urlscan.io logo urlscan.io
SecurityTrails logo

booking.com-find-1215.com Open in urlscan Pro
2606:4700:3031::ac43:b75c  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
URL: https://booking.com-find-1215.com/p/6354495262
Submission: On January 24 via api from US — Scanned from US
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 5 IPs in 1 countries across 4 domains to perform 19 HTTP transactions. The main IP is 2606:4700:3031::ac43:b75c, located in United States and belongs to CLOUDFLARENET, US. The main domain is booking.com-find-1215.com.
TLS certificate: Issued by GTS CA 1P5 on January 23rd 2024. Valid for: 3 months.
This is the only time booking.com-find-1215.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Booking (Travel)

Domain & IP information

IP Address AS Autonomous System
1 15 2606:4700:303... 13335 (CLOUDFLAR...)
1 2600:9000:235... 16509 (AMAZON-02)
1 2606:4700::68... 13335 (CLOUDFLAR...)
1 2 13.225.195.114 16509 (AMAZON-02)
19 5
Apex Domain
Subdomains		 Transfer
15 com-find-1215.com
booking.com-find-1215.com
192 KB
2 booking.com
booking.com — Cisco Umbrella Rank: 7292
www.booking.com — Cisco Umbrella Rank: 9746
652 B
1 cloudflare.com
cdnjs.cloudflare.com — Cisco Umbrella Rank: 225
6 KB
1 bstatic.com
q-xx.bstatic.com — Cisco Umbrella Rank: 15869
52 KB
19 4
Domain Requested by
15 booking.com-find-1215.com 1 redirects booking.com-find-1215.com
1 www.booking.com
1 booking.com 1 redirects
1 cdnjs.cloudflare.com booking.com-find-1215.com
1 q-xx.bstatic.com booking.com-find-1215.com
19 5

This site contains no links.

Subject Issuer Validity Valid
com-find-1215.com
GTS CA 1P5		 2024-01-23 -
2024-04-22		 3 months crt.sh
*.bstatic.com
DigiCert Global G2 TLS RSA SHA256 2020 CA1		 2023-11-29 -
2024-11-28		 a year crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3		 2023-07-03 -
2024-07-02		 a year crt.sh

This page contains 2 frames:

Primary Page: https://booking.com-find-1215.com/p/6354495262
Frame ID: 5986A4770A089A6628E09FB47F681168
Requests: 11 HTTP requests in this frame

Frame: https://booking.com-find-1215.com/chat/6354495262
Frame ID: B0910342A3E9AED42EC46D00C77E8B08
Requests: 8 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Booking.com | Official site | The best hotels & accommodation

Detected technologies

Overall confidence: 100%
Detected patterns
  • (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
Overall confidence: 100%
Detected patterns
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

19
Requests

84 %
HTTPS

75 %
IPv6

4
Domains

5
Subdomains

5
IPs

1
Countries

250 kB
Transfer

1827 kB
Size

2
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 15
  • https://booking.com-find-1215.com/chat/%7Bimage%7D HTTP 302
  • https://booking.com/ HTTP 301
  • https://www.booking.com/

19 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request 6354495262
booking.com-find-1215.com/p/ 		98 KB
16 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://booking.com-find-1215.com/p/6354495262
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3031::ac43:b75c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ddef8eac8b26cc9c2c7bbbe491a2f8ff8e04cc369b8d40cfd70af54abf0a5e6f

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
accept-language
en-US,en;q=0.9

