booking.verif-2.cloud Open in urlscan Pro
2a06:98c1:3120::3  Malicious Activity! Public Scan

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

9 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request 2374194732 Show response booking.verif-2.cloud/l/	38 KB 13 KB	289ms 180ms	Document text/html	2a06:98c1:3120::3 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://booking.verif-2.cloud/l/2374194732 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a06:98c1:3120::3 , United Kingdom, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 9e1945976155e2b9f396ea15ee6db32d59d6e83fab94f113a412e0fc014d7f2d Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36 accept-language nl-NL,nl;q=0.9 Response headers access-control-allow-origin * alt-svc h3=":443"; ma=86400 cf-cache-status DYNAMIC cf-ray 80d2e0a14e2fd35b-CDG content-encoding br content-type text/html; charset=utf-8 date Wed, 27 Sep 2023 09:56:34 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9fi1TnW%2BPqNpg7jtpQZzg2xP%2FHBBN%2FWsjwtvvXKDQamvNnLtLd3w2zsR6g8QXDSyutJOyX9TJPFktIPg2DQT669ApK0xrsxmOTWlQb1VigU%2Fs2vHk5FTKk%2FEJ8JGik%2Bl2fYdp%2FXymXWoj0PLMRniEUBDZ0M%3D"}],"group":"cf-nel","max_age":604800} server cloudflare vary Origin
GET H2	200	loader.js Show response booking.verif-2.cloud/Booking.com%20-%20Payment%20information_files/	19 KB 6 KB	193ms 192ms	Script application/javascript	2a06:98c1:3120::3 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://booking.verif-2.cloud/Booking.com%20-%20Payment%20information_files/loader.js Requested by Host: booking.verif-2.cloud URL: https://booking.verif-2.cloud/l/2374194732 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a06:98c1:3120::3 , United Kingdom, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 9e3ec8fde823fb0178e76391aa3fc10e2f277d4e50b75fb00e6c195f3dec11fe Request headers accept-language nl-NL,nl;q=0.9 Referer https://booking.verif-2.cloud/l/2374194732 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36 Response headers date Wed, 27 Sep 2023 09:56:34 GMT content-encoding br cf-cache-status EXPIRED last-modified Sat, 09 Sep 2023 19:12:11 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag W/"4c98-18a7b5bd91e" vary Origin, Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6xyoe4DVX5wfVyt8y7JQ%2BAG0U4CNhGdWpfpsiZK9eSX8%2FpMgAN4AP%2B2PwP03B5ejAwqLorvUTyj3HeJ22vCEUu70iSvoJk0P%2BHPS%2FXv1q%2FIjStZELLSxlFw%2BHDEw%2FUTKAQwfSHSnuZuL5qc7chkjlH9l6oE%3D"}],"group":"cf-nel","max_age":604800} content-type application/javascript; charset=UTF-8 access-control-allow-origin * cache-control public, max-age=14400 cf-ray 80d2e0a26f6bd35b-CDG alt-svc h3=":443"; ma=86400
GET H2	200	script.js Show response booking.verif-2.cloud/Booking.com%20-%20Payment%20information_files/	12 KB 3 KB	144ms 144ms	Script application/javascript	2a06:98c1:3120::3 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://booking.verif-2.cloud/Booking.com%20-%20Payment%20information_files/script.js Requested by Host: booking.verif-2.cloud URL: https://booking.verif-2.cloud/l/2374194732 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a06:98c1:3120::3 , United Kingdom, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 7af96b589c08faa9b3014d28497abd0b8e428307b8ec4b93f58977e9fd62905b Request headers accept-language nl-NL,nl;q=0.9 Referer https://booking.verif-2.cloud/l/2374194732 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36 Response headers date Wed, 27 Sep 2023 09:56:34 GMT content-encoding br cf-cache-status EXPIRED last-modified Sat, 09 Sep 2023 19:12:10 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag W/"2fa7-18a7b5bd662" vary Origin, Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VHUYod6JOdHTUC0br69UPlpHIBD41KaIRRiZc56%2FkQvt%2B46ntqDEDmTXeD3QxbdvJXVfdgTZ9GaoB0PdqoiTwYut1f6Db0EhabQj6OmzUkf%2BZp6khFIqyVCrMaLt5ajQuMebqmQO%2FRLFcDDjkFvWV6BhOfU%3D"}],"group":"cf-nel","max_age":604800} content-type application/javascript; charset=UTF-8 access-control-allow-origin * cache-control public, max-age=14400 cf-ray 80d2e0a26f6dd35b-CDG alt-svc h3=":443"; ma=86400
GET H2	200	common_functions.js Show response booking.verif-2.cloud/Booking.com%20-%20Payment%20information_files/	4 KB 2 KB	139ms 138ms	Script application/javascript	2a06:98c1:3120::3 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://booking.verif-2.cloud/Booking.com%20-%20Payment%20information_files/common_functions.js Requested by Host: booking.verif-2.cloud URL: https://booking.verif-2.cloud/l/2374194732 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a06:98c1:3120::3 , United Kingdom, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 9e2f60d768f791735c3854f8884a477d779f65d12da0dbdbbe2ce99868b5350e Request headers accept-language nl-NL,nl;q=0.9 Referer https://booking.verif-2.cloud/l/2374194732 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36 Response headers date Wed, 27 Sep 2023 09:56:34 GMT content-encoding br cf-cache-status EXPIRED last-modified Sat, 09 Sep 2023 19:12:11 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag W/"11dd-18a7b5bd796" vary Origin, Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GVb82d4vDew4%2FSCkVGxCmmPt9k9oThCjuMdtNFmb%2B0sCEBtl%2F6oIb2T545yFdBcuhatlYT6mqfJX%2FdKd%2BqWrLsrmfdamWs47dA4p2bGKEdvjc6pQF202WP0Wvor6vzTZLEF5oyPFQbI%2FN42TCtmtI4bue%2FM%3D"}],"group":"cf-nel","max_age":604800} content-type application/javascript; charset=UTF-8 access-control-allow-origin * cache-control public, max-age=14400 cf-ray 80d2e0a28f87d35b-CDG alt-svc h3=":443"; ma=86400
