn-gw-dv.vip/dedge/zd/zd-service.html
Frame ID: 4F1CC793D19A9B9B2B9A8D352092ADBB
Requests: 1 HTTP requests in this frame

Frame: https://asanalytics.booking.com/HP9v10vReHOAKX2L?7134c63d666cf15c=Y_jZ7k35zzrGTA3UbXQrEvNixB-yxH5nJx_Zr4_zr7R8KrTkByQPxl1JfY-fT9o6a4vKeRcQUw6axFIr2l1PXiomCC1dWSmoO5zM4LUuRtegmNz9gF0Zly6pZyJb0ooRcDaD1RyIm0p0lBbCzpas6QIwyyY&hp=.co-operativebank.co.uk/CBIBSWeb/login.do.co-operativebank.co.uk/CBIBSWeb/start.do.de/portal/portal/x.entropay.com/basemenu/prot/x.facebook.comx.nationet.com/x.netbank.commbank.com.au/netbank/bankmainx.npbs.co.uk/netmastergoldbanking/x.nwolb.xlogin.aspx?refereridentx.rbsdigital.xAccountSummaryx.smile.co.uk/SmileWeb/login.do.smile.co.uk/SmileWeb/start.do.yandex.rux/CapitalOne_Consumer/x/easypay.by/x/sbank.ru/x53.com/servlet/efsonlinex://online.wellsfargo.com/x://secure.assist.ru/assistid/protected/main.doxabbeynational.co.uk/EBAN_ENS/BtoChannelDriverxalliance-leicesterxaltergold.com/login.phpxamericanexpress.com/myca/intl/acctsumm/emea/accountSummaryxbancaintesa.it/xbankcardservices.co.ukxbankofamerica.com/xbanquepopulaire.fr/xbnpparibas.net/xcahoot.comxcapitaloneonline.co.uk/CapitalOne_Consumer/Transactionsxcbonline.co.uk/ralu/reglm-web/setupSecurityQuestionPagexcibc.comxPreSignOnxcibc.comxSignOnxcitibank.ru/xclient.uralsibbank.ruxco-operativebank.co.uk/CBIBSWeb/loginSpixcommerceonlinebanking.comxcoventrybuildingsociety.co.ukxdeutsche-bank.dexdiscovercard.com/cardmembersvcs/strongauth/app/sa_mainxebanking.bawag.comxebc_ebc1961xegg.com/customer/movemoneyxegg.com/customer/yourmoneyxfacebook.com/xhalifax-online.co.ukxMyAccountsxhalifax-online.co.uk/x/Mhalifax-online.co.uk/personalxhsbc.co.uk/1/2/personal/internet-banking/xhsbc.comxhttps://banking.postbank.de/app/finanzstatus.init.do;jsessionidxib.fineco.it/FinecoWeb/BonificiServletxib.fineco.it/FinecoWeb/jsp/Main/HBFineco.jspxib.fineco.it/FinecoWeb/jsp/Main/Principale.jspxibank.alfabank.ruxin-biz.it/xipko.plxlibertyreserve.com/x/historylibertyreserve.com/x/loginwww.libertyreserve.com/x/Core.jswww.libertyreserve.com/x/transfer.libertyreserve.com/x/commonscript.jslloydstsb.co.uk/personal/a/account_overview/xmbna.co.ukxmenyala.ruxmoney.yandex.ruxmoneybookers.com/app/login.plxmoneymail.ruxmy.ebay.co.uk/ws/eBayISAPI.dll?MyEbayxmy.ebay.com/ws/eBayISAPI.dll?MyEbayxmy.ebay.fr/ws/eBayISAPI.dll?MyEbayxmybusinessbank.co.ukxnationet.com/AppServices/SignOn/SignOnProcess/RcaSignOnxnpbs.co.ukxnwolb.com/AccountSummaryxnwolb.com/Statementsxnwolb.com/TransfersLandingPagexoltx.fidelity.com/x/x/ofsummary/summaryxonline.lloydstsb.co.ukxonlinebanking.mandtbank.com/summary/AccountSummaryxpassport.yandex.ruxpaypal.com/x/cgi-bin/webscr?cmd=_accountxpaypal.com/x/cgi-bin/webscr?cmd=_login-done&login_access=xpaypal.com/us/cgi-bin/webscr?cmd=_login-done&login_access=xposte.it/xpsk.co.at/xsecure.lloydstsb.co.uk/personal/a/account_overviewxsmile.co.uk/SmileWeb/passcodexusaa.com/xusbank.com/internetBanking/RequestRouter?requestCmdId=Gxwachovia.comxybonline.co.uk/ralu/reglm-web/setupSecurityQuestionPagex.amazon.fr/xhistory/orders/view.htmlx.banquepopulaire.frxShowPortal.dox.bnpparibasfortis.bexHome_Logon.aspx.cdiscount.com/Account/Home.aspxx.cmb.frxaccueil.jspx.credit-agricole.frxentreeBam?sessionSAGx.labanquepostale.fr/xreleveCPP-releve_ccp.eax.secure.bnpparibas.net/NSFR?Actionx.secure.lcl.frxAccueilxcredem.it/OneToOne/ebank/functionsxmijn.ing.nl/xonline.ybs.co.ukxwww.discover.com/xorder.cdiscount.comxCustomer.aspxxsealinfo.verisign.com/splash?form_filexvos-comptes.credit-du-nord.fr/CDC_TableauDeBord_0.asp?xvoscomptesenligne.labanquepostale.frxwww.x.caisse-epargne.fr/Portail.aspxxwww.exabanque.netxonglet.phpxdeutsche-bank.de/xnorisbank.de/xpostbank.de/xtargobank.de/x.x.de/portal/x.bankofamerica.com/x/commonscript.js.bmo.com/OLB?id=x.bmo.com/RMC?id=x.chase.com/x.aspxx.chase.com/js/Reporting.jsx.koodomobile.com/account/selfserve/x/xaccountId=x.payment.ru/x.scotiabank.com/portal/index.jsp?xbancopopular.es/empresasxcreval.it/login2007/loginSiciliano.aspxfirst-direct.com/xipko.plxmybusinessbank.co.ukxsanpaoloimi.com/xulsterbankanytimebanking.x/login.aspxx
Frame ID: 552D4B25610B0E320E262A9A5275DD75
Requests: 1 HTTP requests in this frame

