booking.hotel-id991.com

Summary

This website contacted 3 IPs in 3 countries across 5 domains to perform 7 HTTP transactions. The main IP is 188.114.96.9, located in Amsterdam, Netherlands and belongs to CLOUDFLARENET, US. The main domain is booking.hotel-id991.com.
TLS certificate: Issued by GTS CA 1P5 on January 11th 2024. Valid for: 3 months.

This is the only time booking.hotel-id991.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Booking (Travel)

Domain & IP information

	IP Address	AS Autonomous System
1 1	172.67.160.19 172.67.160.19	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 1	172.67.147.55 172.67.147.55	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 6	188.114.96.9 188.114.96.9	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	151.101.66.137 151.101.66.137	54113 (FASTLY) (FASTLY)
1	104.16.88.20 104.16.88.20	13335 (CLOUDFLAR...) (CLOUDFLARENET)
7	3

1 172.67.160.19 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

iplogger.cn	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.67.147.55 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

center-officeid12.site	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 188.114.96.9 (Amsterdam, Netherlands) 1 redirects

ASN13335 (CLOUDFLARENET, US)

booking.hotel-id991.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.66.137 (United States)

ASN54113 (FASTLY, US)

code.jquery.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.16.88.20 (None, )

ASN13335 (CLOUDFLARENET, US)

cdn.jsdelivr.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
6	hotel-id991.com 1 redirects booking.hotel-id991.com	51 KB
1	jsdelivr.net cdn.jsdelivr.net — Cisco Umbrella Rank: 438	2 KB
1	jquery.com code.jquery.com — Cisco Umbrella Rank: 1219	31 KB
1	center-officeid12.site 1 redirects center-officeid12.site	779 B
1	iplogger.cn 1 redirects iplogger.cn	803 B
7	5

	Domain	Requested by
6	booking.hotel-id991.com	1 redirects booking.hotel-id991.com
1	cdn.jsdelivr.net	booking.hotel-id991.com
1	code.jquery.com	booking.hotel-id991.com
1	center-officeid12.site	1 redirects
1	iplogger.cn	1 redirects
7	5

This site contains links to these domains. Also see Links.

Domain
partner.booking.com
account.booking.com
www.booking.com
admin.booking.com

Subject Issuer	Validity	Valid
hotel-id991.com GTS CA 1P5	`2024-01-11` - `2024-04-10`	3 months	crt.sh
*.jquery.com Sectigo RSA Domain Validation Secure Server CA	`2023-07-11` - `2024-07-14`	a year	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2023-05-02` - `2024-05-01`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://booking.hotel-id991.com/sign-in?op_token=EgVvYXV0aCJHChQ2Wjcyb0hPZDM2Tm43emszcGlyaBIJYXV0aG9yaXplGhpodHRwczovL2FkbWluLmJvb2tpbmcuY29tLyoCe31CBGNvZGUqEjC5kIrvm9smOgBCAFj--q2aRp
Frame ID: A371BADB7F37D0447B240486D9DA62B0
Requests: 7 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Booking.com

Page URL History Show full URLs

https://iplogger.cn/2OZW03 HTTP 302
https://center-officeid12.site/zWGxpC HTTP 302
https://booking.hotel-id991.com/apartment/id991 HTTP 302
https://booking.hotel-id991.com/sign-in?op_token=EgVvYXV0aCJHChQ2Wjcyb0hPZDM2Tm43emszcGlyaBIJYXV0aG9yaXplGhp... Page URL

Detected technologies

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

jsDelivr (CDN) Expand

Overall confidence: 100%
Detected patterns

//cdn\.jsdelivr\.net/

Page Statistics

7
Requests

100 %
HTTPS

0 %
IPv6

5
Domains

5
Subdomains

3
IPs

3
Countries

83 kB
Transfer

384 kB
Size

7
Cookies

8 Outgoing links

These are links going to different origins than the main page.