Response headers

alt-svc
h3=":443"; ma=86400
cache-control
no-store, no-cache, must-revalidate
cf-cache-status
DYNAMIC
cf-ray
84a93e026efd09da-MIA
content-encoding
br
content-type
text/html; charset=UTF-8
date
Wed, 24 Jan 2024 15:17:15 GMT
expires
Thu, 19 Nov 1981 08:52:00 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
pragma
no-cache
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=piV2aPXI3dTk90%2FVY6ouMh7833FoU5%2F6ukdr%2BcSySxjuncn0utbnom%2BLPh0uiLMah7foo%2FEVJQD%2BNPXH8rqgxNHun7%2F9iWV9QUTNYE5ZdfiYfkw2EuDzGwHE%2F6fQRRrt9Fz8oV9Kez9Jxp60LP4CPPbC8xYkKJJD"}],"group":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
styles3.css
booking.com-find-1215.com/css/booking1/ 		34 KB
8 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://booking.com-find-1215.com/css/booking1/styles3.css
Requested by
Host: booking.com-find-1215.com
URL: https://booking.com-find-1215.com/p/6354495262
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3031::ac43:b75c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
dc052d928f0a7507aba9d381da1f927298df5c0cb802d302a77ba196d9f47317

Request headers

accept-language
en-US,en;q=0.9
Referer
https://booking.com-find-1215.com/p/6354495262
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Wed, 24 Jan 2024 15:17:15 GMT
content-encoding
br
cf-cache-status
REVALIDATED
last-modified
Fri, 29 Sep 2023 13:31:22 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
W/"6516d1aa-8950"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gtVxlhImYCgo1%2F1cuQUg43J213J9z2Oikyw6yMYtYlSfWJ6M7NxdF2z2ApDKKos2p9Yp0cAKHPgxkJfaAZLQfNIwzfWyCMl1vS0KClpt2Brf5081lNX0Z%2BJQF1iIc2N1P%2F8JqZuoEKVm%2FkDD29JKfMC%2BSYKokRZL"}],"group":"cf-nel","max_age":604800}
content-type
text/css
cache-control
max-age=14400
cf-ray
84a93e052b6109da-MIA
alt-svc
h3=":443"; ma=86400
chat.css
booking.com-find-1215.com/build/ 		3 KB
983 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://booking.com-find-1215.com/build/chat.css
Requested by
Host: booking.com-find-1215.com
URL: https://booking.com-find-1215.com/p/6354495262
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3031::ac43:b75c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
1fc1e7ad40e4ae54f2dbd4b1f8b0b09482bbcae9524a3a1743f0f5da062740d8

Request headers

accept-language
en-US,en;q=0.9
Referer
https://booking.com-find-1215.com/p/6354495262
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Wed, 24 Jan 2024 15:17:15 GMT
content-encoding
br
cf-cache-status
REVALIDATED
last-modified
Fri, 29 Sep 2023 13:31:52 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
W/"6516d1c8-a0e"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VYJsMZoYK6Jq1nub6QxQSFnz5JDx368j7gH%2FkyeKYKHx%2FKga3DQNmFxTchZcO3t5z0wdEuHdNhZGeodQQ6HTJuDuCwFc%2FY%2BnA9tPa9GrKKrrfpYMrHpk6ul2DINAuOk6TDLa0EFJut2tbXOMThKP6rZ3G4%2FmehNl"}],"group":"cf-nel","max_age":604800}
content-type
text/css
cache-control
max-age=14400
cf-ray
84a93e052b6309da-MIA
alt-svc
h3=":443"; ma=86400
submit.js
booking.com-find-1215.com/css/booking1/ 		22 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://booking.com-find-1215.com/css/booking1/submit.js
Requested by
Host: booking.com-find-1215.com
URL: https://booking.com-find-1215.com/p/6354495262
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3031::ac43:b75c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
9cd9d78e7013b1d96cf305c9010d521a75f0bfabc5a0d79d46acc6d60b85ac82

