urlscan.io logo urlscan.io
SecurityTrails logo

sgbooking.ddns.net Open in urlscan Pro
93.176.166.220  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
URL: http://sgbooking.ddns.net:3334/?rid=XXhWP3S
Submission: On July 10 via manual from NL
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 6 IPs in 3 countries across 5 domains to perform 13 HTTP transactions. The main IP is 93.176.166.220, located in Palma, Spain and belongs to AS15704, ES. The main domain is sgbooking.ddns.net.
This is the only time sgbooking.ddns.net was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Booking (Travel)

Domain & IP information

IP Address AS Autonomous System
1 93.176.166.220 15704 (AS15704)
4 5.57.17.14 43996 (BOOKING-B...)
4 5.57.16.99 43996 (BOOKING-B...)
2 2a00:1450:400... 15169 (GOOGLE)
1 151.101.114.110 54113 (FASTLY)
13 6
1    93.176.166.220 (Palma, Spain)

ASN15704 (AS15704, ES)
PTR: static.masmovil.com
sgbooking.ddns.net
4    5.57.17.14 (Maarssen, Netherlands)

ASN43996 (BOOKING-BV Booking.com, NL)
account.booking.com
4    5.57.16.99 (Maarssen, Netherlands)

ASN43996 (BOOKING-BV Booking.com, NL)
PTR: q.bstatic.com
q.bstatic.com
2    2a00:1450:4001:81e::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE - Google LLC, US)
www.google-analytics.com
1    151.101.114.110 (Frankfurt am Main, Germany)

ASN54113 (FASTLY - Fastly, US)
client.perimeterx.net
Domain Requested by
4 q.bstatic.com sgbooking.ddns.net
4 account.booking.com sgbooking.ddns.net
2 www.google-analytics.com sgbooking.ddns.net
1 client.perimeterx.net sgbooking.ddns.net
1 sgbooking.ddns.net
0 collector-pxikkul2rm.perimeterx.net Failed client.perimeterx.net
13 6

This site contains links to these domains. Also see Links.

Domain
account.booking.com
www.booking.com
secure.booking.com
Subject Issuer Validity Valid
*.booking.com
DigiCert ECC Secure Server CA		 2018-11-14 -
2019-11-19		 a year crt.sh
*.bstatic.com
DigiCert ECC Secure Server CA		 2019-01-08 -
2020-01-13		 a year crt.sh
*.google-analytics.com
Google Internet Authority G3		 2019-06-18 -
2019-09-10		 3 months crt.sh
f4.shared.global.fastly.net
GlobalSign CloudSSL CA - SHA256 - G3		 2019-04-10 -
2020-03-21		 a year crt.sh

This page contains 1 frames:

Primary Page: http://sgbooking.ddns.net:3334/?rid=XXhWP3S
Frame ID: 758544C6E5BCE8D8B3881B90B01048CC
Requests: 13 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Detected technologies

Overall confidence: 100%
Detected patterns
  • script /google-analytics\.com\/(?:ga|urchin|analytics)\.js/i

Page Statistics

13
Requests

85 %
HTTPS

20 %
IPv6

5
Domains

6
Subdomains

6
IPs

3
Countries

291 kB
Transfer

1135 kB
Size

2
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

13 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
sgbooking.ddns.net/ 		58 KB
17 KB 		Document
General
Check archive.org
Download Go to
Full URL
http://sgbooking.ddns.net:3334/?rid=XXhWP3S
Protocol
HTTP/1.1
Server
93.176.166.220 Palma, Spain, ASN15704 (AS15704, ES),
Reverse DNS
static.masmovil.com
Software
/
Resource Hash
b4fc8ae98a49f4ba9a08ed42ee84049ce646787dcde7594191104363bb33dd6f

