bnb.confirm5318.com - urlscan.io

Summary

This website contacted 3 IPs in 1 countries across 3 domains to perform 6 HTTP transactions. The main IP is 172.67.193.43, located in United States and belongs to CLOUDFLARENET, US. The main domain is bnb.confirm5318.com.
TLS certificate: Issued by GTS CA 1P5 on May 26th 2024. Valid for: 3 months.

This is the only time bnb.confirm5318.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Booking (Travel)

Domain & IP information

	IP Address	AS Autonomous System
4	172.67.193.43 172.67.193.43	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2600:9000:266... 2600:9000:266e:9e00:5:bf05:acc0:93a1	16509 (AMAZON-02) (AMAZON-02)
1	172.67.169.208 172.67.169.208	13335 (CLOUDFLAR...) (CLOUDFLARENET)
6	3

4 172.67.193.43 (United States)

ASN13335 (CLOUDFLARENET, US)

bnb.confirm5318.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:266e:9e00:5:bf05:acc0:93a1 (United States)

ASN16509 (AMAZON-02, US)

q-xx.bstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.67.169.208 (United States)

ASN13335 (CLOUDFLARENET, US)

api.drzteamsqd.pics	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
4	confirm5318.com bnb.confirm5318.com	130 KB
1	drzteamsqd.pics api.drzteamsqd.pics	641 B
1	bstatic.com q-xx.bstatic.com — Cisco Umbrella Rank: 16223	1 KB
6	3

	Domain	Requested by
4	bnb.confirm5318.com	bnb.confirm5318.com
1	api.drzteamsqd.pics	bnb.confirm5318.com
1	q-xx.bstatic.com
6	3

This site contains links to these domains. Also see Links.

Domain
partner.booking.com
account.booking.com
www.booking.com
admin.booking.com

Subject Issuer	Validity	Valid
confirm5318.com GTS CA 1P5	`2024-05-26` - `2024-08-24`	3 months	crt.sh
*.bstatic.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-11-29` - `2024-11-28`	a year	crt.sh
drzteamsqd.pics WE1	`2024-06-07` - `2024-09-05`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://bnb.confirm5318.com/sign-in
Frame ID: 27CA529A994D097BA62AE2841E393CFF
Requests: 6 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Sign in | Booking.com

Page Statistics

6
Requests

100 %
HTTPS

33 %
IPv6

3
Domains

3
Subdomains

3
IPs

1
Countries

131 kB
Transfer

533 kB
Size

0
Cookies

7 Outgoing links

These are links going to different origins than the main page.

URL: https://partner.booking.com/node/2170?utm_source=account&utm_medium=support_link

Search URL Search Domain Scan URL

URL: https://account.booking.com/account-recovery/options?op_token=EgVvYXV0aCJHChQ2Wjcyb0hPZDM2Tm43emszcGlyaBIJYXV0aG9yaXplGhpodHRwczovL2FkbWluLmJvb2tpbmcuY29tLyoCe31CBGNvZGUqEjCQx5uqg-QmOgBCAFj-_6StBg
Title: Having trouble signing in?

Search URL Search Domain Scan URL

URL: https://partner.booking.com/en-us?utm_source=extranet_login_page
Title: Partner Help

Search URL Search Domain Scan URL

URL: https://partner.booking.com/en-us/node/27/?utm_content=27&utm_source=extranet_login_page
Title: Partner Community

Search URL Search Domain Scan URL

URL: https://account.booking.com/register?op_token=EgVvYXV0aCJHChQ2Wjcyb0hPZDM2Tm43emszcGlyaBIJYXV0aG9yaXplGhpodHRwczovL2FkbWluLmJvb2tpbmcuY29tLyoCe31CBGNvZGUqEjCQx5uqg-QmOgBCAFj-_6StBg
Title: Create your partner account

Search URL Search Domain Scan URL

URL: https://www.booking.com/general.en-us.html?tmpl=docs/terms_of_use
Title: Terms & Conditions

Search URL Search Domain Scan URL

URL: https://admin.booking.com/hotel/hoteladmin/privacy.html?lang=en-us
Title: Privacy Statement

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

6 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H3 200 Primary Request sign-in Show response
bnb.confirm5318.com/ 442 B
698 B 241ms
122ms Document
text/html 172.67.193.43
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://bnb.confirm5318.com/sign-in
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.193.43 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5abdcbd61cce8f1eee8505a230e5303b26e63254bb6c38d35ffd46b7509eab80

