urlscan.io logo urlscan.io
SecurityTrails logo

bookingstart-acctest.nltg.com Open in urlscan Pro
2620:1ec:48:1::60  Public Scan

Go To Rescan Add Verdict Report
URL: https://bookingstart-acctest.nltg.com/
Submission: On May 31 via automatic, source certstream-suspicious — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 2 IPs in 1 countries across 2 domains to perform 6 HTTP transactions. The main IP is 2620:1ec:48:1::60, located in United States and belongs to MICROSOFT-CORP-MSN-AS-BLOCK, US. The main domain is bookingstart-acctest.nltg.com.
TLS certificate: Issued by GeoTrust Global TLS RSA4096 SHA256 20... on May 31st 2023. Valid for: 6 months.
This is the only time bookingstart-acctest.nltg.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
4 2620:1ec:48:1... 8075 (MICROSOFT...)
2 2a04:4e42:400... 54113 (FASTLY)
6 2
Apex Domain
Subdomains		 Transfer
4 nltg.com
bookingstart-acctest.nltg.com
79 KB
2 ving.se
img.ving.se
37 KB
6 2
Domain Requested by
4 bookingstart-acctest.nltg.com bookingstart-acctest.nltg.com
2 img.ving.se bookingstart-acctest.nltg.com
6 2

This site contains no links.

Subject Issuer Validity Valid
bookingstart-acctest.nltg.com
GeoTrust Global TLS RSA4096 SHA256 2022 CA1		 2023-05-31 -
2023-11-30		 6 months crt.sh
img.ving.se
GlobalSign Atlas R3 DV TLS CA 2023 Q1		 2023-04-09 -
2024-05-10		 a year crt.sh

This page contains 1 frames:

Primary Page: https://bookingstart-acctest.nltg.com/
Frame ID: B36D90C3FACCD3C6847A626691B34AF5
Requests: 6 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Bookingstart

Page Statistics

6
Requests

100 %
HTTPS

100 %
IPv6

2
Domains

2
Subdomains

2
IPs

1
Countries

116 kB
Transfer

236 kB
Size

6
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

6 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
bookingstart-acctest.nltg.com/ 		5 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://bookingstart-acctest.nltg.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2620:1ec:48:1::60 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
c1f14d6880a4149a8bc542cf6382d30b68d11a9d7d26d18dd294c7c8a6a11165
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

access-control-allow-origin
*
content-encoding
gzip
content-type
text/html; charset=utf-8
date
Wed, 31 May 2023 12:57:05 GMT
etag
W/"1266-+NGnpTVQS8xpb8aZm4HF48UBXFI:dtagent10265230425083909ngBb"
server-timing
dtSInfo;desc="0", dtRpid;desc="-2143775520"
vary
Accept-Encoding
x-azure-ref
0IUR3ZAAAAADdLiPFXtJMRZZHuuzXGLArRlJBMjMxMDUwNDE5MDA5ADg1YjdmMjQ0LTMzMTctNDRiNS05OTUwLTMwZDE3NDk3NjgyMA==
x-cache
CONFIG_NOCACHE
x-content-type-options
nosniff
x-frame-options
DENY
x-oneagent-js-injection
true
x-ruxit-js-agent
true
x-xss-protection
1; mode=block
ruxitagentjs_ICA2NVfqru_10265230425083909.js
bookingstart-acctest.nltg.com/ 		194 KB
76 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://bookingstart-acctest.nltg.com/ruxitagentjs_ICA2NVfqru_10265230425083909.js
Requested by
Host: bookingstart-acctest.nltg.com
URL: https://bookingstart-acctest.nltg.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2620:1ec:48:1::60 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
ffbb9d4abb1a7868d92020c599165724a06b2c18d66277f0d9288c1cce9de1cd

