booking-guest.us Open in urlscan Pro
2606:4700:3037::6815:1dc3 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://booking-guest.us/order/208974893
Submission: On May 31 via api (May 31st 2023, 3:12:07 pm UTC) from US — Scanned from US

Summary HTTP 42 Redirects Links 13 Behaviour Indicators

Summary

This website contacted 7 IPs in 3 countries across 8 domains to perform 42 HTTP transactions. The main IP is 2606:4700:3037::6815:1dc3, located in United States and belongs to CLOUDFLARENET, US. The main domain is booking-guest.us.
TLS certificate: Issued by GTS CA 1P5 on May 26th 2023. Valid for: 3 months.

This is the only time booking-guest.us was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Booking (Travel)

Domain & IP information

	IP Address	AS Autonomous System
31	2606:4700:303... 2606:4700:3037::6815:1dc3	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	149.154.164.13 149.154.164.13	62041 (TELEGRAM) (TELEGRAM)
1	2606:4700::68... 2606:4700::6810:7daf	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a04:4e42:200... 2a04:4e42:200::485	54113 (FASTLY) (FASTLY)
1	2606:4700::68... 2606:4700::6811:180e	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2001:4de0:ac1... 2001:4de0:ac18::1:a:2a	20446 (STACKPATH...) (STACKPATH-CDN)
42	7

31 2606:4700:3037::6815:1dc3 (United States)

ASN13335 (CLOUDFLARENET, US)

booking-guest.us	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 149.154.164.13 (London, United Kingdom)

ASN62041 (TELEGRAM, VG)

telegra.ph	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:7daf (United States)

ASN13335 (CLOUDFLARENET, US)

unpkg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a04:4e42:200::485 (United States)

ASN54113 (FASTLY, US)

cdn.jsdelivr.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:180e (United States)

ASN13335 (CLOUDFLARENET, US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:4de0:ac18::1:a:2a (Netherlands)

ASN20446 (STACKPATH-CDN, US)

code.jquery.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
31	booking-guest.us booking-guest.us	301 KB
1	jquery.com code.jquery.com — Cisco Umbrella Rank: 696	30 KB
1	cloudflare.com cdnjs.cloudflare.com — Cisco Umbrella Rank: 199	5 KB
1	jsdelivr.net cdn.jsdelivr.net — Cisco Umbrella Rank: 344	13 KB
1	unpkg.com unpkg.com — Cisco Umbrella Rank: 822	2 KB
1	telegra.ph telegra.ph — Cisco Umbrella Rank: 153778	10 KB
0	bstatic.com Failed cf.bstatic.com Failed
0	Failed function sub() { [native code] }. Failed
42	8

	Domain	Requested by
31	booking-guest.us	booking-guest.us
1	code.jquery.com	booking-guest.us
1	cdnjs.cloudflare.com	booking-guest.us
1	cdn.jsdelivr.net	booking-guest.us
1	unpkg.com	booking-guest.us
1	telegra.ph	booking-guest.us
0	cf.bstatic.com Failed	booking-guest.us
0	ljdobmomdgdljniojadhoplhkpialdid Failed	booking-guest.us
42	8

This site contains links to these domains. Also see Links.

Domain
www.booking.com
secure.booking.com
join.booking.com
account.booking.com

Subject Issuer	Validity	Valid
booking-guest.us GTS CA 1P5	`2023-05-26` - `2023-08-24`	3 months	crt.sh
*.telegra.ph Go Daddy Secure Certificate Authority - G2	`2022-09-13` - `2023-10-15`	a year	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2023-05-02` - `2024-05-01`	a year	crt.sh
jsdelivr.net GlobalSign Atlas R3 DV TLS CA 2022 Q4	`2022-12-23` - `2024-01-24`	a year	crt.sh
*.jquery.com Sectigo RSA Domain Validation Secure Server CA	`2022-08-03` - `2023-07-14`	a year	crt.sh

This page contains 2 frames:

Primary Page: https://booking-guest.us/order/208974893
Frame ID: 59113988B373340CB92D7BCEFC15EED7
Requests: 36 HTTP requests in this frame

Frame: https://booking-guest.us/supportChatFrame/208974893
Frame ID: F9E51FE41475A1747F273AAC43717326
Requests: 6 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Booking.com | Official website | The best hotels and accommodation

