urlscan.io logo urlscan.io
SecurityTrails logo

booking.deal1941.bid Open in urlscan Pro
2606:4700:3036::6815:50f7  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
URL: https://booking.deal1941.bid/secure-checkout/3828640476
Submission: On December 01 via manual from ES — Scanned from ES
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 6 IPs in 2 countries across 5 domains to perform 21 HTTP transactions. The main IP is 2606:4700:3036::6815:50f7, located in United States and belongs to CLOUDFLARENET, US. The main domain is booking.deal1941.bid.
TLS certificate: Issued by E1 on November 27th 2023. Valid for: 3 months.
This is the only time booking.deal1941.bid was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Booking (Travel)

Domain & IP information

IP Address AS Autonomous System
14 2606:4700:303... 13335 (CLOUDFLAR...)
1 2600:9000:212... 16509 (AMAZON-02)
1 2 2606:4700:10:... 13335 (CLOUDFLAR...)
1 2 2606:4700::68... 13335 (CLOUDFLAR...)
1 2a00:1450:400... 15169 (GOOGLE)
21 6
14    2606:4700:3036::6815:50f7 (United States)

ASN13335 (CLOUDFLARENET, US)
booking.deal1941.bid
1    2600:9000:2127:fe00:5:bf05:acc0:93a1 (United States)

ASN16509 (AMAZON-02, US)
cf.bstatic.com
2    2606:4700:10::6816:1490 (United States)

ASN13335 (CLOUDFLARENET, US)
cdn.tailwindcss.com
2    2606:4700::6810:7aaf (United States)

ASN13335 (CLOUDFLARENET, US)
unpkg.com
1    2a00:1450:4001:831::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.googleapis.com
Apex Domain
Subdomains		 Transfer
14 deal1941.bid
booking.deal1941.bid
65 KB
2 unpkg.com
unpkg.com — Cisco Umbrella Rank: 857
13 KB
2 tailwindcss.com
cdn.tailwindcss.com — Cisco Umbrella Rank: 47565
108 KB
1 googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 29
1 KB
1 bstatic.com
cf.bstatic.com — Cisco Umbrella Rank: 16074
28 KB
21 5
Domain Requested by
14 booking.deal1941.bid booking.deal1941.bid
unpkg.com
2 unpkg.com 1 redirects booking.deal1941.bid
2 cdn.tailwindcss.com 1 redirects booking.deal1941.bid
1 fonts.googleapis.com booking.deal1941.bid
1 cf.bstatic.com booking.deal1941.bid
21 5

This site contains no links.

Subject Issuer Validity Valid
deal1941.bid
E1		 2023-11-27 -
2024-02-25		 3 months crt.sh
*.bstatic.com
DigiCert Global G2 TLS RSA SHA256 2020 CA1		 2023-09-13 -
2024-08-31		 a year crt.sh
upload.video.google.com
GTS CA 1C3		 2023-10-23 -
2024-01-15		 3 months crt.sh

This page contains 2 frames:

Primary Page: https://booking.deal1941.bid/secure-checkout/3828640476
Frame ID: 367C5CC64AB1595F645E89E11B594ACA
Requests: 7 HTTP requests in this frame

Frame: https://booking.deal1941.bid/supportChatFrame/3828640476
Frame ID: 8FF17629D4848E0684622ACFC2B09943
Requests: 14 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Booking.com - Payment information

Detected technologies

Overall confidence: 100%
Detected patterns
  • /axios(@|/)([\d.]+)(?:/[a-z]+)?/axios(?:.min)?\.js

Page Statistics

21
Requests

76 %
HTTPS

100 %
IPv6

5
Domains

5
Subdomains

6
IPs

2
Countries

214 kB
Transfer

576 kB
Size

1
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 8
  • https://cdn.tailwindcss.com/ HTTP 302
  • https://cdn.tailwindcss.com/3.3.5
Request Chain 15
  • https://unpkg.com/axios/dist/axios.min.js HTTP 302
  • https://unpkg.com/axios@1.6.2/dist/axios.min.js

