baooking.com - urlscan.io

Summary

This website contacted 3 IPs in 3 countries across 3 domains to perform 4 HTTP transactions. The main IP is 46.166.189.98, located in Netherlands and belongs to NFORCE, NL. The main domain is baooking.com.

This is the only time baooking.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1	46.166.189.98 46.166.189.98	43350 (NFORCE) (NFORCE)
1	87.98.255.87 87.98.255.87	16276 (OVH) (OVH)
2	178.254.50.105 178.254.50.105	42730 (EVANZOAS) (EVANZOAS)
4	3

1 46.166.189.98 (Netherlands)

ASN43350 (NFORCE, NL)
PTR: urlforward.topdns.com

baooking.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 87.98.255.87 (France)

ASN16276 (OVH, FR)
PTR: cluster014.ovh.net

creafy.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 178.254.50.105 (Germany)

ASN42730 (EVANZOAS, DE)
PTR: server105.greatnet.de

tracking.hotelglueck.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
2	hotelglueck.de tracking.hotelglueck.de	10 KB
1	creafy.com creafy.com	1 KB
1	baooking.com baooking.com	579 B
4	3

	Domain	Requested by
2	tracking.hotelglueck.de	creafy.com
1	creafy.com	baooking.com
1	baooking.com
4	3

This site contains no links.

Subject Issuer	Validity	Valid

This page contains 2 frames:

Primary Page: http://baooking.com/
Frame ID: 976182CAFC73786716F236FD191047B0
Requests: 1 HTTP requests in this frame

Frame: http://creafy.com/goto.php
Frame ID: 23A9EA70AC4D5B7E641A51DA78EC2D0B
Requests: 3 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