Detected technologies

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

Axios (JavaScript libraries) Expand

Overall confidence: 100%
Detected patterns

/axios(@|/)([\d.]+)(?:/[a-z]+)?/axios(?:.min)?\.js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

jsDelivr (CDN) Expand

Overall confidence: 100%
Detected patterns

//cdn\.jsdelivr\.net/

Page Statistics

42
Requests

86 %
HTTPS

83 %
IPv6

8
Domains

8
Subdomains

7
IPs

3
Countries

361 kB
Transfer

1601 kB
Size

2
Cookies

13 Outgoing links

These are links going to different origins than the main page.

URL: https://www.booking.com/index.en.html?label=gen173nr-1DCAEoggI46AdIM1gEaMIBiAEBmAEhuAEXyAEM2AED6AEBiAIBqAIDuALA-qn5BcACAdICJDhkN2YyZGEyLWIyNTItNGYwOS1hY2IxLTM3NGE0ZGRmNmY3MNgCBOACAQ&sid=6f73057af334f8ad16d5eb35163b21c2&srpvid=22a0463f265f008b&click_from_logo=1

Search URL Search Domain Scan URL

URL: https://secure.booking.com/content/cs.en.html?label=gen173nr-1DCAEoggI46AdIM1gEaMIBiAEBmAEhuAEXyAEM2AED6AEBiAIBqAIDuALA-qn5BcACAdICJDhkN2YyZGEyLWIyNTItNGYwOS1hY2IxLTM3NGE0ZGRmNmY3MNgCBOACAQ&sid=6f73057af334f8ad16d5eb35163b21c2&srpvid=22a0463f265f008b&source=header

Search URL Search Domain Scan URL

URL: https://join.booking.com/?lang=ru&utm_source=topbar&utm_medium=frontend&label=gen173nr-1DCAEoggI46AdIM1gEaMIBiAEBmAEhuAEXyAEM2AED6AEBiAIBqAIDuALA-qn5BcACAdICJDhkN2YyZGEyLWIyNTItNGYwOS1hY2IxLTM3NGE0ZGRmNmY3MNgCBOACAQ&aid=304142
Title: Register your property

Search URL Search Domain Scan URL

URL: https://secure.booking.com/mydashboard.en.html
Title: Your account menu Your account

Search URL Search Domain Scan URL

URL: https://www.booking.com/general.en.html?label=gen173nr-1DCAEoggI46AdIM1gEaMIBiAEBmAEhuAEXyAEM2AED6AEBiAIBqAIDuALA-qn5BcACAdICJDhkN2YyZGEyLWIyNTItNGYwOS1hY2IxLTM3NGE0ZGRmNmY3MNgCBOACAQ;sid=6f73057af334f8ad16d5eb35163b21c2;srpvid=22a0463f265f008b&;tmpl=docs/about
Title: About Booking.com

Search URL Search Domain Scan URL

URL: https://www.booking.com/content/cs.en.html?label=gen173nr-1DCAEoggI46AdIM1gEaMIBiAEBmAEhuAEXyAEM2AED6AEBiAIBqAIDuALA-qn5BcACAdICJDhkN2YyZGEyLWIyNTItNGYwOS1hY2IxLTM3NGE0ZGRmNmY3MNgCBOACAQ;sid=6f73057af334f8ad16d5eb35163b21c2;srpvid=22a0463f265f008b&
Title: Support service

Search URL Search Domain Scan URL

URL: https://www.booking.com/content/terms.en.html?label=gen173nr-1DCAEoggI46AdIM1gEaMIBiAEBmAEhuAEXyAEM2AED6AEBiAIBqAIDuALA-qn5BcACAdICJDhkN2YyZGEyLWIyNTItNGYwOS1hY2IxLTM3NGE0ZGRmNmY3MNgCBOACAQ;sid=6f73057af334f8ad16d5eb35163b21c2;srpvid=22a0463f265f008b&
Title: Terms and Conditions

