newyeartrips.ru
Open in
urlscan Pro
91.236.136.41
Public Scan
Submission Tags: phishingrod
Submission: On April 13 via api from DE — Scanned from DE
Summary
TLS certificate: Issued by R3 on February 5th 2024. Valid for: 3 months.
This is the only time newyeartrips.ru was scanned on urlscan.io!
urlscan.io Verdict: No classification
Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
9 | 91.236.136.41 91.236.136.41 | 44094 (WEBHOST1-AS) (WEBHOST1-AS) | |
2 | 104.18.11.207 104.18.11.207 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 2606:4700::68... 2606:4700::6812:bcf | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
2 | 172.255.224.36 172.255.224.36 | 7979 (SERVERS-COM) (SERVERS-COM) | |
1 | 104.17.24.14 104.17.24.14 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 7 | 2606:4700:10:... 2606:4700:10::6816:989 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 2600:9000:20e... 2600:9000:20eb:5200:1f:1dd0:f700:93a1 | 16509 (AMAZON-02) (AMAZON-02) | |
1 | 18.66.112.2 18.66.112.2 | 16509 (AMAZON-02) (AMAZON-02) | |
4 | 2a11:27c0::93 2a11:27c0::93 | 210756 (EDGECENTE...) (EDGECENTERLLC) | |
1 | 188.114.96.3 188.114.96.3 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
28 | 11 |
ASN44094 (WEBHOST1-AS, RU)
PTR: s110.webhost1.ru
newyeartrips.ru |
ASN7979 (SERVERS-COM, US)
c26.travelpayouts.com | |
www.travelpayouts.com |
ASN16509 (AMAZON-02, US)
PTR: server-18-66-112-2.fra56.r.cloudfront.net
static.aviasales.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
12 |
level.travel
1 redirects
api.level.travel cdn.level.travel cdn.yc.level.travel |
580 KB |
9 |
newyeartrips.ru
newyeartrips.ru |
700 KB |
3 |
bootstrapcdn.com
stackpath.bootstrapcdn.com — Cisco Umbrella Rank: 3025 maxcdn.bootstrapcdn.com — Cisco Umbrella Rank: 1153 |
48 KB |
2 |
travelpayouts.com
c26.travelpayouts.com www.travelpayouts.com — Cisco Umbrella Rank: 171020 |
20 KB |
1 |
lvtv.me
conversion.lvtv.me |
660 B |
1 |
aviasales.com
static.aviasales.com — Cisco Umbrella Rank: 206322 |
14 KB |
1 |
cloudflare.com
cdnjs.cloudflare.com — Cisco Umbrella Rank: 239 |
7 KB |
28 | 7 |
Domain | Requested by | |
---|---|---|
9 | newyeartrips.ru |
newyeartrips.ru
|
7 | api.level.travel |
1 redirects
newyeartrips.ru
|
4 | cdn.yc.level.travel |
api.level.travel
cdn.yc.level.travel |
2 | stackpath.bootstrapcdn.com |
newyeartrips.ru
|
1 | conversion.lvtv.me |
cdn.yc.level.travel
|
1 | www.travelpayouts.com |
newyeartrips.ru
|
1 | static.aviasales.com |
c26.travelpayouts.com
|
1 | cdn.level.travel |
newyeartrips.ru
|
1 | cdnjs.cloudflare.com |
newyeartrips.ru
|
1 | c26.travelpayouts.com |
newyeartrips.ru
|
1 | maxcdn.bootstrapcdn.com |
newyeartrips.ru
|
28 | 11 |
This site contains links to these domains. Also see Links.
