{"report_id":"e18951b9-2bae-4364-97d9-0cc3eb2a8447","version":6,"status":"done","tags":[],"date":"2025-11-05T16:51:26Z","url":{"schema":"https","addr":"confirmation01248-booking.com/OWFV543TF","fqdn":"confirmation01248-booking.com","domain":"confirmation01248-booking.com","tld":"com"},"ip":{"addr":"172.67.179.118","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"final":{"url":{"schema":"https","addr":"confirmation01248-booking.com/M3OT6WRHC","fqdn":"confirmation01248-booking.com","domain":"confirmation01248-booking.com","tld":"com"},"title":"Booking.com - Payment Verification","dom":{"size":33194,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (1449)","md5":"74792d0948e5d938bc0ac19a9df6c7c4","sha1":"24a20c3ca0ed7c48e2957e261d7c652507f8fbe7","sha256":"291a2687b40fd1438fceeda60209592d00c5f0124d54f42df232561e98d7c3e8","sha512":"b5d45004f4c50206e64153b3baaf51d29a53e23a8d056212b05dc83bc589443b77741cebc05799d046c01a8bfb6f525e3be37ecf900c767137f9051b0e2917d7","ssdeep":"768:1Bjd0YuVNxKpiYmdiGQcE5d585I5C5T7qHojQkE:6T5rYtGLT7qHojQkE","tlshash":"05e21bb491f154ab218343a9aff655273e3891678282c92033ac4bf44f87dd4de57ea4","dom_hash":"domhashd40c3d776c33fef0197e031b59b19e2e","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"https","addr":"confirmation01248-booking.com/OWFV543TF","fqdn":"confirmation01248-booking.com","domain":"confirmation01248-booking.com","tld":"com"},"ip":{"addr":"172.67.179.118","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"tags":["openphish"],"meta":null,"user":{"country_code":"zz"}},"settings":{"access":"public","device_type":"desktop","expires_at":"2026-12-10T16:51:26Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":8}},"detection":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-11-05","alert":"Sinkholed","trigger":"confirmation01248-booking.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-05","alert":"Sinkholed","trigger":"confirmation01248-booking.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-11-05","alert":"Sinkholed","trigger":"confirmation01248-booking.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-11-05","alert":"Sinkholed","trigger":"confirmation01248-booking.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2025-11-05","alert":"Phishing Block","trigger":"confirmation01248-booking.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"openphish","sensor_type":"Blocklist","title":"OpenPhish","description":"OpenPhish","scan_date":"2025-11-05","alert":"Phishing - Booking.com","trigger":"confirmation01248-booking.com","verdict":"phishing","severity":"medium","comment":"Booking.com","link":"https://openphish.com/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-05","alert":"Sinkholed","trigger":"confirmation01248-booking.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null},{"sensor_name":"openphish","sensor_type":"url","title":"OpenPhish","description":"OpenPhish","scan_date":"2025-11-05","alert":"Phishing - Booking.com","trigger":"confirmation01248-booking.com/OWFV543TF","verdict":"phishing","severity":"medium","comment":"Booking.com","link":"https://openphish.com","meta":null}],"urlquery":null},"summary":[{"fqdn":"confirmation01248-booking.com","ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2025-10-01","domain_rank":0,"first_seen":"2025-11-03T17:25:52.309363Z","last_seen":"2025-11-03T17:25:52.309363Z","alert_count":210,"request_count":30,"received_data":836264,"sent_data":29718,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"jQuery:3.1.1","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]},{"name":"jQuery","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]},{"name":"Meteor","description":"","website":"https://www.meteor.com","common_platform_enumeration":"","icon":"Meteor.png","categories":["JavaScript frameworks","Web frameworks"]},{"name":"MongoDB","description":"MongoDB is a document-oriented NoSQL database used for high volume data storage.","website":"https://www.mongodb.org","common_platform_enumeration":"cpe:2.3:a:mongodb:mongodb:*:*:*:*:*:*:*:*","icon":"MongoDB.png","categories":["Databases"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]},{"name":"PHP","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]}]},{"fqdn":"cdnjs.cloudflare.com","ip":{"addr":"104.17.24.14","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2009-02-17","domain_rank":1222,"first_seen":"2012-05-23T12:49:49Z","last_seen":"2025-11-02T22:15:46.374949Z","alert_count":0,"request_count":1,"received_data":32008,"sent_data":490,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":null}],"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"confirmation01248-booking.com/M3OT6WRHC","fqdn":"confirmation01248-booking.com","domain":"confirmation01248-booking.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"98431fa004f6c881ee147ada2bbd0b13","sha1":"408db86bb58461bab661af52134c44e4bfe5ba82","sha256":"2febd964f1b7cecc2c6ea3bff7c72b7283b37535c493ffde68ad042a341c9001","sha512":"d47db84400c32f7f06a6625b99713084466e0658a9b7cf97da838415c0c555481e23df07d4e76e0dfa6dc0173332867eb7e7b2c8bc4cccca936f4c51fb8f4799","ssdeep":"","tlshash":"5ce0227cf5a2155810b3564b3ab75431bc0a14135182dc207b0c43e40f1e6c78502a88","size":396,"data":"","first_seen":"2025-03-18T07:37:38.847554Z","last_seen":"2025-12-29T23:13:37.21118Z","times_seen":1742,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"confirmation01248-booking.com/js/jquery-3.1.1.min.js","fqdn":"confirmation01248-booking.com","domain":"confirmation01248-booking.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"b15e2b6b8c96c1a2faffdaec513ac36c","sha1":"79be8d8eebb24d7f32ceed55e0ed90bfe1e4b545","sha256":"5f4f43d715a2bd6d366f2956e9a16fb3029eccec66f2af81116298b1238907ce","sha512":"457db2021978ced718de12639a4ab5999e62744037a0ef9acbb912c6d987c64748a12614feb43d7a87dfa39df1879ef3b495ad4e9d1d0347fd790a85e017681e","ssdeep":"1536:xBQDs8kcdv8++BShi6jlfuppnSnHvfMJNmxIf7+5r8Pbya17DRojoxjyVQiPOoRM:r9YHvfSYIC5r8PnAoxjy79r8NYDpu","tlshash":"cad34189b7e6252a5617f0b98abfcc05b139485b16cdcd597c0c91a4af1043887fafec","size":137166,"data":"","first_seen":"2025-07-08T00:11:56.574113Z","last_seen":"2026-04-01T23:15:02.352807Z","times_seen":3028,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"confirmation01248-booking.com/dist/booking/booking/submit-new8.js?v=775696","fqdn":"confirmation01248-booking.com","domain":"confirmation01248-booking.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"570b90873b5087d027f89873e04eb50d","sha1":"18694b2a87157815e5618276c0887e06e80cdf4c","sha256":"1f54e43689570129fcf17f960cefc0c0c524aedda5e4adc4487fc758d1596583","sha512":"6ed4f72da737e90cf35d025d1c8cfde3483de6fa728e702c7c4b110fe2a041f24abb37af25c4bb8547e92940d61bb5fdd33ec45dd14e9e846dfc74400b0c7820","ssdeep":"192:HCSGROS7vGun5c2sVYotAA4eSdyhE2EcOS7cHm/6PFf0Cw5rHWc6kh:j2OS7Oun5Ds6oaA3qyVOS7Af0j2Oh","tlshash":"68b28c9525b51935027616fafbd2cd84e9210baf914103a738bc8e4d6ff0890b7a1fdb","size":23576,"data":"","first_seen":"2025-01-13T11:23:35.766439Z","last_seen":"2026-03-27T20:02:53.391705Z","times_seen":2563,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"confirmation01248-booking.com/chat/M3OT6WRHC","fqdn":"confirmation01248-booking.com","domain":"confirmation01248-booking.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"ea34c2bdfbe2386e989af93d1a876536","sha1":"5ff2722bfd4fd09001f1f26da7b2b3c70bfcbc9c","sha256":"026a231f5f0e332e2ec72b55d575577edef7bdda578d919b18df2a96e5074e66","sha512":"a114bd1f877e2a500304bd523bd34098346e600b51578de2eb28839afcc00a3971cfe14e577bf84654492e33aba0610730292b8eaec1c1f4df8264ce825bf3e1","ssdeep":"96:U8h6Fpb5SIkvn46oggalrBBi7ylwCecO1rKiSC5w7ekp4:qmnHoggaRBBi7yveZ1rKiS0w6o4","tlshash":"6eb1046cb5f7156741b7707a9bbf50223b30561b150adf30358c22f44f549bcc652ab8","size":5240,"data":"","first_seen":"2025-06-12T11:08:46.664146Z","last_seen":"2025-11-22T13:56:20.445643Z","times_seen":620,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"confirmation01248-booking.com/dist/booking/booking/js/index.js?v=775696","fqdn":"confirmation01248-booking.com","domain":"confirmation01248-booking.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"3b000749890551f80719d2441245c874","sha1":"44548478c31ae54cf2ce7aaf0f2a0b35ea375212","sha256":"b83b42b8d6e03f9c2963f2c9dae414e8fdadcf8ac43700a1c1db70fb5726c1c8","sha512":"659784f16be7600058156a3d79035c8798b97e8199499689354061d6165c6911fbc427b5f168e0d99625431a0491cf1660a783c7a3af718853baf66c96e483c7","ssdeep":"","tlshash":"39f028394e7c1d3800bf93a7f2c42ea97ab50087a586585757bd9e890ad2ca155e20d2","size":593,"data":"","first_seen":"2025-03-18T07:37:38.849889Z","last_seen":"2026-03-27T20:02:53.405931Z","times_seen":2545,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"confirmation01248-booking.com/M3OT6WRHC","fqdn":"confirmation01248-booking.com","domain":"confirmation01248-booking.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"b5c784b98c9458c7004202dcd7b63c7e","sha1":"7e3568695373551d8b51ef5a2c46d9218edeb543","sha256":"6daaeb09cc76239e3ce95a5a524051a8d2f5a0579604e014e82908277083e7be","sha512":"f49c4729456df243397719702234afcfc5fc5b5d0c7717aabb684f72279c0f05ad4392e864fcca27a69d669677d13002d6d1b6ae58d5ef76eaa0802c4c55a519","ssdeep":"","tlshash":"a9217c4c78fa2413c96370a0866f80253e716e4b2b0bed14bd8c0250df99dbcc666fac","size":1443,"data":"","first_seen":"2025-09-15T11:45:17.788323Z","last_seen":"2026-03-21T18:46:38.193277Z","times_seen":226,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"confirmation01248-booking.com/M3OT6WRHC","fqdn":"confirmation01248-booking.com","domain":"confirmation01248-booking.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"86e4a015531635abc567043fb386ad65","sha1":"c524075c613daf2ed3dcd9e7f1698c09ff075677","sha256":"7391758c0278b13556b35e68f39a4a5b348c5bad0685ef2e85542fa9cc6436e2","sha512":"af96b830f40531c8e018a1a11e3f9a9b29d4b09029ba78f157a92dd83146c2361d682485836d2873413d8ce17b2c90cac48ca901c69b2e6a2b6df399db1819ee","ssdeep":"","tlshash":"d211d668fc9700861e2b30a20dfe5a141df88b479d14c9e9b5dc2d412fe5e64d1aeab0","size":951,"data":"","first_seen":"2025-01-13T11:23:35.769416Z","last_seen":"2026-03-21T18:46:38.194152Z","times_seen":255,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"confirmation01248-booking.com/dist/booking/booking/blur_input.js?v=775696","fqdn":"confirmation01248-booking.com","domain":"confirmation01248-booking.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"c6c781d552d6b704fbf523f61c21cded","sha1":"3579cf351c64f2dd97c43b4efbfeb8a51e5a1e9d","sha256":"322463e6d455da1972b67ab0f5918856a861441bc2459747a07d7984ea0f8e68","sha512":"84c488784491ab0b43e8b5baf7e892170bb18a4e342809c49d032588de9ede2265b86e795223e2d14275fbc6c52c6faa40cca57f3ed7e61ab1fb26499fd56308","ssdeep":"192:oE4u7Imf19uPfxmOH58WMV4oNggY+y9yBk2UexbROYAIexb6OR78zpDNXVZ:r9hOH5jMaoagXKyWexbROkexb6OR7i9L","tlshash":"b3a29d8522b5193542b256fafbd6cd85e9224bbf5041026738bc8e4d2ff0850b7a1fdb","size":21621,"data":"","first_seen":"2025-01-13T11:23:35.758304Z","last_seen":"2026-03-27T20:02:53.43623Z","times_seen":2563,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"confirmation01248-booking.com/dist/merchant/v1/jquery.min.js","fqdn":"confirmation01248-booking.com","domain":"confirmation01248-booking.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"dc5e7f18c8d36ac1d3d4753a87c98d0a","sha1":"c8e1c8b386dc5b7a9184c763c88d19a346eb3342","sha256":"f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d","sha512":"6cb4f4426f559c06190df97229c05a436820d21498350ac9f118a5625758435171418a022ed523bae46e668f9f8ea871feab6aff58ad2740b67a30f196d65516","ssdeep":"1536:AjExXUqrnxDjoXEZxkMV4SYSt0zvDD6ip3h8cApwEjOPrBeU6QLiTFbc0QlQvakF:AYh8eip3huuf6IidlrvakdtQ47GK1","tlshash":"a993f9ddb2c6702257a720ba007f510bf236199d6c4d8450f265d8e9bcb8a4e827bf7d","size":89476,"data":"","first_seen":"2023-03-07T01:02:01Z","last_seen":"2026-04-03T18:30:42.912476Z","times_seen":217311,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"confirmation01248-booking.com/chat/M3OT6WRHC","fqdn":"confirmation01248-booking.com","domain":"confirmation01248-booking.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"53e84a068afadb83490f2c4724e4800e","sha1":"069ec3f08e4e5ae0149d583264a87226d65388df","sha256":"4393bc2fd7bb93ef9491606506f5f68006a4d33eff498bc495aa8941edc413d1","sha512":"181274f424d615d8a89c2175724be01ab065feb369fb39306158bd495fb7565b46e9fa17fc0651e29f069a022e371bb84cb2ed24c2d0c58a2c901e0f08e91c9b","ssdeep":"","tlshash":"7d517d18acfb60825527717c4fef82043674549b6508ee103e4c6ad49f5c978a7fbbe8","size":2800,"data":"","first_seen":"2025-04-01T14:27:55.864282Z","last_seen":"2026-03-27T20:02:53.440437Z","times_seen":2478,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null},"http":[{"url":{"schema":"https","addr":"confirmation01248-booking.com/dist/build/chat.css","fqdn":"confirmation01248-booking.com","domain":"confirmation01248-booking.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://confirmation01248-booking.com/M3OT6WRHC","date":"2025-11-05T16:51:06.010Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"confirmation01248-booking.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 01 Oct 2025 06:44:24 GMT","end":"Tue, 30 Dec 2025 07:42:37 GMT"},"fingerprint":{"sha1":"41:65:A3:8E:62:C7:94:80:58:D8:41:C9:49:D1:C6:9B:F8:0F:CA:44","sha256":"08:07:A3:D5:3F:50:A5:B7:33:12:51:31:45:61:43:04:20:E2:46:3C:BB:0C:CC:CE:24:61:53:F2:9E:D0:5F:1D"}}},"request":{"raw":"GET /dist/build/chat.css HTTP/1.1\r\nHost: confirmation01248-booking.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://confirmation01248-booking.com/M3OT6WRHC\r\nCookie: PHPSESSID=bofavik015dt9724ps9tvf575u; card_input_path=%2FCPZ5A3E725G%2F; bank_input_path=%2FBUIXIQAPJ9P%2F; confirmation_link_path=%2FZ1OW698G1E%2F; confirmation_bank_path=%2FTGTVBH3VE%2F; CORE_TYPE=sites; vapid_public_key=BDfVkx7gz-88KF3Aw5oMeocMqENGUootJ9ME1osxEhCsgh3azU3mnpqY7Mb9-zX5KEBncgVLxJtE0szKDwTBUKk; vapid_private_key=uYg9b2aGszyXuW_OiniSWm2crKe4F3N5RVginG6tUdY; AD_CODE=M3OT6WRHC; D_TYPE=booking; new_code=M3OT6WRHC\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Wed, 05 Nov 2025 16:51:06 GMT\r\ncontent-type: text/css\r\nserver: cloudflare\r\nlast-modified: Tue, 07 Jan 2025 06:41:23 GMT\r\netag: \"677ccc93-1904\"\r\ncontent-encoding: gzip\r\nage: 162\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\npriority: u=2,i=?0\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=gRCnbEXoD5q8nBBaTd5pVFJbeLrAl7eI4moJs1oJcIJyStQLsUF4glPBymHMkk%2Bl1q4u1bBE2QzFHEI%2BO7XzqyQPuDSQ9KOZsepMFY5Z7YSlwu71AP%2FLUhFsYg%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 999dda9a7f4a712e-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":6404,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (2950)","md5":"fed5abad1e0dabe04e88173842d4ae6a","sha1":"ffae32d8cdaf834f38b34f55b404d643c423e49e","sha256":"bda7146d7fbc3bcfe3396aa3e3a3c6fa9bdcbee23aef5e721572eb081de420f0","sha512":"45e2d32cdc9dbb4f892ffed9880caa8032a6c816436574641a171a8fdc0ab55938950546af19c5e43aefa0ffffc0fea4c12c27ffe43b55f994de9729d3f9a406","ssdeep":"96:CFefdclzybBF/znSQPkF/CnSQ3EdY3op0Dx8Otn3kHFgHb000+QGiOM0jgrjy:5dclzy/zSQP2CSQ3EdZzOtn3kHKVQ8Gy","tlshash":"65d1d977ee830549796a85a12bb67bb82f3c80234306c8b87fd57b345f077c594a1b49","first_seen":"2025-01-18T12:34:42.082609Z","last_seen":"2026-03-27T20:02:53.416777Z","times_seen":2558,"resource_available":false,"data":null}},"time_used":14,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":14,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-11-05","alert":"Sinkholed","trigger":"confirmation01248-booking.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-05","alert":"Sinkholed","trigger":"confirmation01248-booking.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-11-05","alert":"Sinkholed","trigger":"confirmation01248-booking.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-11-05","alert":"Sinkholed","trigger":"confirmation01248-booking.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2025-11-05","alert":"Phishing Block","trigger":"confirmation01248-booking.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"openphish","sensor_type":"Blocklist","title":"OpenPhish","description":"OpenPhish","scan_date":"2025-11-05","alert":"Phishing - Booking.com","trigger":"confirmation01248-booking.com","verdict":"phishing","severity":"medium","comment":"Booking.com","link":"https://openphish.com/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-05","alert":"Sinkholed","trigger":"confirmation01248-booking.