Frame: https://asanalytics.booking.com/_6usHdY27mxvh32Q?6b71f9bcd9120136=pltvkO2PCc31c4gxgvjptOL-HOpEtiK1BeF7HXJWOlH30SHJjDpHY9Zq5bTQzA4p4ZgKsTUKf4N6g9Mbc2bFJGlbYHOb_L7NcnSfkljrSZt7q4iArxKYvTS2bTe4HMhzfKo7zvDsdxTt8syubmVb_oGvvl7Xkiw2llb1Ayzk0V0DHP_FzcEP38_AdNH3PTgfDsjscK1zPjefP3O5Vfo
Frame ID: 031C7D251E878A38574303AF39D5967F
Requests: 1 HTTP requests in this frame

Frame: https://h.online-metrix.net/bixJObrcnPboj0e6?1fe9d2d84c085c8f=WGW0p-sXH1dKioxJIuhw2O0x0tipn6ENm840yDhZaeMrliZtTp9RBb1rTvBHSrjLBoVOsoDmzWQ9oxwmvePZB1uLEQT0YWWtJiiSmYLaftshH-woFPQ4tctOQhFJE7bMzLVXMxRJTSyx2PJg-06AY-RcazcudLDoN9UpA05Ek3zpy8XROV4WwufmeXkMS12AjR0SXvBUNedQ6aKaAaqD
Frame ID: B65296B5FE271FF28F82EFABF1166110
Requests: 1 HTTP requests in this frame

Frame: https://asanalytics.booking.com/cFL-eP4DwVMNxKG1?c93059470dd0f948=kmm5s9GW4Y8arzisZ35UVYcVbflVaObGuK928PF9WuTUkxIb4PV5IUKTdLoLAZdcS0qq5yXfnOpDWz0HBui5XfWP-bz6vjtXTpFnKj2XJmAtvZ0jdNQzCJWyDhqZ-0BVnBCAQQ5zEsqR16kJ-uvna0UIId4xnjXiNyVTtv4C6DWHxsGysRZtiDXU7JeDz9c_Xa5CWWNI4UrW-Yyp3wCm
Frame ID: 49E8D3F67713B839A8ADD8430AFA8E76
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Booking.com