Domain |
---|
www.travelpayouts.com |
Subject Issuer | Validity | Valid | |
---|---|---|---|
newyeartrips.ru R3 |
2024-02-05 - 2024-05-05 |
3 months | crt.sh |
bootstrapcdn.com GTS CA 1P5 |
2024-03-27 - 2024-06-25 |
3 months | crt.sh |
travelpayouts.com R3 |
2024-02-21 - 2024-05-21 |
3 months | crt.sh |
sni.cloudflaressl.com Cloudflare Inc ECC CA-3 |
2023-07-03 - 2024-07-02 |
a year | crt.sh |
aviasales.com Amazon RSA 2048 M03 |
2023-12-24 - 2025-01-22 |
a year | crt.sh |
level.travel R3 |
2024-03-07 - 2024-06-05 |
3 months | crt.sh |
cdn.yc.level.travel R3 |
2024-03-04 - 2024-06-02 |
3 months | crt.sh |
lvtv.me E1 |
2024-03-07 - 2024-06-05 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://newyeartrips.ru/
Frame ID: E1F4766CEFEBF53FFDF2C710DB4BB609
Requests: 29 HTTP requests in this frame
Screenshot
Page Title
Туры на Новый год 2019Detected technologies
Bootstrap (Web Frameworks) ExpandDetected patterns
- <link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
- bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js
React (JavaScript Frameworks) Expand
Detected patterns
- <[^>]+data-react
Font Awesome (Font Scripts) Expand
Detected patterns
- <link[^>]* href=[^>]+(?:([\d.]+)/)?(?:css/)?font-awesome(?:\.min)?\.css
- <link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
- (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
Popper (Miscellaneous) Expand
Detected patterns
- /popper\.js/([0-9.]+)
TrackJs (Analytics) Expand
Detected patterns
- tracker\.js
jQuery (JavaScript Libraries) Expand
Detected patterns
- jquery[.-]([\d.]*\d)[^/]*\.js
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
1 Outgoing links
These are links going to different origins than the main page.
Search URL Search Domain Scan URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 12- https://api.level.travel/js/5.0/open_api.js HTTP 301
- https://cdn.level.travel/5.0/open_api.js
28 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
/
newyeartrips.ru/ |
5 KB 2 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
bootstrap.min.css
stackpath.bootstrapcdn.com/bootstrap/4.1.3/css/ |
138 KB 25 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
font-awesome.min.css
maxcdn.bootstrapcdn.com/font-awesome/4.7.0/css/ |
30 KB 8 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
style.css
newyeartrips.ru/assets/css/ |
108 B 275 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
1-qsrocb.jpg
newyeartrips.ru/assets/images/assets/images/fast_img/1/ |
10 B 264 B |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
nwtour1_1.jpg
newyeartrips.ru/assets/images/assets/uploads/ |
219 KB 220 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
content
c26.travelpayouts.com/ |
45 KB 16 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
nwtour2.jpg
newyeartrips.ru/assets/images/assets/uploads/ |
171 KB 172 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
734-u6v2ib.jpg
newyeartrips.ru/assets/images/fast_img/734/ |
207 KB 208 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery-3.3.1.min.js
newyeartrips.ru/assets/js/ |
85 KB 35 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
popper.min.js
cdnjs.cloudflare.com/ajax/libs/popper.js/1.14.3/umd/ |
20 KB 7 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
bootstrap.min.js
stackpath.bootstrapcdn.com/bootstrap/4.1.3/js/ |
50 KB 16 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
script.js
newyeartrips.ru/assets/js/ |
146 B 329 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
open_api.js
cdn.level.travel/5.0/ Redirect Chain
|
2 MB 459 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
sp.js
static.aviasales.com/snowplow/19.20.1/ |
43 KB 14 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
tp.png
www.travelpayouts.com/powered_by/img/ |
4 KB 4 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
info
api.level.travel/partner/ |
250 B 922 B |
XHR
text/aes |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
leveltravel.css
cdn.yc.level.travel/5.0/stylesheets/widgets/search_widget/ |
57 KB 10 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
widget_base.css
cdn.yc.level.travel/5.0/stylesheets/ |
40 KB 21 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
tracker.js
cdn.yc.level.travel/tracker/ |
26 KB 11 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H3 |
track
conversion.lvtv.me/ |
48 B 660 B |
Fetch
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