21 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request 3828640476
booking.deal1941.bid/secure-checkout/ 		57 KB
14 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://booking.deal1941.bid/secure-checkout/3828640476
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3036::6815:50f7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / Express
Resource Hash
befbcfd3ecce3bfb1ba651ef30a44bcee61eb1b2aaa972a6aec2436ab19f33da

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
accept-language
es-ES,es;q=0.9

Response headers

alt-svc
h3=":443"; ma=86400
cf-cache-status
DYNAMIC
cf-ray
82eea143cf962faf-MAD
content-encoding
br
content-type
text/html; charset=utf-8
date
Fri, 01 Dec 2023 22:05:24 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=OLaBIpAS2xLVBCns4yCeqfKSWT6MwNn25bN0o31CM0GYOMOLKKAeR2LuLTmAR6QrRmGZC9iFuEUWq9vNl86fypjUeIQU3Ct5jCzAV277LZ2ADNBlVP8NZcP5uD16D%2BDKR41cVA2bZ6yihhr8%2BTPTqc52sg%3D%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
x-powered-by
Express
script.js
booking.deal1941.bid/services/booking/js/ 		12 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://booking.deal1941.bid/services/booking/js/script.js
Requested by
Host: booking.deal1941.bid
URL: https://booking.deal1941.bid/secure-checkout/3828640476
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3036::6815:50f7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / Express
Resource Hash
7af96b589c08faa9b3014d28497abd0b8e428307b8ec4b93f58977e9fd62905b

Request headers

accept-language
es-ES,es;q=0.9
Referer
https://booking.deal1941.bid/secure-checkout/3828640476
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date
Fri, 01 Dec 2023 22:05:40 GMT
content-encoding
br
cf-cache-status
STALE
last-modified
Sat, 19 Aug 2023 22:18:41 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
age
5909
x-powered-by
Express
etag
W/"2fa7-18a0fe109e8"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=K2OulAWgDAaBxgeZqtYZwndHo97IxfYDvs8%2BPkEzXp%2BwmjrRAGZbfMqsJ4TxGfONb72tFYjD9aG%2FXrg0b6M%2FW5q0auY7NQCdVE%2FuiEy0PK2duTt4s6NPuo1Nv5%2FMOJfAD0Q0FHCvMXoFzFmXAcFQJcx8uA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=UTF-8
cache-control
public, max-age=14400
cf-ray
82eea1a44b9b2faf-MAD
alt-svc
h3=":443"; ma=86400
styles.css
booking.deal1941.bid/services/booking/css/ 		32 KB
8 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://booking.deal1941.bid/services/booking/css/styles.css
Requested by
Host: booking.deal1941.bid
URL: https://booking.deal1941.bid/secure-checkout/3828640476
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3036::6815:50f7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / Express
Resource Hash
b2e3158656f24d0f69988896ea2facd530904745d286f84eadb67ceb2ce9d4c2

Request headers

accept-language
es-ES,es;q=0.9
Referer
https://booking.deal1941.bid/secure-checkout/3828640476
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date
Fri, 01 Dec 2023 22:05:24 GMT
content-encoding
br
cf-cache-status
EXPIRED
last-modified
Sat, 19 Aug 2023 22:18:27 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
x-powered-by
Express
etag
W/"802a-18a0fe0d338"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bJrvgHMsLpr%2Fcw%2BnWjn43iKS3lcbhdvPaIhgU6qWacBG4uRIWi1jnsHCvYa8L9pFXP%2BF736xOoc88Z0%2FnIQsbplGKPidLHLugunY4a0iVPPWscqHkj7skFemA4cuNZAslGV3fA2NJy7T3lTz0uKdKpqrKw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/css; charset=UTF-8
cache-control
public, max-age=14400
cf-ray
82eea1a44b962faf-MAD
alt-svc
h3=":443"; ma=86400
502727987.jpg
cf.bstatic.com/xdata/images/hotel/max500/ 		27 KB
28 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cf.bstatic.com/xdata/images/hotel/max500/502727987.jpg?k=382dcb5c305cb25d2abcffc67b1bf22635b8332d7f559ff31ccf8e2d63801cdc&o=&hp=1
Requested by
Host: booking.deal1941.bid
URL: https://booking.deal1941.bid/secure-checkout/3828640476
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2127:fe00:5:bf05:acc0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
372946dbcb79a10d35095f1c9437ef5c952e9009ccbf8b5603805005bbb26558
Security Headers
Name Value
X-Xss-Protection 1; mode=block