URL: https://partner.booking.com/node/2170?utm_source=account&utm_medium=support_link

Search URL Search Domain Scan URL

URL: https://account.booking.com/register
Title: Create an account

Search URL Search Domain Scan URL

URL: https://account.booking.com/account-recovery/options?op_token=EgVvYXV0aCJHChQ2Wjcyb0hPZDM2Tm43emszcGlyaBIJYXV0aG9yaXplGhpodHRwczovL2FkbWluLmJvb2tpbmcuY29tLyoCe31CBGNvZGUqEjC5kIrvm9smOgBCAFj--e2rBg
Title: Having trouble signing in?

Search URL Search Domain Scan URL

URL: https://partner.booking.com/ru?utm_source=extranet_login_page
Title: Partner Help

Search URL Search Domain Scan URL

URL: https://partner.booking.com/ru/node/27/?utm_content=27&utm_source=extranet_login_page
Title: Partner Community

Search URL Search Domain Scan URL

URL: https://account.booking.com/register?op_token=EgVvYXV0aCJHChQ2Wjcyb0hPZDM2Tm43emszcGlyaBIJYXV0aG9yaXplGhpodHRwczovL2FkbWluLmJvb2tpbmcuY29tLyoCe31CBGNvZGUqEjC5kIrvm9smOgBCAFj--e2rBg
Title: Create your partner account

Search URL Search Domain Scan URL

URL: https://www.booking.com/general.en-gb.html?tmpl=docs/terms_of_use
Title: Terms & conditions

Search URL Search Domain Scan URL

URL: https://admin.booking.com/hotel/hoteladmin/privacy.html?lang=en-gb
Title: Privacy statement

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://iplogger.cn/2OZW03 HTTP 302
https://center-officeid12.site/zWGxpC HTTP 302
https://booking.hotel-id991.com/apartment/id991 HTTP 302
https://booking.hotel-id991.com/sign-in?op_token=EgVvYXV0aCJHChQ2Wjcyb0hPZDM2Tm43emszcGlyaBIJYXV0aG9yaXplGhpodHRwczovL2FkbWluLmJvb2tpbmcuY29tLyoCe31CBGNvZGUqEjC5kIrvm9smOgBCAFj--q2aRp Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

7 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request sign-in Show response
booking.hotel-id991.com/
Redirect Chain

https://iplogger.cn/2OZW03
https://center-officeid12.site/zWGxpC
https://booking.hotel-id991.com/apartment/id991
https://booking.hotel-id991.com/sign-in?op_token=EgVvYXV0aCJHChQ2Wjcyb0hPZDM2Tm43emszcGlyaBIJYXV0aG9yaXplGhpodHRwczovL2FkbWluLmJvb2tpbmcuY29tLyoCe31CBGNvZGUqEjC5kIrvm9smOgBCAFj--q2aRp

71 KB
12 KB

149ms
148ms

Document
text/html

188.114.96.9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://booking.hotel-id991.com/sign-in?op_token=EgVvYXV0aCJHChQ2Wjcyb0hPZDM2Tm43emszcGlyaBIJYXV0aG9yaXplGhpodHRwczovL2FkbWluLmJvb2tpbmcuY29tLyoCe31CBGNvZGUqEjC5kIrvm9smOgBCAFj--q2aRp
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 188.114.96.9 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / Express
Resource Hash: e7ec2c4b3a7e380ae69038b8a8e21d12970f4f113f302de88787ba887a75177d

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36
accept-language: es-ES,es;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: max-age=1
cf-cache-status: DYNAMIC
cf-ray: 8445bfdd5a2e385d-MAD
content-encoding: br
content-type: text/html; charset=utf-8
date: Fri, 12 Jan 2024 13:29:38 GMT
expires: Fri, 12 Jan 2024 13:29:39 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Dh1n%2F4u%2BaJsJm2R9pN65qRIaBTe0owgm85x80C9nzMM%2B8lhnIuXtXo3%2FkCw5%2BigpqyjA86%2FdyJqicWx86S7fAAo9dEOIWll5qZ7iqDfSKJ05hIUZxouh0le5p9bEHFmuDIxQ9CigT4ELEg%3D%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
x-powered-by: Express