Request headers

accept-language
en-US,en;q=0.9
Referer
https://booking.com-find-1215.com/p/6354495262
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Wed, 24 Jan 2024 15:17:16 GMT
content-encoding
br
cf-cache-status
REVALIDATED
last-modified
Fri, 29 Sep 2023 13:31:22 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
W/"6516d1aa-56f2"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=UszlUqlpb81F5Yc0h1RecJ8w1fUb8xTm4PD3tGOVAjkjwL0As39pjB3HWuVb%2FhjT%2BOZh0GSCGtsibDoMPvHK3lSdnzWy%2BwlsidR0KIZVtY1SzkKhdwlYTEL%2FqK4tV9D8E8gP9mkJ1K2XYP1lyayQ4otNQ4gX8%2BOL"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
max-age=14400
cf-ray
84a93e071b935c6b-MIA
alt-svc
h3=":443"; ma=86400
blur_input.js
booking.com-find-1215.com/css/booking1/ 		21 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://booking.com-find-1215.com/css/booking1/blur_input.js
Requested by
Host: booking.com-find-1215.com
URL: https://booking.com-find-1215.com/p/6354495262
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3031::ac43:b75c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
5eaae12a5b85c3a24efd4d581e61ef3773befd9f64b1421c678038bf17c559ba

Request headers

accept-language
en-US,en;q=0.9
Referer
https://booking.com-find-1215.com/p/6354495262
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Wed, 24 Jan 2024 15:17:16 GMT
content-encoding
br
cf-cache-status
REVALIDATED
last-modified
Fri, 29 Sep 2023 13:31:21 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
W/"6516d1a9-5465"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BVx5VLDhRH5P9Lxi2afrRchgy%2FjZ5%2F712QGbSQR8h00BIQqfeD1CFQPc360X5NWSpww2iQTZTM7xOTAcclZ0WB2itJ0QNbIiWSjiwR5nM3gXx8jpzqfE5k4CJFZ1LenMcSwTT7MOm5HkKv3VTz0oYS11B%2Bo7XjCw"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
max-age=14400
cf-ray
84a93e071b975c6b-MIA
alt-svc
h3=":443"; ma=86400
jquery.min.js
booking.com-find-1215.com/js/ 		87 KB
32 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://booking.com-find-1215.com/js/jquery.min.js
Requested by
Host: booking.com-find-1215.com
URL: https://booking.com-find-1215.com/p/6354495262
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3031::ac43:b75c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d

Request headers

accept-language
en-US,en;q=0.9
Referer
https://booking.com-find-1215.com/p/6354495262
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Wed, 24 Jan 2024 15:17:15 GMT
content-encoding
br
cf-cache-status
REVALIDATED
last-modified
Fri, 29 Sep 2023 13:31:42 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
W/"6516d1be-15d84"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XTVPhUvxR3g68dQ%2FQY6M0%2BouoI490eSenflXU1%2BILMIW5LxK9e67JAK10f5n%2B5dRhS%2F5g%2FdR9r3WT48GYXATMgFOy7UryBM%2Bc%2FuIUMufs89IwIUx4MjG5xWQHkdh9gFHA10YLndzCGcLDb1hK2SGnWop03T7z4sb"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
max-age=14400
cf-ray
84a93e052b6409da-MIA
alt-svc
h3=":443"; ma=86400
76181482.jpg
q-xx.bstatic.com/xdata/images/hotel/max1024x768/ 		52 KB
52 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://q-xx.bstatic.com/xdata/images/hotel/max1024x768/76181482.jpg?k=4fc32f590c833c9f524508581efeda6f12cbec5d7f8f690530975749a35e5c08&o=
Requested by
Host: booking.com-find-1215.com
URL: https://booking.com-find-1215.com/p/6354495262
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2353:600:5:bf05:acc0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
d9f2044a5751d9e79e1595f9e676ee5b6a66bd228e2d398aab6ace4e66a454b0
Security Headers
Name Value
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
https://booking.com-find-1215.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Wed, 24 Jan 2024 07:06:52 GMT
via
1.1 5cd0def17b21c436d13b2cd7a595960c.cloudfront.net (CloudFront)
server
nginx
x-amz-cf-pop
MIA3-P3
age
29422
etag
"e4506bd5e1ae76758aa04a704093d1038dec7949"
x-cache
Hit from cloudfront
content-language
52947
access-control-allow-origin
*
content-type
image/jpeg
cache-control
max-age=2592000
timing-allow-origin
*
x-amz-cf-id
Y0NyEIE63UDF8yM10iplCc-rwTVdYXpcAcPxFyHaR4hbJWTM3Q4DBQ==
x-xss-protection
1; mode=block
6354495262
booking.com-find-1215.com/chat/ Frame B091 		29 KB
9 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://booking.com-find-1215.com/chat/6354495262
Requested by
Host: booking.com-find-1215.com
URL: https://booking.com-find-1215.com/p/6354495262
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3031::ac43:b75c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
72b1f5131ae127eee38a7226393d8f5dc3ed27b5b1e15a98f58f28973e7a2597