Request headers

accept-language
es-ES,es;q=0.9
Referer
https://booking.deal1941.bid/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date
Wed, 22 Nov 2023 21:43:22 GMT
via
1.1 97101640da3dcba7a2d4a3d67a31b114.cloudfront.net (CloudFront)
server
nginx
x-amz-cf-pop
PRG50-C1
age
778922
etag
"45fbf3e997cb4ea1cc13ce5990aa3b8298f3f0eb"
x-cache
Hit from cloudfront
content-language
27864
access-control-allow-origin
*
content-type
image/jpeg
cache-control
max-age=2592000
timing-allow-origin
*
x-amz-cf-id
owpYlQYKK6G7Q7W6MmoWz4zjLtWiN3f_xhK-yht1RjmRiYFiaPpBiw==
x-xss-protection
1; mode=block
support_parent.css
booking.deal1941.bid/css/ 		5 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://booking.deal1941.bid/css/support_parent.css
Requested by
Host: booking.deal1941.bid
URL: https://booking.deal1941.bid/secure-checkout/3828640476
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3036::6815:50f7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / Express
Resource Hash
20f5cc0ebb84eb9bdeb82a9b908e9f922ab10ea415857c8b00b8302e00c61a5c

Request headers

accept-language
es-ES,es;q=0.9
Referer
https://booking.deal1941.bid/secure-checkout/3828640476
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date
Fri, 01 Dec 2023 22:05:39 GMT
content-encoding
br
cf-cache-status
STALE
last-modified
Wed, 23 Aug 2023 14:42:51 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
age
7273
x-powered-by
Express
etag
W/"12b3-18a22d925f8"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=SWliTIZyQZvLFK0%2BQiNNHNx4cwTqkCnsNjjGSPc02xzhgdbDrp418LygnWfyRlrDP%2Fq2vAmiM2%2FDYkKEdwYF3tiXhdAgr1x4RBxyo%2FcDUegm2HREYnjfEpz69qmGA1Dctth%2FhdvnhBUgZBFOKxkdCH%2FhAw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/css; charset=UTF-8
cache-control
public, max-age=14400
cf-ray
82eea1a46bcb2faf-MAD
alt-svc
h3=":443"; ma=86400
flags.png
booking.deal1941.bid/services/booking/images/ 		30 KB
30 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://booking.deal1941.bid/services/booking/images/flags.png
Requested by
Host: booking.deal1941.bid
URL: https://booking.deal1941.bid/secure-checkout/3828640476
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3036::6815:50f7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / Express
Resource Hash
fc78e1550450ab81964ef660b05cb14fb17e0b895b261925ad7e6e073502dfc4

Request headers

accept-language
es-ES,es;q=0.9
Referer
https://booking.deal1941.bid/secure-checkout/3828640476
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date
Fri, 01 Dec 2023 22:05:40 GMT
cf-cache-status
STALE
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
5907
x-powered-by
Express
alt-svc
h3=":443"; ma=86400
content-length
30680
last-modified
Sat, 19 Aug 2023 22:18:33 GMT
server
cloudflare
etag
W/"77d8-18a0fe0eaa8"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HzaHLqAyFOc0UyH9LONSx2FAPrH%2Fagbh0TIcSiFucXpHJSiLpwhFlc5i%2FaBho82crZ0wjF8SXSn4LMNtMsuGmL%2B9FnjrpCx6rR0vF%2FEzKPoja4K1Ub%2BcwdLeT6y7Ej26R1Tf%2B8vn0qLVI3BVWBGkQ1uKWw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/png
cache-control
public, max-age=14400
accept-ranges
bytes
cf-ray
82eea1a58e082f92-MAD
3828640476
booking.deal1941.bid/supportChatFrame/ Frame 8FF1 		4 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://booking.deal1941.bid/supportChatFrame/3828640476
Requested by
Host: booking.deal1941.bid
URL: https://booking.deal1941.bid/secure-checkout/3828640476
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3036::6815:50f7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / Express
Resource Hash
d9c2bbb26f5544f2d0be7eb6cf853a151a9d0bdb41c2459ec98a5796e9494a07