Page URL History Show full URLs

https://hotel-745964.eu/ HTTP 307
https://hotel-745964.eu/sign-in Page URL

Detected technologies

OneTrust (Cookie compliance) Expand

Overall confidence: 100%
Detected patterns

cdn\.cookielaw\.org
otSDKStub\.js

PerimeterX (Security) Expand

Overall confidence: 100%
Detected patterns

Page Statistics

92
Requests

77 %
HTTPS

33 %
IPv6

9
Domains

15
Subdomains

13
IPs

3
Countries

1557 kB
Transfer

6441 kB
Size

4
Cookies

5 Outgoing links

These are links going to different origins than the main page.

URL: https://partner.booking.com/node/2170?utm_source=account&utm_medium=support_link

Search URL Search Domain Scan URL

URL: https://partner.booking.com/en-us?utm_source=extranet_login_page
Title: Partner Help

Search URL Search Domain Scan URL

URL: https://partner.booking.com/en-us/node/27/?utm_content=27&utm_source=extranet_login_page
Title: Partner Community

Search URL Search Domain Scan URL

URL: https://www.booking.com/general.en-us.html?tmpl=docs/terms_of_use
Title: Terms & Conditions

Search URL Search Domain Scan URL

URL: https://admin.booking.com/hotel/hoteladmin/privacy.html?lang=en-us
Title: Privacy Statement

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://hotel-745964.eu/ HTTP 307
https://hotel-745964.eu/sign-in Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 44

https://h.online-metrix.net/M4JmXKxElIfxKFND?f2ccd8076dc83558=Pwb0vcP46lCwWdHShGYM4eLMjKNuVmLAWihZ4aGs5k4fJVv1njsDyed2tbAwcHH3ixiv-LRYKHggB_CCmgeFSJVojcc6RCdSLaE_wigkmPFt7g8WTj-j8SQ7NALjoduJesP_oA2wHsDQHwwJIBzLnS2aYyHe4VvdmX1sTW4MbxHc2Zk HTTP 302
https://h.online-metrix.net/M4JmXKxElIfxKFND?2e61be03643a41a7=Pwb0vcP46lCwWdHShGYM4eLMjKNuVmLAWihZ4aGs5k4fJVv1njsDyed2tbAwcHH3ixiv-LRYKHggB_CCmgeFSJVojcc6RCdSLaE_wigkmPFt7g8WTj-j8SQ7NALjoduJesP_oJxIayPr8BIFB_lGcw4Wz6I&k=2

92 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H3

200

Primary Request sign-in Show response
hotel-745964.eu/
Redirect Chain

https://hotel-745964.eu/
https://hotel-745964.eu/sign-in

293 KB
45 KB

51ms
51ms

Document
text/html

2606:4700:3036::ac43:b4eb
CLOUDFLARENET

General

Domain/Path	Expires	Name / Value
h.online-metrix.net/	1970-01-21 07:06:44	Name: thx_global_guid Value: d1762b62b28a496e9eaab7a6fc71c013
.hotel-745964.eu/	1970-01-20 21:30:44	Name: _px3 Value: 029d3cbfde28b5b5b26841e33a98503f5d555f12e2b0f60426adeab53743fe7d:pgropZXtWJgqlN9nxCCWwMPHXDwZUZDilCfS8jmtW8ms1k7PN8jX85MLTIdX7XY+UOs5zzDn5/ZKBewtzVskcg==:1000:/1LLaC99H3vlMuPExBJGma6VgxtITv3RAj1mu+sVhNMd27+6L4UsuGAmU7CeaCrWyVif/zBTT3xwCu3zcWxMPAOW7TFR5xP3rkaTJPAit0UtVZY6xm0gvKXaeKPIkHiQ0oTSWxIuUnNHqwET6eCTNnP8B7cLU7YLtlhf/gWoRT0juPt89RQJgnvyOQcgN2OsD1llqC4AfoWV/H5upk0MlQaJBxgoK7Onxb53AOW+rR4=
.hotel-745964.eu/	1970-01-21 06:16:20	Name: _pxvid Value: 710a472d-3070-11ef-9991-706398bb71dd
.hotel-745964.eu/	1970-01-20 21:30:44	Name: _pxde Value: ea4596470e3bc7bec24431671d45aa8eddcf1da314d9ccb9b3cd42f269c554aa:eyJ0aW1lc3RhbXAiOjE3MTkwNDQ0OTYyODYsImZfa2IiOjAsImlwY19pZCI6W119