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://bookingstart-acctest.nltg.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date
Wed, 31 May 2023 12:57:05 GMT
content-encoding
gzip
last-modified
Wed, 03 Mar 2010 07:01:40 GMT
x-azure-ref
0IUR3ZAAAAACN9CNRaLXPTKErapypPsV5RlJBMjMxMDUwNDE5MDA5ADg1YjdmMjQ0LTMzMTctNDRiNS05OTUwLTMwZDE3NDk3NjgyMA==
x-cache
CONFIG_NOCACHE
content-type
text/javascript; charset=utf-8
cache-control
public, max-age=31536000, immutable
accept-ranges
bytes
content-length
77337
expires
Thu, 30 May 2024 12:57:05 GMT
thomasheadlinebold-webfont.woff
img.ving.se/raw/upload/fonts/ 		21 KB
21 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://img.ving.se/raw/upload/fonts/thomasheadlinebold-webfont.woff
Requested by
Host: bookingstart-acctest.nltg.com
URL: https://bookingstart-acctest.nltg.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a04:4e42:400::604 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
Cloudinary /
Resource Hash
1dcab336da7075d363a98b55ecc00a692f2212bff3078b014661c9f69517b6a3
Security Headers
Name Value
Strict-Transport-Security max-age=604800

Request headers

Referer
https://bookingstart-acctest.nltg.com/
Origin
https://bookingstart-acctest.nltg.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date
Wed, 31 May 2023 12:57:05 GMT
strict-transport-security
max-age=604800
last-modified
Mon, 20 Sep 2021 06:48:16 GMT
server
Cloudinary
etag
"f5898ec51462794d995d281d425b068a"
content-type
application/octet-stream
access-control-allow-origin
*
access-control-expose-headers
Content-Length,Content-Disposition,ETag,Server-Timing
cache-control
public, no-transform, immutable, max-age=31557600
content-disposition
attachment; filename="ht7cutsmr0gsrv7lldo9.woff"
server-timing
cld-fastly;mitm=p;dur=2;cpu=1;start=2023-05-31T12:57:05.585Z;desc=hit,rtt;dur=7
accept-ranges
bytes
timing-allow-origin
*
content-length
21416
source-sans-pro-v11-latin-regular.woff2
img.ving.se/raw/upload/fonts/ 		16 KB
16 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://img.ving.se/raw/upload/fonts/source-sans-pro-v11-latin-regular.woff2
Requested by
Host: bookingstart-acctest.nltg.com
URL: https://bookingstart-acctest.nltg.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a04:4e42:400::604 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
Cloudinary /
Resource Hash
cb992eae898417162c48b37712991d9ad8053c4a64fce51aff195edc69dc35f2
Security Headers
Name Value
Strict-Transport-Security max-age=604800

Request headers

Referer
https://bookingstart-acctest.nltg.com/
Origin
https://bookingstart-acctest.nltg.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date
Wed, 31 May 2023 12:57:05 GMT
strict-transport-security
max-age=604800
last-modified
Mon, 20 Sep 2021 06:47:17 GMT
server
Cloudinary
etag
"76d8cbb0496cb184eff868152b67ad45"
content-type
application/octet-stream
access-control-allow-origin
*
access-control-expose-headers
Content-Length,Content-Disposition,ETag,Server-Timing
cache-control
public, no-transform, immutable, max-age=31557600
content-disposition
attachment; filename="lmvkw36dffwvaelveun3.woff2"
server-timing
cld-fastly;mitm=p;dur=1;start=2023-05-31T12:57:05.585Z;desc=hit,rtt;dur=7
accept-ranges
bytes
timing-allow-origin
*
content-length
15908
rb_a0073d70-465b-4810-838c-a795440d703a
bookingstart-acctest.nltg.com/ 		117 B
285 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://bookingstart-acctest.nltg.com/rb_a0073d70-465b-4810-838c-a795440d703a?type=js3&sn=v_4_srv_11_sn_BF28FDD6D23F193088CF1779995FE8EF_perc_100000_ol_0_mul_1_app-3Aea7c4b59f27d43eb_1&svrid=11&flavor=post&vi=VMAMJIPPUNGMIFTNFUTCGUPMGDUJKCQV-0&modifiedSince=1684913181130&rf=https%3A%2F%2Fbookingstart-acctest.nltg.com%2F&bp=3&app=ea7c4b59f27d43eb&crc=2979409242&en=6zvdpjso&end=1
Requested by
Host: bookingstart-acctest.nltg.com
URL: https://bookingstart-acctest.nltg.com/ruxitagentjs_ICA2NVfqru_10265230425083909.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2620:1ec:48:1::60 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
5cab8146aa4608b79f9aa82edcdefe5f84d24eab8b8501d047a739ee266058c8