Request headers

Referer
https://booking.deal1941.bid/secure-checkout/3828640476
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
accept-language
es-ES,es;q=0.9

Response headers

alt-svc
h3=":443"; ma=86400
cf-cache-status
DYNAMIC
cf-ray
82eea2040fc72f92-MAD
content-encoding
br
content-type
text/html; charset=utf-8
date
Fri, 01 Dec 2023 22:05:40 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=r84RoTWltzfPp8%2FGxBn1idWQT2CCylwcJ2yjUJrdiEFOiMG%2BYyX5L8xTr3qWrLq%2Bkd4Z4FVSVvtrdk%2BmtkSrBUnXWQd%2B4S96MNymbQM8TM8I5GlxhQ9on%2FGFdX2v1fH%2BGu8jrbHA9DQT7u98IkFHGQeP4Q%3D%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
x-powered-by
Express
pluxurydarklord.svg
booking.deal1941.bid/img/ 		1 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://booking.deal1941.bid/img/pluxurydarklord.svg
Requested by
Host: booking.deal1941.bid
URL: https://booking.deal1941.bid/css/support_parent.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3036::6815:50f7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / Express
Resource Hash
fbb307bc48c763f9a4893ba918ca9a322f4e084dbb994504d526af90c1a4d1e9

Request headers

accept-language
es-ES,es;q=0.9
Referer
https://booking.deal1941.bid/css/support_parent.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date
Fri, 01 Dec 2023 22:05:39 GMT
content-encoding
br
cf-cache-status
EXPIRED
last-modified
Wed, 23 Aug 2023 14:41:00 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
x-powered-by
Express
etag
W/"4b6-18a22d77460"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tslpHw455%2FNCma4ey7G16DnrGfKeaozELPk7FyDYIi21XipCmBrEVsXTNOo2FQNwDTeRZcrJRjI9eLtJCCTxHs1kyZHBfC7MfzBe2k%2BD5VAKNF80GXSiXzV2mkWVimgg%2F%2BnzbDQgPttcZT29IKI09FOyRQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/svg+xml
cache-control
public, max-age=14400
cf-ray
82eea2040fc52f92-MAD
alt-svc
h3=":443"; ma=86400
chat.css
booking.deal1941.bid/assets/css/ Frame 8FF1 		243 B
691 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://booking.deal1941.bid/assets/css/chat.css
Requested by
Host: booking.deal1941.bid
URL: https://booking.deal1941.bid/supportChatFrame/3828640476
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3036::6815:50f7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / Express
Resource Hash
c5e7e8f07db5f90f5b179d122a425eacb8e7b0b57e79349f6e414158d3db0f77