Request headers

Host
sgbooking.ddns.net:3334
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
Accept-Encoding
gzip, deflate
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Encoding
gzip
Content-Type
text/html; charset=utf-8
Vary
Accept-Encoding
Date
Wed, 10 Jul 2019 12:17:38 GMT
Transfer-Encoding
chunked
error_catcher
account.booking.com/ 		35 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://account.booking.com/error_catcher
Requested by
Host: sgbooking.ddns.net
URL: http://sgbooking.ddns.net:3334/?rid=XXhWP3S
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
5.57.17.14 Maarssen, Netherlands, ASN43996 (BOOKING-BV Booking.com, NL),
Reverse DNS
Software
nginx /
Resource Hash
cd4f42cc325fbfb0485d3878c56fa4d0c0d831b3fd6e69c626c8322758f0c60b
Security Headers
Name Value
Strict-Transport-Security max-age=17280000
X-Xss-Protection 1; mode=block

Request headers

Referer
http://sgbooking.ddns.net:3334/?rid=XXhWP3S
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Wed, 10 Jul 2019 12:17:38 GMT
Content-Encoding
gzip
Server
nginx
Vary
Accept-Encoding, User-Agent
Content-Type
application/x-javascript
Strict-Transport-Security
max-age=17280000
Content-Length
8238
X-XSS-Protection
1; mode=block
core_96fe8147769a335d77adf51ccead036f.css
q.bstatic.com/build/asset-files-bucket/accountsportal/assets/ 		73 KB
11 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://q.bstatic.com/build/asset-files-bucket/accountsportal/assets/core_96fe8147769a335d77adf51ccead036f.css
Requested by
Host: sgbooking.ddns.net
URL: http://sgbooking.ddns.net:3334/?rid=XXhWP3S
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
5.57.16.99 Maarssen, Netherlands, ASN43996 (BOOKING-BV Booking.com, NL),
Reverse DNS
q.bstatic.com
Software
nginx /
Resource Hash
f1ed223e9a0e52485ff46859cbeac656ed1cd8ff780c12e00275333dc39c7401
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Xss-Protection 1; mode=block

Request headers

Referer
http://sgbooking.ddns.net:3334/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Wed, 10 Jul 2019 12:17:39 GMT
Content-Encoding
gzip
Last-Modified
Tue, 09 Jul 2019 11:02:46 GMT
Server
nginx
x-amz-request-id
8ea39f1a-27a5-1f91-ac81-d8c4972d855d
ETag
W/"96fe8147769a335d77adf51ccead036f"
Vary
Accept-Encoding
Content-Type
text/css
Access-Control-Allow-Origin
*
Cache-Control
max-age=2592000
Transfer-Encoding
chunked
Strict-Transport-Security
max-age=31536000
Timing-Allow-Origin
*
X-XSS-Protection
1; mode=block
Expires
Fri, 09 Aug 2019 12:17:39 GMT
Index_878ed872cafcefb2ad96776dad7c8efe.css
q.bstatic.com/build/asset-files-bucket/accountsportal/assets/ 		28 KB
6 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://q.bstatic.com/build/asset-files-bucket/accountsportal/assets/Index_878ed872cafcefb2ad96776dad7c8efe.css
Requested by
Host: sgbooking.ddns.net
URL: http://sgbooking.ddns.net:3334/?rid=XXhWP3S
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
5.57.16.99 Maarssen, Netherlands, ASN43996 (BOOKING-BV Booking.com, NL),
Reverse DNS
q.bstatic.com
Software
nginx /
Resource Hash
bcf51c98d37624f545d15d021dfbbf6848d716343343dff9a605fba55cb9dd36
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Xss-Protection 1; mode=block

