urlscan.io logo urlscan.io
SecurityTrails logo

accpayablesloveniaecoresort-max.github.io
2606:50c0:8001::153  Malicious Activity! Public Scan Open in urlscan Pro

Go To Rescan Add Verdict Report
Submitted URL: http://three-yummy-voyage.glitch.me/ 9mo old
Effective URL: https://accpayablesloveniaecoresort-max.github.io/brooks// 9mo old
Submission: On September 03 via automatic, source phishstats — Scanned from CH
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 3 IPs in 2 countries across 4 domains to perform 9 HTTP transactions. The main IP is 2606:50c0:8001::153, located in United States and belongs to FASTLY, US. The main domain is accpayablesloveniaecoresort-max.github.io. 9mo old
TLS certificate: Issued by Sectigo RSA Domain Validation Secure ... on March 7th 2025. Valid for: 1yr.
This is the only time accpayablesloveniaecoresort-max.github.io was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Booking (Travel)

Domain & IP information

IP Address AS Autonomous System
1 1 2a04:4e42::571 54113 (FASTLY)
2 2606:50c0:800... 54113 (FASTLY)
5 2600:9000:20e... 16509 (AMAZON-02)
2 104.18.10.207 13335 (CLOUDFLAR...)
9 3
Apex Domain
Subdomains		 Transfer
5 bstatic.com
cf.bstatic.com — Cisco Umbrella Rank: 23083 6yr old
xx.bstatic.com — Cisco Umbrella Rank: 23796 6yr old
37 KB
2 bootstrapcdn.com
maxcdn.bootstrapcdn.com — Cisco Umbrella Rank: 1184 9yr old
stackpath.bootstrapcdn.com — Cisco Umbrella Rank: 3417 8yr old
29 KB
2 github.io
accpayablesloveniaecoresort-max.github.io 9mo old
71 KB
1 glitch.me
three-yummy-voyage.glitch.me 9mo old
228 B
9 4
Domain Requested by
3 cf.bstatic.com accpayablesloveniaecoresort-max.github.io
2 xx.bstatic.com
2 accpayablesloveniaecoresort-max.github.io accpayablesloveniaecoresort-max.github.io
1 stackpath.bootstrapcdn.com accpayablesloveniaecoresort-max.github.io
1 maxcdn.bootstrapcdn.com accpayablesloveniaecoresort-max.github.io
1 three-yummy-voyage.glitch.me 1 redirects
9 6

This site contains links to these domains. Also see Links.

Domain
booking.com
Subject Issuer Validity Valid
*.github.io
Sectigo RSA Domain Validation Secure Server CA		 2025-03-07 -
2026-03-07		 1yr crt.sh
*.bstatic.com
DigiCert Global G2 TLS RSA SHA256 2020 CA1		 2024-11-21 -
2025-11-20		 1yr crt.sh
bootstrapcdn.com
WE1		 2025-07-12 -
2025-10-10		 3mo crt.sh

This page contains 1 frames:

Primary Page: https://accpayablesloveniaecoresort-max.github.io/brooks//
Frame ID: 4CD5AA7246D755E705CAE90A1A71B281
Requests: 9 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Sign in | Booking.com

Page URL History Show full URLs

  1. http://three-yummy-voyage.glitch.me/ HTTP 307
    https://three-yummy-voyage.glitch.me/ HTTP 308
    https://accpayablesloveniaecoresort-max.github.io/brooks// Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js
Overall confidence: 100%
Detected patterns
  • ^https?://[^/]+\.github\.io
Overall confidence: 100%
Detected patterns
  • jquery[.-]([\d.]*\d)[^/]*\.js
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

9
Requests

100 %
HTTPS

75 %
IPv6

4
Domains

6
Subdomains

3
IPs

2
Countries

137 kB
Transfer

543 kB
Size

0
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://three-yummy-voyage.glitch.me/ HTTP 307
    https://three-yummy-voyage.glitch.me/ HTTP 308
    https://accpayablesloveniaecoresort-max.github.io/brooks// Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

9 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
accpayablesloveniaecoresort-max.github.io/brooks//
Redirect Chain
  • http://three-yummy-voyage.glitch.me/
  • https://three-yummy-voyage.glitch.me/
  • https://accpayablesloveniaecoresort-max.github.io/brooks//
227 KB
71 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://accpayablesloveniaecoresort-max.github.io/brooks//
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:50c0:8001::153 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
GitHub.com /
Resource Hash
7b9245bac385b90986dfb6b75fcb057dc17547b68a8d62493e8d5f2eaebbde77
Security Headers
Name Value
Strict-Transport-Security max-age=31556952

