urlscan.io logo urlscan.io
SecurityTrails logo

stage.base7booking.com Open in urlscan Pro
194.153.186.210  Public Scan

Go To Rescan Add Verdict Report
URL: https://stage.base7booking.com/
Submission: On April 29 via automatic, source certstream-suspicious
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 3 IPs in 1 countries across 3 domains to perform 8 HTTP transactions. The main IP is 194.153.186.210, located in Germany and belongs to TRIVAGO-, DE. The main domain is stage.base7booking.com.
TLS certificate: Issued by Let's Encrypt Authority X3 on March 18th 2020. Valid for: 3 months.
This is the only time stage.base7booking.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
5 194.153.186.210 198018 (TRIVAGO-)
2 151.101.112.176 54113 (FASTLY)
1 2a00:1450:400... 15169 (GOOGLE)
8 3
Domain Requested by
5 stage.base7booking.com stage.base7booking.com
2 js.stripe.com stage.base7booking.com
js.stripe.com
1 fonts.googleapis.com stage.base7booking.com
8 3

This site contains no links.

Subject Issuer Validity Valid
*.base7booking.com
Let's Encrypt Authority X3		 2020-03-18 -
2020-06-16		 3 months crt.sh
a.stripecdn.com
DigiCert SHA2 Extended Validation Server CA		 2020-02-12 -
2020-06-03		 4 months crt.sh
upload.video.google.com
GTS CA 1O1		 2020-04-07 -
2020-06-30		 3 months crt.sh

This page contains 2 frames:

Primary Page: https://stage.base7booking.com/
Frame ID: C1C50437C553957CAE2991CE34687161
Requests: 7 HTTP requests in this frame

Frame: https://js.stripe.com/v3/m-outer-a0f6c1465b8d9aab778cf2913d1d3c86.html
Frame ID: 2437C8C7C525687A79CCC88C8C7AA15D
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Detected technologies

Overall confidence: 100%
Detected patterns
  • headers server /nginx(?:\/([\d.]+))?/i