Search URL Search Domain Scan URL

URL: https://www.booking.com/content/privacy.en.html?label=gen173nr-1DCAEoggI46AdIM1gEaMIBiAEBmAEhuAEXyAEM2AED6AEBiAIBqAIDuALA-qn5BcACAdICJDhkN2YyZGEyLWIyNTItNGYwOS1hY2IxLTM3NGE0ZGRmNmY3MNgCBOACAQ;sid=6f73057af334f8ad16d5eb35163b21c2;srpvid=22a0463f265f008b&
Title: Privacy and cookie statement

Search URL Search Domain Scan URL

URL: https://account.booking.com/auth/oauth2?redirect_uri=https%3A%2F%2Fsecure.booking.com%2Flogin.html%3Fop%3Doauth_return&dt=1596655942&client_id=vO1Kblk7xX9tUn2cpZLS&response_type=code&aid=304142&lang=ru&state=UvEJYljhO8yNv9Pun3yJE_uwF5smKqIzb5ScDK-1A9S75CA59V8ryBI-094lYFIYYFYhKYLOBzI_W6WFcii2_Ko-ATcHM6clk3f7YN_xm3MP6zKFSsUrx6Gq_AsWgd3rzw9CNGWn66WcWC3x6_iiOfLZmn3rMXdsIye8_2FnBH5BqA6QNO6jtj4Vv7ZGHQpbuqdL2wmOaimFPdzagCYLNLqQPLzch1CT9K-C04wUCwJM7OPSq_VkxV9O511Mk1HS904_HSwXEH_35qvGRwCUsPciJU6jEkZEpHSbHMNjIrbuLyhGp6iPPajU7A1fHBeglXno8bJNl3RUiHKnKQTU_CWBNxB_NSjwwTOHyrhV06L1k-KkMZQwNAJCEyWF_LBSV2UYabKQzU_J9XaxDzoFyZVkaKsgYhx-Haux63U7fUT9O6tBic-BeXiAaWMPq3DDbpD8evkhHV6qS7-lX1ap_I-8vA4lHqIiIN0VBaBy4o2g-NS_whuloZE75wfAkQZWnIfqaQgGcq6WaGrhQmxq1TxyP02BHrzYbF25okr7eBN-fCGyto3wXuYCrEYxSwJjstGq-_W9AZ4cT1SnIlYA7_LwE_TXZjJEDYpwjn3xupWBrBpE4w1cW51IBzoVkKtduRhjKDU3AnO0WcyT6ngHsPB5b7txE0Ii7JVEYFkIiEkVVP5jJ5BVZuF8VI_bqvIsQkTyB4cgZo1hzQRpirRKwLuWJA1UwkQvxR3SKsweIlhuGPlWD0w020qqI9BaAVx6iQg68RexRt2v5vaZOFaGe9FDedo5BUc7YBL54b2RNhTkWavGy9CKodP5Z1JhidFBVMIHE-2RlaQTnFGjUsSYz5SEFdhIXnvMsSVGPYRgNH1f-S-tKJalkij-TYCLnfyEaQFkmT4rdmvX3quO6RsUQHeYLMsnglLH3fWwHZM5SFyr1ngd46UVZelR8TfP-ieOQsAPxRkEFWNpK47-EdgNHCbcmcmnfQNUnKWE5MXbRi38ey0rmwMvCL6zTyeOhA9vCE9wueFpikmfYDCdH731M-DlFihxamuN-lshBZa88vSo-hGckFIAREq1XcdaaMpkg0CA7DJOyVeiYirBDRlDNNFbmWD6ygl3fEznb8N_S9I05ORAe7VwBXPeMJfk2SmMNainCe4AjUNmpvjeK0vHrcWY7naQ79c00_vO3pShxkP4Hy1vHSrklH7AQCl_IG7IqMaZxPtEINkJ5Wcan9HyJUq2hLleEvE_t_djyzVsrF2D2rwTrOAa62lWrIM0--Vz_ZBLYJu-KL71Sz4CW8ioMQFdiQiNfPGLCBD_ouxFfNKNW6a0UiPZ2hlmlygxKeFYpyyfS-kYPIyw9rHfLs8I4RAwkEschfd_tgDk5vSk5B6o8so6SSjjYsDulF8JNKUoqM5NUDd2TNL_lWJaCpGCfvYwPAstGe9sS37g4Rhg1VnbKJnPGe2HAwXLP9XqV631Dj095RtUb4IRZE_BWjB-0_p0FggdzS0UcqFFwReYlkYSPWIv87RBjRjXqWiCEVJbQNLhIei04x8iqoD0VlAq3EV1bHRSHsD9nv5oHcjHhww_PimfvOZJWiGnbNgqr-S6GnSTRwT0YMUy7Wiw9OLA_WXdJGlRSTlqO-ZwaCXAOUYCRZoPOa2LEiV1_MhrW12HH0wFI29SxPWzLzW-hbj-2OzhmsQ
Title: Log in