Request headers

Referer
https://booking.com-find-1215.com/p/6354495262
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
accept-language
en-US,en;q=0.9

Response headers

alt-svc
h3=":443"; ma=86400
cache-control
no-store, no-cache, must-revalidate
cf-cache-status
DYNAMIC
cf-ray
84a93e073bd35c6b-MIA
content-encoding
br
content-type
text/html; charset=UTF-8
date
Wed, 24 Jan 2024 15:17:16 GMT
expires
Thu, 19 Nov 1981 08:52:00 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
pragma
no-cache
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wqCSjBkLHlyjXUDQmkS4Btyp9p9GFI8M8%2FqVkv287V%2F0sd67hulbOrs%2FlDWI6rFmcUew9v9YkaV%2FNg2qJtlFnleGxYQSSQIRZBpdZTGpigGOkpogFf0T5R2wgHRoPFb3TOyZoobpuYcHHMYwQqu8OpHBlGap07BN"}],"group":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
user_send_status.php
booking.com-find-1215.com/ajax/ 		0
491 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://booking.com-find-1215.com/ajax/user_send_status.php
Requested by
Host: booking.com-find-1215.com
URL: https://booking.com-find-1215.com/js/jquery.min.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3031::ac43:b75c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept
application/json, text/javascript, */*; q=0.01
Referer
https://booking.com-find-1215.com/p/6354495262
X-Requested-With
XMLHttpRequest
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
Content-Type
application/x-www-form-urlencoded; charset=UTF-8

Response headers

pragma
no-cache
date
Wed, 24 Jan 2024 15:17:16 GMT
content-encoding
br
cf-cache-status
DYNAMIC
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YsjhWsWvw%2FPhKaTIGVNsgP5tXxgaQYoRKslfkaB1TCHPKRDWq3dqEZckRv0BmV3rUfbEEpQTX5kcRKD4rtfZVAmCk%2Bigiz6HZt5GOFwPoi3N83g8bYQaa70FrYYI%2Bynq2fYupB5n8KwX6bBVVWbO8TeNUbbkYUku"}],"group":"cf-nel","max_age":604800}
content-type
text/html; charset=UTF-8
cache-control
no-store, no-cache, must-revalidate
cf-ray
84a93e074be35c6b-MIA
alt-svc
h3=":443"; ma=86400
expires
Thu, 19 Nov 1981 08:52:00 GMT
flags.png
booking.com-find-1215.com/css/booking1/img/ 		30 KB
30 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://booking.com-find-1215.com/css/booking1/img/flags.png
Requested by
Host: booking.com-find-1215.com
URL: https://booking.com-find-1215.com/css/booking1/styles3.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3031::ac43:b75c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
fc78e1550450ab81964ef660b05cb14fb17e0b895b261925ad7e6e073502dfc4