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/139.0.0.0 Safari/537.36

Response headers

accept-ranges
bytes
access-control-allow-origin
*
age
0
cache-control
max-age=600
content-encoding
gzip
content-length
72708
content-type
text/html; charset=utf-8
date
Wed, 03 Sep 2025 04:00:57 GMT
etag
W/"68b607bf-38cc0"
expires
Tue, 02 Sep 2025 16:22:57 GMT
last-modified
Mon, 01 Sep 2025 20:53:19 GMT
server
GitHub.com
strict-transport-security
max-age=31556952
vary
Accept-Encoding
via
1.1 varnish
x-cache
HIT
x-cache-hits
0
x-fastly-request-id
757739069ddd89726c3a3c2cb55fdd5aa8eff078
x-github-request-id
4188:132DBD:641AF5:64BB81:68B71787
x-proxy-cache
MISS
x-served-by
cache-fra-eddf8230119-FRA
x-timer
S1756872057.477700,VS0,VE111

Redirect headers

accept-ranges
bytes
access-control-allow-origin
*
content-length
0
date
Wed, 03 Sep 2025 04:00:57 GMT
location
https://accpayablesloveniaecoresort-max.github.io/brooks//
retry-after
0
server
Varnish
via
1.1 varnish
x-cache
HIT
x-cache-hits
0
x-glitch-project-name
three-yummy-voyage
x-served-by
cache-fra-eddf8230107-FRA
x-timer
S1756872057.400709,VS0,VE0
372_324d57c6dadec09cd82b.css
cf.bstatic.com/psb/accountsportal/assets/ 		98 KB
17 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://cf.bstatic.com/psb/accountsportal/assets/372_324d57c6dadec09cd82b.css
Requested by
Host: accpayablesloveniaecoresort-max.github.io
URL: https://accpayablesloveniaecoresort-max.github.io/brooks//
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:20e8:d400:5:bf05:acc0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
25273875d9a172ba824e26a9ba5795c362b4f8c3cafa79e41e51bc29a75e866b

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/139.0.0.0 Safari/537.36
Referer
https://accpayablesloveniaecoresort-max.github.io/

Response headers

vary
accept-encoding, Origin
timing-allow-origin
*
content-encoding
br
etag
W/"3657f0a73c876e6401617b0b699a7211"
x-amz-version-id
DRtn.Sks5MYwvAV.hkTjpCFjRG2v2F85
age
10831
via
1.1 bc7c353da4431a6dd3688d01f8a48b98.cloudfront.net (CloudFront)
x-cache
Hit from cloudfront
x-amz-cf-id
3_cK61tbt6EdBKeH75XaqwFB22N8FMgx7TagjIBZMmNWeMBizf2uBg==
date
Wed, 03 Sep 2025 01:00:27 GMT
content-type
text/css
last-modified
Wed, 29 May 2024 11:22:19 GMT
server
AmazonS3
x-amz-cf-pop
FRA56-P13
x-amz-server-side-encryption
AES256
370_0e50f969419eed8c0cdd.css
cf.bstatic.com/psb/accountsportal/assets/ 		55 KB
5 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://cf.bstatic.com/psb/accountsportal/assets/370_0e50f969419eed8c0cdd.css
Requested by
Host: accpayablesloveniaecoresort-max.github.io
URL: https://accpayablesloveniaecoresort-max.github.io/brooks//
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:20e8:d400:5:bf05:acc0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
e52f5ee5619f26fdef74c42542fd810fabf72ac56bd6243bfde730abea6321eb

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/139.0.0.0 Safari/537.36
Referer
https://accpayablesloveniaecoresort-max.github.io/

Response headers

vary
accept-encoding, Origin
timing-allow-origin
*
content-encoding
gzip
etag
W/"6f74b1b6cf0dddfcf1731fa3af74e049"
x-amz-version-id
yBUGo8e6tJgo6rYftSJsZ6XojHtcmTa5
age
21
via
1.1 bc7c353da4431a6dd3688d01f8a48b98.cloudfront.net (CloudFront)
x-cache
Hit from cloudfront
x-amz-cf-id
VwO6tobNjPAsIXLXDvRUSAi5h1N1LaCNhqK24bHkG9akyXdiOOwl2w==
date
Wed, 03 Sep 2025 04:00:37 GMT
content-type
text/css
last-modified
Wed, 29 May 2024 11:22:19 GMT
server
AmazonS3
x-amz-cf-pop
FRA56-P13
x-amz-server-side-encryption
AES256
826_7174cdd82ad7b561895b.css
cf.bstatic.com/psb/accountsportal/assets/ 		63 KB
13 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://cf.bstatic.com/psb/accountsportal/assets/826_7174cdd82ad7b561895b.css
Requested by
Host: accpayablesloveniaecoresort-max.github.io
URL: https://accpayablesloveniaecoresort-max.github.io/brooks//
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:20e8:d400:5:bf05:acc0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
7c1dc3f416356eddb1824bda5e9b29f6b5216c13cf6f876a80572fe1f6ba1cb1