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Win32"

Response headers

alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 893813784cf46993-FRA
content-encoding: br
content-type: text/html
date: Fri, 14 Jun 2024 05:56:14 GMT
last-modified: Wed, 12 Jun 2024 20:12:15 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ctebpsEw6jdoVwfaxPBxKKfeblPp8gagbS2CEq1VIEIeKVi3tDxjfr7UlegCyWlsk15qwsvXb5aOL7Uy9wfyhOq8hmXPilqRCKZfmyticaA50nZOoioQF0kpLcB4Mn6WDlw%2BUDaN"}],"group":"cf-nel","max_age":604800}
server: cloudflare

GET
H3 200 main.1ead8bbe.js Show response
bnb.confirm5318.com/static/js/ 310 KB
92 KB 456ms
443ms Script
application/javascript 172.67.193.43
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://bnb.confirm5318.com/static/js/main.1ead8bbe.js
Requested by: Host: bnb.confirm5318.com
URL: https://bnb.confirm5318.com/sign-in
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.193.43 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7233a60f17567ae6c8ebadd3384d535c1666f856b249dd0ebb0b43329a6b94f6

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://bnb.confirm5318.com/sign-in
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 14 Jun 2024 05:56:15 GMT
content-encoding: br
cf-cache-status: MISS
last-modified: Wed, 12 Jun 2024 20:12:14 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"666a011e-4d893"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=JvJQxI3bPw9mfYVzfT9Gly7bu%2FvJ49oC98UkmUVlIfUDCzbI6r9ISTXyQ8Oh6nfwk8ezdodBU%2FAxRY6DJSjSY6VdBrjvuksdBSR%2B0%2Bx1yUdxs76UASmNIcKMUN2YoBa%2FJqKTCRqw"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=14400
cf-ray: 893813792da16993-FRA
alt-svc: h3=":443"; ma=86400

GET
H3 200 main.85bde463.css
bnb.confirm5318.com/static/css/ 222 KB
36 KB 416ms
404ms Stylesheet
text/css 172.67.193.43
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://bnb.confirm5318.com/static/css/main.85bde463.css
Requested by: Host: bnb.confirm5318.com
URL: https://bnb.confirm5318.com/sign-in
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.193.43 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 942b30ad9d35084370c00e7db55378e910ea90e60b9e8d46f6f55bdc7cce96b3

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://bnb.confirm5318.com/sign-in
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 14 Jun 2024 05:56:15 GMT
content-encoding: br
cf-cache-status: MISS
last-modified: Wed, 12 Jun 2024 20:12:15 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"666a011f-37675"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Yu8hI%2F3g55uS%2BFIOr%2FJKQgLi9rDR51oCJ0zzyzSmsCDKIR83yTTT1cCKDKXSDD5zJIvlYx4mFJiJ2N2hEYEr2flRFrQe6fG1r6EKR%2F9ChDWlQtEg8XWQXn2tPPUo1iXJINTbTGuZ"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=14400
cf-ray: 893813792da26993-FRA
alt-svc: h3=":443"; ma=86400

GET
H2 200 us.png
q-xx.bstatic.com/backend_static/common/flags/new/48-squared/ 642 B
1 KB 285ms
39ms Image
image/png 2600:9000:266e:9e00:5:bf05:acc0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://q-xx.bstatic.com/backend_static/common/flags/new/48-squared/us.png

Protocol

H2

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:266e:9e00:5:bf05:acc0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

a333d02eedde7a4dd8643d58b0ea7947268a1762f35f517eb6000ec9e7fcfae8

Security Headers

Name	Value
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://bnb.confirm5318.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 03 Jun 2024 02:26:27 GMT
via: 1.1 9eb1733bea847c3a8f4910adebcc8146.cloudfront.net (CloudFront)
nel: {"report_to":"default","max_age":600}
x-amz-cf-pop: FRA56-P8
age: 962988
x-cache: Hit from cloudfront
content-length: 642
x-xss-protection: 1; mode=block
last-modified: Mon, 07 Sep 2020 10:40:08 GMT
server: nginx
etag: "5f560e08-282"
report-to: {"endpoints":[{"url":"https://nellie.booking.com/report"}],"max_age":600,"group":"default","failure_fraction":0.05}
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=2592000
accept-ranges: bytes
timing-allow-origin: *
x-amz-cf-id: X2wXNs_ZtAnb-UAwBG6oisvQGe26tN8nTrLO91uwV9A2NE9p4x9yXA==
expires: Wed, 03 Jul 2024 02:26:27 GMT