Request headers

Referer
https://bookingstart-acctest.nltg.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

date
Wed, 31 May 2023 12:57:06 GMT
accept-ranges
bytes
content-length
117
x-azure-ref
0IkR3ZAAAAACw2qyobk7oRp47qtIDZn92RlJBMjMxMDUwNDE5MDA5ADg1YjdmMjQ0LTMzMTctNDRiNS05OTUwLTMwZDE3NDk3NjgyMA==
x-cache
CONFIG_NOCACHE
content-type
text/plain; charset=utf-8
rb_a0073d70-465b-4810-838c-a795440d703a
bookingstart-acctest.nltg.com/ 		117 B
264 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://bookingstart-acctest.nltg.com/rb_a0073d70-465b-4810-838c-a795440d703a?type=js3&sn=v_4_srv_11_sn_BF28FDD6D23F193088CF1779995FE8EF_perc_100000_ol_0_mul_1_app-3Aea7c4b59f27d43eb_1&svrid=11&flavor=post&vi=VMAMJIPPUNGMIFTNFUTCGUPMGDUJKCQV-0&modifiedSince=1684913181130&rf=https%3A%2F%2Fbookingstart-acctest.nltg.com%2F&bp=3&app=ea7c4b59f27d43eb&crc=815853150&en=6zvdpjso&end=1
Requested by
Host: bookingstart-acctest.nltg.com
URL: https://bookingstart-acctest.nltg.com/ruxitagentjs_ICA2NVfqru_10265230425083909.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2620:1ec:48:1::60 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
5cab8146aa4608b79f9aa82edcdefe5f84d24eab8b8501d047a739ee266058c8

Request headers

Referer
https://bookingstart-acctest.nltg.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

date
Wed, 31 May 2023 12:57:08 GMT
accept-ranges
bytes
content-length
117
x-azure-ref
0JER3ZAAAAACeRyN51dZySJL1Xg0q4aCfRlJBMjMxMDUwNDE5MDA5ADg1YjdmMjQ0LTMzMTctNDRiNS05OTUwLTMwZDE3NDk3NjgyMA==
x-cache
CONFIG_NOCACHE
content-type
text/plain; charset=utf-8

Verdicts & Comments Add Verdict or Comment

4 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

boolean| credentialless object| dT_ object| dtrum object| dynatrace

6 Cookies

Domain/Path Name / Value
.nltg.com/ Name: dtCookie
Value: v_4_srv_11_sn_BF28FDD6D23F193088CF1779995FE8EF_perc_100000_ol_0_mul_1_app-3Aea7c4b59f27d43eb_1
.nltg.com/ Name: rxVisitor
Value: 1685537825509VH3IB6CR8I0Q60ON14JACF75MFUGRPTG
.nltg.com/ Name: dtLatC
Value: 31
.nltg.com/ Name: dtSa
Value: -
.nltg.com/ Name: rxvt
Value: 1685539625602|1685537825510
.nltg.com/ Name: dtPC
Value: 11$137825507_8h-vVMAMJIPPUNGMIFTNFUTCGUPMGDUJKCQV-0e0

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block