Request headers

Referer
http://sgbooking.ddns.net:3334/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Wed, 10 Jul 2019 12:17:39 GMT
Content-Encoding
gzip
Last-Modified
Tue, 09 Jul 2019 11:02:46 GMT
Server
nginx
x-amz-request-id
e54325cd-fffe-1fff-9e01-d8c4974ce978
ETag
W/"878ed872cafcefb2ad96776dad7c8efe"
Vary
Accept-Encoding
Content-Type
text/css
Access-Control-Allow-Origin
*
Cache-Control
max-age=2592000
Transfer-Encoding
chunked
Strict-Transport-Security
max-age=31536000
Timing-Allow-Origin
*
X-XSS-Protection
1; mode=block
Expires
Fri, 09 Aug 2019 12:17:39 GMT
core_57b0ae261bd842912df6.js
q.bstatic.com/build/asset-files-bucket/accountsportal/assets/ 		468 KB
144 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://q.bstatic.com/build/asset-files-bucket/accountsportal/assets/core_57b0ae261bd842912df6.js
Requested by
Host: sgbooking.ddns.net
URL: http://sgbooking.ddns.net:3334/?rid=XXhWP3S
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
5.57.16.99 Maarssen, Netherlands, ASN43996 (BOOKING-BV Booking.com, NL),
Reverse DNS
q.bstatic.com
Software
nginx /
Resource Hash
38c432bab6672c04b97b6c9b3957a80d70a97ee2320e3b65f45365b7731f6104
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Xss-Protection 1; mode=block

Request headers

Referer
http://sgbooking.ddns.net:3334/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Wed, 10 Jul 2019 12:17:39 GMT
Content-Encoding
gzip
Last-Modified
Tue, 09 Jul 2019 11:02:46 GMT
Server
nginx
x-amz-request-id
a2282320-ffee-1fff-87b3-d8c4974ced84
ETag
W/"1b61df7b7f40ebcaea155ef6e08c401e"
Vary
Accept-Encoding
Content-Type
application/javascript
Access-Control-Allow-Origin
*
Cache-Control
max-age=2592000
Transfer-Encoding
chunked
Strict-Transport-Security
max-age=31536000
Timing-Allow-Origin
*
X-XSS-Protection
1; mode=block
Expires
Fri, 09 Aug 2019 12:17:39 GMT
Index_29b77e316eca1f19d035.js
q.bstatic.com/build/asset-files-bucket/accountsportal/assets/ 		361 KB
60 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://q.bstatic.com/build/asset-files-bucket/accountsportal/assets/Index_29b77e316eca1f19d035.js
Requested by
Host: sgbooking.ddns.net
URL: http://sgbooking.ddns.net:3334/?rid=XXhWP3S
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
5.57.16.99 Maarssen, Netherlands, ASN43996 (BOOKING-BV Booking.com, NL),
Reverse DNS
q.bstatic.com
Software
nginx /
Resource Hash
9785a06322bc27ea5eecc8c25d27e73eff4d58e5e65b9ee795675bbd3503c53b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Xss-Protection 1; mode=block

Request headers

Referer
http://sgbooking.ddns.net:3334/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Wed, 10 Jul 2019 12:17:39 GMT
Content-Encoding
gzip
Last-Modified
Tue, 09 Jul 2019 11:02:46 GMT
Server
nginx
x-amz-request-id
8ea36720-27a5-1f91-ac81-d8c4972d855d
ETag
W/"7dbb5dd4d8dcbc173be57df4d09c2e1e"
Vary
Accept-Encoding
Content-Type
application/javascript
Access-Control-Allow-Origin
*
Cache-Control
max-age=2592000
Transfer-Encoding
chunked
Strict-Transport-Security
max-age=31536000
Timing-Allow-Origin
*
X-XSS-Protection
1; mode=block
Expires
Fri, 09 Aug 2019 12:17:39 GMT
fvtrpw.gif
account.booking.com/_/ 		35 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://account.booking.com/_/fvtrpw.gif
Requested by
Host: sgbooking.ddns.net
URL: http://sgbooking.ddns.net:3334/?rid=XXhWP3S
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
5.57.17.14 Maarssen, Netherlands, ASN43996 (BOOKING-BV Booking.com, NL),
Reverse DNS
Software
nginx /
Resource Hash
9b9265c69a5cc295d1ab0d04e0273b3677db1a6216ce2ccf4efc8c277ed84b39
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self';
Strict-Transport-Security max-age=17280000
X-Xss-Protection 1; mode=block