Page Statistics

8
Requests

100 %
HTTPS

33 %
IPv6

3
Domains

3
Subdomains

3
IPs

1
Countries

305 kB
Transfer

992 kB
Size

2
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

8 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
stage.base7booking.com/ 		2 KB
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://stage.base7booking.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server
194.153.186.210 , Germany, ASN198018 (TRIVAGO-, DE),
Reverse DNS
Software
nginx/1.10.3 /
Resource Hash
eec7d72abb85779a71960a083a9af2f3758dd69e9c5f75435bdda8c0aba572f2
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Host
stage.base7booking.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
none
Sec-Fetch-Mode
navigate
Sec-Fetch-User
?1
Sec-Fetch-Dest
document
Accept-Encoding
gzip, deflate, br
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Server
nginx/1.10.3
Date
Wed, 29 Apr 2020 16:54:11 GMT
Content-Type
text/html
Transfer-Encoding
chunked
Connection
keep-alive
Last-Modified
Wed, 22 Apr 2020 08:17:16 GMT
ETag
W/"5e9ffd8c-662"
Strict-Transport-Security
max-age=31536000
Cache-Control
public, must-revalidate
Content-Encoding
gzip
manifest.js
stage.base7booking.com/build/ 		1 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://stage.base7booking.com/build/manifest.js
Requested by
Host: stage.base7booking.com
URL: https://stage.base7booking.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server
194.153.186.210 , Germany, ASN198018 (TRIVAGO-, DE),
Reverse DNS
Software
nginx/1.10.3 /
Resource Hash
2a6a893d9a41f7381ab7153ff57af6475c1fc42afacc561aa7d50bd0ccfb4967
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Referer
https://stage.base7booking.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Wed, 29 Apr 2020 16:54:11 GMT
Content-Encoding
gzip
Last-Modified
Wed, 22 Apr 2020 08:17:16 GMT
Server
nginx/1.10.3
ETag
W/"5e9ffd8c-56e"
Strict-Transport-Security
max-age=31536000
Content-Type
application/javascript
Cache-Control
public, must-revalidate
Transfer-Encoding
chunked
Connection
keep-alive
common.js
stage.base7booking.com/build/ 		468 KB
164 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://stage.base7booking.com/build/common.js
Requested by
Host: stage.base7booking.com
URL: https://stage.base7booking.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server
194.153.186.210 , Germany, ASN198018 (TRIVAGO-, DE),
Reverse DNS
Software
nginx/1.10.3 /
Resource Hash
3a6f3fb6f38658d248348f7f37d38cef9c3f8fd3cf7323b408fd8190b9231e17
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Referer
https://stage.base7booking.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Wed, 29 Apr 2020 16:54:11 GMT
Content-Encoding
gzip
Last-Modified
Wed, 22 Apr 2020 08:17:16 GMT
Server
nginx/1.10.3
ETag
W/"5e9ffd8c-75122"
Strict-Transport-Security
max-age=31536000
Content-Type
application/javascript
Cache-Control
public, must-revalidate
Transfer-Encoding
chunked
Connection
keep-alive
main.js
stage.base7booking.com/build/ 		335 KB
92 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://stage.base7booking.com/build/main.js
Requested by
Host: stage.base7booking.com
URL: https://stage.base7booking.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server
194.153.186.210 , Germany, ASN198018 (TRIVAGO-, DE),
Reverse DNS
Software
nginx/1.10.3 /
Resource Hash
af54265a30ab2c41f5a609cb3e08fd2a6f6698d69da4df37164ad00aecad4a63
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Referer
https://stage.base7booking.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Wed, 29 Apr 2020 16:54:11 GMT
Content-Encoding
gzip
Last-Modified
Wed, 22 Apr 2020 08:17:16 GMT
Server
nginx/1.10.3
ETag
W/"5e9ffd8c-53dbd"
Strict-Transport-Security
max-age=31536000
Content-Type
application/javascript
Cache-Control
public, must-revalidate
Transfer-Encoding
chunked
Connection
keep-alive
datatrans-inline-1.0.0-production.js
stage.base7booking.com/js/ 		10 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://stage.base7booking.com/js/datatrans-inline-1.0.0-production.js
Requested by
Host: stage.base7booking.com
URL: https://stage.base7booking.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server
194.153.186.210 , Germany, ASN198018 (TRIVAGO-, DE),
Reverse DNS
Software
nginx/1.10.3 /
Resource Hash
dfc8b4c9aff73d76fec23b1fc1ddf510461acf47305084202b5948ad408bfb1c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Referer
https://stage.base7booking.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Wed, 29 Apr 2020 16:54:11 GMT
Content-Encoding
gzip
Last-Modified
Wed, 22 Apr 2020 08:15:44 GMT
Server
nginx/1.10.3
ETag
W/"5e9ffd30-28ce"
Strict-Transport-Security
max-age=31536000
Content-Type
application/javascript
Cache-Control
public, must-revalidate
Transfer-Encoding
chunked
Connection
keep-alive
/
js.stripe.com/v3/ 		165 KB
43 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.stripe.com/v3/
Requested by
Host: stage.base7booking.com
URL: https://stage.base7booking.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.112.176 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
7751ca081f1e140e47606648da29ee59e958c39e26c0038014c7261dede121c1
Security Headers
Name Value
Content-Security-Policy default-src 'self'; connect-src 'self' https://api.stripe.com https://errors.stripe.com; script-src 'self'; style-src 'self' 'unsafe-inline'; frame-src 'self'; img-src 'self' https://q.stripe.com; font-src data: https:; media-src 'none'; object-src 'self';
Strict-Transport-Security max-age=31556926; includeSubDomains; preload

