www.me-airbnb.com
Open in
urlscan Pro
188.114.97.3
Malicious Activity!
Public Scan
Effective URL: https://www.me-airbnb.com/dfgnse/reservations
Submission: On July 04 via api from US — Scanned from NL
Summary
TLS certificate: Issued by WE1 on June 6th 2024. Valid for: 3 months.
This is the only time www.me-airbnb.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Generic Cloudflare (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 9 | 188.114.97.3 188.114.97.3 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
3 | 172.67.212.24 172.67.212.24 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
12 | 3 |
Apex Domain Subdomains |
Transfer | |
---|---|---|
9 |
me-airbnb.com
1 redirects
www.me-airbnb.com |
163 KB |
3 |
support-15.online
support-15.online |
1 KB |
12 | 2 |
Domain | Requested by | |
---|---|---|
9 | www.me-airbnb.com |
1 redirects
www.me-airbnb.com
|
3 | support-15.online |
www.me-airbnb.com
|
12 | 2 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
me-airbnb.com WE1 |
2024-06-06 - 2024-09-04 |
3 months | crt.sh |
support-15.online WE1 |
2024-07-02 - 2024-09-30 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://www.me-airbnb.com/dfgnse/reservations
Frame ID: 66B65B901B10496A2643B7D2D92C78CF
Requests: 12 HTTP requests in this frame
Screenshot
Page Title
AirbnbPage URL History Show full URLs
-
http://www.me-airbnb.com/dfgnse/reservations
HTTP 307
https://www.me-airbnb.com/dfgnse/reservations Page URL
-
https://www.me-airbnb.com/cdn-cgi/phish-bypass?atok=WGvSsIhEfg9104Jqb.zYakGqX0tYSeUpW1dDoooRnVc-172013...
HTTP 301
https://www.me-airbnb.com/dfgnse/reservations Page URL
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
http://www.me-airbnb.com/dfgnse/reservations
HTTP 307
https://www.me-airbnb.com/dfgnse/reservations Page URL
-
https://www.me-airbnb.com/cdn-cgi/phish-bypass?atok=WGvSsIhEfg9104Jqb.zYakGqX0tYSeUpW1dDoooRnVc-1720131448-0.0.1.1-%2Fdfgnse%2Freservations
HTTP 301
https://www.me-airbnb.com/dfgnse/reservations Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 0- http://www.me-airbnb.com/dfgnse/reservations HTTP 307
- https://www.me-airbnb.com/dfgnse/reservations
12 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H3 |
reservations
www.me-airbnb.com/dfgnse/ Redirect Chain
|
5 KB 2 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
cf.errors.css
www.me-airbnb.com/cdn-cgi/styles/ |
23 KB 5 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
icon-exclamation.png
www.me-airbnb.com/cdn-cgi/images/ |
452 B 634 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
favicon.ico
www.me-airbnb.com/ |
5 KB 2 KB |
Other
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
Primary Request
reservations
www.me-airbnb.com/dfgnse/ Redirect Chain
|
522 B 675 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
index-VpamsGcD.js
www.me-airbnb.com/assets/ |
426 KB 142 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
index-CVYvM4dx.css
www.me-airbnb.com/assets/ |
46 KB 9 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
/
support-15.online/api/socket/ |
118 B 553 B |
XHR
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
bnb_logo.ico
www.me-airbnb.com/ |
4 KB 2 KB |
Other
image/x-icon |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H3 |
/
support-15.online/api/socket/ |
2 B 404 B |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
/
support-15.online/api/socket/ |
32 B 444 B |
XHR
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
/
support-15.online/api/socket/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- support-15.online
- URL
- https://support-15.online/api/socket/?EIO=4&transport=polling&t=P1_qmRo&sid=2mGL3bcsp3OBdiNIABBJ
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Generic Cloudflare (Online)4 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
undefined| event object| fence object| sharedStorage string| __reactRouterVersion1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
.www.me-airbnb.com/ | Name: __cf_mw_byp Value: WGvSsIhEfg9104Jqb.zYakGqX0tYSeUpW1dDoooRnVc-1720131448-0.0.1.1-/dfgnse/reservations |
1 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
X-Frame-Options | SAMEORIGIN |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
support-15.online
www.me-airbnb.com
support-15.online
172.67.212.24
188.114.97.3
2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df
437f38110ff9a556506553fa852358789f158381015925a729da0a8fb3fb0c17
441c3703307657b8c33dca562bf81ba7b6c71f37496060559c802c2b7bcd2975
84e3c77025ace5af143972b4a40fc834dcdfd4e449d4b36a57e62326f16b3091
9ba669d9ce07a2d4689edadaf5178a3296442567f4006e8e0e7de94b845c4a81
9d8c1e55a95ed4d8c8b548036879c88730862e5701939d13634021871060175d
bc3253d3dcc5417c6e252056109b3919f46b4a01e7bef8c3f5da8bdd3fa02a8f
c61ac5f79575e35fd6c1863ccb4e720f5e91a8e85fbc5fdf797cbffba50a7b8a
e1cb19a6b2a27d43447951236b9ac9048522b6bb45c607347b92983cb5dc19ed
f1591a5221136c49438642155691ae6c68e25b7241f3d7ebe975b09a77662016
faba27f48eefd3cedcc4c0a3d28df5e0f2eaeb1d5a59b2e5700c4978805089c7