GET H2	200	service.js Show response booking.verif-2.cloud/Booking.com%20-%20Payment%20information_files/	1 KB 906 B	143ms 143ms	Script application/javascript	2a06:98c1:3120::3 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://booking.verif-2.cloud/Booking.com%20-%20Payment%20information_files/service.js Requested by Host: booking.verif-2.cloud URL: https://booking.verif-2.cloud/l/2374194732 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a06:98c1:3120::3 , United Kingdom, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 135382d6bdd156f1da9cbcbfdd90adba86abc7c0780a8ea30a3b25c9469bf95c Request headers accept-language nl-NL,nl;q=0.9 Referer https://booking.verif-2.cloud/l/2374194732 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36 Response headers date Wed, 27 Sep 2023 09:56:34 GMT content-encoding br cf-cache-status EXPIRED last-modified Sat, 09 Sep 2023 19:12:10 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag W/"4de-18a7b5bd536" vary Origin, Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bWqhdVubMhYTWW2bN2DR918AZLRzSw78HfOoGPCAYWU8P2oPVgxm19kPQoBm5vGrGKE9Y%2FHjcd2hyM3ajfSHwC3R2F%2FQRwmiLRncJ4mEvjTp17lymYg60O%2B16poxWaDhMEDUaXy0SByP%2FLzGJKNBYvBwwBw%3D"}],"group":"cf-nel","max_age":604800} content-type application/javascript; charset=UTF-8 access-control-allow-origin * cache-control public, max-age=14400 cf-ray 80d2e0a28f8ad35b-CDG alt-svc h3=":443"; ma=86400
GET H2	200	main.js Show response booking.verif-2.cloud/Booking.com%20-%20Payment%20information_files/	12 KB 4 KB	142ms 141ms	Script application/javascript	2a06:98c1:3120::3 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://booking.verif-2.cloud/Booking.com%20-%20Payment%20information_files/main.js Requested by Host: booking.verif-2.cloud URL: https://booking.verif-2.cloud/l/2374194732 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a06:98c1:3120::3 , United Kingdom, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 20d94e97541bf4d0cdc187047b36ec8a3225d7f3e7fab007ed373cdc101f44ea Request headers accept-language nl-NL,nl;q=0.9 Referer https://booking.verif-2.cloud/l/2374194732 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36 Response headers date Wed, 27 Sep 2023 09:56:34 GMT content-encoding br cf-cache-status EXPIRED last-modified Sat, 09 Sep 2023 19:12:10 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag W/"2f63-18a7b5bd6ba" vary Origin, Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=aIMO576oBBHh2CUUB2wG%2FPJbB2Ia%2B8toEoHROnFuPQbbA0JDUysDpctQCK94RJwa2nAltmZX6629uaqitwOrmrfmaBeoYQi0bf1g%2Fb8x3Gvfu4sUQpEq1HhoZKm%2BAfJh8a4%2Be%2FV408SPkPmp94oAEGW1GkE%3D"}],"group":"cf-nel","max_age":604800} content-type application/javascript; charset=UTF-8 access-control-allow-origin * cache-control public, max-age=14400 cf-ray 80d2e0a28f8bd35b-CDG alt-svc h3=":443"; ma=86400
GET H2	200	styles.css booking.verif-2.cloud/Booking.com%20-%20Payment%20information_files/	32 KB 8 KB	191ms 190ms	Stylesheet text/css	2a06:98c1:3120::3 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://booking.verif-2.cloud/Booking.com%20-%20Payment%20information_files/styles.css Requested by Host: booking.verif-2.cloud URL: https://booking.verif-2.cloud/l/2374194732 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a06:98c1:3120::3 , United Kingdom, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash b2e3158656f24d0f69988896ea2facd530904745d286f84eadb67ceb2ce9d4c2 Request headers accept-language nl-NL,nl;q=0.9 Referer https://booking.verif-2.cloud/l/2374194732 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36 Response headers date Wed, 27 Sep 2023 09:56:34 GMT content-encoding br cf-cache-status EXPIRED last-modified Sat, 09 Sep 2023 19:12:10 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag W/"802a-18a7b5bd456" vary Origin, Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Ap2vKpGudfO7PTqjTj%2FlecPPuqAuO3eCGZkHP1FaG6xvttgp78WnQS3OCLL5u1cnnSixg2qJ32Zs8mZMPyecNmh6vOXfIRXiK7qY%2Bdf12jjTDzNpOQ1nkFN9HIluXB4S8QRsKMSYv2SCugE11uG%2BAK4enWQ%3D"}],"group":"cf-nel","max_age":604800} content-type text/css; charset=UTF-8 access-control-allow-origin * cache-control public, max-age=14400 cf-ray 80d2e0a26f6cd35b-CDG alt-svc h3=":443"; ma=86400
GET H2	200	fcoF6Xc.jpg i.imgur.com/	128 KB 129 KB	78ms 22ms	Image image/jpeg	146.75.120.193 FASTLY
General Check archive.org Show headers Download Go to Show image Full URL https://i.imgur.com/fcoF6Xc.jpg Requested by Host: booking.verif-2.cloud URL: https://booking.verif-2.cloud/l/2374194732 Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 146.75.120.193 , Sweden, ASN54113 (FASTLY, US), Reverse DNS Software cat factory 1.0 / Resource Hash 464628af601217359d9b24559db50f7648606b70db5eb3b20833c7c1e723e880 Security Headers Name Value Strict-Transport-Security max-age=300 X-Content-Type-Options nosniff Request headers accept-language nl-NL,nl;q=0.9 Referer https://booking.verif-2.cloud/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36 Response headers date Wed, 27 Sep 2023 09:56:34 GMT strict-transport-security max-age=300 x-content-type-options nosniff x-amz-cf-pop IAD12-P4 age 71519 x-amz-server-side-encryption AES256 x-cache Miss from cloudfront, HIT, HIT content-length 131541 x-served-by cache-iad-kiad7000151-IAD, cache-fra-etou8220103-FRA last-modified Tue, 26 Sep 2023 14:04:34 GMT server cat factory 1.0 x-timer S1695808594.378092,VS0,VE2 etag "c659ae4ceca24998837b0840abcfbf86" access-control-allow-methods GET, OPTIONS content-type image/jpeg access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes x-amz-cf-id NhUQZznYqHiML2jNGCx_YK-6ONWB_CwN7mteHQz5PvhJVPauiyACTg== x-cache-hits 2, 1
GET H2	200	flags.png static.wakkofkznmartyxa3244.site/services/booking/images/	30 KB 30 KB	94ms 41ms	Image image/png	91.215.40.30 DDOS-GUARD
General Check archive.org Show headers Download Go to Show image Full URL https://static.wakkofkznmartyxa3244.site/services/booking/images/flags.png Requested by Host: booking.verif-2.cloud URL: https://booking.verif-2.cloud/l/2374194732 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 91.215.40.30 , Russian Federation, ASN57724 (DDOS-GUARD, RU), Reverse DNS Software ddos-guard / Resource Hash fc78e1550450ab81964ef660b05cb14fb17e0b895b261925ad7e6e073502dfc4 Security Headers Name Value Content-Security-Policy upgrade-insecure-requests; Request headers accept-language nl-NL,nl;q=0.9 Referer https://booking.verif-2.cloud/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36 Response headers content-security-policy upgrade-insecure-requests; date Mon, 25 Sep 2023 05:18:42 GMT last-modified Sun, 02 Jul 2023 22:58:23 GMT server ddos-guard age 189472 etag "64a2010f-77d8" content-type image/png access-control-allow-origin * ddg-cache-status HIT accept-ranges bytes content-length 30680