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/139.0.0.0 Safari/537.36
Referer
https://accpayablesloveniaecoresort-max.github.io/

Response headers

vary
accept-encoding, Origin
timing-allow-origin
*
content-encoding
br
etag
W/"1e0c425b809fc8320f33731554fb175d"
x-amz-version-id
pTfbHsMjjeYPARJ1SpHyQD1rztsfY_ef
age
68285
via
1.1 bc7c353da4431a6dd3688d01f8a48b98.cloudfront.net (CloudFront)
x-cache
Hit from cloudfront
x-amz-cf-id
F1L_DlzOOS1dUd4rbSo5DQ8ngOr0UBb-JXrjFGEX-emsVeck9NYvDw==
date
Tue, 02 Sep 2025 09:02:53 GMT
content-type
text/css
last-modified
Wed, 29 May 2024 11:22:31 GMT
server
AmazonS3
x-amz-cf-pop
FRA56-P13
x-amz-server-side-encryption
AES256
jquery-3.3.1.js
accpayablesloveniaecoresort-max.github.io/brooks//js/ 		0
0 		Script
General
Check archive.org
Download Go to
Full URL
https://accpayablesloveniaecoresort-max.github.io/brooks//js/jquery-3.3.1.js
Requested by
Host: accpayablesloveniaecoresort-max.github.io
URL: https://accpayablesloveniaecoresort-max.github.io/brooks//
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:50c0:8001::153 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
GitHub.com /
Resource Hash
Security Headers
Name Value
Content-Security-Policy default-src 'none'; style-src 'unsafe-inline'; img-src data:; connect-src 'self'
Strict-Transport-Security max-age=31556952

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/139.0.0.0 Safari/537.36
Origin
https://accpayablesloveniaecoresort-max.github.io
Referer
https://accpayablesloveniaecoresort-max.github.io/brooks//

Response headers

x-fastly-request-id
c6bd6b06ed268e2a1f398a6a3cfb381afbd5ab06
content-encoding
gzip
etag
W/"64d39a40-24a3"
age
0
x-github-request-id
3610:6EEC2:90C950:91E7E2:68B7BD79
x-proxy-cache
MISS
x-cache
MISS
date
Wed, 03 Sep 2025 04:00:57 GMT
content-type
text/html; charset=utf-8
x-served-by
cache-fra-eddf8230119-FRA
x-cache-hits
0
vary
Accept-Encoding
strict-transport-security
max-age=31556952
content-security-policy
default-src 'none'; style-src 'unsafe-inline'; img-src data:; connect-src 'self'
x-timer
S1756872058.748887,VS0,VE113
via
1.1 varnish
accept-ranges
bytes
access-control-allow-origin
*
content-length
5254
server
GitHub.com
bootstrap.min.js
maxcdn.bootstrapcdn.com/bootstrap/4.0.0/js/ 		48 KB
14 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/js/bootstrap.min.js
Requested by
Host: accpayablesloveniaecoresort-max.github.io
URL: https://accpayablesloveniaecoresort-max.github.io/brooks//
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.18.10.207 , Ascension Island, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e7ed36ceee5450b4243bbc35188afabdfb4280c7c57597001de0ed167299b01b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/139.0.0.0 Safari/537.36
Referer
https://accpayablesloveniaecoresort-max.github.io/

Response headers

cdn-status
200
content-encoding
br
cf-cache-status
HIT
etag
"14d449eb8876fa55e1ef3c2cc52b0c17"
age
2246209
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=86400
server-timing
cfExtPri
date
Wed, 03 Sep 2025 04:00:57 GMT
last-modified
Mon, 25 Jan 2021 22:04:04 GMT
content-type
application/javascript; charset=utf-8
vary
Accept-Encoding
cdn-cache
HIT
cdn-cachedat
03/22/2025 12:19:15
cdn-requestpullcode
200
priority
u=1,i=?0
strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
public, max-age=31919000
cdn-requestpullsuccess
True
timing-allow-origin
*
cdn-requesttime
0
cdn-uid
b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestid
82b6ad584e17de0990f31478408581a3
cross-origin-resource-policy
cross-origin
cdn-pullzone
252412
cdn-proxyver
1.22
cf-ray
979257d91d3c974f-FRA
access-control-allow-origin
*
cdn-edgestorageid
1048
server
cloudflare
cdn-requestcountrycode
DE
bootstrap.min.js
stackpath.bootstrapcdn.com/bootstrap/4.1.3/js/ 		50 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://stackpath.bootstrapcdn.com/bootstrap/4.1.3/js/bootstrap.min.js
Requested by
Host: accpayablesloveniaecoresort-max.github.io
URL: https://accpayablesloveniaecoresort-max.github.io/brooks//
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.18.10.207 , Ascension Island, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
56c12a125b021d21a69e61d7190cefa168d6c28ce715265cea1b3b0112d169c4
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/139.0.0.0 Safari/537.36
Referer
https://accpayablesloveniaecoresort-max.github.io/