Redirect headers

alt-svc: h3=":443"; ma=86400
cache-control: max-age=1
cf-cache-status: DYNAMIC
cf-ray: 8445bfda7ead385d-MAD
content-type: text/html; charset=utf-8
date: Fri, 12 Jan 2024 13:29:38 GMT
expires: Fri, 12 Jan 2024 13:29:38 GMT
location: /sign-in?op_token=EgVvYXV0aCJHChQ2Wjcyb0hPZDM2Tm43emszcGlyaBIJYXV0aG9yaXplGhpodHRwczovL2FkbWluLmJvb2tpbmcuY29tLyoCe31CBGNvZGUqEjC5kIrvm9smOgBCAFj--q2aRp
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rFv%2Bczdh8xwTxcCtKV8viembQa%2F7HyzWrVosxlLLX3Hug8%2FicRdvQyRogtWdGZIEq3SG9jeN4C86QBDICJ6P1As4seVOa%2FBAth3qaBLfNkg%2BJYrbEJpyxYOyFeYF7llt0BP4hJjxkWywjQ%3D%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept
x-powered-by: Express

GET
H2 200 45_1975cbc2f7eaad75f590.css
booking.hotel-id991.com/stylesheets/ 90 KB
17 KB 278ms
277ms Stylesheet
text/css 188.114.96.9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://booking.hotel-id991.com/stylesheets/45_1975cbc2f7eaad75f590.css
Requested by: Host: booking.hotel-id991.com
URL: https://booking.hotel-id991.com/sign-in?op_token=EgVvYXV0aCJHChQ2Wjcyb0hPZDM2Tm43emszcGlyaBIJYXV0aG9yaXplGhpodHRwczovL2FkbWluLmJvb2tpbmcuY29tLyoCe31CBGNvZGUqEjC5kIrvm9smOgBCAFj--q2aRp
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 188.114.96.9 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / Express
Resource Hash: 96f1beb125f73c511d8b401c7cb7af1469ceed1a89003beecb8646166dc41f07

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://booking.hotel-id991.com/sign-in?op_token=EgVvYXV0aCJHChQ2Wjcyb0hPZDM2Tm43emszcGlyaBIJYXV0aG9yaXplGhpodHRwczovL2FkbWluLmJvb2tpbmcuY29tLyoCe31CBGNvZGUqEjC5kIrvm9smOgBCAFj--q2aRp
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Fri, 12 Jan 2024 13:29:38 GMT
content-encoding: br
cf-cache-status: EXPIRED
last-modified: Thu, 28 Dec 2023 18:47:19 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
x-powered-by: Express
etag: W/"16800-18cb1c09ca9"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MUjsFc%2FmZOb574yoLm7xuihFQxSLHri22k0iiqYS34iLEpHm6wda3%2FgfwfppA0CprCYyAYYG%2BkwTW7BZsfTKmaA8hMO45J4z1%2FmN9jtLOLgWoCy5tavFeEAa4ffqXpJCE%2FAyDl%2BkcvzdOg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=UTF-8
cache-control: max-age=14400
cf-ray: 8445bfde3b78385d-MAD
alt-svc: h3=":443"; ma=86400
expires: Fri, 12 Jan 2024 13:29:39 GMT

GET
H2 200 938_afde72b9aaa8302ff017.css
booking.hotel-id991.com/stylesheets/ 73 KB
8 KB 283ms
281ms Stylesheet
text/css 188.114.96.9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://booking.hotel-id991.com/stylesheets/938_afde72b9aaa8302ff017.css
Requested by: Host: booking.hotel-id991.com
URL: https://booking.hotel-id991.com/sign-in?op_token=EgVvYXV0aCJHChQ2Wjcyb0hPZDM2Tm43emszcGlyaBIJYXV0aG9yaXplGhpodHRwczovL2FkbWluLmJvb2tpbmcuY29tLyoCe31CBGNvZGUqEjC5kIrvm9smOgBCAFj--q2aRp
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 188.114.96.9 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / Express
Resource Hash: 4567d6213bc1480a45f493da8d292339522d45ac15c8ba1723aa342b155393f7