countries
api.level.travel/references/ |
4 KB 4 KB |
XHR
text/aes |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
autocomplete
api.level.travel/references/ |
2 KB 2 KB |
XHR
text/aes |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
departures
api.level.travel/references/ |
10 KB 10 KB |
XHR
text/aes |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Backpack-Regular.woff2
cdn.yc.level.travel/fonts/backpack/2.004/ |
60 KB 60 KB |
Font
binary/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
12 KB 12 KB |
Font
font/truetype |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
available_countries
api.level.travel/references/ |
70 B 285 B |
XHR
text/aes |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
available_countries
api.level.travel/references/ |
250 B 463 B |
XHR
text/aes |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
1-jd9ime.png
newyeartrips.ru/assets/images/fast_img/1/ |
63 KB 63 KB |
Other
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
37 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| 0 object| ref number| len object| script string| src object| matches object| TP_POWERED_BY_SETTINGS object| match object| powered_by_wrapper string| promo_id number| prevIdIndex object| widget_wrapper object| LTApiInit object| TP_POWERED_BY object| GSN function| mamka object| TP_POWERED_BY_DATA function| $ function| jQuery function| Popper object| bootstrap object| core object| __core-js_shared__ object| global object| System function| asap function| Observable function| setImmediate function| clearImmediate object| regeneratorRuntime boolean| _babelPolyfill object| nacl object| pako function| md5 object| LTApi function| HitStorageTracker object| trackerWidget3 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
.newyeartrips.ru/ | Name: PHPSESSID Value: ef72cc8363521b1f05dde716b3679c05 |
|
.newyeartrips.ru/ | Name: _sp_ses.edc0 Value: * |
|
.newyeartrips.ru/ | Name: _sp_id.edc0 Value: ce6c4b9d-8615-4336-850b-2bd292b567b8.1713009047.1.1713009047.1713009047.dd6a876b-8f92-4f1e-8239-d0170fe3cc6b |
1 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
api.level.travel
c26.travelpayouts.com
cdn.level.travel
cdn.yc.level.travel
cdnjs.cloudflare.com
conversion.lvtv.me
maxcdn.bootstrapcdn.com
newyeartrips.ru
stackpath.bootstrapcdn.com
static.aviasales.com
www.travelpayouts.com
104.17.24.14
104.18.11.207
172.255.224.36
18.66.112.2
188.114.96.3
2600:9000:20eb:5200:1f:1dd0:f700:93a1
2606:4700:10::6816:989
2606:4700::6812:bcf
2a11:27c0::93
91.236.136.41
092e0d102b17c51da1491e1d3a6865db875ad99c32f86f8d86f934d5d5b12c38
160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef
175fa9452351b95c024b97d371dbe8ac1aff6251e975002d1060e4d475aa1778
2485b6352182e9b84c6010dedea330b64058983d22008327a64fd7d9b10df905
28877032b98dc9ec74467f05fc5cb4a72a3273f76fbf30ddb47cbe9ebd64ad69
2b5d42a173daf57cdd8f1be562ea25b4ebb42753a2d755dc5f0d70ea04249487
31ce5baf465a979396a0dd186d112a9654c1c532a08afe9246b6528249db4f64
3d5bb1884c84599d6210dde09b4a37a2abe9e48ea922481f5c2f6f1c3e281418
56c12a125b021d21a69e61d7190cefa168d6c28ce715265cea1b3b0112d169c4
5b7961e43ba73a1ec7a400060934040077aef584ce1a6ab0185d9c41ce029d32
7409c647a5c89a150219beae28a0179ab1b97d516a41ee3d35d8ae30a964b21e
7928b5ab63c6e89ee0ee26f5ef201a58c72baf91abb688580a1aa26eb57b3c11
799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd
90bf3287643a905b7cbe2ab4a93c40ef7dc2496e879a0a24c847a198f903f0e4
943193352490b5303717c9ccc956fff2c1d9773dac3e0b73be9a90b09653dd60
a56e0040c040bb2ce5b1d64d14ba1873104ad3eebd5e09d3e6954cfcb514d26d
a6920cfbb6fa93a641b4821cd8dd2f0165a1e65fdcfc8c13822c73a447a44b87
addbab7fb38b3b50c2acbb6270f0f570cbc1bb5cee82e4831efe2e1e307b9a99
b425aaa5d2a34c7160d4a4747f0584aca7b64150d4037bf329cad149b1560f14
bc020cfeec69d6106de73c718c4532be7bbc963a2dc8b6d5fe91b470f95fb7dc
c468cb06fc73f59625b6dece2a7595fd5e062a3b8dbfc3f5ebffa2a457245812
d312ac44899a5b5f3d087e0fad467b60989076539be4740afb6375efa1ba85d0
d9f27ecb2df892c8389631b5a6493dc3129f11fbc8454e4fe17ff37590a12240
decd365cf58788f73d7a464567e46852f84261b13558a741b15e0cc175b4d80d
f0cdd37fe2a4bd58e69629ff677792c1d9823f61843559159d2bff293604cf43
f7cbc01a310318defd4e31e4616543e2cf3baef5a47562c73ece4c0b716f157e
fa83df65c1d49b28fe45cbb89379d9bf9ecc9a99457b7ddba7f4ff6b66c0371e
fd7fed10f99de0fb501d8062f0a2534fc0e554e72632b7e41efdf92899da9f19
ff4e3cc74a0796cd0b5679fe7de5507703cd4793c9f657328f36a6b0b970dd30