GET
H3 200 favicon.png
bnb.confirm5318.com/static/img/ 610 B
1 KB 132ms
131ms Other
image/png 172.67.193.43
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://bnb.confirm5318.com/static/img/favicon.png
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.193.43 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 99af6690771b7b62a1325d0c0b38a9a0300c18921e4877dcf38a239b9c977502

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://bnb.confirm5318.com/sign-in
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 14 Jun 2024 05:56:15 GMT
cf-cache-status: MISS
last-modified: Wed, 12 Jun 2024 20:12:15 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: "666a011f-262"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=LFWXIdo5tOhON69J0eeK3vne3%2FrMPVPQReINu3ji0a2b0S71wPlfQoyCoOlAEohjmEkph9wrdMT%2F47FotzcTH9AAm3oTWcN5X2eZdnYvoafXPPSbxdZ4cMsWk8GON1mLPeahn7Tq"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 8938137d39306993-FRA
alt-svc: h3=":443"; ma=86400
content-length: 610

GET
H3 200 info Show response
api.drzteamsqd.pics/ws/ 79 B
641 B 205ms
122ms XHR
application/json 172.67.169.208
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://api.drzteamsqd.pics/ws/info?t=1718344575540
Requested by: Host: bnb.confirm5318.com
URL: https://bnb.confirm5318.com/static/js/main.1ead8bbe.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.169.208 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 014bd637f406d7910f6f8fe8dce5ac40b130a3ec9182d445d3c9bda462892ec2

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://bnb.confirm5318.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 14 Jun 2024 05:56:15 GMT
content-encoding: br
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Ql7yhSqUBvldV3WWoiVu6knyJUgw2yql1QpRihPTaPXQb75nqhUvd1%2FoJqorQ0xJtdhU%2BOcrbqJpYqIYwSQJFMMEH1TW05WoU4OZdp%2FVWe%2BUiC7cguOA%2FZNI7u6mv0eF3ijsKnNT"}],"group":"cf-nel","max_age":604800}
content-type: application/json;charset=UTF-8
access-control-allow-origin: https://bnb.confirm5318.com
cache-control: no-store, no-cache, must-revalidate, max-age=0
access-control-allow-credentials: true
cf-ray: 8938137dca13974b-FRA
alt-svc: h3=":443"; ma=86400

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Booking (Travel)

3 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

undefined| event object| fence object| sharedStorage

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

api.drzteamsqd.pics
bnb.confirm5318.com
q-xx.bstatic.com
172.67.169.208
172.67.193.43
2600:9000:266e:9e00:5:bf05:acc0:93a1
014bd637f406d7910f6f8fe8dce5ac40b130a3ec9182d445d3c9bda462892ec2
5abdcbd61cce8f1eee8505a230e5303b26e63254bb6c38d35ffd46b7509eab80
7233a60f17567ae6c8ebadd3384d535c1666f856b249dd0ebb0b43329a6b94f6
942b30ad9d35084370c00e7db55378e910ea90e60b9e8d46f6f55bdc7cce96b3
99af6690771b7b62a1325d0c0b38a9a0300c18921e4877dcf38a239b9c977502
a333d02eedde7a4dd8643d58b0ea7947268a1762f35f517eb6000ec9e7fcfae8

bnb.confirm5318.com Open in urlscan Pro 172.67.193.43 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page Statistics

6 Requests

100 %HTTPS

33 %IPv6

3 Domains

3 Subdomains

3 IPs

1 Countries

131 kBTransfer

533 kBSize

0 Cookies

7 Outgoing links

Redirected requests

6 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

3 JavaScript Global Variables

0 Cookies

Indicators

bnb.confirm5318.com Open in urlscan Pro
172.67.193.43 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

6
Requests

100 %
HTTPS

33 %
IPv6

3
Domains

3
Subdomains

3
IPs

1
Countries

131 kB
Transfer

533 kB
Size

0
Cookies

6 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!