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://booking.hotel-id991.com/sign-in?op_token=EgVvYXV0aCJHChQ2Wjcyb0hPZDM2Tm43emszcGlyaBIJYXV0aG9yaXplGhpodHRwczovL2FkbWluLmJvb2tpbmcuY29tLyoCe31CBGNvZGUqEjC5kIrvm9smOgBCAFj--q2aRp
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Fri, 12 Jan 2024 13:29:38 GMT
content-encoding: br
cf-cache-status: EXPIRED
last-modified: Thu, 28 Dec 2023 18:47:19 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
x-powered-by: Express
etag: W/"123f9-18cb1c09ca9"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=TEQ1K13VdlrgzpNSwdrl8gPjCF%2Bz6ImZClPINFUI5p8XtcUIUpkiF9GvlziopsKF5v9pZXlfk5yMBvvJ%2FGN7EXZxtxPQ9w6H6hWY9h%2FXAnxjLNTd2%2FjpOnaU4M95dFZdliZVE9vIAvc5nw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=UTF-8
cache-control: max-age=14400
cf-ray: 8445bfde3b7c385d-MAD
alt-svc: h3=":443"; ma=86400
expires: Fri, 12 Jan 2024 13:29:39 GMT

GET
H2 200 826_0d1737e180931a217647.css
booking.hotel-id991.com/stylesheets/ 60 KB
13 KB 315ms
314ms Stylesheet
text/css 188.114.96.9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://booking.hotel-id991.com/stylesheets/826_0d1737e180931a217647.css
Requested by: Host: booking.hotel-id991.com
URL: https://booking.hotel-id991.com/sign-in?op_token=EgVvYXV0aCJHChQ2Wjcyb0hPZDM2Tm43emszcGlyaBIJYXV0aG9yaXplGhpodHRwczovL2FkbWluLmJvb2tpbmcuY29tLyoCe31CBGNvZGUqEjC5kIrvm9smOgBCAFj--q2aRp
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 188.114.96.9 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / Express
Resource Hash: 5522523714d946a5810383bbca991c678457eed981b987d65f352c9fed2dc7d9

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://booking.hotel-id991.com/sign-in?op_token=EgVvYXV0aCJHChQ2Wjcyb0hPZDM2Tm43emszcGlyaBIJYXV0aG9yaXplGhpodHRwczovL2FkbWluLmJvb2tpbmcuY29tLyoCe31CBGNvZGUqEjC5kIrvm9smOgBCAFj--q2aRp
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Fri, 12 Jan 2024 13:29:38 GMT
content-encoding: br
cf-cache-status: EXPIRED
last-modified: Thu, 28 Dec 2023 18:47:19 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
x-powered-by: Express
etag: W/"ef43-18cb1c09ca9"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5FUKGMdQq%2FB1gsTejOuMfqrD7iNO5CmM5adUa2b426Pwpu7uhW7f3dpKA2MFEeZzzSGHkw%2BXLDPbLkzFC0QObnFzOoRDNK0e1MBLh4peJ1oegqSHtROFc3Rx0qj%2BBENaO%2F%2F%2BZkUWhYT%2BoQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=UTF-8
cache-control: max-age=14400
cf-ray: 8445bfde4b89385d-MAD
alt-svc: h3=":443"; ma=86400
expires: Fri, 12 Jan 2024 13:29:39 GMT

