![](/screenshots/b071c6f0-0644-410e-8e5e-d18651e10adc.png)
booking.hotel-id991.com
Open in
urlscan Pro
188.114.96.9
Malicious Activity!
Public Scan
Effective URL: https://booking.hotel-id991.com/sign-in?op_token=EgVvYXV0aCJHChQ2Wjcyb0hPZDM2Tm43emszcGlyaBIJYXV0aG9yaXplGhpodHRwczovL2FkbWluLmJ...
Submission: On January 12 via manual from ES — Scanned from ES
Summary
TLS certificate: Issued by GTS CA 1P5 on January 11th 2024. Valid for: 3 months.
This is the only time booking.hotel-id991.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Booking (Travel)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 1 | 172.67.160.19 172.67.160.19 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 1 | 172.67.147.55 172.67.147.55 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 6 | 188.114.96.9 188.114.96.9 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 151.101.66.137 151.101.66.137 | 54113 (FASTLY) (FASTLY) | |
1 | 104.16.88.20 104.16.88.20 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
7 | 3 |
Apex Domain Subdomains |
Transfer | |
---|---|---|
6 |
hotel-id991.com
1 redirects
booking.hotel-id991.com |
51 KB |
1 |
jsdelivr.net
cdn.jsdelivr.net — Cisco Umbrella Rank: 438 |
2 KB |
1 |
jquery.com
code.jquery.com — Cisco Umbrella Rank: 1219 |
31 KB |
1 |
center-officeid12.site
1 redirects
center-officeid12.site |
779 B |
1 |
iplogger.cn
1 redirects
iplogger.cn |
803 B |
7 | 5 |
Domain | Requested by | |
---|---|---|
6 | booking.hotel-id991.com |
1 redirects
booking.hotel-id991.com
|
1 | cdn.jsdelivr.net |
booking.hotel-id991.com
|
1 | code.jquery.com |
booking.hotel-id991.com
|
1 | center-officeid12.site | 1 redirects |
1 | iplogger.cn | 1 redirects |
7 | 5 |
This site contains links to these domains. Also see Links.
Domain |
---|
partner.booking.com |
account.booking.com |
www.booking.com |
admin.booking.com |
Subject Issuer | Validity | Valid | |
---|---|---|---|
hotel-id991.com GTS CA 1P5 |
2024-01-11 - 2024-04-10 |
3 months | crt.sh |
*.jquery.com Sectigo RSA Domain Validation Secure Server CA |
2023-07-11 - 2024-07-14 |
a year | crt.sh |
sni.cloudflaressl.com Cloudflare Inc ECC CA-3 |
2023-05-02 - 2024-05-01 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://booking.hotel-id991.com/sign-in?op_token=EgVvYXV0aCJHChQ2Wjcyb0hPZDM2Tm43emszcGlyaBIJYXV0aG9yaXplGhpodHRwczovL2FkbWluLmJvb2tpbmcuY29tLyoCe31CBGNvZGUqEjC5kIrvm9smOgBCAFj--q2aRp
Frame ID: A371BADB7F37D0447B240486D9DA62B0
Requests: 7 HTTP requests in this frame
Screenshot
![](/screenshots/b071c6f0-0644-410e-8e5e-d18651e10adc.png)
Page Title
Booking.comPage URL History Show full URLs
-
https://iplogger.cn/2OZW03
HTTP 302
https://center-officeid12.site/zWGxpC HTTP 302
https://booking.hotel-id991.com/apartment/id991 HTTP 302
https://booking.hotel-id991.com/sign-in?op_token=EgVvYXV0aCJHChQ2Wjcyb0hPZDM2Tm43emszcGlyaBIJYXV0aG9yaXplGhp... Page URL
Detected technologies
Detected patterns
- jquery[.-]([\d.]*\d)[^/]*\.js
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Detected patterns
- //cdn\.jsdelivr\.net/
Page Statistics
8 Outgoing links
These are links going to different origins than the main page.