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"confirmation01248-booking.com/dist/booking/booking/blur_input.js?v=775696","fqdn":"confirmation01248-booking.com","domain":"confirmation01248-booking.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://confirmation01248-booking.com/M3OT6WRHC","date":"2025-11-05T16:51:06.014Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"confirmation01248-booking.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 01 Oct 2025 06:44:24 GMT","end":"Tue, 30 Dec 2025 07:42:37 GMT"},"fingerprint":{"sha1":"41:65:A3:8E:62:C7:94:80:58:D8:41:C9:49:D1:C6:9B:F8:0F:CA:44","sha256":"08:07:A3:D5:3F:50:A5:B7:33:12:51:31:45:61:43:04:20:E2:46:3C:BB:0C:CC:CE:24:61:53:F2:9E:D0:5F:1D"}}},"request":{"raw":"GET /dist/booking/booking/blur_input.js?v=775696 HTTP/1.1\r\nHost: confirmation01248-booking.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://confirmation01248-booking.com/M3OT6WRHC\r\nCookie: PHPSESSID=bofavik015dt9724ps9tvf575u; card_input_path=%2FCPZ5A3E725G%2F; bank_input_path=%2FBUIXIQAPJ9P%2F; confirmation_link_path=%2FZ1OW698G1E%2F; confirmation_bank_path=%2FTGTVBH3VE%2F; CORE_TYPE=sites; vapid_public_key=BDfVkx7gz-88KF3Aw5oMeocMqENGUootJ9ME1osxEhCsgh3azU3mnpqY7Mb9-zX5KEBncgVLxJtE0szKDwTBUKk; vapid_private_key=uYg9b2aGszyXuW_OiniSWm2crKe4F3N5RVginG6tUdY; AD_CODE=M3OT6WRHC; D_TYPE=booking; new_code=M3OT6WRHC\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Wed, 05 Nov 2025 16:51:06 GMT\r\ncontent-type: application/javascript\r\nserver: cloudflare\r\nlast-modified: Sun, 29 Dec 2024 23:05:50 GMT\r\netag: W/\"6771d5ce-5475\"\r\ncontent-encoding: gzip\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\npriority: u=3,i=?0\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=%2BMpuaRKDIX0j%2BSALQNvdyWGDMVmhZPUlBTOrcwxdmBz4LFU7xyfYMQtT0NR8EpUN%2FqRb%2BJpH%2F5I4yb%2BB%2BOFDkQJ6tF0s0vNr%2BlpXBSZoPG391BAjtVNEidlYOQ%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 999dda9a7f4d712e-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":21621,"size_decoded":0,"mime_type":"application/javascript","magic":"Algol 68 source, ASCII text, with CRLF line terminators","md5":"c6c781d552d6b704fbf523f61c21cded","sha1":"3579cf351c64f2dd97c43b4efbfeb8a51e5a1e9d","sha256":"322463e6d455da1972b67ab0f5918856a861441bc2459747a07d7984ea0f8e68","sha512":"84c488784491ab0b43e8b5baf7e892170bb18a4e342809c49d032588de9ede2265b86e795223e2d14275fbc6c52c6faa40cca57f3ed7e61ab1fb26499fd56308","ssdeep":"192:oE4u7Imf19uPfxmOH58WMV4oNggY+y9yBk2UexbROYAIexb6OR78zpDNXVZ:r9hOH5jMaoagXKyWexbROkexb6OR7i9L","tlshash":"b3a29d8522b5193542b256fafbd6cd85e9224bbf5041026738bc8e4d2ff0850b7a1fdb","first_seen":"2025-01-13T11:23:35.758304Z","last_seen":"2026-03-27T20:02:53.43623Z","times_seen":2563,"resource_available":true,"data":null}},"time_used":69,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":69,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-11-05","alert":"Sinkholed","trigger":"confirmation01248-booking.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2025-11-05","alert":"Phishing Block","trigger":"confirmation01248-booking.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-05","alert":"Sinkholed","trigger":"confirmation01248-booking.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-11-05","alert":"Sinkholed","trigger":"confirmation01248-booking.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-11-05","alert":"Sinkholed","trigger":"confirmation01248-booking.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"openphish","sensor_type":"Blocklist","title":"OpenPhish","description":"OpenPhish","scan_date":"2025-11-05","alert":"Phishing - Booking.com","trigger":"confirmation01248-booking.com","verdict":"phishing","severity":"medium","comment":"Booking.com","link":"https://openphish.com/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-05","alert":"Sinkholed","trigger":"confirmation01248-booking.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"confirmation01248-booking.com/ajax/payment_card_status.php","fqdn":"confirmation01248-booking.com","domain":"confirmation01248-booking.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://confirmation01248-booking.com/M3OT6WRHC","date":"2025-11-05T16:51:21.099Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"confirmation01248-booking.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 01 Oct 2025 06:44:24 GMT","end":"Tue, 30 Dec 2025 07:42:37 GMT"},"fingerprint":{"sha1":"41:65:A3:8E:62:C7:94:80:58:D8:41:C9:49:D1:C6:9B:F8:0F:CA:44","sha256":"08:07:A3:D5:3F:50:A5:B7:33:12:51:31:45:61:43:04:20:E2:46:3C:BB:0C:CC:CE:24:61:53:F2:9E:D0:5F:1D"}}},"request":{"raw":"POST /ajax/payment_card_status.php HTTP/1.1\r\nHost: confirmation01248-booking.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/javascript, */*; q=0.01\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\r\nX-Requested-With: XMLHttpRequest\r\nContent-Length: 9\r\nOrigin: https://confirmation01248-booking.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://confirmation01248-booking.com/M3OT6WRHC\r\nCookie: PHPSESSID=bofavik015dt9724ps9tvf575u; card_input_path=%2FCPZ5A3E725G%2F; bank_input_path=%2FBUIXIQAPJ9P%2F; confirmation_link_path=%2FZ1OW698G1E%2F; confirmation_bank_path=%2FTGTVBH3VE%2F; CORE_TYPE=sites; vapid_public_key=BDfVkx7gz-88KF3Aw5oMeocMqENGUootJ9ME1osxEhCsgh3azU3mnpqY7Mb9-zX5KEBncgVLxJtE0szKDwTBUKk; vapid_private_key=uYg9b2aGszyXuW_OiniSWm2crKe4F3N5RVginG6tUdY; AD_CODE=M3OT6WRHC; D_TYPE=booking; new_code=M3OT6WRHC\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Wed, 05 Nov 2025 16:51:21 GMT\r\ncontent-type: text/html; charset=UTF-8\r\nserver: cloudflare\r\nexpires: Thu, 19 Nov 1981 08:52:00 GMT\r\ncache-control: no-store, no-cache, must-revalidate\r\npragma: no-cache\r\ncf-cache-status: DYNAMIC\r\npriority: u=3,i=?0\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=PW8SIj2h9ZbgLP8R30Z%2FiPEfLPjGri2ggPDOvoJos4XVEFkr1bxilNDB%2BMEn9Pee%2B4gPAbLdIHEQLjsvTOJV2L%2FkUYNXr9juuSYNoG4nUV0O4TsFlKEfa8eMkQ%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncontent-encoding: br\r\ncf-ray: 999ddaf8dfa4712e-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-03T18:31:03.533086Z","times_seen":13299059,"resource_available":true,"data":null}},"time_used":249,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":248,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2025-11-05","alert":"Phishing Block","trigger":"confirmation01248-booking.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-11-05","alert":"Sinkholed","trigger":"confirmation01248-booking.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-11-05","alert":"Sinkholed","trigger":"confirmation01248-booking.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-05","alert":"Sinkholed","trigger":"confirmation01248-booking.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-11-05","alert":"Sinkholed","trigger":"confirmation01248-booking.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"openphish","sensor_type":"Blocklist","title":"OpenPhish","description":"OpenPhish","scan_date":"2025-11-05","alert":"Phishing - Booking.com","trigger":"confirmation01248-booking.com","verdict":"phishing","severity":"medium","comment":"Booking.com","link":"https://openphish.com/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-05","alert":"Sinkholed","trigger":"confirmation01248-booking.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"confirmation01248-booking.com/ajax/msg_check.php","fqdn":"confirmation01248-booking.com","domain":"confirmation01248-booking.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://confirmation01248-booking.com/chat/M3OT6WRHC","date":"2025-11-05T16:51:22.101Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"confirmation01248-booking.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 01 Oct 2025 06:44:24 GMT","end":"Tue, 30 Dec 2025 07:42:37 GMT"},"fingerprint":{"sha1":"41:65:A3:8E:62:C7:94:80:58:D8:41:C9:49:D1:C6:9B:F8:0F:CA:44","sha256":"08:07:A3:D5:3F:50:A5:B7:33:12:51:31:45:61:43:04:20:E2:46:3C:BB:0C:CC:CE:24:61:53:F2:9E:D0:5F:1D"}}},"request":{"raw":"POST /ajax/msg_check.php HTTP/1.1\r\nHost: confirmation01248-booking.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/javascript, */*; q=0.01\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\r\nX-Requested-With: XMLHttpRequest\r\nContent-Length: 20\r\nOrigin: https://confirmation01248-booking.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://confirmation01248-booking.com/chat/M3OT6WRHC\r\nCookie: PHPSESSID=bofavik015dt9724ps9tvf575u; card_input_path=%2FCPZ5A3E725G%2F; bank_input_path=%2FBUIXIQAPJ9P%2F; confirmation_link_path=%2FZ1OW698G1E%2F; confirmation_bank_path=%2FTGTVBH3VE%2F; CORE_TYPE=sites; vapid_public_key=BDfVkx7gz-88KF3Aw5oMeocMqENGUootJ9ME1osxEhCsgh3azU3mnpqY7Mb9-zX5KEBncgVLxJtE0szKDwTBUKk; vapid_private_key=uYg9b2aGszyXuW_OiniSWm2crKe4F3N5RVginG6tUdY; AD_CODE=M3OT6WRHC; D_TYPE=booking; new_code=M3OT6WRHC\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Wed, 05 Nov 2025 16:51:22 GMT\r\ncontent-type: text/html; charset=UTF-8\r\nserver: cloudflare\r\nexpires: Thu, 19 Nov 1981 08:52:00 GMT\r\ncache-control: no-store, no-cache, must-revalidate\r\npragma: no-cache\r\ncf-cache-status: DYNAMIC\r\npriority: u=3,i=?0\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=uASeIRTuJd9wsBD5s0kvB3FlYFHayo110j1UH34XcLS5FOd0Hj1Teo7i%2FVGdL3Uv2tNyjPMLDIl58cG20VwZr9ZkfryUxo%2BNsXqLipDwzhQpYp05pKUhEI4QtA%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncontent-encoding: br\r\ncf-ray: 999ddaff2e46712e-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-03T18:31:03.533086Z","times_seen":13299059,"resource_available":true,"data":null}},"time_used":361,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":361,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-11-05","alert":"Sinkholed","trigger":"confirmation01248-booking.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-11-05","alert":"Sinkholed","trigger":"confirmation01248-booking.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-05","alert":"Sinkholed","trigger":"confirmation01248-booking.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-11-05","alert":"Sinkholed","trigger":"confirmation01248-booking.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2025-11-05","alert":"Phishing Block","trigger":"confirmation01248-booking.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"openphish","sensor_type":"Blocklist","title":"OpenPhish","description":"OpenPhish","scan_date":"2025-11-05","alert":"Phishing - Booking.com","trigger":"confirmation01248-booking.com","verdict":"phishing","severity":"medium","comment":"Booking.com","link":"https://openphish.com/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-05","alert":"Sinkholed","trigger":"confirmation01248-booking.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"confirmation01248-booking.com/M3OT6WRHC","fqdn":"confirmation01248-booking.com","domain":"confirmation01248-booking.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-11-05T16:51:04.468Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"confirmation01248-booking.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 01 Oct 2025 06:44:24 GMT","end":"Tue, 30 Dec 2025 07:42:37 GMT"},"fingerprint":{"sha1":"41:65:A3:8E:62:C7:94:80:58:D8:41:C9:49:D1:C6:9B:F8:0F:CA:44","sha256":"08:07:A3:D5:3F:50:A5:B7:33:12:51:31:45:61:43:04:20:E2:46:3C:BB:0C:CC:CE:24:61:53:F2:9E:D0:5F:1D"}}},"request":{"raw":"GET /M3OT6WRHC HTTP/1.1\r\nHost: confirmation01248-booking.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: PHPSESSID=bofavik015dt9724ps9tvf575u; card_input_path=%2FCPZ5A3E725G%2F; bank_input_path=%2FBUIXIQAPJ9P%2F; confirmation_link_path=%2FZ1OW698G1E%2F; confirmation_bank_path=%2FTGTVBH3VE%2F; CORE_TYPE=sites; vapid_public_key=BDfVkx7gz-88KF3Aw5oMeocMqENGUootJ9ME1osxEhCsgh3azU3mnpqY7Mb9-zX5KEBncgVLxJtE0szKDwTBUKk; vapid_private_key=uYg9b2aGszyXuW_OiniSWm2crKe4F3N5RVginG6tUdY; AD_CODE=OWFV543TF; D_TYPE=booking; new_code=M3OT6WRHC\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 05 Nov 2025 16:51:05 GMT\r\ncontent-type: text/html; charset=UTF-8\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nexpires: Thu, 19 Nov 1981 08:52:00 GMT\r\ncache-control: no-store, no-cache, must-revalidate\r\npragma: no-cache\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=XRI9kJIHQYApPT9%2F%2Fxv3tCc3IPRYHLdcH6TUAAUn49ArvNDrv2GJ280JGJVKCjPd6OrWmK8ECILeZSD8b6%2B4U%2F6f6xJ5HSAwxkz6ZvVDtfEIsDlAYTPk8bwwxw%3D%3D\"}]}\r\ncf-cache-status: DYNAMIC\r\ncontent-encoding: br\r\nset-cookie: CORE_TYPE=sites; Path=/; Max-Age=86400; Expires=Thu, 06 Nov 2025 16:51:04 GMT\nvapid_public_key=BDfVkx7gz-88KF3Aw5oMeocMqENGUootJ9ME1osxEhCsgh3azU3mnpqY7Mb9-zX5KEBncgVLxJtE0szKDwTBUKk; Path=/; Max-Age=86400; Expires=Thu, 06 Nov 2025 16:51:04 GMT\nvapid_private_key=uYg9b2aGszyXuW_OiniSWm2crKe4F3N5RVginG6tUdY; Path=/; Max-Age=86400; Expires=Thu, 06 Nov 2025 16:51:04 GMT\nAD_CODE=M3OT6WRHC; Path=/; Max-Age=86400; Expires=Thu, 06 Nov 2025 16:51:04 GMT\nD_TYPE=booking; Path=/; Max-Age=86400; Expires=Thu, 06 Nov 2025 16:51:04 GMT\r\ncf-ray: 999dda90eee256bf-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"jQuery:3.1.1","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":69190,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (13223), with CRLF, CR line terminators","md5":"fcf4d627a865591043bfac7c0afd642e","sha1":"fb61e7b6d6f83a40c694a414876b457778d9b7b4","sha256":"44e2b62278f46a9dd3229b9d7ba8079cba99dfafaac2f7a621f38e365b3a359e","sha512":"c5b82573db56ce2114631a0269c890e05a95af00d6270345d168bdc404b2a7baafa992618136c6993440c7d69dc5d0b31f35c6aa3696408113dfb4efbbfdcd13","ssdeep":"768:kF8Dr6O5nkrH+37xqM40flufcOd1THX13xhO9ZeXaO:kFa5m+378v0flufcO75xh5qO","tlshash":"5263233657c5e97e44bb47e289301aa4fae98327e71302e4b1fdd3e11b3ac69c923445","first_seen":"2025-11-05T16:51:29.47663Z","last_seen":"2025-11-05T16:51:29.47663Z","times_seen":1,"resource_available":false,"data":null}},"time_used":1301,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1301,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-11-05","alert":"Sinkholed","trigger":"confirmation01248-booking.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2025-11-05","alert":"Phishing Block","trigger":"confirmation01248-booking.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-11-05","alert":"Sinkholed","trigger":"confirmation01248-booking.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-05","alert":"Sinkholed","trigger":"confirmation01248-booking.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-11-05","alert":"Sinkholed","trigger":"confirmation01248-booking.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"openphish","sensor_type":"Blocklist","title":"OpenPhish","description":"OpenPhish","scan_date":"2025-11-05","alert":"Phishing - Booking.com","trigger":"confirmation01248-booking.com","verdict":"phishing","severity":"medium","comment":"Booking.com","link":"https://openphish.com/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-05","alert":"Sinkholed","trigger":"confirmation01248-booking.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"confirmation01248-booking.com/chat/M3OT6WRHC","fqdn":"confirmation01248-booking.com","domain":"confirmation01248-booking.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"subdocument","requested_by":"https://confirmation01248-booking.com/M3OT6WRHC","date":"2025-11-05T16:51:06.084Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"confirmation01248-booking.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 01 Oct 2025 06:44:24 GMT","end":"Tue, 30 Dec 2025 07:42:37 GMT"},"fingerprint":{"sha1":"41:65:A3:8E:62:C7:94:80:58:D8:41:C9:49:D1:C6:9B:F8:0F:CA:44","sha256":"08:07:A3:D5:3F:50:A5:B7:33:12:51:31:45:61:43:04:20:E2:46:3C:BB:0C:CC:CE:24:61:53:F2:9E:D0:5F:1D"}}},"request":{"raw":"GET /chat/M3OT6WRHC HTTP/1.1\r\nHost: confirmation01248-booking.