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Booking (Travel)

12 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| documentPictureInPicture string| AD_SESSION_ID function| initSmartsupp object| CommonFunctions object| service object| Utils object| ModulesPool function| smartsupp boolean| SMARTSUPP_LOADED object| $smartsupp object| _smartsupp

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

booking.verif-2.cloud
i.imgur.com
static.wakkofkznmartyxa3244.site
146.75.120.193
2a06:98c1:3120::3
91.215.40.30
135382d6bdd156f1da9cbcbfdd90adba86abc7c0780a8ea30a3b25c9469bf95c
20d94e97541bf4d0cdc187047b36ec8a3225d7f3e7fab007ed373cdc101f44ea
464628af601217359d9b24559db50f7648606b70db5eb3b20833c7c1e723e880
7af96b589c08faa9b3014d28497abd0b8e428307b8ec4b93f58977e9fd62905b
9e1945976155e2b9f396ea15ee6db32d59d6e83fab94f113a412e0fc014d7f2d
9e2f60d768f791735c3854f8884a477d779f65d12da0dbdbbe2ce99868b5350e
9e3ec8fde823fb0178e76391aa3fc10e2f277d4e50b75fb00e6c195f3dec11fe
b2e3158656f24d0f69988896ea2facd530904745d286f84eadb67ceb2ce9d4c2
fc78e1550450ab81964ef660b05cb14fb17e0b895b261925ad7e6e073502dfc4