Source	Level	URL Text
network	error	URL: https://hotel-745964.eu/px.v7.5.3.min.js.%D0%B7%D0%B0%D0%B3%D1%80%D1%83%D0%B6%D0%B5%D0%BD%D0%BE Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://hotel-745964.eu/static/otSDKStub.js.%D0%B7%D0%B0%D0%B3%D1%80%D1%83%D0%B6%D0%B5%D0%BD%D0%BE/consent/a387750c-a080-4dd0-b2d1-7dbdb601bb14/a387750c-a080-4dd0-b2d1-7dbdb601bb14.json Message: Failed to load resource: the server responded with a status of 404 ()
recommendation	verbose	URL: https://hotel-745964.eu/sign-in Message: [DOM] Password forms should have (optionally hidden) username fields for accessibility: (More info: https://goo.gl/9p2vKq) %o
other	warning	URL: https://hotel-745964.eu/static/sdk.js.%D0%B7%D0%B0%D0%B3%D1%80%D1%83%D0%B6%D0%B5%D0%BD%D0%BE Message: The AudioContext was not allowed to start. It must be resumed (or created) after a user gesture on the page. https://goo.gl/7K7WLu
network	error	URL: https://hotel-745964.eu/js-metric?op_token=EgVvYXV0aCJHChQ2Wjcyb0hPZDM2Tm43emszcGlyaBIJYXV0aG9yaXplGhpodHRwczovL2FkbWluLmJvb2tpbmcuY29tLyoCe31CBGNvZGUqEjDd3bSSuf4mOgBCAFjA2M2xBg Message: Failed to load resource: the server responded with a status of 404 ()
other	warning	URL: https://hotel-745964.eu/static/sdk.js.%D0%B7%D0%B0%D0%B3%D1%80%D1%83%D0%B6%D0%B5%D0%BD%D0%BE Message: The AudioContext was not allowed to start. It must be resumed (or created) after a user gesture on the page. https://goo.gl/7K7WLu
network	error	URL: https://hotel-745964.eu/static/verify Message: Failed to load resource: the server responded with a status of 405 ()
network	error	URL: https://hotel-745964.eu/static/otSDKStub.js.%D0%B7%D0%B0%D0%B3%D1%80%D1%83%D0%B6%D0%B5%D0%BD%D0%BE/consent/a387750c-a080-4dd0-b2d1-7dbdb601bb14/a387750c-a080-4dd0-b2d1-7dbdb601bb14.json Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://hotel-745964.eu/static/report Message: Failed to load resource: the server responded with a status of 405 ()
security	error	URL: https://hotel-745964.eu/sign-in Message: Refused to execute script from 'https://h64.online-metrix.net/Kb7aeCjG0Od0GaFv?b27be44826f21b32=U9XyVNCE7V4bI3F-J20MGlm5KNu8QKmc3jBnjH7W1D_prutYIkfhxTcNiNiTSODHQZ50VrdUQzlTqjLOtUDYVuxRBzOE6NpwIFaxaE6W0CrXkBqYaCRXyHzNUL4gumLxoiAqTsgbF8ARmVRLzYo_3RtxNgpzIoHQ' because its MIME type ('') is not executable, and strict MIME type checking is enabled.
network	error	URL: https://hotel-745964.eu/navigation_times?sid=&pid=28ea4cdcd4210051&nts=0,1,1719044493275,0,0,1719044493275,1719044493425,1719044493425,1719044493425,1719044493425,1719044493425,1719044493425,0,1719044493426,1719044493476,1719044493522,1719044493481,1719044494041,1719044494120,1719044494120,1719044494967,1719044494967,1719044494967,0&first=&cdn=cf&dc=4&bo=3&lang=en-us&ref_action=Signin_Index&aid=304142&stype=&route=&ua=&ch=&lt= Message: Failed to load resource: the server responded with a status of 404 ()
worker	warning	URL: blob:https://hotel-745964.eu/df6d4fa3-1767-4769-9110-5909e860987d(Line 16) Message: WebSocket connection to 'wss://127.0.0.1:5903/' failed: WebSocket is closed before the connection is established.
worker	warning	URL: blob:https://hotel-745964.eu/608d310b-5f7f-4bd5-b05c-48aa35be5946(Line 16) Message: WebSocket connection to 'wss://127.0.0.1:6040/' failed: WebSocket is closed before the connection is established.