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

42 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request 208974893 Show response
booking-guest.us/order/ 164 KB
36 KB 314ms
297ms Document
text/html 2606:4700:3037::6815:1dc3
CLOUDFLARENET

General

			Domain/Path	Expires	Name / Value
			booking-guest.us/	1970-01-20 12:12:25	Name: sol Value: solevoi
			booking-guest.us/	1969-12-31 23:59:59	Name: connect.sid Value: s%3AP-KE4v8bN3_Tko0iBNBVw9eSgOI71Gou.EdAFY%2F1c5nsEN0e4DSfyXz6NMX8eEe48HwX1LU6j7Cc

Source	Level	URL Text
network	error	URL: chrome-extension://ljdobmomdgdljniojadhoplhkpialdid/page/prompt.js Message: Failed to load resource: net::ERR_UNKNOWN_URL_SCHEME
network	error	URL: chrome-extension://ljdobmomdgdljniojadhoplhkpialdid/page/runScript.js Message: Failed to load resource: net::ERR_UNKNOWN_URL_SCHEME
javascript	error	URL: https://booking-guest.us/order/208974893 Message: Access to script at 'https://cf.bstatic.com/static/js/searchbox_cloudfront_sd/a21d916ee7e8654fa1fcb34dcafd94f83454830d.js' from origin 'https://booking-guest.us' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://cf.bstatic.com/static/js/searchbox_cloudfront_sd/a21d916ee7e8654fa1fcb34dcafd94f83454830d.js Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: https://booking-guest.us/order/208974893 Message: Access to script at 'https://cf.bstatic.com/static/js/error_catcher_bec_cloudfront_sd/f56f7a2e7854715ad5ecc2f07a1a4c7b4a49970d.js' from origin 'https://booking-guest.us' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://cf.bstatic.com/static/js/error_catcher_bec_cloudfront_sd/f56f7a2e7854715ad5ecc2f07a1a4c7b4a49970d.js Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: https://booking-guest.us/order/208974893 Message: Access to script at 'https://cf.bstatic.com/static/js/core-deps-inlinedet_cloudfront_sd/f9643a69f02b9c76991392f48a052af55b539c89.js' from origin 'https://booking-guest.us' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://cf.bstatic.com/static/js/core-deps-inlinedet_cloudfront_sd/f9643a69f02b9c76991392f48a052af55b539c89.js Message: Failed to load resource: net::ERR_FAILED
network	error	URL: https://booking-guest.us/booking_pc_files/62ece2a237898912e9616349 Message: Failed to load resource: the server responded with a status of 404 ()
security	error	URL: https://booking-guest.us/order/208974893 Message: Refused to execute script from 'https://booking-guest.us/booking_pc_files/62ece2a237898912e9616349' because its MIME type ('text/html') is not executable, and strict MIME type checking is enabled.
network	error	URL: https://booking-guest.us/booking_pc_files/jquery.min.js.%C3%90_%C3%90%C2%B5%C3%90%C2%B7%20%C3%90%C2%BD%C3%90%C2%B0%C3%90%C2%B7%C3%90%C2%B2%C3%90%C2%B0%C3%90%C2%BD%C3%90%C2%B8%C3%91_ Message: Failed to load resource: the server responded with a status of 404 ()
security	error	URL: https://booking-guest.us/order/208974893 Message: Refused to execute script from 'https://booking-guest.us/booking_pc_files/jquery.min.js.%C3%90_%C3%90%C2%B5%C3%90%C2%B7%20%C3%90%C2%BD%C3%90%C2%B0%C3%90%C2%B7%C3%90%C2%B2%C3%90%C2%B0%C3%90%C2%BD%C3%90%C2%B8%C3%91_' because its MIME type ('text/html') is not executable, and strict MIME type checking is enabled.
rendering	error	URL: https://booking-guest.us/order/208974893(Line 233) Message: Error: <path> attribute d: Expected number, "…170.055 88.0774 \u20AC 167.702 86.642…".