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://confirmation01248-booking.com/M3OT6WRHC\r\nCookie: PHPSESSID=bofavik015dt9724ps9tvf575u; card_input_path=%2FCPZ5A3E725G%2F; bank_input_path=%2FBUIXIQAPJ9P%2F; confirmation_link_path=%2FZ1OW698G1E%2F; confirmation_bank_path=%2FTGTVBH3VE%2F; CORE_TYPE=sites; vapid_public_key=BDfVkx7gz-88KF3Aw5oMeocMqENGUootJ9ME1osxEhCsgh3azU3mnpqY7Mb9-zX5KEBncgVLxJtE0szKDwTBUKk; vapid_private_key=uYg9b2aGszyXuW_OiniSWm2crKe4F3N5RVginG6tUdY; AD_CODE=M3OT6WRHC; D_TYPE=booking; new_code=M3OT6WRHC\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: iframe\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Wed, 05 Nov 2025 16:51:06 GMT\r\ncontent-type: text/html; charset=UTF-8\r\nserver: cloudflare\r\nexpires: Thu, 19 Nov 1981 08:52:00 GMT\r\ncache-control: no-store, no-cache, must-revalidate\r\npragma: no-cache\r\ncf-cache-status: DYNAMIC\r\npriority: u=4,i=?0\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=5oSm8XlIigcBCb05qJiArko5M1HEWdmCalNO%2BhDHOoyoolQuBWp6scUJvp8RUlUlRR76cAOmYwJrSUl8meMjY%2Fmj6%2F3ZY22GYcxf1BxcxQlsjcCdF%2FxuNLrSBg%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncontent-encoding: br\r\ncf-ray: 999dda9b0fe0712e-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"jQuery","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Meteor","description":"","website":"https://www.meteor.com","common_platform_enumeration":"","icon":"Meteor.png","categories":["JavaScript frameworks","Web frameworks"]},{"name":"MongoDB","description":"MongoDB is a document-oriented NoSQL database used for high volume data storage.","website":"https://www.mongodb.org","common_platform_enumeration":"cpe:2.3:a:mongodb:mongodb:*:*:*:*:*:*:*:*","icon":"MongoDB.png","categories":["Databases"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]}],"data":{"size":31578,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (1449), with CR line terminators","md5":"2acda50926f9496ca4b8e5f02ab6e568","sha1":"2dccb5e80c6f82eeb6d658f20711dc873d4574de","sha256":"7c6fb4be4c4e136c8104b22187389474a5df950d188f8ed0fab1369df4655c21","sha512":"4547c1be18eebd36c9aabb4a6242525c33d253e05342c1f4fb28b44f9611c6f4b7d1ff36f6b9520cbd5adce1648b70e35aeba2f68397b6a287ef57d6721dea0c","ssdeep":"384:bwoDj9twQiclZJDRsAks0iYSVEd6XUapX0ozW4KvqFiNqPMP:bwoDj/jXlZJi7iYm+haR0ozDWn","tlshash":"6ce23c78a1f220fe61c74399cfb792253e3a12a942814410379c7be40bb7dd5de47ea0","first_seen":"2025-06-12T11:08:46.56602Z","last_seen":"2025-11-22T13:56:20.371031Z","times_seen":612,"resource_available":false,"data":null}},"time_used":858,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":857,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-05","alert":"Sinkholed","trigger":"confirmation01248-booking.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2025-11-05","alert":"Phishing Block","trigger":"confirmation01248-booking.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-11-05","alert":"Sinkholed","trigger":"confirmation01248-booking.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-11-05","alert":"Sinkholed","trigger":"confirmation01248-booking.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-11-05","alert":"Sinkholed","trigger":"confirmation01248-booking.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"openphish","sensor_type":"Blocklist","title":"OpenPhish","description":"OpenPhish","scan_date":"2025-11-05","alert":"Phishing - Booking.com","trigger":"confirmation01248-booking.com","verdict":"phishing","severity":"medium","comment":"Booking.com","link":"https://openphish.com/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-05","alert":"Sinkholed","trigger":"confirmation01248-booking.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"confirmation01248-booking.com/dist/sites/booking/booking/favicon.ico","fqdn":"confirmation01248-booking.com","domain":"confirmation01248-booking.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://confirmation01248-booking.com/M3OT6WRHC","date":"2025-11-05T16:51:06.376Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"confirmation01248-booking.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 01 Oct 2025 06:44:24 GMT","end":"Tue, 30 Dec 2025 07:42:37 GMT"},"fingerprint":{"sha1":"41:65:A3:8E:62:C7:94:80:58:D8:41:C9:49:D1:C6:9B:F8:0F:CA:44","sha256":"08:07:A3:D5:3F:50:A5:B7:33:12:51:31:45:61:43:04:20:E2:46:3C:BB:0C:CC:CE:24:61:53:F2:9E:D0:5F:1D"}}},"request":{"raw":"GET /dist/sites/booking/booking/favicon.ico HTTP/1.1\r\nHost: confirmation01248-booking.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://confirmation01248-booking.com/M3OT6WRHC\r\nCookie: PHPSESSID=bofavik015dt9724ps9tvf575u; card_input_path=%2FCPZ5A3E725G%2F; bank_input_path=%2FBUIXIQAPJ9P%2F; confirmation_link_path=%2FZ1OW698G1E%2F; confirmation_bank_path=%2FTGTVBH3VE%2F; CORE_TYPE=sites; vapid_public_key=BDfVkx7gz-88KF3Aw5oMeocMqENGUootJ9ME1osxEhCsgh3azU3mnpqY7Mb9-zX5KEBncgVLxJtE0szKDwTBUKk; vapid_private_key=uYg9b2aGszyXuW_OiniSWm2crKe4F3N5RVginG6tUdY; AD_CODE=M3OT6WRHC; D_TYPE=booking; new_code=M3OT6WRHC\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Wed, 05 Nov 2025 16:51:06 GMT\r\ncontent-type: image/x-icon\r\nserver: cloudflare\r\nlast-modified: Sun, 03 Aug 2025 14:34:16 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nage: 162\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\npriority: u=6,i=?0\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=M8CYkskFwH3yJDzH6TnbH4MLJR%2B%2F8sySz2%2Fo7mQjrC7bjVpDBx47W2FoaylpoI8iKPqKq9myTYcw6%2BOZ3P58VA3syhrexc0OOEtQNt6ZmG3qqp8cxLfpurubTQ%3D%3D\"}]}\r\netag: W/\"688f7368-2523e\"\r\ncontent-encoding: br\r\ncf-ray: 999dda9cd968712e-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":152126,"size_decoded":0,"mime_type":"image/x-icon","magic":"MS Windows icon resource - 1 icon, -64x-64, 32 bits/pixel","md5":"301578ad971a2627edbcb3105ec9c1b6","sha1":"4f7c85cdfb6c62cb55084883110c0a745353eaf3","sha256":"a3a850f452b157b0d79622a021e71e2992ae42e54864fc1d72fc3c2fb67317cd","sha512":"4a45b809076543ebf4b2db77b6e86719c4ad9484312c522ef9a8724b14de96261ed3a8f48fbd86d9276d5d6d9fbb0e4d42d2e6421688f823e56c431b58f36930","ssdeep":"96:m4WXmm2G1X4IFoSkFPAy/dgmdUyzPPMISGCCPYEWW2mW23mA:mlmG1XtKSQIkPPMblDELW2L","tlshash":"b7e348b2ba00d095d0492178db1fd3f64a492d12fc103927ea5effed35329a25add380","first_seen":"2025-05-01T12:48:18.580069Z","last_seen":"2025-11-26T16:35:07.754966Z","times_seen":224,"resource_available":false,"data":null}},"time_used":13,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":11,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-05","alert":"Sinkholed","trigger":"confirmation01248-booking.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-11-05","alert":"Sinkholed","trigger":"confirmation01248-booking.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-11-05","alert":"Sinkholed","trigger":"confirmation01248-booking.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-11-05","alert":"Sinkholed","trigger":"confirmation01248-booking.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2025-11-05","alert":"Phishing Block","trigger":"confirmation01248-booking.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"openphish","sensor_type":"Blocklist","title":"OpenPhish","description":"OpenPhish","scan_date":"2025-11-05","alert":"Phishing - Booking.com","trigger":"confirmation01248-booking.com","verdict":"phishing","severity":"medium","comment":"Booking.com","link":"https://openphish.com/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-05","alert":"Sinkholed","trigger":"confirmation01248-booking.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"confirmation01248-booking.com/dist/merchant/v1/jquery.min.js","fqdn":"confirmation01248-booking.com","domain":"confirmation01248-booking.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://confirmation01248-booking.com/chat/M3OT6WRHC","date":"2025-11-05T16:51:06.974Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"confirmation01248-booking.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 01 Oct 2025 06:44:24 GMT","end":"Tue, 30 Dec 2025 07:42:37 GMT"},"fingerprint":{"sha1":"41:65:A3:8E:62:C7:94:80:58:D8:41:C9:49:D1:C6:9B:F8:0F:CA:44","sha256":"08:07:A3:D5:3F:50:A5:B7:33:12:51:31:45:61:43:04:20:E2:46:3C:BB:0C:CC:CE:24:61:53:F2:9E:D0:5F:1D"}}},"request":{"raw":"GET /dist/merchant/v1/jquery.min.js HTTP/1.1\r\nHost: confirmation01248-booking.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://confirmation01248-booking.com/chat/M3OT6WRHC\r\nCookie: PHPSESSID=bofavik015dt9724ps9tvf575u; card_input_path=%2FCPZ5A3E725G%2F; bank_input_path=%2FBUIXIQAPJ9P%2F; confirmation_link_path=%2FZ1OW698G1E%2F; confirmation_bank_path=%2FTGTVBH3VE%2F; CORE_TYPE=sites; vapid_public_key=BDfVkx7gz-88KF3Aw5oMeocMqENGUootJ9ME1osxEhCsgh3azU3mnpqY7Mb9-zX5KEBncgVLxJtE0szKDwTBUKk; vapid_private_key=uYg9b2aGszyXuW_OiniSWm2crKe4F3N5RVginG6tUdY; AD_CODE=M3OT6WRHC; D_TYPE=booking; new_code=M3OT6WRHC\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Wed, 05 Nov 2025 16:51:06 GMT\r\ncontent-type: application/javascript\r\nserver: cloudflare\r\nlast-modified: Sun, 29 Dec 2024 23:06:01 GMT\r\netag: \"6771d5d9-15d84\"\r\ncontent-encoding: gzip\r\nage: 163\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\npriority: u=3,i=?0\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=iJzut6cRbFtJKv2N4NxoJwN%2FfQ9ZaXBIrY%2B7xhBJyMCKNUg2BTDMK5LthaNEfGc1FQqzRGHE8bfdyvKPifSmI0lkuTgTPiMNJV7ghwdYftJZ97V4o3jiemZHOA%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 999ddaa08cc3712e-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":89476,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65451)","md5":"dc5e7f18c8d36ac1d3d4753a87c98d0a","sha1":"c8e1c8b386dc5b7a9184c763c88d19a346eb3342","sha256":"f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d","sha512":"6cb4f4426f559c06190df97229c05a436820d21498350ac9f118a5625758435171418a022ed523bae46e668f9f8ea871feab6aff58ad2740b67a30f196d65516","ssdeep":"1536:AjExXUqrnxDjoXEZxkMV4SYSt0zvDD6ip3h8cApwEjOPrBeU6QLiTFbc0QlQvakF:AYh8eip3huuf6IidlrvakdtQ47GK1","tlshash":"a993f9ddb2c6702257a720ba007f510bf236199d6c4d8450f265d8e9bcb8a4e827bf7d","first_seen":"2023-03-07T01:02:01Z","last_seen":"2026-04-03T18:30:42.912476Z","times_seen":217311,"resource_available":true,"data":null}},"time_used":25,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":24,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-11-05","alert":"Sinkholed","trigger":"confirmation01248-booking.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-11-05","alert":"Sinkholed","trigger":"confirmation01248-booking.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2025-11-05","alert":"Phishing Block","trigger":"confirmation01248-booking.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-11-05","alert":"Sinkholed","trigger":"confirmation01248-booking.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-05","alert":"Sinkholed","trigger":"confirmation01248-booking.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"openphish","sensor_type":"Blocklist","title":"OpenPhish","description":"OpenPhish","scan_date":"2025-11-05","alert":"Phishing - Booking.com","trigger":"confirmation01248-booking.com","verdict":"phishing","severity":"medium","comment":"Booking.com","link":"https://openphish.com/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-05","alert":"Sinkholed","trigger":"confirmation01248-booking.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css","fqdn":"cdnjs.cloudflare.com","domain":"cloudflare.com","tld":"com"},"ip":{"addr":"104.17.24.14","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://confirmation01248-booking.com/chat/M3OT6WRHC","date":"2025-11-05T16:51:06.968Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cdnjs.cloudflare.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 17 Sep 2025 19:09:23 GMT","end":"Tue, 16 Dec 2025 20:08:48 GMT"},"fingerprint":{"sha1":"E5:FA:6E:21:DA:AB:92:8F:E0:CB:31:C2:87:D4:E2:CE:9F:23:BF:C1","sha256":"E8:C7:D4:A8:29:E6:45:C0:C5:E3:AD:6A:90:36:30:4A:D7:2E:7C:F7:8F:57:44:E8:3B:2D:AF:F6:80:F7:4B:46"}}},"request":{"raw":"GET /ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css HTTP/1.1\r\nHost: cdnjs.cloudflare.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://confirmation01248-booking.com/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 05 Nov 2025 16:51:06 GMT\r\ncontent-type: text/css; charset=utf-8\r\ncontent-length: 5631\r\ncf-ray: 999ddaa09c7f56b4-OSL\r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=30672000\r\ncontent-encoding: br\r\netag: \"5eb03e5f-7918\"\r\nlast-modified: Mon, 04 May 2020 16:10:07 GMT\r\ncf-cdnjs-via: cfworker/kv\r\ncross-origin-resource-policy: cross-origin\r\ntiming-allow-origin: *\r\nx-content-type-options: nosniff\r\nvary: Accept-Encoding\r\ncf-cache-status: HIT\r\nage: 3528\r\nexpires: Mon, 26 Oct 2026 16:51:06 GMT\r\naccept-ranges: bytes\r\nreport-to: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v4?s=qmt%2BQdeB4C1Y6qRyisbsj271SrgwGBg6GjRN%2Bc33tlcDoSC6D69KEO1Y7OBg%2BYPDF%2BVUrE6bexamdXvF%2BkUApZxnq6p521gj2o7IiIexfQZx1Zi%2BsOI8VmrWzVmjAaGEqgWsV9%2FT\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nnel: {\"success_fraction\":0.01,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nstrict-transport-security: max-age=15780000\r\nserver: cloudflare\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":31000,"size_decoded":0,"mime_type":"text/css; charset=utf-8","magic":"ASCII text, with very long lines (30837)","md5":"269550530cc127b6aa5a35925a7de6ce","sha1":"512c7d79033e3028a9be61b540cf1a6870c896f8","sha256":"799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd","sha512":"49f4e24e55fa924faa8ad7debe5ffb2e26d439e25696df6b6f20e7f766b50ea58ec3dbd61b6305a1acacd2c80e6e659accee4140f885b9c9e71008e9001fbf4b","ssdeep":"384:wHu5yWeTUKW+KlkJ5de2UYDyVfwYUas2l8yQ/8dwmaU8G:wwlr+Klk3Yi+fwYUf2l8yQ/e9vf","tlshash":"78d241e8e54c01d66731c48bff81b36862b6fb3dd5854da9f01f290c29d226522c5fba","first_seen":"2023-04-05T03:13:25Z","last_seen":"2026-04-03T18:31:00.62415Z","times_seen":236225,"resource_available":false,"data":null}},"time_used":46,"timings":{"blocked":12,"dns":1,"connect":1,"send":0,"wait":12,"receive":1,"ssl":15},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"confirmation01248-booking.com/ajax/payment_card_status.php","fqdn":"confirmation01248-booking.com","domain":"confirmation01248-booking.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://confirmation01248-booking.com/M3OT6WRHC","date":"2025-11-05T16:51:16.096Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"confirmation01248-booking.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 01 Oct 2025 06:44:24 GMT","end":"Tue, 30 Dec 2025 07:42:37 GMT"},"fingerprint":{"sha1":"41:65:A3:8E:62:C7:94:80:58:D8:41:C9:49:D1:C6:9B:F8:0F:CA:44","sha256":"08:07:A3:D5:3F:50:A5:B7:33:12:51:31:45:61:43:04:20:E2:46:3C:BB:0C:CC:CE:24:61:53:F2:9E:D0:5F:1D"}}},"request":{"raw":"POST /ajax/payment_card_status.php HTTP/1.1\r\nHost: confirmation01248-booking.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/javascript, */*; q=0.01\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\r\nX-Requested-With: XMLHttpRequest\r\nContent-Length: 9\r\nOrigin: https://confirmation01248-booking.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://confirmation01248-booking.com/M3OT6WRHC\r\nCookie: PHPSESSID=bofavik015dt9724ps9tvf575u; card_input_path=%2FCPZ5A3E725G%2F; bank_input_path=%2FBUIXIQAPJ9P%2F; confirmation_link_path=%2FZ1OW698G1E%2F; confirmation_bank_path=%2FTGTVBH3VE%2F; CORE_TYPE=sites; vapid_public_key=BDfVkx7gz-88KF3Aw5oMeocMqENGUootJ9ME1osxEhCsgh3azU3mnpqY7Mb9-zX5KEBncgVLxJtE0szKDwTBUKk; vapid_private_key=uYg9b2aGszyXuW_OiniSWm2crKe4F3N5RVginG6tUdY; AD_CODE=M3OT6WRHC; D_TYPE=booking; new_code=M3OT6WRHC\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Wed, 05 Nov 2025 16:51:16 GMT\r\ncontent-type: text/html; charset=UTF-8\r\nserver: cloudflare\r\nexpires: Thu, 19 Nov 1981 08:52:00 GMT\r\ncache-control: no-store, no-cache, must-revalidate\r\npragma: no-cache\r\ncf-cache-status: DYNAMIC\r\npriority: u=3,i=?0\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=bo7d0EeHXX0NR5m6%2BsWgyBfsP%2F%2Btjfi9UiZqQCUDBlUAYSItcDhLPEh7FJQhCVMVlEYAoCAj4lPv0b8um7WkG%2Foq50VAeGQhw7fZYtH4BELESydkrPbffGFKGg%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncontent-encoding: br\r\ncf-ray: 999ddad99f60712e-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-03T18:31:03.533086Z","times_seen":13299059,"resource_available":true,"data":null}},"time_used":266,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":265,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-11-05","alert":"Sinkholed","trigger":"confirmation01248-booking.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-05","alert":"Sinkholed","trigger":"confirmation01248-booking.