Request headers

accept-language
en-US,en;q=0.9
Referer
https://booking.com-find-1215.com/css/booking1/styles3.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Wed, 24 Jan 2024 15:17:16 GMT
cf-cache-status
REVALIDATED
last-modified
Fri, 29 Sep 2023 13:31:24 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
"6516d1ac-77d8"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Hg73K3GaLzT4ri5%2FmSNDYDEI4yQBlWf5%2FlkBbADuzvUQzatuCOx%2B3ZFIrLR7O5c6Y3ilfHkRoi67Rkk%2BbQn7tTJ3fHGdhTejC2EDL487WM18%2F8%2B6TjuZUfrPT5e1xJAfvxhAGMb%2FsfJLpD1grUSrrFyQkQFMQnAs"}],"group":"cf-nel","max_age":604800}
content-type
image/png
cache-control
max-age=14400
accept-ranges
bytes
cf-ray
84a93e074bed5c6b-MIA
alt-svc
h3=":443"; ma=86400
content-length
30680
chat.css
booking.com-find-1215.com/css/ Frame B091 		106 KB
17 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://booking.com-find-1215.com/css/chat.css
Requested by
Host: booking.com-find-1215.com
URL: https://booking.com-find-1215.com/chat/6354495262
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3031::ac43:b75c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b1c9ad009f4d6ed374fe5404e3276bbbc345396e772cd72491a88c1173582ec3

Request headers

accept-language
en-US,en;q=0.9
Referer
https://booking.com-find-1215.com/chat/6354495262
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Wed, 24 Jan 2024 15:17:16 GMT
content-encoding
br
cf-cache-status
REVALIDATED
last-modified
Fri, 29 Sep 2023 13:31:12 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
W/"6516d1a0-1a924"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gaE9RptMktXifXtuxSu6Yt%2F1cGFeep8juOUbyXYs7lTz%2Bj2PFdtnYB00OJQRHq8D740Utx0bOAmyRYPkB0b2hfHxi9dRV19JWw2ykyHMUJeZfNgy3XRa4ksXGOFS27duiN1PVzL5qETscNP%2BKolbiSPY2FJobZLb"}],"group":"cf-nel","max_age":604800}
content-type
text/css
cache-control
max-age=14400
cf-ray
84a93e096f7c5c6b-MIA
alt-svc
h3=":443"; ma=86400
font-awesome.min.css
cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/ Frame B091 		30 KB
6 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css
Requested by
Host: booking.com-find-1215.com
URL: https://booking.com-find-1215.com/chat/6354495262
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:180e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd
Security Headers
Name Value
Strict-Transport-Security max-age=15780000
X-Content-Type-Options nosniff

Request headers

accept-language
en-US,en;q=0.9
Referer
https://booking.com-find-1215.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Wed, 24 Jan 2024 15:17:16 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security
max-age=15780000
age
2262058
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
5631
last-modified
Mon, 04 May 2020 16:10:07 GMT
server
cloudflare
cf-cdnjs-via
cfworker/kv
etag
"5eb03e5f-7918"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=y%2BEqC%2BHzSbQ9u6l2dZMjxE%2F6fV%2BoCevw%2FDHZVMubR2VHIjyu3QiAZEsBYD7%2BOgvdZAEcTNa6Ts0WUazMIGM9a2kwE%2B1lTQYvcpRxVRlZ6i%2FINp1%2BNCY9%2F%2BbaUwOwVxFQOulbVR5c2LgClyBxhaucvdtZ"}],"group":"cf-nel","max_age":604800}
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=30672000
accept-ranges
bytes
timing-allow-origin
*
cf-ray
84a93e09f8bf3717-MIA
expires
Mon, 13 Jan 2025 15:17:16 GMT
support.png
booking.com-find-1215.com/img/ Frame B091 		15 KB
16 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://booking.com-find-1215.com/img/support.png
Requested by
Host: booking.com-find-1215.com
URL: https://booking.com-find-1215.com/chat/6354495262
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3031::ac43:b75c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f38df22b91417e6c60a0c086f7997c1ba6c5b844b3c947d07ed7e88650442973

