sgbooking.ddns.net
Open in
urlscan Pro
93.176.166.220
Malicious Activity!
Public Scan
Submission: On July 10 via manual from NL
Summary
This is the only time sgbooking.ddns.net was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Booking (Travel)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 | 93.176.166.220 93.176.166.220 | 15704 (AS15704) (AS15704) | |
4 | 5.57.17.14 5.57.17.14 | 43996 (BOOKING-B...) (BOOKING-BV Booking.com) | |
4 | 5.57.16.99 5.57.16.99 | 43996 (BOOKING-B...) (BOOKING-BV Booking.com) | |
2 | 2a00:1450:400... 2a00:1450:4001:81e::200e | 15169 (GOOGLE) (GOOGLE - Google LLC) | |
1 | 151.101.114.110 151.101.114.110 | 54113 (FASTLY) (FASTLY - Fastly) | |
13 | 6 |
ASN43996 (BOOKING-BV Booking.com, NL)
PTR: q.bstatic.com
q.bstatic.com |
ASN15169 (GOOGLE - Google LLC, US)
www.google-analytics.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
4 |
bstatic.com
q.bstatic.com |
221 KB |
4 |
booking.com
account.booking.com |
11 KB |
2 |
google-analytics.com
www.google-analytics.com |
18 KB |
1 |
perimeterx.net
client.perimeterx.net collector-pxikkul2rm.perimeterx.net Failed |
25 KB |
1 |
ddns.net
sgbooking.ddns.net |
17 KB |
13 | 5 |
Domain | Requested by | |
---|---|---|
4 | q.bstatic.com |
sgbooking.ddns.net
|
4 | account.booking.com |
sgbooking.ddns.net
|
2 | www.google-analytics.com |
sgbooking.ddns.net
|
1 | client.perimeterx.net |
sgbooking.ddns.net
|
1 | sgbooking.ddns.net | |
0 | collector-pxikkul2rm.perimeterx.net Failed |
client.perimeterx.net
|
13 | 6 |
This site contains links to these domains. Also see Links.
Domain |
---|
account.booking.com |
www.booking.com |
secure.booking.com |
Subject Issuer | Validity | Valid | |
---|---|---|---|
*.booking.com DigiCert ECC Secure Server CA |
2018-11-14 - 2019-11-19 |
a year | crt.sh |
*.bstatic.com DigiCert ECC Secure Server CA |
2019-01-08 - 2020-01-13 |
a year | crt.sh |
*.google-analytics.com Google Internet Authority G3 |
2019-06-18 - 2019-09-10 |
3 months | crt.sh |
f4.shared.global.fastly.net GlobalSign CloudSSL CA - SHA256 - G3 |
2019-04-10 - 2020-03-21 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
http://sgbooking.ddns.net:3334/?rid=XXhWP3S
Frame ID: 758544C6E5BCE8D8B3881B90B01048CC
Requests: 13 HTTP requests in this frame
Screenshot
Detected technologies
Google Analytics (Analytics) ExpandDetected patterns
- script /google-analytics\.com\/(?:ga|urchin|analytics)\.js/i
Page Statistics
7 Outgoing links
These are links going to different origins than the main page.
Search URL Search Domain Scan URL
Title: here
Search URL Search Domain Scan URL
Title: Sign in with FacebookFacebook
Search URL Search Domain Scan URL
Title: Sign in with GoogleGoogle
Search URL Search Domain Scan URL
Title: Sign up
Search URL Search Domain Scan URL
Title: Terms & Conditions
Search URL Search Domain Scan URL
Title: confirmation number and PIN
Search URL Search Domain Scan URL
Redirected requests
There were HTTP redirect chains for the following requests:
13 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
/
sgbooking.ddns.net/ |
58 KB 17 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
error_catcher
account.booking.com/ |
35 KB 8 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
core_96fe8147769a335d77adf51ccead036f.css
q.bstatic.com/build/asset-files-bucket/accountsportal/assets/ |
73 KB 11 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Index_878ed872cafcefb2ad96776dad7c8efe.css
q.bstatic.com/build/asset-files-bucket/accountsportal/assets/ |
28 KB 6 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
core_57b0ae261bd842912df6.js
q.bstatic.com/build/asset-files-bucket/accountsportal/assets/ |
468 KB 144 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Index_29b77e316eca1f19d035.js
q.bstatic.com/build/asset-files-bucket/accountsportal/assets/ |
361 KB 60 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
fvtrpw.gif
account.booking.com/_/ |
35 B 1 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
etnht.gif
account.booking.com/_/ |
35 B 1 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
analytics.js
www.google-analytics.com/ |
43 KB 18 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
collect
www.google-analytics.com/ |
35 B 198 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
main.min.js
client.perimeterx.net/PXikKuL2RM/ |
68 KB 25 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
OPTIONS H/1.1 |
navigation_times
account.booking.com/ |
0 366 B |
XHR
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST |
collector
collector-pxikkul2rm.perimeterx.net/api/v1/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- collector-pxikkul2rm.perimeterx.net
- URL
- https://collector-pxikkul2rm.perimeterx.net/api/v1/collector
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Booking (Travel)32 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onselectstart object| onselectionchange function| queueMicrotask function| E_ function| onBookingError object| booking object| booking_extra object| B function| webpackJsonp object| __core-js_shared__ object| core object| global object| System function| asap function| Observable function| setImmediate function| clearImmediate object| regeneratorRuntime boolean| _babelPolyfill function| handleSocialProviderResult object| params string| search_params string| GoogleAnalyticsObject function| ga object| google_tag_data object| gaplugins object| gaGlobal object| gaData string| _pxAppId string| _pxParam1 object| PXikKuL2RM object| PX2 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
.sgbooking.ddns.net/ | Name: _gid Value: GA1.3.1116964447.1562761059 |
|
.sgbooking.ddns.net/ | Name: _ga Value: GA1.3.465568634.1562761059 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
account.booking.com
client.perimeterx.net
collector-pxikkul2rm.perimeterx.net
q.bstatic.com
sgbooking.ddns.net
www.google-analytics.com
collector-pxikkul2rm.perimeterx.net
151.101.114.110
2a00:1450:4001:81e::200e
5.57.16.99
5.57.17.14
93.176.166.220
38c432bab6672c04b97b6c9b3957a80d70a97ee2320e3b65f45365b7731f6104
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
9785a06322bc27ea5eecc8c25d27e73eff4d58e5e65b9ee795675bbd3503c53b
999e5a7dae85ed08f5fe525e1e5799309d482a01b5902fbf35f27a4e626ba64e
9b9265c69a5cc295d1ab0d04e0273b3677db1a6216ce2ccf4efc8c277ed84b39
a4883cce814b6793c5bd6dd3639d6048ecab39a93a90b560d39a9fd0aff6e263
b4fc8ae98a49f4ba9a08ed42ee84049ce646787dcde7594191104363bb33dd6f
bcf51c98d37624f545d15d021dfbbf6848d716343343dff9a605fba55cb9dd36
cd4f42cc325fbfb0485d3878c56fa4d0c0d831b3fd6e69c626c8322758f0c60b
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
f1ed223e9a0e52485ff46859cbeac656ed1cd8ff780c12e00275333dc39c7401