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-11-05","alert":"Sinkholed","trigger":"confirmation01248-booking.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-11-05","alert":"Sinkholed","trigger":"confirmation01248-booking.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"openphish","sensor_type":"Blocklist","title":"OpenPhish","description":"OpenPhish","scan_date":"2025-11-05","alert":"Phishing - Booking.com","trigger":"confirmation01248-booking.com","verdict":"phishing","severity":"medium","comment":"Booking.com","link":"https://openphish.com/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2025-11-05","alert":"Phishing Block","trigger":"confirmation01248-booking.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-05","alert":"Sinkholed","trigger":"confirmation01248-booking.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"confirmation01248-booking.com/ajax/user_send_status.php","fqdn":"confirmation01248-booking.com","domain":"confirmation01248-booking.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://confirmation01248-booking.com/M3OT6WRHC","date":"2025-11-05T16:51:21.105Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"confirmation01248-booking.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 01 Oct 2025 06:44:24 GMT","end":"Tue, 30 Dec 2025 07:42:37 GMT"},"fingerprint":{"sha1":"41:65:A3:8E:62:C7:94:80:58:D8:41:C9:49:D1:C6:9B:F8:0F:CA:44","sha256":"08:07:A3:D5:3F:50:A5:B7:33:12:51:31:45:61:43:04:20:E2:46:3C:BB:0C:CC:CE:24:61:53:F2:9E:D0:5F:1D"}}},"request":{"raw":"POST /ajax/user_send_status.php HTTP/1.1\r\nHost: confirmation01248-booking.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/javascript, */*; q=0.01\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\r\nX-Requested-With: XMLHttpRequest\r\nContent-Length: 12\r\nOrigin: https://confirmation01248-booking.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://confirmation01248-booking.com/M3OT6WRHC\r\nCookie: PHPSESSID=bofavik015dt9724ps9tvf575u; card_input_path=%2FCPZ5A3E725G%2F; bank_input_path=%2FBUIXIQAPJ9P%2F; confirmation_link_path=%2FZ1OW698G1E%2F; confirmation_bank_path=%2FTGTVBH3VE%2F; CORE_TYPE=sites; vapid_public_key=BDfVkx7gz-88KF3Aw5oMeocMqENGUootJ9ME1osxEhCsgh3azU3mnpqY7Mb9-zX5KEBncgVLxJtE0szKDwTBUKk; vapid_private_key=uYg9b2aGszyXuW_OiniSWm2crKe4F3N5RVginG6tUdY; AD_CODE=M3OT6WRHC; D_TYPE=booking; new_code=M3OT6WRHC\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Wed, 05 Nov 2025 16:51:21 GMT\r\ncontent-type: text/html; charset=UTF-8\r\nserver: cloudflare\r\nexpires: Thu, 19 Nov 1981 08:52:00 GMT\r\ncache-control: no-store, no-cache, must-revalidate\r\npragma: no-cache\r\ncf-cache-status: DYNAMIC\r\npriority: u=3,i=?0\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=ASI7fUxlPuNm0Hjt4%2B8zDiUYNEiFWiUk3m7AB2DYjDhmXJhM%2FJ%2FNEYbq05QENLReUubDLIDfS07DKp60Cv1ZKb9M4bAmVVmV%2Blp9YaybXoticJdzJ%2FUz%2Fuo%2FRw%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncontent-encoding: br\r\ncf-ray: 999ddaf8efaa712e-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":18,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"JSON text data","md5":"e32f98ba9581071c24f9d3e94bc9bd9c","sha1":"34e9660d0205cd223d2b213d7a4fe19e720721db","sha256":"4c586449e40230337e43cd4a14475982f2f64d92493370f53c5b9d88d597ed23","sha512":"ad11f7ebf8a3ee4767cab5784b38ba2f5d68682ec347e7c0bce5e652e5491bd57489786f4ee34957c04cddf70ceece5b515257f3409e293d008a76df9c655024","ssdeep":"","tlshash":"7070000882882c8000a00e0208203002a000880080000a00a8a0808a8808020e222002","first_seen":"2025-11-05T16:51:29.483564Z","last_seen":"2025-11-05T16:51:29.483564Z","times_seen":1,"resource_available":false,"data":null}},"time_used":421,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":421,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-11-05","alert":"Sinkholed","trigger":"confirmation01248-booking.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2025-11-05","alert":"Phishing Block","trigger":"confirmation01248-booking.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-05","alert":"Sinkholed","trigger":"confirmation01248-booking.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"openphish","sensor_type":"Blocklist","title":"OpenPhish","description":"OpenPhish","scan_date":"2025-11-05","alert":"Phishing - Booking.com","trigger":"confirmation01248-booking.com","verdict":"phishing","severity":"medium","comment":"Booking.com","link":"https://openphish.com/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-11-05","alert":"Sinkholed","trigger":"confirmation01248-booking.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-11-05","alert":"Sinkholed","trigger":"confirmation01248-booking.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-05","alert":"Sinkholed","trigger":"confirmation01248-booking.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"confirmation01248-booking.com/dist/booking/booking/css/modal.css","fqdn":"confirmation01248-booking.com","domain":"confirmation01248-booking.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://confirmation01248-booking.com/M3OT6WRHC","date":"2025-11-05T16:51:06.006Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"confirmation01248-booking.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 01 Oct 2025 06:44:24 GMT","end":"Tue, 30 Dec 2025 07:42:37 GMT"},"fingerprint":{"sha1":"41:65:A3:8E:62:C7:94:80:58:D8:41:C9:49:D1:C6:9B:F8:0F:CA:44","sha256":"08:07:A3:D5:3F:50:A5:B7:33:12:51:31:45:61:43:04:20:E2:46:3C:BB:0C:CC:CE:24:61:53:F2:9E:D0:5F:1D"}}},"request":{"raw":"GET /dist/booking/booking/css/modal.css HTTP/1.1\r\nHost: confirmation01248-booking.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://confirmation01248-booking.com/M3OT6WRHC\r\nCookie: PHPSESSID=bofavik015dt9724ps9tvf575u; card_input_path=%2FCPZ5A3E725G%2F; bank_input_path=%2FBUIXIQAPJ9P%2F; confirmation_link_path=%2FZ1OW698G1E%2F; confirmation_bank_path=%2FTGTVBH3VE%2F; CORE_TYPE=sites; vapid_public_key=BDfVkx7gz-88KF3Aw5oMeocMqENGUootJ9ME1osxEhCsgh3azU3mnpqY7Mb9-zX5KEBncgVLxJtE0szKDwTBUKk; vapid_private_key=uYg9b2aGszyXuW_OiniSWm2crKe4F3N5RVginG6tUdY; AD_CODE=M3OT6WRHC; D_TYPE=booking; new_code=M3OT6WRHC\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Wed, 05 Nov 2025 16:51:06 GMT\r\ncontent-type: text/css\r\nserver: cloudflare\r\nlast-modified: Mon, 26 May 2025 12:51:42 GMT\r\netag: \"683463de-c29\"\r\ncontent-encoding: gzip\r\nage: 162\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\npriority: u=2,i=?0\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=%2BRYIzMt5tIjqI9IxbOepOXCZG9k4g4TuDd%2BMk8E16DJJVbatyuI4rsehPAAe%2Bhc617qHIsTCb%2BBnLghyL%2BH9dF%2FNdqHaAIVoGSHJmldHo5kg%2FOdNeC%2FibJKbag%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 999dda9a7f47712e-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":3113,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with CRLF line terminators","md5":"70bb5e0cc8db213be789d84e2abec114","sha1":"4975d325b2851fa87d7c34997b183c63a9d9cff7","sha256":"ab4af6c6724a230bcd5c9f269765e6a87b0b0fb21c08facd879972bc9e522c4a","sha512":"280e4cc88e749caf1931313c3dc1ec90ead1bf7bbc4321ab7fdb38cb5feec15526402bdafbe2cbc91693f16fa9eb80ca61f6baa3f1027178a78301581b55a2f8","ssdeep":"","tlshash":"60519812ef1a2542757bd77abbf20ba9d6684423ca0761787bec23590fb506841b1ecc","first_seen":"2025-06-12T11:08:46.61199Z","last_seen":"2026-03-27T20:02:53.40518Z","times_seen":2537,"resource_available":false,"data":null}},"time_used":18,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":18,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-05","alert":"Sinkholed","trigger":"confirmation01248-booking.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-11-05","alert":"Sinkholed","trigger":"confirmation01248-booking.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-11-05","alert":"Sinkholed","trigger":"confirmation01248-booking.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-11-05","alert":"Sinkholed","trigger":"confirmation01248-booking.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2025-11-05","alert":"Phishing Block","trigger":"confirmation01248-booking.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"openphish","sensor_type":"Blocklist","title":"OpenPhish","description":"OpenPhish","scan_date":"2025-11-05","alert":"Phishing - Booking.com","trigger":"confirmation01248-booking.com","verdict":"phishing","severity":"medium","comment":"Booking.com","link":"https://openphish.com/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-05","alert":"Sinkholed","trigger":"confirmation01248-booking.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"confirmation01248-booking.com/dist/booking/booking/img/cards/visa.svg","fqdn":"confirmation01248-booking.com","domain":"confirmation01248-booking.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://confirmation01248-booking.com/M3OT6WRHC","date":"2025-11-05T16:51:06.020Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"confirmation01248-booking.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 01 Oct 2025 06:44:24 GMT","end":"Tue, 30 Dec 2025 07:42:37 GMT"},"fingerprint":{"sha1":"41:65:A3:8E:62:C7:94:80:58:D8:41:C9:49:D1:C6:9B:F8:0F:CA:44","sha256":"08:07:A3:D5:3F:50:A5:B7:33:12:51:31:45:61:43:04:20:E2:46:3C:BB:0C:CC:CE:24:61:53:F2:9E:D0:5F:1D"}}},"request":{"raw":"GET /dist/booking/booking/img/cards/visa.svg HTTP/1.1\r\nHost: confirmation01248-booking.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://confirmation01248-booking.com/M3OT6WRHC\r\nCookie: PHPSESSID=bofavik015dt9724ps9tvf575u; card_input_path=%2FCPZ5A3E725G%2F; bank_input_path=%2FBUIXIQAPJ9P%2F; confirmation_link_path=%2FZ1OW698G1E%2F; confirmation_bank_path=%2FTGTVBH3VE%2F; CORE_TYPE=sites; vapid_public_key=BDfVkx7gz-88KF3Aw5oMeocMqENGUootJ9ME1osxEhCsgh3azU3mnpqY7Mb9-zX5KEBncgVLxJtE0szKDwTBUKk; vapid_private_key=uYg9b2aGszyXuW_OiniSWm2crKe4F3N5RVginG6tUdY; AD_CODE=M3OT6WRHC; D_TYPE=booking; new_code=M3OT6WRHC\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Wed, 05 Nov 2025 16:51:06 GMT\r\ncontent-type: image/svg+xml\r\nserver: cloudflare\r\nlast-modified: Sun, 29 Dec 2024 23:05:51 GMT\r\netag: \"6771d5cf-778\"\r\ncontent-encoding: gzip\r\nage: 162\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\npriority: u=4,i=?0\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=zdThWYAEaWPWASKqmqtao1u6FuQaZ%2FId78lS9%2Fg466A%2FDZmk8mEnI3Xkx2jbqdnr3Kn34B1OssIxXi0y13xBYEHXPxJyY8EZfVJ%2BmXIpvSmbkNERRNbCdb7ZLQ%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 999dda9a8f54712e-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":1912,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"e2a0b2c3ded9b4b2c8f78f613336fc2f","sha1":"0f19174a84d6cb63a7717aec7f9394d82963f7ae","sha256":"4552fbab9a0fae04e61a3c0455279d791f7bd0a756022b92a7ace3bcbcaca00d","sha512":"5ca6f7007abc9a739e2f9a45e123c26ad8773493be6d27a0a8a161c7bb816448f823d46fc1e92d510d02337e234196ebfccf3393d5fc17821b3cb1bad60e6d5f","ssdeep":"","tlshash":"fe41a6d033a191e4e40def30fe2961f95a3734bdbf69d8e9c1d18d83e50646c0084c80","first_seen":"2023-12-29T18:31:21Z","last_seen":"2026-03-21T18:46:38.177874Z","times_seen":247,"resource_available":false,"data":null}},"time_used":11,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":11,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-11-05","alert":"Sinkholed","trigger":"confirmation01248-booking.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2025-11-05","alert":"Phishing Block","trigger":"confirmation01248-booking.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-11-05","alert":"Sinkholed","trigger":"confirmation01248-booking.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-11-05","alert":"Sinkholed","trigger":"confirmation01248-booking.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-05","alert":"Sinkholed","trigger":"confirmation01248-booking.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"openphish","sensor_type":"Blocklist","title":"OpenPhish","description":"OpenPhish","scan_date":"2025-11-05","alert":"Phishing - Booking.com","trigger":"confirmation01248-booking.com","verdict":"phishing","severity":"medium","comment":"Booking.com","link":"https://openphish.com/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-05","alert":"Sinkholed","trigger":"confirmation01248-booking.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"confirmation01248-booking.com/dist/chat/chat.css","fqdn":"confirmation01248-booking.com","domain":"confirmation01248-booking.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://confirmation01248-booking.com/chat/M3OT6WRHC","date":"2025-11-05T16:51:06.962Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"confirmation01248-booking.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 01 Oct 2025 06:44:24 GMT","end":"Tue, 30 Dec 2025 07:42:37 GMT"},"fingerprint":{"sha1":"41:65:A3:8E:62:C7:94:80:58:D8:41:C9:49:D1:C6:9B:F8:0F:CA:44","sha256":"08:07:A3:D5:3F:50:A5:B7:33:12:51:31:45:61:43:04:20:E2:46:3C:BB:0C:CC:CE:24:61:53:F2:9E:D0:5F:1D"}}},"request":{"raw":"GET /dist/chat/chat.css HTTP/1.1\r\nHost: confirmation01248-booking.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://confirmation01248-booking.com/chat/M3OT6WRHC\r\nCookie: PHPSESSID=bofavik015dt9724ps9tvf575u; card_input_path=%2FCPZ5A3E725G%2F; bank_input_path=%2FBUIXIQAPJ9P%2F; confirmation_link_path=%2FZ1OW698G1E%2F; confirmation_bank_path=%2FTGTVBH3VE%2F; CORE_TYPE=sites; vapid_public_key=BDfVkx7gz-88KF3Aw5oMeocMqENGUootJ9ME1osxEhCsgh3azU3mnpqY7Mb9-zX5KEBncgVLxJtE0szKDwTBUKk; vapid_private_key=uYg9b2aGszyXuW_OiniSWm2crKe4F3N5RVginG6tUdY; AD_CODE=M3OT6WRHC; D_TYPE=booking; new_code=M3OT6WRHC\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Wed, 05 Nov 2025 16:51:06 GMT\r\ncontent-type: text/css\r\nserver: cloudflare\r\nlast-modified: Mon, 06 Jan 2025 23:23:57 GMT\r\netag: \"677c660d-1b7e3\"\r\ncontent-encoding: gzip\r\nage: 163\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\npriority: u=2,i=?0\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=54qPBDEqjWnO1UsqxS%2BpNGA1WK1LdiAYhy2YEtz%2FTvhcrL7J1kUy8bJkLOMz1qxO8f0QrVypFxJaTYSvrS8OkI%2FbcwXbxggJApRVmO2g8gVv5qTBGwv6pj9Clg%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 999ddaa07cb6712e-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":112611,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with CRLF line terminators","md5":"74e1acd60b80d7bcc52f2c681f34727e","sha1":"4bb9452bba4788dbe0c92a9eb40708e5b3cdee6f","sha256":"8aeb1cfb90698a106c5a6398413a41d0ec23faadeb4000d2527c78c7df8e796a","sha512":"12c664827def948e3692881ba4074b91491bd797ce6f04fd2d4cd8e41c12ef302db289aed4c0f633bd13fba18d02c4f6afa35515629c9f7b4ebbd8ea5990a1b8","ssdeep":"768:DIIWgw65aTN5Iv5S50555OCO4EziBlcuXADpoLpzavj3OXJLUDPLA7s5ta+8BQuj:DxO4Ez0cuTavj3OXJLUDP07s5ta+uQI","tlshash":"0eb39335d601154522378f3c6be94714fb3840b39e1311bdbbce61468fb69a8a292f9f","first_seen":"2025-01-13T11:23:35.759247Z","last_seen":"2026-03-27T20:02:53.41858Z","times_seen":2537,"resource_available":false,"data":null}},"time_used":51,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":30,"receive":21,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-11-05","alert":"Sinkholed","trigger":"confirmation01248-booking.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-11-05","alert":"Sinkholed","trigger":"confirmation01248-booking.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-05","alert":"Sinkholed","trigger":"confirmation01248-booking.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-11-05","alert":"Sinkholed","trigger":"confirmation01248-booking.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2025-11-05","alert":"Phishing Block","trigger":"confirmation01248-booking.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"openphish","sensor_type":"Blocklist","title":"OpenPhish","description":"OpenPhish","scan_date":"2025-11-05","alert":"Phishing - Booking.com","trigger":"confirmation01248-booking.com","verdict":"phishing","severity":"medium","comment":"Booking.com","link":"https://openphish.com/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-05","alert":"Sinkholed","trigger":"confirmation01248-booking.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"confirmation01248-booking.com/ajax/msg_check.php","fqdn":"confirmation01248-booking.com","domain":"confirmation01248-booking.