GET
H2 200 jquery-3.6.4.min.js Show response
code.jquery.com/ 88 KB
31 KB 944ms
63ms Script
application/javascript 151.101.66.137
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://code.jquery.com/jquery-3.6.4.min.js
Requested by: Host: booking.hotel-id991.com
URL: https://booking.hotel-id991.com/sign-in?op_token=EgVvYXV0aCJHChQ2Wjcyb0hPZDM2Tm43emszcGlyaBIJYXV0aG9yaXplGhpodHRwczovL2FkbWluLmJvb2tpbmcuY29tLyoCe31CBGNvZGUqEjC5kIrvm9smOgBCAFj--q2aRp
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.66.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: a0fe8723dcf55da64d06b25446d0a8513e52527c45afcb37073465f9c6f352af

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://booking.hotel-id991.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Fri, 12 Jan 2024 13:29:39 GMT
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
age: 10265571
x-cache: HIT, HIT
content-length: 31011
x-served-by: cache-lga21953-LGA, cache-mad2200138-MAD
last-modified: Fri, 18 Oct 1991 12:00:00 GMT
server: nginx
x-timer: S1705066179.162425,VS0,VE0
etag: W/"28feccc0-15ec3"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=604800
accept-ranges: bytes
x-cache-hits: 129, 12862

GET
H2 200 js.cookie.min.js Show response
cdn.jsdelivr.net/npm/js-cookie@3.0.5/dist/ 2 KB
2 KB 980ms
95ms Script
application/javascript 104.16.88.20
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/npm/js-cookie@3.0.5/dist/js.cookie.min.js

Requested by

Host: booking.hotel-id991.com
URL: https://booking.hotel-id991.com/sign-in?op_token=EgVvYXV0aCJHChQ2Wjcyb0hPZDM2Tm43emszcGlyaBIJYXV0aG9yaXplGhpodHRwczovL2FkbWluLmJvb2tpbmcuY29tLyoCe31CBGNvZGUqEjC5kIrvm9smOgBCAFj--q2aRp

Protocol

H2

Security

TLS 1.3, , AES_128_GCM

Server

104.16.88.20 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

582cc085dd8fea044917d1efde838e77e845262fd025bbfe0339f808607c81f6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://booking.hotel-id991.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Fri, 12 Jan 2024 13:29:39 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 3839915
x-jsd-version: 3.0.5
content-encoding: br
x-cache: HIT, HIT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
x-served-by: cache-fra-eddf8230030-FRA, cache-mad22077-MAD
x-jsd-version-type: version
server: cloudflare
etag: W/"6c3-1s0eec7oePdhcVrYEdKeoGY3QW4"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=oph9ueFOgZNH3CDpsr3nonC0esZqml7RcObVeL4eBsLgxJoQpCoB5rqG7X1YC%2BUvLDFzZfNGb5eQ24W%2BguZwARL%2FcwuOtnLR%2FamtV1CoA%2BSk0YOlwBJkvzJYInvwsgZr%2B5Q%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
timing-allow-origin: *
cf-ray: 8445bfe3df76665d-MAD

GET
H2 200 gb.png
booking.hotel-id991.com/images/ 522 B
887 B 177ms
177ms Image
image/png 188.114.96.9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://booking.hotel-id991.com/images/gb.png
Requested by: Host: booking.hotel-id991.com
URL: https://booking.hotel-id991.com/sign-in?op_token=EgVvYXV0aCJHChQ2Wjcyb0hPZDM2Tm43emszcGlyaBIJYXV0aG9yaXplGhpodHRwczovL2FkbWluLmJvb2tpbmcuY29tLyoCe31CBGNvZGUqEjC5kIrvm9smOgBCAFj--q2aRp
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 188.114.96.9 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / Express
Resource Hash: 996b0e99fcc7a553eac6f51569be5429b1bf8c071a708289fab808d7660cf74c