Search URL Search Domain Scan URL
Title: Create an account
Search URL Search Domain Scan URL
Title: Having trouble signing in?
Search URL Search Domain Scan URL
Title: Partner Help
Search URL Search Domain Scan URL
Title: Partner Community
Search URL Search Domain Scan URL
Title: Create your partner account
Search URL Search Domain Scan URL
Title: Terms & conditions
Search URL Search Domain Scan URL
Title: Privacy statement
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://iplogger.cn/2OZW03
HTTP 302
https://center-officeid12.site/zWGxpC HTTP 302
https://booking.hotel-id991.com/apartment/id991 HTTP 302
https://booking.hotel-id991.com/sign-in?op_token=EgVvYXV0aCJHChQ2Wjcyb0hPZDM2Tm43emszcGlyaBIJYXV0aG9yaXplGhpodHRwczovL2FkbWluLmJvb2tpbmcuY29tLyoCe31CBGNvZGUqEjC5kIrvm9smOgBCAFj--q2aRp Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
7 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
sign-in
booking.hotel-id991.com/ Redirect Chain
|
71 KB 12 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
45_1975cbc2f7eaad75f590.css
booking.hotel-id991.com/stylesheets/ |
90 KB 17 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
938_afde72b9aaa8302ff017.css
booking.hotel-id991.com/stylesheets/ |
73 KB 8 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
826_0d1737e180931a217647.css
booking.hotel-id991.com/stylesheets/ |
60 KB 13 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery-3.6.4.min.js
code.jquery.com/ |
88 KB 31 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
js.cookie.min.js
cdn.jsdelivr.net/npm/js-cookie@3.0.5/dist/ |
2 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
gb.png
booking.hotel-id991.com/images/ |
522 B 887 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Booking (Travel)4 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| documentPictureInPicture function| $ function| jQuery object| Cookies7 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
iplogger.cn/ | Name: 522173041388789660 Value: 3 |
|
iplogger.cn/ | Name: clhf03028ja Value: 82.199.63.156 |
|
center-officeid12.site/ | Name: _subid Value: 1c2tevl2t3 |
|
center-officeid12.site/ | Name: 1222c Value: eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkYXRhIjoie1wic3RyZWFtc1wiOntcIjdcIjoxNzA1MDY2MTc2fSxcImNhbXBhaWduc1wiOntcIjdcIjoxNzA1MDY2MTc2fSxcInRpbWVcIjoxNzA1MDY2MTc2fSJ9.45f0PodEKod1D0zad971Da6biSxXre_17BbHwiFL4Bs |
|
booking.hotel-id991.com/ | Name: uuid Value: 7f0be405-4752-4c13-b465-89203519dd43 |
|
booking.hotel-id991.com/ | Name: op_token Value: EgVvYXV0aCJHChQ2Wjcyb0hPZDM2Tm43emszcGlyaBIJYXV0aG9yaXplGhpodHRwczovL2FkbWluLmJvb2tpbmcuY29tLyoCe31CBGNvZGUqEjC5kIrvm9smOgBCAFj--q2aRp |
|
booking.hotel-id991.com/ | Name: worker_id Value: id991 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
booking.hotel-id991.com
cdn.jsdelivr.net
center-officeid12.site
code.jquery.com
iplogger.cn
104.16.88.20
151.101.66.137
172.67.147.55
172.67.160.19
188.114.96.9
4567d6213bc1480a45f493da8d292339522d45ac15c8ba1723aa342b155393f7
5522523714d946a5810383bbca991c678457eed981b987d65f352c9fed2dc7d9
582cc085dd8fea044917d1efde838e77e845262fd025bbfe0339f808607c81f6
96f1beb125f73c511d8b401c7cb7af1469ceed1a89003beecb8646166dc41f07
996b0e99fcc7a553eac6f51569be5429b1bf8c071a708289fab808d7660cf74c
a0fe8723dcf55da64d06b25446d0a8513e52527c45afcb37073465f9c6f352af
e7ec2c4b3a7e380ae69038b8a8e21d12970f4f113f302de88787ba887a75177d