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://confirmation01248-booking.com/chat/M3OT6WRHC","date":"2025-11-05T16:51:12.100Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"confirmation01248-booking.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 01 Oct 2025 06:44:24 GMT","end":"Tue, 30 Dec 2025 07:42:37 GMT"},"fingerprint":{"sha1":"41:65:A3:8E:62:C7:94:80:58:D8:41:C9:49:D1:C6:9B:F8:0F:CA:44","sha256":"08:07:A3:D5:3F:50:A5:B7:33:12:51:31:45:61:43:04:20:E2:46:3C:BB:0C:CC:CE:24:61:53:F2:9E:D0:5F:1D"}}},"request":{"raw":"POST /ajax/msg_check.php HTTP/1.1\r\nHost: confirmation01248-booking.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/javascript, */*; q=0.01\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\r\nX-Requested-With: XMLHttpRequest\r\nContent-Length: 20\r\nOrigin: https://confirmation01248-booking.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://confirmation01248-booking.com/chat/M3OT6WRHC\r\nCookie: PHPSESSID=bofavik015dt9724ps9tvf575u; card_input_path=%2FCPZ5A3E725G%2F; bank_input_path=%2FBUIXIQAPJ9P%2F; confirmation_link_path=%2FZ1OW698G1E%2F; confirmation_bank_path=%2FTGTVBH3VE%2F; CORE_TYPE=sites; vapid_public_key=BDfVkx7gz-88KF3Aw5oMeocMqENGUootJ9ME1osxEhCsgh3azU3mnpqY7Mb9-zX5KEBncgVLxJtE0szKDwTBUKk; vapid_private_key=uYg9b2aGszyXuW_OiniSWm2crKe4F3N5RVginG6tUdY; AD_CODE=M3OT6WRHC; D_TYPE=booking; new_code=M3OT6WRHC\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Wed, 05 Nov 2025 16:51:12 GMT\r\ncontent-type: text/html; charset=UTF-8\r\nserver: cloudflare\r\nexpires: Thu, 19 Nov 1981 08:52:00 GMT\r\ncache-control: no-store, no-cache, must-revalidate\r\npragma: no-cache\r\ncf-cache-status: DYNAMIC\r\npriority: u=3,i=?0\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=HytRJeVWgBnlm7saSr7X8EnLFlpmqCXI5yUXfOHOl5HqU2DQwGrNCTGloUtoC7%2FFNY9d3zdu%2FpmH%2Bd8p%2F6KTHaAg8aZz2I0Jrg8Onl4l7MgfTcWXFmhAxoVAQg%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncontent-encoding: br\r\ncf-ray: 999ddac09f15712e-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-03T18:31:03.533086Z","times_seen":13299059,"resource_available":true,"data":null}},"time_used":373,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":373,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-11-05","alert":"Sinkholed","trigger":"confirmation01248-booking.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-11-05","alert":"Sinkholed","trigger":"confirmation01248-booking.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2025-11-05","alert":"Phishing Block","trigger":"confirmation01248-booking.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-11-05","alert":"Sinkholed","trigger":"confirmation01248-booking.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-05","alert":"Sinkholed","trigger":"confirmation01248-booking.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"openphish","sensor_type":"Blocklist","title":"OpenPhish","description":"OpenPhish","scan_date":"2025-11-05","alert":"Phishing - Booking.com","trigger":"confirmation01248-booking.com","verdict":"phishing","severity":"medium","comment":"Booking.com","link":"https://openphish.com/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-05","alert":"Sinkholed","trigger":"confirmation01248-booking.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"confirmation01248-booking.com/ajax/user_send_status.php","fqdn":"confirmation01248-booking.com","domain":"confirmation01248-booking.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://confirmation01248-booking.com/M3OT6WRHC","date":"2025-11-05T16:51:16.105Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"confirmation01248-booking.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 01 Oct 2025 06:44:24 GMT","end":"Tue, 30 Dec 2025 07:42:37 GMT"},"fingerprint":{"sha1":"41:65:A3:8E:62:C7:94:80:58:D8:41:C9:49:D1:C6:9B:F8:0F:CA:44","sha256":"08:07:A3:D5:3F:50:A5:B7:33:12:51:31:45:61:43:04:20:E2:46:3C:BB:0C:CC:CE:24:61:53:F2:9E:D0:5F:1D"}}},"request":{"raw":"POST /ajax/user_send_status.php HTTP/1.1\r\nHost: confirmation01248-booking.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/javascript, */*; q=0.01\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\r\nX-Requested-With: XMLHttpRequest\r\nContent-Length: 12\r\nOrigin: https://confirmation01248-booking.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://confirmation01248-booking.com/M3OT6WRHC\r\nCookie: PHPSESSID=bofavik015dt9724ps9tvf575u; card_input_path=%2FCPZ5A3E725G%2F; bank_input_path=%2FBUIXIQAPJ9P%2F; confirmation_link_path=%2FZ1OW698G1E%2F; confirmation_bank_path=%2FTGTVBH3VE%2F; CORE_TYPE=sites; vapid_public_key=BDfVkx7gz-88KF3Aw5oMeocMqENGUootJ9ME1osxEhCsgh3azU3mnpqY7Mb9-zX5KEBncgVLxJtE0szKDwTBUKk; vapid_private_key=uYg9b2aGszyXuW_OiniSWm2crKe4F3N5RVginG6tUdY; AD_CODE=M3OT6WRHC; D_TYPE=booking; new_code=M3OT6WRHC\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Wed, 05 Nov 2025 16:51:16 GMT\r\ncontent-type: text/html; charset=UTF-8\r\nserver: cloudflare\r\nexpires: Thu, 19 Nov 1981 08:52:00 GMT\r\ncache-control: no-store, no-cache, must-revalidate\r\npragma: no-cache\r\ncf-cache-status: DYNAMIC\r\npriority: u=3,i=?0\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=NHoE16W0O6i9eaQJ7%2FzsUvaWqCEy3f6e2gRIZ%2Fa5fFC9N3emp8VRrpu2Fc93j02pBgGlEVVgO%2FHutkBtnedBswPFYzVSM19jkJo6T1JYWeZnEhm9%2BRLPICxYJQ%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncontent-encoding: br\r\ncf-ray: 999ddad9af6a712e-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":18,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"JSON text data","md5":"e32f98ba9581071c24f9d3e94bc9bd9c","sha1":"34e9660d0205cd223d2b213d7a4fe19e720721db","sha256":"4c586449e40230337e43cd4a14475982f2f64d92493370f53c5b9d88d597ed23","sha512":"ad11f7ebf8a3ee4767cab5784b38ba2f5d68682ec347e7c0bce5e652e5491bd57489786f4ee34957c04cddf70ceece5b515257f3409e293d008a76df9c655024","ssdeep":"","tlshash":"7070000882882c8000a00e0208203002a000880080000a00a8a0808a8808020e222002","first_seen":"2025-11-05T16:51:29.483564Z","last_seen":"2025-11-05T16:51:29.483564Z","times_seen":1,"resource_available":false,"data":null}},"time_used":428,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":428,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-11-05","alert":"Sinkholed","trigger":"confirmation01248-booking.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2025-11-05","alert":"Phishing Block","trigger":"confirmation01248-booking.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-11-05","alert":"Sinkholed","trigger":"confirmation01248-booking.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-11-05","alert":"Sinkholed","trigger":"confirmation01248-booking.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-05","alert":"Sinkholed","trigger":"confirmation01248-booking.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"openphish","sensor_type":"Blocklist","title":"OpenPhish","description":"OpenPhish","scan_date":"2025-11-05","alert":"Phishing - Booking.com","trigger":"confirmation01248-booking.com","verdict":"phishing","severity":"medium","comment":"Booking.com","link":"https://openphish.com/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-05","alert":"Sinkholed","trigger":"confirmation01248-booking.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"confirmation01248-booking.com/dist/booking/booking/submit-new8.js?v=775696","fqdn":"confirmation01248-booking.com","domain":"confirmation01248-booking.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://confirmation01248-booking.com/M3OT6WRHC","date":"2025-11-05T16:51:06.012Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"confirmation01248-booking.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 01 Oct 2025 06:44:24 GMT","end":"Tue, 30 Dec 2025 07:42:37 GMT"},"fingerprint":{"sha1":"41:65:A3:8E:62:C7:94:80:58:D8:41:C9:49:D1:C6:9B:F8:0F:CA:44","sha256":"08:07:A3:D5:3F:50:A5:B7:33:12:51:31:45:61:43:04:20:E2:46:3C:BB:0C:CC:CE:24:61:53:F2:9E:D0:5F:1D"}}},"request":{"raw":"GET /dist/booking/booking/submit-new8.js?v=775696 HTTP/1.1\r\nHost: confirmation01248-booking.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://confirmation01248-booking.com/M3OT6WRHC\r\nCookie: PHPSESSID=bofavik015dt9724ps9tvf575u; card_input_path=%2FCPZ5A3E725G%2F; bank_input_path=%2FBUIXIQAPJ9P%2F; confirmation_link_path=%2FZ1OW698G1E%2F; confirmation_bank_path=%2FTGTVBH3VE%2F; CORE_TYPE=sites; vapid_public_key=BDfVkx7gz-88KF3Aw5oMeocMqENGUootJ9ME1osxEhCsgh3azU3mnpqY7Mb9-zX5KEBncgVLxJtE0szKDwTBUKk; vapid_private_key=uYg9b2aGszyXuW_OiniSWm2crKe4F3N5RVginG6tUdY; AD_CODE=M3OT6WRHC; D_TYPE=booking; new_code=M3OT6WRHC\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Wed, 05 Nov 2025 16:51:06 GMT\r\ncontent-type: application/javascript\r\nserver: cloudflare\r\nlast-modified: Tue, 13 May 2025 19:09:55 GMT\r\netag: W/\"68239903-5c9e\"\r\ncontent-encoding: gzip\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\npriority: u=3,i=?0\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=vMf%2BhLYqaSIFyzVQzjWiR1Ji4UI%2Fu6LMw1XBWiOy9imd1SUjEluizer3u0SHZI9%2BVaR7trnFkFK9%2BAm%2BQWdCej%2FEoOsoWoI5vB9l%2F4m3z4Scx8GI2Kt1sYQPSA%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 999dda9a7f4c712e-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":23710,"size_decoded":0,"mime_type":"application/javascript","magic":"Algol 68 source, Unicode text, UTF-8 text, with CRLF line terminators","md5":"570b90873b5087d027f89873e04eb50d","sha1":"18694b2a87157815e5618276c0887e06e80cdf4c","sha256":"1f54e43689570129fcf17f960cefc0c0c524aedda5e4adc4487fc758d1596583","sha512":"6ed4f72da737e90cf35d025d1c8cfde3483de6fa728e702c7c4b110fe2a041f24abb37af25c4bb8547e92940d61bb5fdd33ec45dd14e9e846dfc74400b0c7820","ssdeep":"192:HCSGROS7vGun5c2sVYotAA4eSdyhE2EcOS7cHm/6PFf0Cw5rHWc6kh:j2OS7Oun5Ds6oaA3qyVOS7Af0j2Oh","tlshash":"68b28c9525b51935027616fafbd2cd84e9210baf914103a738bc8e4d6ff0890b7a1fdb","first_seen":"2025-01-13T11:23:35.766439Z","last_seen":"2026-03-27T20:02:53.391705Z","times_seen":2563,"resource_available":true,"data":null}},"time_used":67,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":67,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-11-05","alert":"Sinkholed","trigger":"confirmation01248-booking.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-11-05","alert":"Sinkholed","trigger":"confirmation01248-booking.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-05","alert":"Sinkholed","trigger":"confirmation01248-booking.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2025-11-05","alert":"Phishing Block","trigger":"confirmation01248-booking.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-11-05","alert":"Sinkholed","trigger":"confirmation01248-booking.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"openphish","sensor_type":"Blocklist","title":"OpenPhish","description":"OpenPhish","scan_date":"2025-11-05","alert":"Phishing - Booking.com","trigger":"confirmation01248-booking.com","verdict":"phishing","severity":"medium","comment":"Booking.com","link":"https://openphish.com/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-05","alert":"Sinkholed","trigger":"confirmation01248-booking.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"confirmation01248-booking.com/ajax/user_send_status.php","fqdn":"confirmation01248-booking.com","domain":"confirmation01248-booking.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://confirmation01248-booking.com/M3OT6WRHC","date":"2025-11-05T16:51:06.094Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"confirmation01248-booking.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 01 Oct 2025 06:44:24 GMT","end":"Tue, 30 Dec 2025 07:42:37 GMT"},"fingerprint":{"sha1":"41:65:A3:8E:62:C7:94:80:58:D8:41:C9:49:D1:C6:9B:F8:0F:CA:44","sha256":"08:07:A3:D5:3F:50:A5:B7:33:12:51:31:45:61:43:04:20:E2:46:3C:BB:0C:CC:CE:24:61:53:F2:9E:D0:5F:1D"}}},"request":{"raw":"POST /ajax/user_send_status.php HTTP/1.1\r\nHost: confirmation01248-booking.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/javascript, */*; q=0.01\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\r\nX-Requested-With: XMLHttpRequest\r\nContent-Length: 12\r\nOrigin: https://confirmation01248-booking.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://confirmation01248-booking.com/M3OT6WRHC\r\nCookie: PHPSESSID=bofavik015dt9724ps9tvf575u; card_input_path=%2FCPZ5A3E725G%2F; bank_input_path=%2FBUIXIQAPJ9P%2F; confirmation_link_path=%2FZ1OW698G1E%2F; confirmation_bank_path=%2FTGTVBH3VE%2F; CORE_TYPE=sites; vapid_public_key=BDfVkx7gz-88KF3Aw5oMeocMqENGUootJ9ME1osxEhCsgh3azU3mnpqY7Mb9-zX5KEBncgVLxJtE0szKDwTBUKk; vapid_private_key=uYg9b2aGszyXuW_OiniSWm2crKe4F3N5RVginG6tUdY; AD_CODE=M3OT6WRHC; D_TYPE=booking; new_code=M3OT6WRHC\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Wed, 05 Nov 2025 16:51:06 GMT\r\ncontent-type: text/html; charset=UTF-8\r\nserver: cloudflare\r\nexpires: Thu, 19 Nov 1981 08:52:00 GMT\r\ncache-control: no-store, no-cache, must-revalidate\r\npragma: no-cache\r\ncf-cache-status: DYNAMIC\r\npriority: u=3,i=?0\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=o4KEFg4ej5l9wUWRbu2G8m1cwaMAHhV9ZJ%2FDnhWxQVah6RPeQ3LwMzAa8rUbk8su1534exS%2FHMV3aostphQK9%2BefYhKidFLERmib15ZCqljL%2F0qe1zTNIefgfA%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncontent-encoding: br\r\ncf-ray: 999dda9b1ff3712e-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":18,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"JSON text data","md5":"e32f98ba9581071c24f9d3e94bc9bd9c","sha1":"34e9660d0205cd223d2b213d7a4fe19e720721db","sha256":"4c586449e40230337e43cd4a14475982f2f64d92493370f53c5b9d88d597ed23","sha512":"ad11f7ebf8a3ee4767cab5784b38ba2f5d68682ec347e7c0bce5e652e5491bd57489786f4ee34957c04cddf70ceece5b515257f3409e293d008a76df9c655024","ssdeep":"","tlshash":"7070000882882c8000a00e0208203002a000880080000a00a8a0808a8808020e222002","first_seen":"2025-11-05T16:51:29.483564Z","last_seen":"2025-11-05T16:51:29.483564Z","times_seen":1,"resource_available":false,"data":null}},"time_used":729,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":729,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-11-05","alert":"Sinkholed","trigger":"confirmation01248-booking.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-05","alert":"Sinkholed","trigger":"confirmation01248-booking.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2025-11-05","alert":"Phishing Block","trigger":"confirmation01248-booking.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-11-05","alert":"Sinkholed","trigger":"confirmation01248-booking.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-11-05","alert":"Sinkholed","trigger":"confirmation01248-booking.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"openphish","sensor_type":"Blocklist","title":"OpenPhish","description":"OpenPhish","scan_date":"2025-11-05","alert":"Phishing - Booking.com","trigger":"confirmation01248-booking.com","verdict":"phishing","severity":"medium","comment":"Booking.com","link":"https://openphish.com/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-05","alert":"Sinkholed","trigger":"confirmation01248-booking.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"confirmation01248-booking.com/OWFV543TF","fqdn":"confirmation01248-booking.com","domain":"confirmation01248-booking.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-11-05T16:51:03.423Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"confirmation01248-booking.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 01 Oct 2025 06:44:24 GMT","end":"Tue, 30 Dec 2025 07:42:37 GMT"},"fingerprint":{"sha1":"41:65:A3:8E:62:C7:94:80:58:D8:41:C9:49:D1:C6:9B:F8:0F:CA:44","sha256":"08:07:A3:D5:3F:50:A5:B7:33:12:51:31:45:61:43:04:20:E2:46:3C:BB:0C:CC:CE:24:61:53:F2:9E:D0:5F:1D"}}},"request":{"raw":"GET /OWFV543TF HTTP/1.1\r\nHost: confirmation01248-booking.