Request headers

Referer
http://sgbooking.ddns.net:3334/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Wed, 10 Jul 2019 12:17:38 GMT
Server
nginx
Content-Security-Policy
frame-ancestors 'self';
Content-Security-Policy-Report-Only
default-src *.bstatic.com bstatic.com 'self'; frame-src https://www.youtube.com/embed/Vv4w5SmRkss *.bstatic.com bstatic.com 'self'; script-src saa.booking.com *.bstatic.com bstatic.com google-analytics.com *.perimeterx.net 'self' 'nonce-4Fg19hhJ1LBHRS0'; style-src *.bstatic.com bstatic.com 'self' 'nonce-4Fg19hhJ1LBHRS0'; img-src data: www.booking.com account.booking.com *.bstatic.com bstatic.com https://www.google-analytics.com https://www.google.com https://stats.g.doubleclick.net 'self'; connect-src saa.booking.com *.perimeterx.net 'self'; object-src 'none'; base-uri 'none'; report-uri /csp_violation?pid=37465671670700c2;
Content-Type
image/gif
Transfer-Encoding
chunked
Content-Disposition
attachment; filename=etnht.gif
Strict-Transport-Security
max-age=17280000
X-XSS-Protection
1; mode=block
etnht.gif
account.booking.com/_/ 		35 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://account.booking.com/_/etnht.gif
Requested by
Host: sgbooking.ddns.net
URL: http://sgbooking.ddns.net:3334/?rid=XXhWP3S
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
5.57.17.14 Maarssen, Netherlands, ASN43996 (BOOKING-BV Booking.com, NL),
Reverse DNS
Software
nginx /
Resource Hash
9b9265c69a5cc295d1ab0d04e0273b3677db1a6216ce2ccf4efc8c277ed84b39
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self';
Strict-Transport-Security max-age=17280000
X-Xss-Protection 1; mode=block

Request headers

Referer
https://q.bstatic.com/build/asset-files-bucket/accountsportal/assets/core_96fe8147769a335d77adf51ccead036f.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Wed, 10 Jul 2019 12:17:39 GMT
Server
nginx
Content-Security-Policy
frame-ancestors 'self';
Content-Security-Policy-Report-Only
default-src *.bstatic.com bstatic.com 'self'; frame-src https://www.youtube.com/embed/Vv4w5SmRkss *.bstatic.com bstatic.com 'self'; script-src saa.booking.com *.bstatic.com bstatic.com google-analytics.com *.perimeterx.net 'self' 'nonce-Oxw7adMsgd259Lv'; style-src *.bstatic.com bstatic.com 'self' 'nonce-Oxw7adMsgd259Lv'; img-src data: www.booking.com account.booking.com *.bstatic.com bstatic.com https://www.google-analytics.com https://www.google.com https://stats.g.doubleclick.net 'self'; connect-src saa.booking.com *.perimeterx.net 'self'; object-src 'none'; base-uri 'none'; report-uri /csp_violation?pid=51085671762300c5;
Content-Type
image/gif
Transfer-Encoding
chunked
Content-Disposition
attachment; filename=etnht.gif
Strict-Transport-Security
max-age=17280000
X-XSS-Protection
1; mode=block
analytics.js
www.google-analytics.com/ 		43 KB
18 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: sgbooking.ddns.net
URL: http://sgbooking.ddns.net:3334/?rid=XXhWP3S
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81e::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
a4883cce814b6793c5bd6dd3639d6048ecab39a93a90b560d39a9fd0aff6e263
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
http://sgbooking.ddns.net:3334/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Thu, 20 Jun 2019 21:35:04 GMT
server
Golfe2
age
5431
date
Wed, 10 Jul 2019 10:47:08 GMT
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
public, max-age=7200
alt-svc
quic=":443"; ma=2592000; v="46,43,39"
content-length
17707
expires
Wed, 10 Jul 2019 12:47:08 GMT
collect
www.google-analytics.com/ 		35 B
198 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google-analytics.com/collect?v=1&_v=j77&a=159613602&t=pageview&_s=1&dl=http%3Asgbooking.ddns.net%3A3334%2F%3Frid%3DXXhWP3S&dp=%2F&dh=sgbooking.ddns.net%3A3334&ul=en-us&de=UTF-8&dt=Booking.com%20Account&sd=24-bit&sr=1600x1200&vp=1585x1200&je=0&_u=YEBAAEAB~&cid=465568634.1562761059&tid=UA-116109-18&_gid=1116964447.1562761059&z=1797541757
Requested by
Host: sgbooking.ddns.net
URL: http://sgbooking.ddns.net:3334/?rid=XXhWP3S
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81e::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
http://sgbooking.ddns.net:3334/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 13 Jun 2019 20:58:45 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
age
2301534
content-type
image/gif
status
200
alt-svc
quic=":443"; ma=2592000; v="46,43,39"
cache-control
no-cache, no-store, must-revalidate
access-control-allow-origin
*
content-length
35
expires
Mon, 01 Jan 1990 00:00:00 GMT
main.min.js
client.perimeterx.net/PXikKuL2RM/ 		68 KB
25 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://client.perimeterx.net/PXikKuL2RM/main.min.js
Requested by
Host: sgbooking.ddns.net
URL: http://sgbooking.ddns.net:3334/?rid=XXhWP3S
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.114.110 Frankfurt am Main, Germany, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software
/
Resource Hash
999e5a7dae85ed08f5fe525e1e5799309d482a01b5902fbf35f27a4e626ba64e