Matomo Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

piwik\.js|piwik\.php

Page Statistics

4
Requests

0 %
HTTPS

0 %
IPv6

3
Domains

3
Subdomains

3
IPs

3
Countries

11 kB
Transfer

24 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

4 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request / Show response baooking.com/	559 B 579 B	281ms 30ms	Document text/html	46.166.189.98 NFORCE
General Check archive.org Show headers Download Go to Full URL http://baooking.com/ Protocol HTTP/1.1 Server 46.166.189.98 , Netherlands, ASN43350 (NFORCE, NL), Reverse DNS urlforward.topdns.com Software nginx / PHP/5.6.33 Resource Hash `f6f79b846b6789c60d0994233ae0e8d55158bcbbac202e9e272b4720197934ee` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36 accept-language nl-NL,nl;q=0.9 Response headers Connection keep-alive Content-Encoding gzip Content-Type text/html; charset=utf-8 Date Thu, 02 Mar 2023 20:22:00 GMT Server nginx Transfer-Encoding chunked Vary Accept-Encoding X-Powered-By PHP/5.6.33
GET H/1.1	200 OK	goto.php Show response creafy.com/ Frame 23A9	1 KB 1 KB	186ms 64ms	Document text/html	87.98.255.87 OVH
General Check archive.org Show headers Download Go to Full URL http://creafy.com/goto.php Requested by Host: baooking.com URL: http://baooking.com/ Protocol HTTP/1.1 Server 87.98.255.87 , France, ASN16276 (OVH, FR), Reverse DNS cluster014.ovh.net Software Apache / PHP/5.6 Resource Hash `39c77ecda16cf69c8bea95b75a20a5eb4caaecaee35ec763929d31bf58fcfb5a` Request headers Referer http://baooking.com/ Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36 accept-language nl-NL,nl;q=0.9 Response headers content-encoding gzip content-length 737 content-type text/html; charset=UTF-8 date Thu, 02 Mar 2023 19:12:43 GMT server Apache vary Accept-Encoding x-iplb-instance 29652 x-iplb-request-id 1FCC9675:BB24_5762FF57:0050_6400F52B_62A5:D615 x-powered-by PHP/5.6
GET H/1.1	200 OK	piwik.js Show response tracking.hotelglueck.de/ Frame 23A9	22 KB 9 KB	88ms 35ms	Script application/javascript	178.254.50.105 EVANZOAS
General Check archive.org Show headers Download Go to Full URL http://tracking.hotelglueck.de/piwik.js Requested by Host: creafy.com URL: http://creafy.com/goto.php Protocol HTTP/1.1 Server 178.254.50.105 , Germany, ASN42730 (EVANZOAS, DE), Reverse DNS server105.greatnet.de Software Apache/2.4.25 (Debian) / Resource Hash `4e1138c8ff42b384787777659f6a6317f2b7dcf4cff5557d7d3a90e8b2300d5b` Request headers accept-language nl-NL,nl;q=0.9 Referer http://creafy.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36 Response headers Date Thu, 02 Mar 2023 19:12:43 GMT Content-Encoding gzip Last-Modified Wed, 25 Sep 2013 02:15:39 GMT Server Apache/2.4.25 (Debian) Vary Accept-Encoding Content-Type application/javascript Cache-Control max-age=2592000 Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 8972 Expires Sat, 01 Apr 2023 19:12:43 GMT
GET H/1.1	200 OK	piwik.php tracking.hotelglueck.de/ Frame 23A9	43 B 371 B	95ms 95ms	Image text/html	178.254.50.105 EVANZOAS
General Check archive.org Show headers Download Go to Show image Full URL http://tracking.hotelglueck.de/piwik.php?action_name=&idsite=82&rec=1&r=202794&h=19&m=12&s=43&url=http%3A%2F%2Fcreafy.com%2Fgoto.php&urlref=http%3A%2F%2Fbaooking.com%2F&_id=5f9e0a057af5f2cc&_idts=1677784363&_idvc=1&_idn=1&_refts=1677784363&_viewts=1677784363&_ref=http%3A%2F%2Fbaooking.com%2F&pdf=1&qt=0&realp=0&wma=0&dir=0&fla=0&java=0&gears=0&ag=0&cookie=1&res=1600x1200&gt_ms=64 Requested by Host: creafy.com URL: http://creafy.com/goto.php Protocol HTTP/1.1 Server 178.254.50.105 , Germany, ASN42730 (EVANZOAS, DE), Reverse DNS server105.greatnet.de Software Apache/2.4.25 (Debian) / Resource Hash `548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87` Request headers accept-language nl-NL,nl;q=0.9 Referer http://creafy.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36 Response headers Date Thu, 02 Mar 2023 19:12:43 GMT Content-Encoding gzip Server Apache/2.4.25 (Debian) Vary Accept-Encoding Content-Type text/html; charset=utf-8 Cache-Control max-age=345600 Connection Keep-Alive Keep-Alive timeout=5, max=99 Content-Length 50 Expires Mon, 06 Mar 2023 19:12:43 GMT

Verdicts & Comments Add Verdict or Comment

2 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 boolean| credentialless

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
javascript	error	URL: http://creafy.com/goto.php(Line 11) Message: Unsafe attempt to initiate navigation for frame with URL 'http://baooking.com/' from frame with URL 'http://creafy.com/goto.php'. The frame attempting navigation is targeting its top-level window, but is neither same-origin with its target nor has it received a user gesture. See https://www.chromestatus.com/feature/5851021045661696.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

baooking.com
creafy.com
tracking.hotelglueck.de
178.254.50.105
46.166.189.98
87.98.255.87
39c77ecda16cf69c8bea95b75a20a5eb4caaecaee35ec763929d31bf58fcfb5a
4e1138c8ff42b384787777659f6a6317f2b7dcf4cff5557d7d3a90e8b2300d5b
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
f6f79b846b6789c60d0994233ae0e8d55158bcbbac202e9e272b4720197934ee

baooking.com Open in urlscan Pro 46.166.189.98 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

4 Requests

0 %HTTPS

0 %IPv6

3 Domains

3 Subdomains

3 IPs

3 Countries

11 kBTransfer

24 kBSize

0 Cookies

0 Outgoing links

Redirected requests

4 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

2 JavaScript Global Variables

0 Cookies

1 Console Messages

Indicators

baooking.com Open in urlscan Pro
46.166.189.98 Public Scan

Screenshot
Live screenshot

Full Image

4
Requests

0 %
HTTPS

0 %
IPv6

3
Domains

3
Subdomains

3
IPs

3
Countries

11 kB
Transfer

24 kB
Size

0
Cookies

4 HTTP transactions
0 data transactions