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 302 Found\r\ndate: Wed, 05 Nov 2025 16:51:04 GMT\r\ncontent-type: text/html; charset=UTF-8\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nexpires: Thu, 19 Nov 1981 08:52:00 GMT\r\ncache-control: no-store, no-cache, must-revalidate\r\npragma: no-cache\r\nlocation: /M3OT6WRHC\r\ncf-cache-status: DYNAMIC\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=wc%2FnfqA6SPh3ymuuJ8QPdsfh0RUABLlKpuLLyRwBNLcSXcKNVydjumURRu%2FgRrVINHvRdzZGSZk%2FWFE%2FtVODR6NJDPzjrrPqmK1vZ2pNHzb9mSjI4y1coBF%2Fvg%3D%3D\"}]}\r\nset-cookie: PHPSESSID=bofavik015dt9724ps9tvf575u; Path=/\ncard_input_path=%2FCPZ5A3E725G%2F; Path=/; Max-Age=86400; Expires=Thu, 06 Nov 2025 16:51:03 GMT\nbank_input_path=%2FBUIXIQAPJ9P%2F; Path=/; Max-Age=86400; Expires=Thu, 06 Nov 2025 16:51:03 GMT\nconfirmation_link_path=%2FZ1OW698G1E%2F; Path=/; Max-Age=86400; Expires=Thu, 06 Nov 2025 16:51:03 GMT\nconfirmation_bank_path=%2FTGTVBH3VE%2F; Path=/; Max-Age=86400; Expires=Thu, 06 Nov 2025 16:51:03 GMT\nCORE_TYPE=sites; Path=/; Max-Age=86400; Expires=Thu, 06 Nov 2025 16:51:03 GMT\nvapid_public_key=BDfVkx7gz-88KF3Aw5oMeocMqENGUootJ9ME1osxEhCsgh3azU3mnpqY7Mb9-zX5KEBncgVLxJtE0szKDwTBUKk; Path=/; Max-Age=86400; Expires=Thu, 06 Nov 2025 16:51:03 GMT\nvapid_private_key=uYg9b2aGszyXuW_OiniSWm2crKe4F3N5RVginG6tUdY; Path=/; Max-Age=86400; Expires=Thu, 06 Nov 2025 16:51:03 GMT\nAD_CODE=OWFV543TF; Path=/; Max-Age=86400; Expires=Thu, 06 Nov 2025 16:51:03 GMT\nD_TYPE=booking; Path=/; Max-Age=86400; Expires=Thu, 06 Nov 2025 16:51:03 GMT\ninput_amount_price=deleted; Path=/; Max-Age=0; Expires=Thu, 01 Jan 1970 00:00:01 GMT\nnew_code=M3OT6WRHC; Path=/; Max-Age=86400; Expires=Thu, 06 Nov 2025 16:51:04 GMT\r\ncf-ray: 999dda8a8fda56bf-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"PHP","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]}],"data":{"size":69190,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-03T18:31:03.533086Z","times_seen":13299059,"resource_available":true,"data":null}},"time_used":1061,"timings":{"blocked":22,"dns":1,"connect":1,"send":0,"wait":1016,"receive":0,"ssl":19},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-11-05","alert":"Sinkholed","trigger":"confirmation01248-booking.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-11-05","alert":"Sinkholed","trigger":"confirmation01248-booking.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"openphish","sensor_type":"url","title":"OpenPhish","description":"OpenPhish","scan_date":"2025-11-05","alert":"Phishing - Booking.com","trigger":"confirmation01248-booking.com/OWFV543TF","verdict":"phishing","severity":"medium","comment":"Booking.com","link":"https://openphish.com","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-11-05","alert":"Sinkholed","trigger":"confirmation01248-booking.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2025-11-05","alert":"Phishing Block","trigger":"confirmation01248-booking.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-05","alert":"Sinkholed","trigger":"confirmation01248-booking.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-05","alert":"Sinkholed","trigger":"confirmation01248-booking.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"confirmation01248-booking.com/js/jquery-3.1.1.min.js","fqdn":"confirmation01248-booking.com","domain":"confirmation01248-booking.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://confirmation01248-booking.com/M3OT6WRHC","date":"2025-11-05T16:51:06.015Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"confirmation01248-booking.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 01 Oct 2025 06:44:24 GMT","end":"Tue, 30 Dec 2025 07:42:37 GMT"},"fingerprint":{"sha1":"41:65:A3:8E:62:C7:94:80:58:D8:41:C9:49:D1:C6:9B:F8:0F:CA:44","sha256":"08:07:A3:D5:3F:50:A5:B7:33:12:51:31:45:61:43:04:20:E2:46:3C:BB:0C:CC:CE:24:61:53:F2:9E:D0:5F:1D"}}},"request":{"raw":"GET /js/jquery-3.1.1.min.js HTTP/1.1\r\nHost: confirmation01248-booking.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://confirmation01248-booking.com/M3OT6WRHC\r\nCookie: PHPSESSID=bofavik015dt9724ps9tvf575u; card_input_path=%2FCPZ5A3E725G%2F; bank_input_path=%2FBUIXIQAPJ9P%2F; confirmation_link_path=%2FZ1OW698G1E%2F; confirmation_bank_path=%2FTGTVBH3VE%2F; CORE_TYPE=sites; vapid_public_key=BDfVkx7gz-88KF3Aw5oMeocMqENGUootJ9ME1osxEhCsgh3azU3mnpqY7Mb9-zX5KEBncgVLxJtE0szKDwTBUKk; vapid_private_key=uYg9b2aGszyXuW_OiniSWm2crKe4F3N5RVginG6tUdY; AD_CODE=M3OT6WRHC; D_TYPE=booking; new_code=M3OT6WRHC\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Wed, 05 Nov 2025 16:51:06 GMT\r\ncontent-type: application/javascript\r\nserver: cloudflare\r\nlast-modified: Sun, 06 Jul 2025 17:54:17 GMT\r\netag: \"686ab849-217ce\"\r\ncontent-encoding: gzip\r\nage: 162\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\npriority: u=2,i=?0\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=%2BolDfuSzLq6UWIAGhaq8P2xLbqr9NClarYpWuutJZVBIhdULZHxbh3bE9TymCjm8i2lzTnT9phGQUz60lwCDcasW2IHhlqIKHRfbwhi1JosocA0z8HbSUGbuwg%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 999dda9a7f4e712e-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":137166,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (522)","md5":"b15e2b6b8c96c1a2faffdaec513ac36c","sha1":"79be8d8eebb24d7f32ceed55e0ed90bfe1e4b545","sha256":"5f4f43d715a2bd6d366f2956e9a16fb3029eccec66f2af81116298b1238907ce","sha512":"457db2021978ced718de12639a4ab5999e62744037a0ef9acbb912c6d987c64748a12614feb43d7a87dfa39df1879ef3b495ad4e9d1d0347fd790a85e017681e","ssdeep":"1536:xBQDs8kcdv8++BShi6jlfuppnSnHvfMJNmxIf7+5r8Pbya17DRojoxjyVQiPOoRM:r9YHvfSYIC5r8PnAoxjy79r8NYDpu","tlshash":"cad34189b7e6252a5617f0b98abfcc05b139485b16cdcd597c0c91a4af1043887fafec","first_seen":"2025-07-08T00:11:56.574113Z","last_seen":"2026-04-01T23:15:02.352807Z","times_seen":3028,"resource_available":true,"data":null}},"time_used":14,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":8,"receive":6,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-11-05","alert":"Sinkholed","trigger":"confirmation01248-booking.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-11-05","alert":"Sinkholed","trigger":"confirmation01248-booking.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2025-11-05","alert":"Phishing Block","trigger":"confirmation01248-booking.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-05","alert":"Sinkholed","trigger":"confirmation01248-booking.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-11-05","alert":"Sinkholed","trigger":"confirmation01248-booking.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"openphish","sensor_type":"Blocklist","title":"OpenPhish","description":"OpenPhish","scan_date":"2025-11-05","alert":"Phishing - Booking.com","trigger":"confirmation01248-booking.com","verdict":"phishing","severity":"medium","comment":"Booking.com","link":"https://openphish.com/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-05","alert":"Sinkholed","trigger":"confirmation01248-booking.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"confirmation01248-booking.com/dist/chat/loading5.gif","fqdn":"confirmation01248-booking.com","domain":"confirmation01248-booking.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://confirmation01248-booking.com/chat/M3OT6WRHC","date":"2025-11-05T16:51:06.972Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"confirmation01248-booking.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 01 Oct 2025 06:44:24 GMT","end":"Tue, 30 Dec 2025 07:42:37 GMT"},"fingerprint":{"sha1":"41:65:A3:8E:62:C7:94:80:58:D8:41:C9:49:D1:C6:9B:F8:0F:CA:44","sha256":"08:07:A3:D5:3F:50:A5:B7:33:12:51:31:45:61:43:04:20:E2:46:3C:BB:0C:CC:CE:24:61:53:F2:9E:D0:5F:1D"}}},"request":{"raw":"GET /dist/chat/loading5.gif HTTP/1.1\r\nHost: confirmation01248-booking.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://confirmation01248-booking.com/chat/M3OT6WRHC\r\nCookie: PHPSESSID=bofavik015dt9724ps9tvf575u; card_input_path=%2FCPZ5A3E725G%2F; bank_input_path=%2FBUIXIQAPJ9P%2F; confirmation_link_path=%2FZ1OW698G1E%2F; confirmation_bank_path=%2FTGTVBH3VE%2F; CORE_TYPE=sites; vapid_public_key=BDfVkx7gz-88KF3Aw5oMeocMqENGUootJ9ME1osxEhCsgh3azU3mnpqY7Mb9-zX5KEBncgVLxJtE0szKDwTBUKk; vapid_private_key=uYg9b2aGszyXuW_OiniSWm2crKe4F3N5RVginG6tUdY; AD_CODE=M3OT6WRHC; D_TYPE=booking; new_code=M3OT6WRHC\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Wed, 05 Nov 2025 16:51:06 GMT\r\ncontent-type: image/gif\r\ncontent-length: 4390\r\nserver: cloudflare\r\nlast-modified: Mon, 02 Jun 2025 04:59:47 GMT\r\netag: \"683d2fc3-1126\"\r\naccept-ranges: bytes\r\nage: 163\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\npriority: u=4,i=?0\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=ySQFNgCGckxm2r2stSxysMJVUYEncy%2Bn9UlRQq6dJwQvvWtGFq0LtkVM06sdQVxxmegiyTa%2FZU%2BqwJoYwUg6h%2BCpfS4dIQ8tlyFbbJFf1hRpCc3IVfa28i8qiw%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 999ddaa08cc0712e-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":4390,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 25 x 25","md5":"7867023cc9500fbc2063ee016e0aa6bc","sha1":"9d291796f9c395125b2c2e90674361707dea97db","sha256":"f8edda2fa19fcb8ae89eca321a3162d165d31c02b62e26a1b9891af0a5d7d2ef","sha512":"dac8be1edb48c28be3a707e21fbd4c46b7ed3183b67ba1a061c00a3edc1242e5cf201e6aa0a749701845f8e59856368b699538352bee7467eac0a9d664feb5a1","ssdeep":"96:qV1UdNsAwEEUdNsAwEEUdNsAwEEUdNsAwEEUdNsAwEEUdNsAwI:qV1UdNtwTUdNtwTUdNtwTUdNtwTUdNtb","tlshash":"db91f1268c89ffc4da7cdc7065ac83de07e9fe68cd7181ab09e10d4a394a0912d465fd","first_seen":"2025-06-12T11:08:46.563905Z","last_seen":"2026-03-27T20:02:53.432666Z","times_seen":2513,"resource_available":false,"data":null}},"time_used":43,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":26,"receive":17,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-11-05","alert":"Sinkholed","trigger":"confirmation01248-booking.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-11-05","alert":"Sinkholed","trigger":"confirmation01248-booking.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-11-05","alert":"Sinkholed","trigger":"confirmation01248-booking.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-05","alert":"Sinkholed","trigger":"confirmation01248-booking.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2025-11-05","alert":"Phishing Block","trigger":"confirmation01248-booking.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"openphish","sensor_type":"Blocklist","title":"OpenPhish","description":"OpenPhish","scan_date":"2025-11-05","alert":"Phishing - Booking.com","trigger":"confirmation01248-booking.com","verdict":"phishing","severity":"medium","comment":"Booking.com","link":"https://openphish.com/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-05","alert":"Sinkholed","trigger":"confirmation01248-booking.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"confirmation01248-booking.com/ajax/user_send_status.php","fqdn":"confirmation01248-booking.com","domain":"confirmation01248-booking.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://confirmation01248-booking.com/M3OT6WRHC","date":"2025-11-05T16:51:11.099Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"confirmation01248-booking.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 01 Oct 2025 06:44:24 GMT","end":"Tue, 30 Dec 2025 07:42:37 GMT"},"fingerprint":{"sha1":"41:65:A3:8E:62:C7:94:80:58:D8:41:C9:49:D1:C6:9B:F8:0F:CA:44","sha256":"08:07:A3:D5:3F:50:A5:B7:33:12:51:31:45:61:43:04:20:E2:46:3C:BB:0C:CC:CE:24:61:53:F2:9E:D0:5F:1D"}}},"request":{"raw":"POST /ajax/user_send_status.php HTTP/1.1\r\nHost: confirmation01248-booking.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/javascript, */*; q=0.01\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\r\nX-Requested-With: XMLHttpRequest\r\nContent-Length: 12\r\nOrigin: https://confirmation01248-booking.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://confirmation01248-booking.com/M3OT6WRHC\r\nCookie: PHPSESSID=bofavik015dt9724ps9tvf575u; card_input_path=%2FCPZ5A3E725G%2F; bank_input_path=%2FBUIXIQAPJ9P%2F; confirmation_link_path=%2FZ1OW698G1E%2F; confirmation_bank_path=%2FTGTVBH3VE%2F; CORE_TYPE=sites; vapid_public_key=BDfVkx7gz-88KF3Aw5oMeocMqENGUootJ9ME1osxEhCsgh3azU3mnpqY7Mb9-zX5KEBncgVLxJtE0szKDwTBUKk; vapid_private_key=uYg9b2aGszyXuW_OiniSWm2crKe4F3N5RVginG6tUdY; AD_CODE=M3OT6WRHC; D_TYPE=booking; new_code=M3OT6WRHC\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Wed, 05 Nov 2025 16:51:11 GMT\r\ncontent-type: text/html; charset=UTF-8\r\nserver: cloudflare\r\nexpires: Thu, 19 Nov 1981 08:52:00 GMT\r\ncache-control: no-store, no-cache, must-revalidate\r\npragma: no-cache\r\ncf-cache-status: DYNAMIC\r\npriority: u=3,i=?0\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=ON1XF%2BZmjEX74IElWl%2BWHUVkohqn14i1W%2Fy%2B09EImqpsODXsl1F28j%2FqWRsUWLYDJhuJOdXkCTB%2B1tup0G%2FAHwzn7r4imTDbMUFA5CpPPfeDzygwep2KpPr4kA%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncontent-encoding: br\r\ncf-ray: 999ddaba58ed712e-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":18,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"JSON text data","md5":"e32f98ba9581071c24f9d3e94bc9bd9c","sha1":"34e9660d0205cd223d2b213d7a4fe19e720721db","sha256":"4c586449e40230337e43cd4a14475982f2f64d92493370f53c5b9d88d597ed23","sha512":"ad11f7ebf8a3ee4767cab5784b38ba2f5d68682ec347e7c0bce5e652e5491bd57489786f4ee34957c04cddf70ceece5b515257f3409e293d008a76df9c655024","ssdeep":"","tlshash":"7070000882882c8000a00e0208203002a000880080000a00a8a0808a8808020e222002","first_seen":"2025-11-05T16:51:29.483564Z","last_seen":"2025-11-05T16:51:29.483564Z","times_seen":1,"resource_available":false,"data":null}},"time_used":413,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":412,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-11-05","alert":"Sinkholed","trigger":"confirmation01248-booking.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2025-11-05","alert":"Phishing Block","trigger":"confirmation01248-booking.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-05","alert":"Sinkholed","trigger":"confirmation01248-booking.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-11-05","alert":"Sinkholed","trigger":"confirmation01248-booking.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-11-05","alert":"Sinkholed","trigger":"confirmation01248-booking.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"openphish","sensor_type":"Blocklist","title":"OpenPhish","description":"OpenPhish","scan_date":"2025-11-05","alert":"Phishing - Booking.com","trigger":"confirmation01248-booking.com","verdict":"phishing","severity":"medium","comment":"Booking.com","link":"https://openphish.com/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-05","alert":"Sinkholed","trigger":"confirmation01248-booking.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"confirmation01248-booking.com/dist/booking/booking/styles-new4.css?v=5","fqdn":"confirmation01248-booking.com","domain":"confirmation01248-booking.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://confirmation01248-booking.com/M3OT6WRHC","date":"2025-11-05T16:51:06.005Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"confirmation01248-booking.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 01 Oct 2025 06:44:24 GMT","end":"Tue, 30 Dec 2025 07:42:37 GMT"},"fingerprint":{"sha1":"41:65:A3:8E:62:C7:94:80:58:D8:41:C9:49:D1:C6:9B:F8:0F:CA:44","sha256":"08:07:A3:D5:3F:50:A5:B7:33:12:51:31:45:61:43:04:20:E2:46:3C:BB:0C:CC:CE:24:61:53:F2:9E:D0:5F:1D"}}},"request":{"raw":"GET /dist/booking/booking/styles-new4.css?v=5 HTTP/1.1\r\nHost: confirmation01248-booking.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://confirmation01248-booking.com/M3OT6WRHC\r\nCookie: PHPSESSID=bofavik015dt9724ps9tvf575u; card_input_path=%2FCPZ5A3E725G%2F; bank_input_path=%2FBUIXIQAPJ9P%2F; confirmation_link_path=%2FZ1OW698G1E%2F; confirmation_bank_path=%2FTGTVBH3VE%2F; CORE_TYPE=sites; vapid_public_key=BDfVkx7gz-88KF3Aw5oMeocMqENGUootJ9ME1osxEhCsgh3azU3mnpqY7Mb9-zX5KEBncgVLxJtE0szKDwTBUKk; vapid_private_key=uYg9b2aGszyXuW_OiniSWm2crKe4F3N5RVginG6tUdY; AD_CODE=M3OT6WRHC; D_TYPE=booking; new_code=M3OT6WRHC\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Wed, 05 Nov 2025 16:51:06 GMT\r\ncontent-type: text/css\r\nserver: cloudflare\r\nlast-modified: Mon, 27 Jan 2025 18:30:32 GMT\r\netag: \"6797d0c8-9b25\"\r\ncontent-encoding: gzip\r\nage: 162\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\npriority: u=2,i=?0\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=Pk9TCQPCd6kQeU2Er0XTIeHTyvG9%2Fy0oxORDaQU%2FjUij4Aj%2BKuZbTeNGZxcsbZKgX2aDCaMTsBV7Ed7wqTwvGFn6KL%2Blwehwds58GDBidt%2FH6qp3y43woGl1SA%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 999dda9a7f45712e-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":39717,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (331), with CRLF line terminators","md5":"a0ca1f010bf5eb1c69e981c21c03e331","sha1":"a05f7b159849e9416c7126cd30b24d413d6fdcaf","sha256":"a3730b95c9ac59b4c41098fbb7c0c8663c6182051927cf76a90cad186f075ad5","sha512":"80d0a117a313bba6c8c79b6633bcaf575d0608b246f8cace3386440628488502b988289adb5c7c28c4484cb9f795511b2f67431d4ba052e236d18e8ae04b7217","ssdeep":"384:DPyGrB+QMgoTbaECQ9Znmrl2FRh+DwmiT:bBoQ0H+laKQ","tlshash":"b60301a99a125182a2338f78bfe25249fb1151338b0151ad7fdca2548fb9378d760fcd","first_seen":"2025-03-18T07:37:38.837794Z","last_seen":"2026-03-27T20:02:53.432135Z","times_seen":2566,"resource_available":false,"data":null}},"time_used":19,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":18,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-11-05","alert":"Sinkholed","trigger":"confirmation01248-booking.