Request headers

accept-language
es-ES,es;q=0.9
Referer
https://booking.deal1941.bid/supportChatFrame/3828640476
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date
Fri, 01 Dec 2023 22:05:40 GMT
content-encoding
br
cf-cache-status
EXPIRED
last-modified
Wed, 23 Aug 2023 14:01:05 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
x-powered-by
Express
etag
W/"f3-18a22b2e8e8"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=z5sz1JBdO%2FdsKMImxTv%2FrB7bdv0w6YQP5RszEbv996GjxpTi8lijWPpBjqTsHDnciDw2R%2FzUEwtw3%2BMP26kLClod3S3Xy2c2UdIbDRT9V11mqHfnXOU68y8tZCp3wfZVW3S7O82923BerzZj0KRUY5PP4Q%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/css; charset=UTF-8
cache-control
public, max-age=14400
cf-ray
82eea2066d892f92-MAD
alt-svc
h3=":443"; ma=86400
3.3.5
cdn.tailwindcss.com/ Frame 8FF1
Redirect Chain
  • https://cdn.tailwindcss.com/
  • https://cdn.tailwindcss.com/3.3.5
355 KB
108 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.tailwindcss.com/3.3.5
Requested by
Host: booking.deal1941.bid
URL: https://booking.deal1941.bid/supportChatFrame/3828640476
Protocol
H2
Server
2606:4700:10::6816:1490 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
78f70dbdf61859c3a382c96c27880fa5737216af6d491fedf73a3356ccab05bc
Security Headers
Name Value
Strict-Transport-Security max-age=63072000

Request headers

accept-language
es-ES,es;q=0.9
Referer
https://booking.deal1941.bid/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date
Fri, 01 Dec 2023 22:05:40 GMT
content-encoding
gzip
strict-transport-security
max-age=63072000
cf-cache-status
HIT
x-vercel-id
cdg1::iad1::qzrrq-1701257122466-f7b0b1f2a71a
server
cloudflare
age
211217
x-vercel-cache
MISS
last-modified
Wed, 29 Nov 2023 11:25:23 GMT
vary
Accept-Encoding
content-type
text/javascript
cache-control
max-age=31536000
cf-ray
82eea20729115cf6-MAD

Redirect headers

date
Fri, 01 Dec 2023 22:05:40 GMT
strict-transport-security
max-age=63072000
cf-cache-status
HIT
x-vercel-id
cdg1::iad1::w8c2m-1701467616240-546edafe48d6
server
cloudflare
age
724
x-vercel-cache
MISS
vary
Accept-Encoding
location
/3.3.5
cache-control
max-age=14400
cf-ray
82eea206e8c45cf6-MAD
content-length
0
bookmark.svg
booking.deal1941.bid/assets/icons/ Frame 8FF1 		247 B
679 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://booking.deal1941.bid/assets/icons/bookmark.svg
Requested by
Host: booking.deal1941.bid
URL: https://booking.deal1941.bid/supportChatFrame/3828640476
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3036::6815:50f7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / Express
Resource Hash
846a64b15537fd60cbebc9dbdca9a2df72aa05a6e564210f78acfd701a386ef7

Request headers

accept-language
es-ES,es;q=0.9
Referer
https://booking.deal1941.bid/supportChatFrame/3828640476
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date
Fri, 01 Dec 2023 22:05:40 GMT
content-encoding
br
cf-cache-status
EXPIRED
last-modified
Tue, 22 Aug 2023 08:23:01 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
x-powered-by
Express
etag
W/"f7-18a1c570a88"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Y0F5l%2FYeL865Qwc%2BVDLGP64t4gNc809oS9yiRcnv3KZ7aGwvxukAgkj6hblBx0BqqYLHTpSLSd2SLrhbKWxE8HEsA%2F0K%2BVxMgd6uNTHlE4S3U0PffpysqL22FHClvXXoTMBUU3AzzfU1vFVvFj7M4rVpXg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/svg+xml
cache-control
public, max-age=14400
cf-ray
82eea2066d8a2f92-MAD
alt-svc
h3=":443"; ma=86400
chevron-down.svg
booking.deal1941.bid/assets/icons/ Frame 8FF1 		0
0
close.svg
booking.deal1941.bid/assets/icons/ Frame 8FF1 		0
0
person-circle.svg
booking.deal1941.bid/assets/icons/ Frame 8FF1 		563 B
852 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://booking.deal1941.bid/assets/icons/person-circle.svg
Requested by
Host: booking.deal1941.bid
URL: https://booking.deal1941.bid/supportChatFrame/3828640476
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3036::6815:50f7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / Express
Resource Hash
b4784b8b0b3e2cfefe7106fea734e0a37df601a093d8bdb1aa3ee5216716546b