Request headers

accept-language
en-US,en;q=0.9
Referer
https://booking.com-find-1215.com/chat/6354495262
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Wed, 24 Jan 2024 15:17:16 GMT
cf-cache-status
REVALIDATED
last-modified
Sun, 12 Nov 2023 22:37:04 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
"65515390-3d12"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NFVEzUe2Pn69mEc44pGx4KtLubnS3PNxOJvqIlLEQqFqSRUbNRMK35rn1XckhnFfPwtar8N%2F6%2FLtCnfnJ0xCFGzy3RgeNPBS0H7155nzY3GD8N6TY0QwbwkfQ0gQk8lcmb9oUXyZyu7vVHy%2Fb94eK2WpiUlrQye2"}],"group":"cf-nel","max_age":604800}
content-type
image/png
cache-control
max-age=14400
accept-ranges
bytes
cf-ray
84a93e097f855c6b-MIA
alt-svc
h3=":443"; ma=86400
content-length
15634
support-open.png
booking.com-find-1215.com/img/ Frame B091 		21 KB
21 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://booking.com-find-1215.com/img/support-open.png
Requested by
Host: booking.com-find-1215.com
URL: https://booking.com-find-1215.com/chat/6354495262
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3031::ac43:b75c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
560b6b311920854bb28122c60e1262f34723ed8bff0b6970300bd04d9369adeb

Request headers

accept-language
en-US,en;q=0.9
Referer
https://booking.com-find-1215.com/chat/6354495262
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Wed, 24 Jan 2024 15:17:16 GMT
cf-cache-status
REVALIDATED
last-modified
Sun, 12 Nov 2023 22:37:04 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
"65515390-5400"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Gy%2BC44BoISYIWQ1bxSl5y1b3SCJ6g4NlXvZLFBRFiGQ5fLs9gWIq%2BvAvuSsyT1AzK9qzS2ZUVV%2FmcI5pkUCxwkH1omj3MBDPKvTbnahZ9rJLXiyoSYuddzEhtmymgb2thLH5Bc6V1scORf%2FdQlg%2FYKK0pyGta7G3"}],"group":"cf-nel","max_age":604800}
content-type
image/png
cache-control
max-age=14400
accept-ranges
bytes
cf-ray
84a93e097f885c6b-MIA
alt-svc
h3=":443"; ma=86400
content-length
21504
jquery.min.js
booking.com-find-1215.com/dist/new_card_design/ Frame B091 		87 KB
32 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://booking.com-find-1215.com/dist/new_card_design/jquery.min.js
Requested by
Host: booking.com-find-1215.com
URL: https://booking.com-find-1215.com/chat/6354495262
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3031::ac43:b75c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d

Request headers

accept-language
en-US,en;q=0.9
Referer
https://booking.com-find-1215.com/chat/6354495262
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Wed, 24 Jan 2024 15:17:16 GMT
content-encoding
br
cf-cache-status
REVALIDATED
last-modified
Fri, 29 Sep 2023 13:31:30 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
W/"6516d1b2-15d84"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=t1bJW%2FlSEdyT%2FF8zilrQ25kLKE655nvoMtNCJAJTwamQAygQB%2BQ1zEr0qLvJsqcMWVPxZHDY5YnKTBIHNKF8%2B16jZgVjY34FVxI42fzgZwVvH5ZiTKa0GrkaUw4F1rOoQYde2uugBSVm4PHp078R79CyQmJ1alXL"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
max-age=14400
cf-ray
84a93e097f8b5c6b-MIA
alt-svc
h3=":443"; ma=86400
msg_check.php
booking.com-find-1215.com/ajax/ Frame B091 		1 MB
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://booking.com-find-1215.com/ajax/msg_check.php
Requested by
Host: booking.com-find-1215.com
URL: https://booking.com-find-1215.com/dist/new_card_design/jquery.min.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3031::ac43:b75c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
103c98adeb784af3cf4e104a79bd2014f8d3c7a4620543eb39ac0d05ec27a3f3