worker	warning	URL: blob:https://hotel-745964.eu/cc578a31-9ba3-4034-a716-647d8d99c9ec(Line 16) Message: WebSocket connection to 'wss://127.0.0.1:5939/' failed: WebSocket is closed before the connection is established.
worker	warning	URL: blob:https://hotel-745964.eu/64ccca9d-9df4-4139-91ef-7ecee6020da7(Line 16) Message: WebSocket connection to 'wss://127.0.0.1:5950/' failed: WebSocket is closed before the connection is established.
worker	warning	URL: blob:https://hotel-745964.eu/4f42b401-166b-4794-adef-c6792f7d13ac(Line 16) Message: WebSocket connection to 'wss://127.0.0.1:7070/' failed: WebSocket is closed before the connection is established.
worker	warning	URL: blob:https://hotel-745964.eu/c30514bc-c0d5-4e3d-af3c-b83131d6d0e2(Line 16) Message: WebSocket connection to 'wss://127.0.0.1:5931/' failed: WebSocket is closed before the connection is established.
worker	warning	URL: blob:https://hotel-745964.eu/e4002245-4acc-4d19-8431-941803c6377b(Line 16) Message: WebSocket connection to 'wss://127.0.0.1:5279/' failed: WebSocket is closed before the connection is established.
worker	warning	URL: blob:https://hotel-745964.eu/489522e3-0452-41dc-bb86-e23aca3582c9(Line 16) Message: WebSocket connection to 'wss://127.0.0.1:63333/' failed: WebSocket is closed before the connection is established.
worker	warning	URL: blob:https://hotel-745964.eu/395ae1f3-5a1c-4201-83a5-daa0657602ae(Line 16) Message: WebSocket connection to 'wss://127.0.0.1:5901/' failed: WebSocket is closed before the connection is established.
worker	warning	URL: blob:https://hotel-745964.eu/860fd2a1-3533-43f6-8fb3-8e70f97f4330(Line 16) Message: WebSocket connection to 'wss://127.0.0.1:3389/' failed: WebSocket is closed before the connection is established.
worker	warning	URL: blob:https://hotel-745964.eu/e09f6cee-c017-4dd5-ba0a-37b0b7f2b451(Line 16) Message: WebSocket connection to 'wss://127.0.0.1:5938/' failed: WebSocket is closed before the connection is established.
worker	warning	URL: blob:https://hotel-745964.eu/5b328311-c97c-449e-b096-717fd1ee9d47(Line 16) Message: WebSocket connection to 'wss://127.0.0.1:5944/' failed: WebSocket is closed before the connection is established.
worker	warning	URL: blob:https://hotel-745964.eu/0d3ac674-bcba-47af-9fd6-1b0b5b011d1d(Line 16) Message: WebSocket connection to 'wss://127.0.0.1:5902/' failed: WebSocket is closed before the connection is established.
worker	warning	URL: blob:https://hotel-745964.eu/5d5543ef-efac-40c1-81b2-7ec87ca313f7(Line 16) Message: WebSocket connection to 'wss://127.0.0.1:2112/' failed: WebSocket is closed before the connection is established.
worker	warning	URL: blob:https://hotel-745964.eu/3d33ff2b-a0ce-42d9-b30f-b55af114794b(Line 16) Message: WebSocket connection to 'wss://127.0.0.1:5900/' failed: WebSocket is closed before the connection is established.

hotel-745964.eu Open in urlscan Pro 2606:4700:3036::ac43:b4eb Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

92 Requests

77 %HTTPS

33 %IPv6

9 Domains

15 Subdomains

13 IPs

3 Countries

1557 kBTransfer

6441 kBSize

4 Cookies

5 Outgoing links

Page URL History

Redirected requests

92 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

hotel-745964.eu Open in urlscan Pro
2606:4700:3036::ac43:b4eb Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

92
Requests

77 %
HTTPS

33 %
IPv6

9
Domains

15
Subdomains

13
IPs

3
Countries

1557 kB
Transfer

6441 kB
Size

4
Cookies

92 HTTP transactions
0 data transactions