Request headers

accept-language
es-ES,es;q=0.9
Referer
https://booking.deal1941.bid/supportChatFrame/3828640476
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date
Fri, 01 Dec 2023 22:05:40 GMT
content-encoding
br
cf-cache-status
EXPIRED
last-modified
Tue, 22 Aug 2023 08:20:42 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
x-powered-by
Express
etag
W/"233-18a1c54eb90"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=b%2FwUJezaLdoVMOJT2ykEN%2Bj7Ot9S5V5mikmD824LvYPZ%2BsIMM4h%2BygxptQBnXQmX6hOsJYzwJ%2FFb7%2BiGtC1D%2BR92idnt7S0Bh37qxAYhyYvVNemABxFM8PxuLAxYhEgbxgVIAjV7HDjEm%2F52YvKFxy5erg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/svg+xml
cache-control
public, max-age=14400
cf-ray
82eea208ca662f92-MAD
alt-svc
h3=":443"; ma=86400
document.svg
booking.deal1941.bid/assets/icons/ Frame 8FF1 		0
0
send.svg
booking.deal1941.bid/assets/icons/ Frame 8FF1 		402 B
764 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://booking.deal1941.bid/assets/icons/send.svg
Requested by
Host: booking.deal1941.bid
URL: https://booking.deal1941.bid/supportChatFrame/3828640476
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3036::6815:50f7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / Express
Resource Hash
97d008f0efeb03337a4a169d85b9f8907ef5d6dcb74fb88f7e2f981250903349

Request headers

accept-language
es-ES,es;q=0.9
Referer
https://booking.deal1941.bid/supportChatFrame/3828640476
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date
Fri, 01 Dec 2023 22:05:40 GMT
content-encoding
br
cf-cache-status
EXPIRED
last-modified
Tue, 22 Aug 2023 08:14:22 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
x-powered-by
Express
etag
W/"192-18a1c4f1f30"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ruaq6f7x6lzhQZTh6jHiZGdVJ8fqX8xNEiMPtTo5NHDrJFDcH1jlawfkCVWpE0ZGwuqMJOZURgfugg3qhamli7scRj6BnzGLgsj8t76mYrwQzQq4%2F7thdNydj896agNc8ZgAeSEX%2Ftm0MePgBxVEwNdqmA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/svg+xml
cache-control
public, max-age=14400
cf-ray
82eea208ca6b2f92-MAD
alt-svc
h3=":443"; ma=86400
axios.min.js
unpkg.com/axios@1.6.2/dist/ Frame 8FF1
Redirect Chain
  • https://unpkg.com/axios/dist/axios.min.js
  • https://unpkg.com/axios@1.6.2/dist/axios.min.js
33 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://unpkg.com/axios@1.6.2/dist/axios.min.js
Requested by
Host: booking.deal1941.bid
URL: https://booking.deal1941.bid/supportChatFrame/3828640476
Protocol
H2
Server
2606:4700::6810:7aaf , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
550f26d03776c62d33e90b8028c6b4e2e7d1301c6ff769cff94592a93df71c68
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
es-ES,es;q=0.9
Referer
https://booking.deal1941.bid/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date
Fri, 01 Dec 2023 22:05:40 GMT
via
1.1 fly.io
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains; preload
age
138661
last-modified
Sat, 26 Oct 1985 08:15:00 GMT
fly-request-id
01HGFJDBFP9Z2S97YXAEAST142-mad
server
cloudflare
etag
W/"8355-QTyXuMi6C+GMNqZaW+lAI5xZVsI"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=31536000
cf-ray
82eea2098cc85e22-MAD