Request headers

Accept
application/json, text/javascript, */*; q=0.01
Referer
https://booking.com-find-1215.com/chat/6354495262
X-Requested-With
XMLHttpRequest
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
Content-Type
application/x-www-form-urlencoded; charset=UTF-8

Response headers

pragma
no-cache
date
Wed, 24 Jan 2024 15:17:17 GMT
content-encoding
br
cf-cache-status
DYNAMIC
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=04nnUIKom%2F1n3zXdu4SMKe2fxJXFgtEd1jTsrs7YD5L6pmHjkJYak3ay2knTPKbE8%2FD%2FtC0%2Be3NdGcjraSu12H%2FA4Yl0IU7yeWV4unidu4VRBMsLbJ0RGlEoOinIAlbp9nRcUGvE5Z3H03ITlIazJeX68BjMWFCs"}],"group":"cf-nel","max_age":604800}
content-type
text/html; charset=UTF-8
cache-control
no-store, no-cache, must-revalidate
cf-ray
84a93e0bbb705c6b-MIA
alt-svc
h3=":443"; ma=86400
expires
Thu, 19 Nov 1981 08:52:00 GMT
/
www.booking.com/ Frame B091
Redirect Chain
  • https://booking.com-find-1215.com/chat/%7Bimage%7D
  • https://booking.com/
  • https://www.booking.com/
0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.booking.com/
Protocol
H2
Server
13.225.195.114 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-225-195-114.yul62.r.cloudfront.net
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-US,en;q=0.9
Referer
https://booking.com-find-1215.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

Redirect headers

date
Wed, 24 Jan 2024 15:17:18 GMT
strict-transport-security
max-age=86400; includeSubDomains
via
1.1 a1ba4b0527e41da66664ba375de24b7c.cloudfront.net (CloudFront)
nel
{"max_age":604800,"report_to":"default"}
server
nginx
x-amz-cf-pop
YUL62-C1
content-security-policy-report-only
frame-ancestors 'none'; report-uri https://nellie.booking.com/csp-report-uri?type=report&tag=112&pid=f9746b7f72be03fa&e=UmFuZG9tSVYkc2RlIyh9YdPFJGDFjZSqK4Z-4dNTMVtDEzM6yr8a7jXCIQctnnH67Au3VrJgj8U
report-to
{"group":"default","max_age":604800,"endpoints":[{"url":"https://nellie.booking.com/report"}]}
x-cache
Miss from cloudfront
location
https://www.booking.com/
x-terms-of-service
https://www.booking.com/content/terms.html
x-amz-cf-id
OuzCGOzYqAy3Ww3U-9fDim3XJCFx4xCiZXLKmRK-C0007KH_N3I-sg==
x-xss-protection
1; mode=block
payment_card_status.php
booking.com-find-1215.com/ajax/ 		0
0
user_send_status.php
booking.com-find-1215.com/ajax/ 		0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
booking.com-find-1215.com
URL
https://booking.com-find-1215.com/ajax/payment_card_status.php
Domain
booking.com-find-1215.com
URL
https://booking.com-find-1215.com/ajax/user_send_status.php

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Booking (Travel)

6 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 function| $ function| jQuery number| get_status function| onPage function| scrollToErrorInput

2 Cookies

Domain/Path Name / Value
booking.com-find-1215.com/ Name: PHPSESSID
Value: jnl5slb04aneuqr2semupjg1b3
.booking.com/ Name: bkng
Value: 11UmFuZG9tSVYkc2RlIyh9Yaa29%2F3xUOLbca8KLfxLPecZJvJAzX2jxzJ8C%2FgS4jlIJOIUNfaef05LYl9kivLbc0vn1vUpYkVRJgle5%2FkcOtaGd8GnQFIaP18jm1u2PY4FkwbhCA8MedqHtRBQYF5mJ0SV7neguQbap89q1vV6QaayLjseqA033XaqySMSJB1T0xPnW57IkqI%3D