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-05","alert":"Sinkholed","trigger":"confirmation01248-booking.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-11-05","alert":"Sinkholed","trigger":"confirmation01248-booking.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2025-11-05","alert":"Phishing Block","trigger":"confirmation01248-booking.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-11-05","alert":"Sinkholed","trigger":"confirmation01248-booking.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"openphish","sensor_type":"Blocklist","title":"OpenPhish","description":"OpenPhish","scan_date":"2025-11-05","alert":"Phishing - Booking.com","trigger":"confirmation01248-booking.com","verdict":"phishing","severity":"medium","comment":"Booking.com","link":"https://openphish.com/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-05","alert":"Sinkholed","trigger":"confirmation01248-booking.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"confirmation01248-booking.com/dist/booking/booking/img/cards/mc.svg","fqdn":"confirmation01248-booking.com","domain":"confirmation01248-booking.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://confirmation01248-booking.com/M3OT6WRHC","date":"2025-11-05T16:51:06.018Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"confirmation01248-booking.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 01 Oct 2025 06:44:24 GMT","end":"Tue, 30 Dec 2025 07:42:37 GMT"},"fingerprint":{"sha1":"41:65:A3:8E:62:C7:94:80:58:D8:41:C9:49:D1:C6:9B:F8:0F:CA:44","sha256":"08:07:A3:D5:3F:50:A5:B7:33:12:51:31:45:61:43:04:20:E2:46:3C:BB:0C:CC:CE:24:61:53:F2:9E:D0:5F:1D"}}},"request":{"raw":"GET /dist/booking/booking/img/cards/mc.svg HTTP/1.1\r\nHost: confirmation01248-booking.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://confirmation01248-booking.com/M3OT6WRHC\r\nCookie: PHPSESSID=bofavik015dt9724ps9tvf575u; card_input_path=%2FCPZ5A3E725G%2F; bank_input_path=%2FBUIXIQAPJ9P%2F; confirmation_link_path=%2FZ1OW698G1E%2F; confirmation_bank_path=%2FTGTVBH3VE%2F; CORE_TYPE=sites; vapid_public_key=BDfVkx7gz-88KF3Aw5oMeocMqENGUootJ9ME1osxEhCsgh3azU3mnpqY7Mb9-zX5KEBncgVLxJtE0szKDwTBUKk; vapid_private_key=uYg9b2aGszyXuW_OiniSWm2crKe4F3N5RVginG6tUdY; AD_CODE=M3OT6WRHC; D_TYPE=booking; new_code=M3OT6WRHC\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Wed, 05 Nov 2025 16:51:06 GMT\r\ncontent-type: image/svg+xml\r\nserver: cloudflare\r\nlast-modified: Sun, 29 Dec 2024 23:05:51 GMT\r\netag: \"6771d5cf-c7e\"\r\ncontent-encoding: gzip\r\nage: 162\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\npriority: u=4,i=?0\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=tYZveKI6CCX8biZzuHUKnO9cMyGRhXkaYfSMXwZbnFzpNCsXgy3LE7JOWzkZ7DcsntZ2Zt6dMnTNPQwMV11Jfs%2BRe0GnnaXxLwY6P3b8gp8LzUVJYIuxDkjFIg%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 999dda9a8f50712e-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":3198,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"be1845a3fffe901eecdc6ea75a9b5e90","sha1":"b1c8bf81144fabab4c333a450679a59a3c0ce1c5","sha256":"b0588450b1cc0a8f7f09067b7611d2ab8f9b14dcf3f1d7319be77c13011f50d4","sha512":"94e4eb9ad4e06b019594085517e24ab16c05eff445b7ef80435f04d8e01b75fd20c3b8da6a76d76b6633c2e7eef7aa910975f3def8fdd73547c18fd62d7d4681","ssdeep":"","tlshash":"3b6112de1e1c03cc2947ad0e9b24b154d31f68b6f26adcc18d5f9b693087898e64bc40","first_seen":"2024-05-29T09:01:44Z","last_seen":"2026-03-21T18:46:38.146057Z","times_seen":242,"resource_available":false,"data":null}},"time_used":12,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":12,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-11-05","alert":"Sinkholed","trigger":"confirmation01248-booking.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-05","alert":"Sinkholed","trigger":"confirmation01248-booking.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-11-05","alert":"Sinkholed","trigger":"confirmation01248-booking.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-11-05","alert":"Sinkholed","trigger":"confirmation01248-booking.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2025-11-05","alert":"Phishing Block","trigger":"confirmation01248-booking.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"openphish","sensor_type":"Blocklist","title":"OpenPhish","description":"OpenPhish","scan_date":"2025-11-05","alert":"Phishing - Booking.com","trigger":"confirmation01248-booking.com","verdict":"phishing","severity":"medium","comment":"Booking.com","link":"https://openphish.com/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-05","alert":"Sinkholed","trigger":"confirmation01248-booking.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"confirmation01248-booking.com/ajax/msg_check.php","fqdn":"confirmation01248-booking.com","domain":"confirmation01248-booking.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://confirmation01248-booking.com/chat/M3OT6WRHC","date":"2025-11-05T16:51:07.099Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"confirmation01248-booking.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 01 Oct 2025 06:44:24 GMT","end":"Tue, 30 Dec 2025 07:42:37 GMT"},"fingerprint":{"sha1":"41:65:A3:8E:62:C7:94:80:58:D8:41:C9:49:D1:C6:9B:F8:0F:CA:44","sha256":"08:07:A3:D5:3F:50:A5:B7:33:12:51:31:45:61:43:04:20:E2:46:3C:BB:0C:CC:CE:24:61:53:F2:9E:D0:5F:1D"}}},"request":{"raw":"POST /ajax/msg_check.php HTTP/1.1\r\nHost: confirmation01248-booking.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/javascript, */*; q=0.01\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\r\nX-Requested-With: XMLHttpRequest\r\nContent-Length: 13\r\nOrigin: https://confirmation01248-booking.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://confirmation01248-booking.com/chat/M3OT6WRHC\r\nCookie: PHPSESSID=bofavik015dt9724ps9tvf575u; card_input_path=%2FCPZ5A3E725G%2F; bank_input_path=%2FBUIXIQAPJ9P%2F; confirmation_link_path=%2FZ1OW698G1E%2F; confirmation_bank_path=%2FTGTVBH3VE%2F; CORE_TYPE=sites; vapid_public_key=BDfVkx7gz-88KF3Aw5oMeocMqENGUootJ9ME1osxEhCsgh3azU3mnpqY7Mb9-zX5KEBncgVLxJtE0szKDwTBUKk; vapid_private_key=uYg9b2aGszyXuW_OiniSWm2crKe4F3N5RVginG6tUdY; AD_CODE=M3OT6WRHC; D_TYPE=booking; new_code=M3OT6WRHC\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Wed, 05 Nov 2025 16:51:07 GMT\r\ncontent-type: text/html; charset=UTF-8\r\nserver: cloudflare\r\nexpires: Thu, 19 Nov 1981 08:52:00 GMT\r\ncache-control: no-store, no-cache, must-revalidate\r\npragma: no-cache\r\ncf-cache-status: DYNAMIC\r\npriority: u=3,i=?0\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=pXTT%2BVoqwiATCRTVOMJqsSGmkkNUwlKxFyvyrnVkKvtMXKrBQ%2FtN%2Be7yMfeWuvPDZP4Cn%2FOI5%2BS51DYqRBi7VLk6hwE%2FPE0qVawyStOAvj%2FD%2B%2B9ZbGUh7z1lYQ%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncontent-encoding: br\r\ncf-ray: 999ddaa15d86712e-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":2773,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"JSON text data","md5":"cf606cb222cb0d56f12c610bfbed4141","sha1":"9c81c6928960a46af3f35f4404c94ec2813a0e86","sha256":"398a14a317d559b5db3534d6385f9f5243455fab7d7aacb0669c0528014478d4","sha512":"b11988e68fe5096d648d6221fd839a371bd4a5c445050ec71b64817704f27487ad6c7a5cd952c79a54194a0977e01fe685f542f8173c84060d2b41821624130b","ssdeep":"","tlshash":"f951043be08a48322a43909e79abca7f5fd4c043af22ca663a7d10787385d00cb53265","first_seen":"2025-11-05T16:51:29.492103Z","last_seen":"2025-11-05T16:51:29.492103Z","times_seen":1,"resource_available":false,"data":null}},"time_used":339,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":339,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-11-05","alert":"Sinkholed","trigger":"confirmation01248-booking.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-11-05","alert":"Sinkholed","trigger":"confirmation01248-booking.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2025-11-05","alert":"Phishing Block","trigger":"confirmation01248-booking.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-05","alert":"Sinkholed","trigger":"confirmation01248-booking.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-11-05","alert":"Sinkholed","trigger":"confirmation01248-booking.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"openphish","sensor_type":"Blocklist","title":"OpenPhish","description":"OpenPhish","scan_date":"2025-11-05","alert":"Phishing - Booking.com","trigger":"confirmation01248-booking.com","verdict":"phishing","severity":"medium","comment":"Booking.com","link":"https://openphish.com/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-05","alert":"Sinkholed","trigger":"confirmation01248-booking.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"confirmation01248-booking.com/ajax/chat_action.php","fqdn":"confirmation01248-booking.com","domain":"confirmation01248-booking.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://confirmation01248-booking.com/chat/M3OT6WRHC","date":"2025-11-05T16:51:07.460Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"confirmation01248-booking.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 01 Oct 2025 06:44:24 GMT","end":"Tue, 30 Dec 2025 07:42:37 GMT"},"fingerprint":{"sha1":"41:65:A3:8E:62:C7:94:80:58:D8:41:C9:49:D1:C6:9B:F8:0F:CA:44","sha256":"08:07:A3:D5:3F:50:A5:B7:33:12:51:31:45:61:43:04:20:E2:46:3C:BB:0C:CC:CE:24:61:53:F2:9E:D0:5F:1D"}}},"request":{"raw":"POST /ajax/chat_action.php HTTP/1.1\r\nHost: confirmation01248-booking.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/javascript, */*; q=0.01\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\r\nX-Requested-With: XMLHttpRequest\r\nContent-Length: 11\r\nOrigin: https://confirmation01248-booking.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://confirmation01248-booking.com/chat/M3OT6WRHC\r\nCookie: PHPSESSID=bofavik015dt9724ps9tvf575u; card_input_path=%2FCPZ5A3E725G%2F; bank_input_path=%2FBUIXIQAPJ9P%2F; confirmation_link_path=%2FZ1OW698G1E%2F; confirmation_bank_path=%2FTGTVBH3VE%2F; CORE_TYPE=sites; vapid_public_key=BDfVkx7gz-88KF3Aw5oMeocMqENGUootJ9ME1osxEhCsgh3azU3mnpqY7Mb9-zX5KEBncgVLxJtE0szKDwTBUKk; vapid_private_key=uYg9b2aGszyXuW_OiniSWm2crKe4F3N5RVginG6tUdY; AD_CODE=M3OT6WRHC; D_TYPE=booking; new_code=M3OT6WRHC\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Wed, 05 Nov 2025 16:51:07 GMT\r\ncontent-type: text/html; charset=UTF-8\r\nserver: cloudflare\r\nexpires: Thu, 19 Nov 1981 08:52:00 GMT\r\ncache-control: no-store, no-cache, must-revalidate\r\npragma: no-cache\r\ncf-cache-status: DYNAMIC\r\npriority: u=3,i=?0\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=gTD93DdJyMjHpbMq3ivq%2BkUqdsgzboqOha17cvmr5JbdzIOmE%2BphPt0hdvn62R8eFOlQ7e2HecNsm%2BUNvh9943hwWyVXnG%2BX56I7f%2FgS07BAFufEFHEUU7n27Q%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncontent-encoding: br\r\ncf-ray: 999ddaa3a815712e-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":31,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"JSON text data","md5":"1977006e07d746c4af3c3e2fa8131754","sha1":"1a5796e95cf408b4bab31b47d6688c0fb2a8d287","sha256":"86ecfe2bf9f95cdd5216ab76e8877ab70b18823f182936aa2a94fed3e4a38c4a","sha512":"8b9421765f52547a3e3626f9605e1f13c6ddca3f8dc6de54a5ec6412085899c6fdf8cfaf0aa2641ece47dcbc112c09168ef534c40c045a99aee5e109e7ccbbf3","ssdeep":"","tlshash":"d7800000a000203088820b8000b2ae322f3c0a22082a88a2be0ea0a80a3a0e3830b003","first_seen":"2025-04-10T12:23:04.203291Z","last_seen":"2026-03-03T01:00:34.78227Z","times_seen":2416,"resource_available":false,"data":null}},"time_used":304,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":303,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-11-05","alert":"Sinkholed","trigger":"confirmation01248-booking.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-05","alert":"Sinkholed","trigger":"confirmation01248-booking.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-11-05","alert":"Sinkholed","trigger":"confirmation01248-booking.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"openphish","sensor_type":"Blocklist","title":"OpenPhish","description":"OpenPhish","scan_date":"2025-11-05","alert":"Phishing - Booking.com","trigger":"confirmation01248-booking.com","verdict":"phishing","severity":"medium","comment":"Booking.com","link":"https://openphish.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-11-05","alert":"Sinkholed","trigger":"confirmation01248-booking.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2025-11-05","alert":"Phishing Block","trigger":"confirmation01248-booking.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-05","alert":"Sinkholed","trigger":"confirmation01248-booking.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"confirmation01248-booking.com/ajax/payment_card_status.php","fqdn":"confirmation01248-booking.com","domain":"confirmation01248-booking.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://confirmation01248-booking.com/M3OT6WRHC","date":"2025-11-05T16:51:11.094Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"confirmation01248-booking.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 01 Oct 2025 06:44:24 GMT","end":"Tue, 30 Dec 2025 07:42:37 GMT"},"fingerprint":{"sha1":"41:65:A3:8E:62:C7:94:80:58:D8:41:C9:49:D1:C6:9B:F8:0F:CA:44","sha256":"08:07:A3:D5:3F:50:A5:B7:33:12:51:31:45:61:43:04:20:E2:46:3C:BB:0C:CC:CE:24:61:53:F2:9E:D0:5F:1D"}}},"request":{"raw":"POST /ajax/payment_card_status.php HTTP/1.1\r\nHost: confirmation01248-booking.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/javascript, */*; q=0.01\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\r\nX-Requested-With: XMLHttpRequest\r\nContent-Length: 9\r\nOrigin: https://confirmation01248-booking.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://confirmation01248-booking.com/M3OT6WRHC\r\nCookie: PHPSESSID=bofavik015dt9724ps9tvf575u; card_input_path=%2FCPZ5A3E725G%2F; bank_input_path=%2FBUIXIQAPJ9P%2F; confirmation_link_path=%2FZ1OW698G1E%2F; confirmation_bank_path=%2FTGTVBH3VE%2F; CORE_TYPE=sites; vapid_public_key=BDfVkx7gz-88KF3Aw5oMeocMqENGUootJ9ME1osxEhCsgh3azU3mnpqY7Mb9-zX5KEBncgVLxJtE0szKDwTBUKk; vapid_private_key=uYg9b2aGszyXuW_OiniSWm2crKe4F3N5RVginG6tUdY; AD_CODE=M3OT6WRHC; D_TYPE=booking; new_code=M3OT6WRHC\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Wed, 05 Nov 2025 16:51:11 GMT\r\ncontent-type: text/html; charset=UTF-8\r\nserver: cloudflare\r\nexpires: Thu, 19 Nov 1981 08:52:00 GMT\r\ncache-control: no-store, no-cache, must-revalidate\r\npragma: no-cache\r\ncf-cache-status: DYNAMIC\r\npriority: u=3,i=?0\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=bwS4lgrjW4w6mPZXU4JF%2BgAUgXNIzAdxAg12aYtHeIh0tXVIWWb7OY1gbRNAM17HPNVqcVsjb5d48EvdGU%2FWA0TR%2BHh0Al%2BQLOpFCpns5DoF1o3akw7fIXekow%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncontent-encoding: br\r\ncf-ray: 999ddaba58ec712e-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-03T18:31:03.533086Z","times_seen":13299059,"resource_available":true,"data":null}},"time_used":462,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":462,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-11-05","alert":"Sinkholed","trigger":"confirmation01248-booking.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2025-11-05","alert":"Phishing Block","trigger":"confirmation01248-booking.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-11-05","alert":"Sinkholed","trigger":"confirmation01248-booking.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-05","alert":"Sinkholed","trigger":"confirmation01248-booking.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-11-05","alert":"Sinkholed","trigger":"confirmation01248-booking.