rendering	error	URL: https://booking-guest.us/order/208974893(Line 234) Message: Error: <path> attribute d: Expected path command, "…90.5177 59.2774 \u20ACC83.1063 59.157…".
rendering	error	URL: https://booking-guest.us/order/208974893(Line 235) Message: Error: <path> attribute d: Expected number, "…72.1131 265.774 \u20AC 72.0167 264.59…".
rendering	error	URL: https://booking-guest.us/order/208974893(Line 651) Message: Error: <path> attribute d: Expected path command, "…64 1.218H10.774 \u20ACC16.737 1.218 2…".
network	error	URL: https://booking-guest.us/booking_pc_files/maskedinput.js.%C3%90_%C3%90%C2%B5%C3%90%C2%B7%20%C3%90%C2%BD%C3%90%C2%B0%C3%90%C2%B7%C3%90%C2%B2%C3%90%C2%B0%C3%90%C2%BD%C3%90%C2%B8%C3%91_ Message: Failed to load resource: the server responded with a status of 404 ()
security	error	URL: https://booking-guest.us/order/208974893 Message: Refused to execute script from 'https://booking-guest.us/booking_pc_files/maskedinput.js.%C3%90_%C3%90%C2%B5%C3%90%C2%B7%20%C3%90%C2%BD%C3%90%C2%B0%C3%90%C2%B7%C3%90%C2%B2%C3%90%C2%B0%C3%90%C2%BD%C3%90%C2%B8%C3%91_' because its MIME type ('text/html') is not executable, and strict MIME type checking is enabled.
rendering	error	URL: https://booking-guest.us/order/208974893(Line 979) Message: Error: <path> attribute d: Expected path command, "…64 1.218H10.774 \u20ACC16.737 1.218 2…".
network	error	URL: https://booking-guest.us/booking_pc_files/jquery-1.11.2.min.js.sta%C5%BEen%C3%BD%20soubor Message: Failed to load resource: the server responded with a status of 404 ()
security	error	URL: https://booking-guest.us/order/208974893 Message: Refused to execute script from 'https://booking-guest.us/booking_pc_files/jquery-1.11.2.min.js.sta%C5%BEen%C3%BD%20soubor' because its MIME type ('text/html') is not executable, and strict MIME type checking is enabled.
network	error	URL: https://booking-guest.us/booking_pc_files/howler.min.js.sta%C5%BEen%C3%BD%20soubor Message: Failed to load resource: the server responded with a status of 404 ()
security	error	URL: https://booking-guest.us/order/208974893 Message: Refused to execute script from 'https://booking-guest.us/booking_pc_files/howler.min.js.sta%C5%BEen%C3%BD%20soubor' because its MIME type ('text/html') is not executable, and strict MIME type checking is enabled.
network	error	URL: https://booking-guest.us/images/224ab63b8018e821722b2d8eec90aeaa8be168c7.png Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://booking-guest.us/fonts/29bca18dce5a8e111855e31314a9b1d750ea9beb.woff2 Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://booking-guest.us/fonts/ca3edd97ae7e70e02d4deab5e4f53caf934229e1.woff Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://booking-guest.us/fonts/e133f2b3f9778b23512ad50c3d726c068cf41f7c.ttf Message: Failed to load resource: the server responded with a status of 404 ()

booking-guest.us Open in urlscan Pro 2606:4700:3037::6815:1dc3 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

42 Requests

86 %HTTPS

83 %IPv6

8 Domains

8 Subdomains

7 IPs

3 Countries

361 kBTransfer

1601 kBSize

2 Cookies

13 Outgoing links

Redirected requests

42 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

booking-guest.us Open in urlscan Pro
2606:4700:3037::6815:1dc3 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

42
Requests

86 %
HTTPS

83 %
IPv6

8
Domains

8
Subdomains

7
IPs

3
Countries

361 kB
Transfer

1601 kB
Size

2
Cookies

42 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!