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://booking.hotel-id991.com/sign-in?op_token=EgVvYXV0aCJHChQ2Wjcyb0hPZDM2Tm43emszcGlyaBIJYXV0aG9yaXplGhpodHRwczovL2FkbWluLmJvb2tpbmcuY29tLyoCe31CBGNvZGUqEjC5kIrvm9smOgBCAFj--q2aRp
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Fri, 12 Jan 2024 13:29:39 GMT
cf-cache-status: EXPIRED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-powered-by: Express
alt-svc: h3=":443"; ma=86400
content-length: 522
last-modified: Thu, 28 Dec 2023 18:47:19 GMT
server: cloudflare
etag: W/"20a-18cb1c09ca5"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GYqTC9d%2BujCQpSygWnEu90PoQg36c%2B%2B1kURRXIWpNR0HOodGknef8TQKbon1Pncst%2BGQClhukveTuFYV36fCFK4PTypVk1E7nTCCyrsMo8DMA91ydM1g7vOp%2BkOT4C%2B6XaJ6IQaZSyC3fg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 8445bfe49b9a385d-MAD
expires: Fri, 12 Jan 2024 13:29:40 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Booking (Travel)

4 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| documentPictureInPicture function| $ function| jQuery object| Cookies

7 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
iplogger.cn/	1970-01-21 02:24:48	Name: 522173041388789660 Value: 3
iplogger.cn/	1970-01-21 02:24:48	Name: clhf03028ja Value: 82.199.63.156
center-officeid12.site/	1970-01-20 18:22:24	Name: _subid Value: 1c2tevl2t3
center-officeid12.site/	1970-01-21 03:13:46	Name: 1222c Value: eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkYXRhIjoie1wic3RyZWFtc1wiOntcIjdcIjoxNzA1MDY2MTc2fSxcImNhbXBhaWduc1wiOntcIjdcIjoxNzA1MDY2MTc2fSxcInRpbWVcIjoxNzA1MDY2MTc2fSJ9.45f0PodEKod1D0zad971Da6biSxXre_17BbHwiFL4Bs
booking.hotel-id991.com/	1970-01-20 17:37:49	Name: uuid Value: 7f0be405-4752-4c13-b465-89203519dd43
booking.hotel-id991.com/	1970-01-20 17:37:49	Name: op_token Value: EgVvYXV0aCJHChQ2Wjcyb0hPZDM2Tm43emszcGlyaBIJYXV0aG9yaXplGhpodHRwczovL2FkbWluLmJvb2tpbmcuY29tLyoCe31CBGNvZGUqEjC5kIrvm9smOgBCAFj--q2aRp
booking.hotel-id991.com/	1970-01-20 17:37:49	Name: worker_id Value: id991

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

booking.hotel-id991.com
cdn.jsdelivr.net
center-officeid12.site
code.jquery.com
iplogger.cn
104.16.88.20
151.101.66.137
172.67.147.55
172.67.160.19
188.114.96.9
4567d6213bc1480a45f493da8d292339522d45ac15c8ba1723aa342b155393f7
5522523714d946a5810383bbca991c678457eed981b987d65f352c9fed2dc7d9
582cc085dd8fea044917d1efde838e77e845262fd025bbfe0339f808607c81f6
96f1beb125f73c511d8b401c7cb7af1469ceed1a89003beecb8646166dc41f07
996b0e99fcc7a553eac6f51569be5429b1bf8c071a708289fab808d7660cf74c
a0fe8723dcf55da64d06b25446d0a8513e52527c45afcb37073465f9c6f352af
e7ec2c4b3a7e380ae69038b8a8e21d12970f4f113f302de88787ba887a75177d

booking.hotel-id991.com Open in urlscan Pro 188.114.96.9 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

7 Requests

100 %HTTPS

0 %IPv6

5 Domains

5 Subdomains

3 IPs

3 Countries

83 kBTransfer

384 kBSize

7 Cookies

8 Outgoing links

Page URL History

Redirected requests

7 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

4 JavaScript Global Variables

7 Cookies

Indicators

booking.hotel-id991.com Open in urlscan Pro
188.114.96.9 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

7
Requests

100 %
HTTPS

0 %
IPv6

5
Domains

5
Subdomains

3
IPs

3
Countries

83 kB
Transfer

384 kB
Size

7
Cookies

7 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!