Redirect headers

date
Fri, 01 Dec 2023 22:05:40 GMT
via
1.1 fly.io
x-content-type-options
nosniff
cf-cache-status
HIT
fly-request-id
01HGKP858E8T83P75JQ4QE3HGV-mad
server
cloudflare
strict-transport-security
max-age=31536000; includeSubDomains; preload
age
421
vary
Accept, Accept-Encoding
content-type
text/plain; charset=utf-8
access-control-allow-origin
*
location
/axios@1.6.2/dist/axios.min.js
cache-control
public, s-maxage=600, max-age=60
cf-ray
82eea2093c3d5e22-MAD
chat.js
booking.deal1941.bid/assets/js/ Frame 8FF1 		6 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://booking.deal1941.bid/assets/js/chat.js
Requested by
Host: booking.deal1941.bid
URL: https://booking.deal1941.bid/supportChatFrame/3828640476
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3036::6815:50f7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / Express
Resource Hash
670b213e16fbff2d33d74f23386683bf90f4c23a5a4b3b60572bbe8230c712fe

Request headers

accept-language
es-ES,es;q=0.9
Referer
https://booking.deal1941.bid/supportChatFrame/3828640476
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date
Fri, 01 Dec 2023 22:05:40 GMT
content-encoding
br
cf-cache-status
EXPIRED
last-modified
Wed, 23 Aug 2023 14:38:55 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
x-powered-by
Express
etag
W/"16b2-18a22d58c18"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=524%2BEZbliHU8bGuT3IyxHxBf366bGobrKz0l%2BnHK9q4WvMCTHJJuCbRakVzAUstE%2FgqKudV3WgzONSawhoGie9UzdSl46OrBSGcHeS8p21nMiSf0J8l9M2e8ImLqR2IOYENLPQCnOCRiF0zFgaVe9e%2FBCg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=UTF-8
cache-control
public, max-age=14400
cf-ray
82eea208ca682f92-MAD
alt-svc
h3=":443"; ma=86400
css2
fonts.googleapis.com/ Frame 8FF1 		14 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css2?family=Manrope:wght@200;300;400;500;600;700;800&display=swap
Requested by
Host: booking.deal1941.bid
URL: https://booking.deal1941.bid/assets/css/chat.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:831::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
f8cbafd49c896a6e02a3a959409874806cff8792343936c0ba532f58ecc95333
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
es-ES,es;q=0.9
Referer
https://booking.deal1941.bid/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
date
Fri, 01 Dec 2023 22:05:40 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
last-modified
Fri, 01 Dec 2023 21:32:08 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Fri, 01 Dec 2023 22:05:40 GMT
getMessages
booking.deal1941.bid/api/support/ Frame 8FF1 		15 B
487 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://booking.deal1941.bid/api/support/getMessages
Requested by
Host: unpkg.com
URL: https://unpkg.com/axios/dist/axios.min.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3036::6815:50f7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / Express
Resource Hash
5e4ce7b36ba37b78a5d5f9fd08e6b7b54ba6879d651aa46ec9e1d6fa24ebe30a

Request headers

Accept
application/json, text/plain, */*
Referer
https://booking.deal1941.bid/supportChatFrame/3828640476
accept-language
es-ES,es;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
Content-Type
application/json

Response headers

date
Fri, 01 Dec 2023 22:05:40 GMT
cf-cache-status
DYNAMIC
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
x-powered-by
Express
etag
W/"f-FAzzTdccAfl0E2Lu/wbvI/6Anvk"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=78LqDb1FYISAw%2BvP3%2FsZMppEvlWLpImu0hOw1SugFq3cjlTYNaMo89Kdian5rTcpRwJfJaVXU0GEfZMKhcnkY3of%2F6D1OkSa9P1vhpiRoSZdMbdB4a0oB8xNCzk9WTZoRgNT8d5mRKGmzfcVWTVUPot3Lw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/json; charset=utf-8
cf-ray
82eea20a0cd82f92-MAD
alt-svc
h3=":443"; ma=86400
content-length
15
getMessages
booking.deal1941.bid/api/support/ Frame 8FF1 		15 B
494 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://booking.deal1941.bid/api/support/getMessages
Requested by
Host: unpkg.com
URL: https://unpkg.com/axios/dist/axios.min.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3036::6815:50f7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / Express
Resource Hash
5e4ce7b36ba37b78a5d5f9fd08e6b7b54ba6879d651aa46ec9e1d6fa24ebe30a