Response headers

cdn-status
200
content-encoding
br
cf-cache-status
HIT
etag
"67176c242e1bdc20603c878dee836df3"
age
2320480
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=86400
server-timing
cfExtPri
date
Wed, 03 Sep 2025 04:00:57 GMT
last-modified
Mon, 25 Jan 2021 22:04:06 GMT
content-type
application/javascript; charset=utf-8
vary
Accept-Encoding
cdn-cache
HIT
cdn-cachedat
05/30/2025 17:57:15
cdn-requestpullcode
200
priority
u=1,i=?0
strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
public, max-age=31919000
cdn-requestpullsuccess
True
timing-allow-origin
*
cdn-requesttime
0
cdn-uid
b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestid
4b8cbeecf6408f07f11a30bdc6360ace
cross-origin-resource-policy
cross-origin
cdn-pullzone
252412
cdn-proxyver
1.28
cf-ray
979257d92d42974f-FRA
access-control-allow-origin
*
cdn-edgestorageid
1078
server
cloudflare
cdn-requestcountrycode
DE
favicon.svg
xx.bstatic.com/static/img/ 		1 KB
1 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://xx.bstatic.com/static/img/favicon.svg
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:20e8:d400:5:bf05:acc0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
c80b9838465a2c5aa19e06c25631cd22d81dd8c76563875ebfb4d35304dfba47

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/139.0.0.0 Safari/537.36
Referer
https://accpayablesloveniaecoresort-max.github.io/

Response headers

content-encoding
gzip
x-amz-version-id
VwbCFhERrggKefo2VlEFP.W99wK2hT4K
etag
W/"e8209d74ad093f151954a3820c12e5d8"
age
432436
x-cache
Hit from cloudfront
x-amz-cf-id
h763AZeQENu2gsyMIXE7_eMuuV2znkUkeu6jqLVfqEgCqzyC-wv0fg==
date
Fri, 29 Aug 2025 03:53:43 GMT
content-type
image/svg+xml
vary
accept-encoding, Origin
last-modified
Mon, 14 Apr 2025 14:47:42 GMT
cache-control
public,max-age=604800
timing-allow-origin
*
via
1.1 bc7c353da4431a6dd3688d01f8a48b98.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA56-P13
server
AmazonS3
x-amz-server-side-encryption
AES256
favicon.ico
xx.bstatic.com/static/img/ 		610 B
1 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://xx.bstatic.com/static/img/favicon.ico
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:20e8:d400:5:bf05:acc0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
99af6690771b7b62a1325d0c0b38a9a0300c18921e4877dcf38a239b9c977502

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/139.0.0.0 Safari/537.36
Referer
https://accpayablesloveniaecoresort-max.github.io/

Response headers

x-amz-version-id
GkKri3e97WW34aPE_28mpC72Jgqhno4K
etag
"6018807017afead14417566f975ffdb4"
age
67210
x-cache
Hit from cloudfront
x-amz-cf-id
HUns4GtncPSdNCCdE2FubhA256WJQjVr25c9zjuBTpiwYmqtwsoi9A==
date
Tue, 02 Sep 2025 09:20:49 GMT
content-type
image/vnd.microsoft.icon
last-modified
Mon, 14 Apr 2025 14:47:42 GMT
vary
Origin
cache-control
public,max-age=604800
timing-allow-origin
*
via
1.1 bc7c353da4431a6dd3688d01f8a48b98.cloudfront.net (CloudFront)
accept-ranges
bytes
content-length
610
x-amz-cf-pop
FRA56-P13
server
AmazonS3
x-amz-server-side-encryption
AES256

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Booking (Travel)

3 JavaScript Window variables

These are the non-standard variables defined on the window object. These include var declarations and global functions and can be helpful in identifying possible client-side frameworks and code.

function| $ function| jQuery object| bootstrap

0 Cookies

1 Console Messages

Source Level URL
Text
network error URL: https://accpayablesloveniaecoresort-max.github.io/brooks//js/jquery-3.3.1.js
Message:
Failed to load resource: the server responded with a status of 404 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=31556952