www.booking-rewards.littlechelseaplace.co.uk Open in urlscan Pro
185.61.154.5 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://www.booking-rewards.littlechelseaplace.co.uk/
Submission: On February 24 via automatic, source certstream-suspicious (February 24th 2023, 2:37:22 pm UTC) — Scanned from GB

Summary HTTP 17 Redirects Behaviour Indicators

Summary

This website contacted 6 IPs in 5 countries across 5 domains to perform 17 HTTP transactions. The main IP is 185.61.154.5, located in United Kingdom and belongs to NAMECHEAP-NET, US. The main domain is www.booking-rewards.littlechelseaplace.co.uk.
TLS certificate: Issued by Sectigo RSA Domain Validation Secure ... on February 24th 2023. Valid for: a year.

This is the only time www.booking-rewards.littlechelseaplace.co.uk was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Booking (Travel)

Domain & IP information

	IP Address	AS Autonomous System
11	185.61.154.5 185.61.154.5	22612 (NAMECHEAP...) (NAMECHEAP-NET)
1	2a00:1450:400... 2a00:1450:4001:828::200a	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:80b::200a	15169 (GOOGLE) (GOOGLE)
1	2606:4700::68... 2606:4700::6812:acf	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a00:1450:400... 2a00:1450:400d:80d::2003	15169 (GOOGLE) (GOOGLE)
2	2001:67c:4e8:... 2001:67c:4e8:f004::9	62041 (TELEGRAM) (TELEGRAM)
17	6

11 185.61.154.5 (United Kingdom)

ASN22612 (NAMECHEAP-NET, US)
PTR: server248-2.web-hosting.com

www.booking-rewards.littlechelseaplace.co.uk	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:828::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:80b::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

ajax.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6812:acf (United States)

ASN13335 (CLOUDFLARENET, US)

maxcdn.bootstrapcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400d:80d::2003 (Ireland)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2001:67c:4e8:f004::9 (Kristinehamn, Sweden)

ASN62041 (TELEGRAM, VG)

api.telegram.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
11	littlechelseaplace.co.uk www.booking-rewards.littlechelseaplace.co.uk	59 KB
2	telegram.org api.telegram.org — Cisco Umbrella Rank: 45984	769 B
2	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 36 ajax.googleapis.com — Cisco Umbrella Rank: 306	32 KB
1	gstatic.com fonts.gstatic.com	16 KB
1	bootstrapcdn.com maxcdn.bootstrapcdn.com — Cisco Umbrella Rank: 788	12 KB
17	5

	Domain	Requested by
11	www.booking-rewards.littlechelseaplace.co.uk	www.booking-rewards.littlechelseaplace.co.uk
2	api.telegram.org	www.booking-rewards.littlechelseaplace.co.uk
1	fonts.gstatic.com	fonts.googleapis.com
1	maxcdn.bootstrapcdn.com	www.booking-rewards.littlechelseaplace.co.uk
1	ajax.googleapis.com	www.booking-rewards.littlechelseaplace.co.uk
1	fonts.googleapis.com	www.booking-rewards.littlechelseaplace.co.uk
17	6

This site contains no links.

Subject Issuer	Validity	Valid
booking-rewards.littlechelseaplace.co.uk Sectigo RSA Domain Validation Secure Server CA	`2023-02-24` - `2024-02-24`	a year	crt.sh
upload.video.google.com GTS CA 1C3	`2023-02-08` - `2023-05-03`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2022-12-30` - `2023-12-30`	a year	crt.sh
*.gstatic.com GTS CA 1C3	`2023-02-08` - `2023-05-03`	3 months	crt.sh
api.telegram.org Go Daddy Secure Certificate Authority - G2	`2022-03-24` - `2023-04-25`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://www.booking-rewards.littlechelseaplace.co.uk/
Frame ID: F2BAB88BF3B225022C40057887F33A15
Requests: 16 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Booking.com

Detected technologies

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

Laravel (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

/([\d.]+)/jquery(?:\.min)?\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

17
Requests

100 %
HTTPS

83 %
IPv6

5
Domains

6
Subdomains

6
IPs

5
Countries

119 kB
Transfer

314 kB
Size

2
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

17 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request / Show response
www.booking-rewards.littlechelseaplace.co.uk/ 8 KB
4 KB 317ms
138ms Document
text/html 185.61.154.5
NAMECHEAP-NET

General

			Domain/Path	Expires	Name / Value
			www.booking-rewards.littlechelseaplace.co.uk/	1970-01-20 09:54:16	Name: XSRF-TOKEN Value: eyJpdiI6IktiMk1pSWlXbzFsUW9idS9xRkJleVE9PSIsInZhbHVlIjoiMTdwNndqS2pUT2o1OVdoTTBOYWcwMisybkVvY2RZK21xbERrdUJIekwyM3pPbHIyMDBvWCtkWG00RmVFMnV4TzNlY0hsV1hOcUoyejJUeFkyNUN0anI1dTNwWFNuejdpZit6L1RqZE9vNjVEcHRZTDFPU1lsQllpdkV3S3hlKysiLCJtYWMiOiJkNmE0ZWI0ZDMwMDAwOWU1NjBmMGQ2OTk3ODE4NTVjMzA1ZTY2OWY5Yzk3ZGUxNmEyNTA0ZjA3YmVlMjc1ZjQ4IiwidGFnIjoiIn0%3D
			www.booking-rewards.littlechelseaplace.co.uk/	1970-01-20 09:54:16	Name: laravel_session Value: eyJpdiI6IkZMRmdNSStXVjdjQ3JXY00vcmIrWVE9PSIsInZhbHVlIjoiMXlObXZ5YUZTQVZXK2hKT0tMKzJ5RWkzb3NRV0pOVFdmaXN1cFFrdkJTWkdwaUlXSzdXWDlRZTVOUVlobE9IUUhaK0dtd0VyOXFRUTZBajB1MmJnZ3BRSkVIQWQ4czUyWjA4UmVYcnhHa0JreFJQbERJRmFuU0lnQ2JoYmg4aC8iLCJtYWMiOiJmNWIzN2QwYmVhYWZlYTIxNDZmYTMyMWFjOTZhNmMzOTBhYzI5OWI1N2JjODA0NTc3OTEyMDM0OWYyYzliOTQ3IiwidGFnIjoiIn0%3D

www.booking-rewards.littlechelseaplace.co.uk Open in urlscan Pro 185.61.154.5 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

17 Requests

100 %HTTPS

83 %IPv6

5 Domains

6 Subdomains

6 IPs

5 Countries

119 kBTransfer

314 kBSize

2 Cookies

0 Outgoing links

Redirected requests

17 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

7 JavaScript Global Variables

2 Cookies

Indicators

www.booking-rewards.littlechelseaplace.co.uk Open in urlscan Pro
185.61.154.5 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

17
Requests

100 %
HTTPS

83 %
IPv6

5
Domains

6
Subdomains

6
IPs

5
Countries

119 kB
Transfer

314 kB
Size

2
Cookies

17 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!