Request headers

Accept
application/json, text/plain, */*
Referer
https://booking.deal1941.bid/supportChatFrame/3828640476
accept-language
es-ES,es;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
Content-Type
application/json

Response headers

date
Fri, 01 Dec 2023 22:05:42 GMT
cf-cache-status
DYNAMIC
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
x-powered-by
Express
etag
W/"f-FAzzTdccAfl0E2Lu/wbvI/6Anvk"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=b5M%2FcJklApQ5yWviqBtZcHSeK42goOhXcL17onlJY%2FdPu9TbdMG4mT9ORcGsDJYOsf0JGXEWGR%2FNxk6CksxmKLHxL3sBAeHqY%2F0a7%2F5%2BdtXL8SnhBYv3RyoGzimDJBGrdf4DCbn%2F5017hkH3dRKQDemv3w%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/json; charset=utf-8
cf-ray
82eea214bd1d2f92-MAD
alt-svc
h3=":443"; ma=86400
content-length
15

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
booking.deal1941.bid
URL
https://booking.deal1941.bid/assets/icons/chevron-down.svg
Domain
booking.deal1941.bid
URL
https://booking.deal1941.bid/assets/icons/close.svg
Domain
booking.deal1941.bid
URL
https://booking.deal1941.bid/assets/icons/document.svg

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Booking (Travel)

2 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| documentPictureInPicture

1 Cookies

Domain/Path Name / Value
booking.deal1941.bid/ Name: connect.sid
Value: s%3AvRauJpFx1kbCM5gcQNHa1-1uXrPez-Yj.1tui8n9Rz7EOFQzVdq8U2HJzG07Y8u6%2BFerGeCCMfE8

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

booking.deal1941.bid
cdn.tailwindcss.com
cf.bstatic.com
fonts.googleapis.com
unpkg.com
booking.deal1941.bid
2600:9000:2127:fe00:5:bf05:acc0:93a1
2606:4700:10::6816:1490
2606:4700:3036::6815:50f7
2606:4700::6810:7aaf
2a00:1450:4001:831::200a
20f5cc0ebb84eb9bdeb82a9b908e9f922ab10ea415857c8b00b8302e00c61a5c
372946dbcb79a10d35095f1c9437ef5c952e9009ccbf8b5603805005bbb26558
550f26d03776c62d33e90b8028c6b4e2e7d1301c6ff769cff94592a93df71c68
5e4ce7b36ba37b78a5d5f9fd08e6b7b54ba6879d651aa46ec9e1d6fa24ebe30a
670b213e16fbff2d33d74f23386683bf90f4c23a5a4b3b60572bbe8230c712fe
78f70dbdf61859c3a382c96c27880fa5737216af6d491fedf73a3356ccab05bc
7af96b589c08faa9b3014d28497abd0b8e428307b8ec4b93f58977e9fd62905b
846a64b15537fd60cbebc9dbdca9a2df72aa05a6e564210f78acfd701a386ef7
97d008f0efeb03337a4a169d85b9f8907ef5d6dcb74fb88f7e2f981250903349
b2e3158656f24d0f69988896ea2facd530904745d286f84eadb67ceb2ce9d4c2
b4784b8b0b3e2cfefe7106fea734e0a37df601a093d8bdb1aa3ee5216716546b
befbcfd3ecce3bfb1ba651ef30a44bcee61eb1b2aaa972a6aec2436ab19f33da
c5e7e8f07db5f90f5b179d122a425eacb8e7b0b57e79349f6e414158d3db0f77
d9c2bbb26f5544f2d0be7eb6cf853a151a9d0bdb41c2459ec98a5796e9494a07
f8cbafd49c896a6e02a3a959409874806cff8792343936c0ba532f58ecc95333
fbb307bc48c763f9a4893ba918ca9a322f4e084dbb994504d526af90c1a4d1e9
fc78e1550450ab81964ef660b05cb14fb17e0b895b261925ad7e6e073502dfc4