Request headers

Referer
https://stage.base7booking.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Wed, 29 Apr 2020 16:54:11 GMT
content-encoding
gzip
vary
Accept-Encoding
age
43
x-cache
HIT
status
200
content-length
43438
x-amz-id-2
HVunQYHFVTFSKmICPxOh6t+pFZdQjXjCc0xGIlpDfecmb0IS505NxzUBPPv5gQt4d/bD5bHPbgU=
x-served-by
cache-hhn4065-HHN
timing-allow-origin
*
last-modified
Tue, 28 Apr 2020 19:52:18 GMT
server
AmazonS3
x-timer
S1588179251.247992,VS0,VE0
etag
"389f8330ece43d21a3ef9f53a51b5194"
strict-transport-security
max-age=31556926; includeSubDomains; preload
x-amz-request-id
9B6A2A6A0793357E
via
1.1 varnish
cache-control
public, max-age=300
content-security-policy
default-src 'self'; connect-src 'self' https://api.stripe.com https://errors.stripe.com; script-src 'self'; style-src 'self' 'unsafe-inline'; frame-src 'self'; img-src 'self' https://q.stripe.com; font-src data: https:; media-src 'none'; object-src 'self';
accept-ranges
bytes
content-type
application/javascript; charset=utf-8
x-cache-hits
87
css
fonts.googleapis.com/ 		10 KB
896 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Open+Sans:400,600,700,300
Requested by
Host: stage.base7booking.com
URL: https://stage.base7booking.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:821::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
5c06b6329970d1560039f39c4935a041d96fcf0f877b47951d8ece559a1b4dc6
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://stage.base7booking.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
status
200
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
x-xss-protection
0
last-modified
Wed, 29 Apr 2020 16:54:11 GMT
server
ESF
date
Wed, 29 Apr 2020 16:54:11 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Wed, 29 Apr 2020 16:54:11 GMT
m-outer-a0f6c1465b8d9aab778cf2913d1d3c86.html
js.stripe.com/v3/ Frame 2437 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://js.stripe.com/v3/m-outer-a0f6c1465b8d9aab778cf2913d1d3c86.html
Requested by
Host: js.stripe.com
URL: https://js.stripe.com/v3/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.112.176 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
Security Headers
Name Value
Content-Security-Policy default-src 'self'; connect-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline'; frame-src https://m.stripe.network; img-src https://q.stripe.com; font-src 'none'; media-src 'none'; object-src 'none';
Strict-Transport-Security max-age=31556926; includeSubDomains; preload

Request headers

:method
GET
:authority
js.stripe.com
:scheme
https
:path
/v3/m-outer-a0f6c1465b8d9aab778cf2913d1d3c86.html
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://stage.base7booking.com/
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
https://stage.base7booking.com/

Response headers

status
200
x-amz-id-2
LLoLeGRW9ZBxDOqfcuz7BisS0rCanZTsRcvvbpedz4CQrGPlyp/SagT62Wn7Uvm4F9+7lUe/H5c=
x-amz-request-id
51F7A76717CB2658
last-modified
Fri, 28 Feb 2020 23:42:06 GMT
etag
"a0f6c1465b8d9aab778cf2913d1d3c86"
cache-control
public, max-age=300
content-type
text/html; charset=utf-8
server
AmazonS3
content-encoding
gzip
accept-ranges
bytes
date
Wed, 29 Apr 2020 16:54:11 GMT
via
1.1 varnish
age
108
x-served-by
cache-hhn4065-HHN
x-cache
HIT
x-cache-hits
214
x-timer
S1588179251.468550,VS0,VE0
vary
Accept-Encoding
strict-transport-security
max-age=31556926; includeSubDomains; preload
timing-allow-origin
*
content-security-policy
default-src 'self'; connect-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline'; frame-src https://m.stripe.network; img-src https://q.stripe.com; font-src 'none'; media-src 'none'; object-src 'none';
content-length
203

Verdicts & Comments Add Verdict or Comment

12 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onformdata object| onpointerrawupdate function| webpackJsonp object| __core-js_shared__ function| setImmediate function| clearImmediate function| P object| dataLayer object| Inline object| datatransPaymentConfig function| emit function| Stripe

2 Cookies

Domain/Path Name / Value
.stage.base7booking.com/ Name: __stripe_sid
Value: d64f85b6-2cb3-4cc7-8b7f-74ee6e924947
.stage.base7booking.com/ Name: __stripe_mid
Value: b3d53f49-c7ce-494a-8d02-79fb6fb73faa

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=31536000