Request headers

Referer
http://sgbooking.ddns.net:3334/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Wed, 10 Jul 2019 12:17:42 GMT
content-encoding
gzip
age
149
etag
W/"10e64-hMSB86MvZZWKD9dRs4xtUvvGobA"
vary
Accept-Encoding
x-cache
HIT
content-type
application/javascript; charset=utf-8
status
200
cache-control
max-age=600
x-cache-hits
4973
accept-ranges
bytes
x-timer
S1562761063.543610,VS0,VE0
content-length
25331
via
1.1 varnish
x-served-by
cache-hhn4042-HHN
navigation_times
account.booking.com/ 		0
366 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://account.booking.com/navigation_times?sid=&pid=5108706c455500bf&nts=0,0,1562761051191,0,0,0,0,1562761051191,1562761051191,1562761051207,1562761051207,1562761058370,0,1562761058370,1562761058490,1562761058540,1562761058496,1562761059460,1562761059460,1562761059460,1562761059496,1562761059496,1562761059496,0&first=&cdn=bs&dc=4&bo=4&lang=en-us&ref_action=Signin_Index&aid=376371&stype=&route=&ua=&ch=&lt=
Requested by
Host: sgbooking.ddns.net
URL: http://sgbooking.ddns.net:3334/?rid=XXhWP3S
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
5.57.17.14 Maarssen, Netherlands, ASN43996 (BOOKING-BV Booking.com, NL),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=17280000
X-Xss-Protection 1; mode=block

Request headers

Access-Control-Request-Method
POST
Origin
http://sgbooking.ddns.net:3334
Referer
http://sgbooking.ddns.net:3334/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Access-Control-Request-Headers
x-booking-csrf

Response headers

X-XSS-Protection
1; mode=block
Date
Wed, 10 Jul 2019 12:17:40 GMT
Server
nginx
Content-Length
0
Strict-Transport-Security
max-age=17280000
Content-Type
image/jpeg
collector
collector-pxikkul2rm.perimeterx.net/api/v1/ 		0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
collector-pxikkul2rm.perimeterx.net
URL
https://collector-pxikkul2rm.perimeterx.net/api/v1/collector

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Booking (Travel)

32 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onselectstart object| onselectionchange function| queueMicrotask function| E_ function| onBookingError object| booking object| booking_extra object| B function| webpackJsonp object| __core-js_shared__ object| core object| global object| System function| asap function| Observable function| setImmediate function| clearImmediate object| regeneratorRuntime boolean| _babelPolyfill function| handleSocialProviderResult object| params string| search_params string| GoogleAnalyticsObject function| ga object| google_tag_data object| gaplugins object| gaGlobal object| gaData string| _pxAppId string| _pxParam1 object| PXikKuL2RM object| PX

2 Cookies

Domain/Path Name / Value
.sgbooking.ddns.net/ Name: _gid
Value: GA1.3.1116964447.1562761059
.sgbooking.ddns.net/ Name: _ga
Value: GA1.3.465568634.1562761059