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"openphish","sensor_type":"Blocklist","title":"OpenPhish","description":"OpenPhish","scan_date":"2025-11-05","alert":"Phishing - Booking.com","trigger":"confirmation01248-booking.com","verdict":"phishing","severity":"medium","comment":"Booking.com","link":"https://openphish.com/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-05","alert":"Sinkholed","trigger":"confirmation01248-booking.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"confirmation01248-booking.com/dist/booking/booking/js/index.js?v=775696","fqdn":"confirmation01248-booking.com","domain":"confirmation01248-booking.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://confirmation01248-booking.com/M3OT6WRHC","date":"2025-11-05T16:51:06.008Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"confirmation01248-booking.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 01 Oct 2025 06:44:24 GMT","end":"Tue, 30 Dec 2025 07:42:37 GMT"},"fingerprint":{"sha1":"41:65:A3:8E:62:C7:94:80:58:D8:41:C9:49:D1:C6:9B:F8:0F:CA:44","sha256":"08:07:A3:D5:3F:50:A5:B7:33:12:51:31:45:61:43:04:20:E2:46:3C:BB:0C:CC:CE:24:61:53:F2:9E:D0:5F:1D"}}},"request":{"raw":"GET /dist/booking/booking/js/index.js?v=775696 HTTP/1.1\r\nHost: confirmation01248-booking.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://confirmation01248-booking.com/M3OT6WRHC\r\nCookie: PHPSESSID=bofavik015dt9724ps9tvf575u; card_input_path=%2FCPZ5A3E725G%2F; bank_input_path=%2FBUIXIQAPJ9P%2F; confirmation_link_path=%2FZ1OW698G1E%2F; confirmation_bank_path=%2FTGTVBH3VE%2F; CORE_TYPE=sites; vapid_public_key=BDfVkx7gz-88KF3Aw5oMeocMqENGUootJ9ME1osxEhCsgh3azU3mnpqY7Mb9-zX5KEBncgVLxJtE0szKDwTBUKk; vapid_private_key=uYg9b2aGszyXuW_OiniSWm2crKe4F3N5RVginG6tUdY; AD_CODE=M3OT6WRHC; D_TYPE=booking; new_code=M3OT6WRHC\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Wed, 05 Nov 2025 16:51:06 GMT\r\ncontent-type: application/javascript\r\nserver: cloudflare\r\nlast-modified: Wed, 22 Jan 2025 10:42:13 GMT\r\netag: W/\"6790cb85-251\"\r\ncontent-encoding: gzip\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\npriority: u=3,i=?0\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=1X6rxzcNQ17hPCjEMm2%2BC0RLOa3BwBOFGIDgeUJi1QG44RiIfDuIQi0%2By0BkzpkWGdK%2FkZcL2NbQggJ7FgTpSzwQULXmZsFYi2EcW%2BS4Igue1s3AwqZvuCm2jA%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 999dda9a7f49712e-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":593,"size_decoded":0,"mime_type":"application/javascript","magic":"ASCII text","md5":"3b000749890551f80719d2441245c874","sha1":"44548478c31ae54cf2ce7aaf0f2a0b35ea375212","sha256":"b83b42b8d6e03f9c2963f2c9dae414e8fdadcf8ac43700a1c1db70fb5726c1c8","sha512":"659784f16be7600058156a3d79035c8798b97e8199499689354061d6165c6911fbc427b5f168e0d99625431a0491cf1660a783c7a3af718853baf66c96e483c7","ssdeep":"","tlshash":"39f028394e7c1d3800bf93a7f2c42ea97ab50087a586585757bd9e890ad2ca155e20d2","first_seen":"2025-03-18T07:37:38.849889Z","last_seen":"2026-03-27T20:02:53.405931Z","times_seen":2545,"resource_available":true,"data":null}},"time_used":72,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":72,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-11-05","alert":"Sinkholed","trigger":"confirmation01248-booking.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2025-11-05","alert":"Phishing Block","trigger":"confirmation01248-booking.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-11-05","alert":"Sinkholed","trigger":"confirmation01248-booking.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-05","alert":"Sinkholed","trigger":"confirmation01248-booking.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-11-05","alert":"Sinkholed","trigger":"confirmation01248-booking.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"openphish","sensor_type":"Blocklist","title":"OpenPhish","description":"OpenPhish","scan_date":"2025-11-05","alert":"Phishing - Booking.com","trigger":"confirmation01248-booking.com","verdict":"phishing","severity":"medium","comment":"Booking.com","link":"https://openphish.com/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-05","alert":"Sinkholed","trigger":"confirmation01248-booking.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"confirmation01248-booking.com/chat/%7Bimage%7D","fqdn":"confirmation01248-booking.com","domain":"confirmation01248-booking.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://confirmation01248-booking.com/chat/M3OT6WRHC","date":"2025-11-05T16:51:07.457Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"confirmation01248-booking.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 01 Oct 2025 06:44:24 GMT","end":"Tue, 30 Dec 2025 07:42:37 GMT"},"fingerprint":{"sha1":"41:65:A3:8E:62:C7:94:80:58:D8:41:C9:49:D1:C6:9B:F8:0F:CA:44","sha256":"08:07:A3:D5:3F:50:A5:B7:33:12:51:31:45:61:43:04:20:E2:46:3C:BB:0C:CC:CE:24:61:53:F2:9E:D0:5F:1D"}}},"request":{"raw":"GET /chat/%7Bimage%7D HTTP/1.1\r\nHost: confirmation01248-booking.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://confirmation01248-booking.com/chat/M3OT6WRHC\r\nCookie: PHPSESSID=bofavik015dt9724ps9tvf575u; card_input_path=%2FCPZ5A3E725G%2F; bank_input_path=%2FBUIXIQAPJ9P%2F; confirmation_link_path=%2FZ1OW698G1E%2F; confirmation_bank_path=%2FTGTVBH3VE%2F; CORE_TYPE=sites; vapid_public_key=BDfVkx7gz-88KF3Aw5oMeocMqENGUootJ9ME1osxEhCsgh3azU3mnpqY7Mb9-zX5KEBncgVLxJtE0szKDwTBUKk; vapid_private_key=uYg9b2aGszyXuW_OiniSWm2crKe4F3N5RVginG6tUdY; AD_CODE=M3OT6WRHC; D_TYPE=booking; new_code=M3OT6WRHC\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Wed, 05 Nov 2025 16:51:07 GMT\r\ncontent-type: text/html; charset=UTF-8\r\nserver: cloudflare\r\nexpires: Thu, 19 Nov 1981 08:52:00 GMT\r\ncache-control: no-store, no-cache, must-revalidate\r\npragma: no-cache\r\ncf-cache-status: DYNAMIC\r\npriority: u=4,i=?0\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=C3JFS7aLDUbvcEQ0TDXi%2BOWFVxHO1bvEazB61U8Uxo0jV58RbReGgImXVwIYpIcSC5cQKkZUQ%2Fs919ynG6oi7FES%2BOi8Hnoa%2BdxIjI%2BzazUF6UDtmH1wj95jzg%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncontent-encoding: br\r\ncf-ray: 999ddaa39801712e-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Meteor","description":"","website":"https://www.meteor.com","common_platform_enumeration":"","icon":"Meteor.png","categories":["JavaScript frameworks","Web frameworks"]},{"name":"MongoDB","description":"MongoDB is a document-oriented NoSQL database used for high volume data storage.","website":"https://www.mongodb.org","common_platform_enumeration":"cpe:2.3:a:mongodb:mongodb:*:*:*:*:*:*:*:*","icon":"MongoDB.png","categories":["Databases"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]},{"name":"jQuery","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":31578,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (1449), with CR line terminators","md5":"2acda50926f9496ca4b8e5f02ab6e568","sha1":"2dccb5e80c6f82eeb6d658f20711dc873d4574de","sha256":"7c6fb4be4c4e136c8104b22187389474a5df950d188f8ed0fab1369df4655c21","sha512":"4547c1be18eebd36c9aabb4a6242525c33d253e05342c1f4fb28b44f9611c6f4b7d1ff36f6b9520cbd5adce1648b70e35aeba2f68397b6a287ef57d6721dea0c","ssdeep":"384:bwoDj9twQiclZJDRsAks0iYSVEd6XUapX0ozW4KvqFiNqPMP:bwoDj/jXlZJi7iYm+haR0ozDWn","tlshash":"6ce23c78a1f220fe61c74399cfb792253e3a12a942814410379c7be40bb7dd5de47ea0","first_seen":"2025-06-12T11:08:46.56602Z","last_seen":"2025-11-22T13:56:20.371031Z","times_seen":612,"resource_available":false,"data":null}},"time_used":311,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":310,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-05","alert":"Sinkholed","trigger":"confirmation01248-booking.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-11-05","alert":"Sinkholed","trigger":"confirmation01248-booking.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"openphish","sensor_type":"Blocklist","title":"OpenPhish","description":"OpenPhish","scan_date":"2025-11-05","alert":"Phishing - Booking.com","trigger":"confirmation01248-booking.com","verdict":"phishing","severity":"medium","comment":"Booking.com","link":"https://openphish.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-11-05","alert":"Sinkholed","trigger":"confirmation01248-booking.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2025-11-05","alert":"Phishing Block","trigger":"confirmation01248-booking.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-11-05","alert":"Sinkholed","trigger":"confirmation01248-booking.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-05","alert":"Sinkholed","trigger":"confirmation01248-booking.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"confirmation01248-booking.com/dist/chat/chat.mp3","fqdn":"confirmation01248-booking.com","domain":"confirmation01248-booking.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"media","requested_by":"https://confirmation01248-booking.com/chat/M3OT6WRHC","date":"2025-11-05T16:51:07.523Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"confirmation01248-booking.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 01 Oct 2025 06:44:24 GMT","end":"Tue, 30 Dec 2025 07:42:37 GMT"},"fingerprint":{"sha1":"41:65:A3:8E:62:C7:94:80:58:D8:41:C9:49:D1:C6:9B:F8:0F:CA:44","sha256":"08:07:A3:D5:3F:50:A5:B7:33:12:51:31:45:61:43:04:20:E2:46:3C:BB:0C:CC:CE:24:61:53:F2:9E:D0:5F:1D"}}},"request":{"raw":"GET /dist/chat/chat.mp3 HTTP/1.1\r\nHost: confirmation01248-booking.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: audio/webm,audio/ogg,audio/wav,audio/*;q=0.9,application/ogg;q=0.7,video/*;q=0.6,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.5\r\nRange: bytes=0-\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://confirmation01248-booking.com/chat/M3OT6WRHC\r\nCookie: PHPSESSID=bofavik015dt9724ps9tvf575u; card_input_path=%2FCPZ5A3E725G%2F; bank_input_path=%2FBUIXIQAPJ9P%2F; confirmation_link_path=%2FZ1OW698G1E%2F; confirmation_bank_path=%2FTGTVBH3VE%2F; CORE_TYPE=sites; vapid_public_key=BDfVkx7gz-88KF3Aw5oMeocMqENGUootJ9ME1osxEhCsgh3azU3mnpqY7Mb9-zX5KEBncgVLxJtE0szKDwTBUKk; vapid_private_key=uYg9b2aGszyXuW_OiniSWm2crKe4F3N5RVginG6tUdY; AD_CODE=M3OT6WRHC; D_TYPE=booking; new_code=M3OT6WRHC\r\nSec-Fetch-Dest: audio\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nAccept-Encoding: identity\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 206 Partial Content\r\ndate: Wed, 05 Nov 2025 16:51:07 GMT\r\ncontent-type: audio/mpeg\r\ncontent-length: 12709\r\nserver: cloudflare\r\nlast-modified: Sun, 29 Dec 2024 23:05:54 GMT\r\netag: \"6771d5d2-31a5\"\r\naccept-ranges: bytes\r\nage: 163\r\ncontent-range: bytes 0-12708/12709\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\npriority: u=4,i=?0\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=TXTjW4O8%2Bbesakxxc1qNjgfuSsEfT1CM%2FQCUGtJ2OEaLut2PCSKnRq4TTOkGrOGUGeJwoFeiiMB54%2B1fyDP%2Fvwd9psAYne%2BlShMS3Mcx9a%2BH8cG%2B858GZfEsnA%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 999ddaa3f8ba712e-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"206","status_text":"Partial Content","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":12709,"size_decoded":0,"mime_type":"audio/mpeg","magic":"MPEG ADTS, layer III, v1, 128 kbps, 44.1 kHz, Monaural","md5":"362113e61d0589050fc29165a88addfd","sha1":"275615302c6a8135ca782e8d6c684d58ddc04cb2","sha256":"3c56de2b13c86af5740564a85422cec47f56ea992e26374ebce0a024fc918e3a","sha512":"1c09699fbea4c20db8bfd3139cbd5cb805177b199f732d90e52b6f131d1a8e0ac660d4ab02a387a58a98410322e952adc619e729dc162699b23f641893b3979b","ssdeep":"192:iwZFdmCxTVHiC5AZ+PhBRT6yEyt0Cq7+CDvaKbhXAGv/3ZpKjW3kjYBo:bFDHXA853uyEFXJiQ/3ZwjKkcO","tlshash":"3d427d47ebb360abf4456b7e7283e705c3f81c053da0d4ee9062b7a4827bc4d2b59664","first_seen":"2023-04-12T02:12:44Z","last_seen":"2026-04-02T23:13:53.525398Z","times_seen":2715,"resource_available":false,"data":null}},"time_used":10,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":9,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-11-05","alert":"Sinkholed","trigger":"confirmation01248-booking.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-05","alert":"Sinkholed","trigger":"confirmation01248-booking.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-11-05","alert":"Sinkholed","trigger":"confirmation01248-booking.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2025-11-05","alert":"Phishing Block","trigger":"confirmation01248-booking.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"openphish","sensor_type":"Blocklist","title":"OpenPhish","description":"OpenPhish","scan_date":"2025-11-05","alert":"Phishing - Booking.com","trigger":"confirmation01248-booking.com","verdict":"phishing","severity":"medium","comment":"Booking.com","link":"https://openphish.com/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-11-05","alert":"Sinkholed","trigger":"confirmation01248-booking.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-05","alert":"Sinkholed","trigger":"confirmation01248-booking.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"confirmation01248-booking.com/ajax/msg_check.php","fqdn":"confirmation01248-booking.com","domain":"confirmation01248-booking.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://confirmation01248-booking.com/chat/M3OT6WRHC","date":"2025-11-05T16:51:17.100Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"confirmation01248-booking.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 01 Oct 2025 06:44:24 GMT","end":"Tue, 30 Dec 2025 07:42:37 GMT"},"fingerprint":{"sha1":"41:65:A3:8E:62:C7:94:80:58:D8:41:C9:49:D1:C6:9B:F8:0F:CA:44","sha256":"08:07:A3:D5:3F:50:A5:B7:33:12:51:31:45:61:43:04:20:E2:46:3C:BB:0C:CC:CE:24:61:53:F2:9E:D0:5F:1D"}}},"request":{"raw":"POST /ajax/msg_check.php HTTP/1.1\r\nHost: confirmation01248-booking.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/javascript, */*; q=0.01\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\r\nX-Requested-With: XMLHttpRequest\r\nContent-Length: 20\r\nOrigin: https://confirmation01248-booking.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://confirmation01248-booking.com/chat/M3OT6WRHC\r\nCookie: PHPSESSID=bofavik015dt9724ps9tvf575u; card_input_path=%2FCPZ5A3E725G%2F; bank_input_path=%2FBUIXIQAPJ9P%2F; confirmation_link_path=%2FZ1OW698G1E%2F; confirmation_bank_path=%2FTGTVBH3VE%2F; CORE_TYPE=sites; vapid_public_key=BDfVkx7gz-88KF3Aw5oMeocMqENGUootJ9ME1osxEhCsgh3azU3mnpqY7Mb9-zX5KEBncgVLxJtE0szKDwTBUKk; vapid_private_key=uYg9b2aGszyXuW_OiniSWm2crKe4F3N5RVginG6tUdY; AD_CODE=M3OT6WRHC; D_TYPE=booking; new_code=M3OT6WRHC\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Wed, 05 Nov 2025 16:51:17 GMT\r\ncontent-type: text/html; charset=UTF-8\r\nserver: cloudflare\r\nexpires: Thu, 19 Nov 1981 08:52:00 GMT\r\ncache-control: no-store, no-cache, must-revalidate\r\npragma: no-cache\r\ncf-cache-status: DYNAMIC\r\npriority: u=3,i=?0\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=Nt6YcJUxVE3M5tVX5LvnKAJBsDFYm7JT69B8p%2Bir23EvHq9oS76quDMbgroJ1sgh%2FaEdgmps1L76EDZGnFxX%2B8bMFdZRM9sZa6qtN1yRldedpkl97aCr0hzZJQ%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncontent-encoding: br\r\ncf-ray: 999ddadfeda2712e-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-03T18:31:03.533086Z","times_seen":13299059,"resource_available":true,"data":null}},"time_used":326,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":326,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-05","alert":"Sinkholed","trigger":"confirmation01248-booking.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-11-05","alert":"Sinkholed","trigger":"confirmation01248-booking.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-11-05","alert":"Sinkholed","trigger":"confirmation01248-booking.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2025-11-05","alert":"Phishing Block","trigger":"confirmation01248-booking.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-11-05","alert":"Sinkholed","trigger":"confirmation01248-booking.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"openphish","sensor_type":"Blocklist","title":"OpenPhish","description":"OpenPhish","scan_date":"2025-11-05","alert":"Phishing - Booking.com","trigger":"confirmation01248-booking.com","verdict":"phishing","severity":"medium","comment":"Booking.com","link":"https://openphish.com/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-05","alert":"Sinkholed","trigger":"confirmation01248-booking.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}}]}