urlscan.io logo urlscan.io
SecurityTrails logo

admin.booking.com.hotel-id-168432.com Open in urlscan Pro
54.93.239.237  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
URL: https://admin.booking.com.hotel-id-168432.com/
Submission: On October 01 via manual from US
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 3 IPs in 2 countries across 3 domains to perform 6 HTTP transactions. The main IP is 54.93.239.237, located in Frankfurt am Main, Germany and belongs to AMAZON-02 - Amazon.com, Inc., US. The main domain is admin.booking.com.hotel-id-168432.com.
TLS certificate: Issued by Let's Encrypt Authority X3 on September 29th 2019. Valid for: 3 months.
This is the only time admin.booking.com.hotel-id-168432.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Booking (Travel)

Domain & IP information

IP Address AS Autonomous System
3 54.93.239.237 16509 (AMAZON-02)
1 5.57.17.14 43996 (BOOKING-B...)
2 5.57.17.99 43996 (BOOKING-B...)
6 3
Domain Requested by
3 admin.booking.com.hotel-id-168432.com account.booking.com
2 q.bstatic.com admin.booking.com.hotel-id-168432.com
1 account.booking.com admin.booking.com.hotel-id-168432.com
6 3

This site contains links to these domains. Also see Links.

Domain
partnerhelp.booking.com
Subject Issuer Validity Valid
admin.booking.com.hotel-id-168432.com
Let's Encrypt Authority X3		 2019-09-29 -
2019-12-28		 3 months crt.sh
*.booking.com
DigiCert ECC Secure Server CA		 2018-11-14 -
2019-11-19		 a year crt.sh
*.bstatic.com
DigiCert ECC Secure Server CA		 2019-01-08 -
2020-01-13		 a year crt.sh

This page contains 1 frames:

Primary Page: https://admin.booking.com.hotel-id-168432.com/
Frame ID: EE44381F33634679863C1D051F8A914D
Requests: 6 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Detected technologies

Overall confidence: 100%
Detected patterns
  • headers server /^(?:Microsoft-)?IIS(?:\/([\d.]+))?/i
Overall confidence: 100%
Detected patterns
  • headers server /^(?:Microsoft-)?IIS(?:\/([\d.]+))?/i

Page Statistics

6
Requests

100 %
HTTPS

0 %
IPv6

3
Domains

3
Subdomains

3
IPs

2
Countries

64 kB
Transfer

205 kB
Size

1
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

6 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
admin.booking.com.hotel-id-168432.com/ 		26 KB
26 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://admin.booking.com.hotel-id-168432.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
54.93.239.237 Frankfurt am Main, Germany, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
ec2-54-93-239-237.eu-central-1.compute.amazonaws.com
Software
Microsoft-IIS/10.0 /
Resource Hash
23ab165dd5b5c2e7ad71e106cfb618474e0ca282d9897364efc4456e309dcf77

Request headers

:method
GET
:authority
admin.booking.com.hotel-id-168432.com
:scheme
https
:path
/
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
sec-fetch-mode
navigate
sec-fetch-user
?1
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
sec-fetch-site
none
accept-encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Mode
navigate
Sec-Fetch-User
?1

Response headers

status
200
content-type
text/html
last-modified
Tue, 30 Apr 2019 19:06:36 GMT
accept-ranges
bytes
etag
"b12046d587ffd41:0"
server
Microsoft-IIS/10.0
set-cookie
3639965C716078CDC2F7225E0A7487328EB32A3D=DDCEE03D6C43D24DE6EA1914C2F185AB68B1E927; path=/; HttpOnly;
date
Tue, 01 Oct 2019 13:18:50 GMT
content-length
26235
error_catcher
account.booking.com/ 		35 KB
9 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://account.booking.com/error_catcher
Requested by
Host: admin.booking.com.hotel-id-168432.com
URL: https://admin.booking.com.hotel-id-168432.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
5.57.17.14 Amsterdam, Netherlands, ASN43996 (BOOKING-BV Booking.com, NL),
Reverse DNS
Software
nginx /
Resource Hash
cd4f42cc325fbfb0485d3878c56fa4d0c0d831b3fd6e69c626c8322758f0c60b
Security Headers
Name Value
Content-Security-Policy report-uri /csp_violation?type=block&tag=42&pid=51085d9d55e90384&a=error_catcher&p=accounts-portal; frame-ancestors https://*.booking.com 'self';
Strict-Transport-Security max-age=17280000
X-Xss-Protection 1; mode=block

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://admin.booking.com.hotel-id-168432.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Security-Policy
report-uri /csp_violation?type=block&tag=42&pid=51085d9d55e90384&a=error_catcher&p=accounts-portal; frame-ancestors https://*.booking.com 'self';
Content-Encoding
gzip
Content-Security-Policy-Report-Only
connect-src saa.booking.com collector-pxikkul2rm.perimeterx.net www.google-analytics.com 'self' 'report-sample'; script-src saa.booking.com *.bstatic.com bstatic.com *.static.booking.cn www.google-analytics.com client.perimeterx.net 'self' 'nonce-eCqsdMbscDe4xOH' 'report-sample'; img-src 'self' data: www.booking.com account.booking.com *.bstatic.com bstatic.com *.static.booking.cn www.google-analytics.com www.google.com stats.g.doubleclick.net collector-pxikkul2rm.perimeterx.net www.gstatic.com; base-uri 'none'; default-src *.bstatic.com bstatic.com 'self'; report-uri /csp_violation?type=report&tag=41&pid=51085d9d55e90384&a=error_catcher&p=accounts-portal; object-src 'none'; frame-src https://www.youtube.com/embed/Vv4w5SmRkss *.bstatic.com bstatic.com 'self'; style-src *.bstatic.com bstatic.com *.static.booking.cn 'self' 'nonce-eCqsdMbscDe4xOH';
Server
nginx
Date
Tue, 01 Oct 2019 13:18:51 GMT
Vary
User-Agent, Accept-Encoding
Content-Type
application/x-javascript
Strict-Transport-Security
max-age=17280000
Content-Length
8238
X-XSS-Protection
1; mode=block
core.c4dd63b7.css
q.bstatic.com/build/asset-files-bucket/accountsportal/assets/ 		122 KB
19 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://q.bstatic.com/build/asset-files-bucket/accountsportal/assets/core.c4dd63b7.css
Requested by
Host: admin.booking.com.hotel-id-168432.com
URL: https://admin.booking.com.hotel-id-168432.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
5.57.17.99 Amsterdam, Netherlands, ASN43996 (BOOKING-BV Booking.com, NL),
Reverse DNS
q.bstatic.com
Software
nginx /
Resource Hash
2968ca65d6b8c592a0e40c8d5a88830bdb380f81395fe00e3a8d9608d818d887
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Xss-Protection 1; mode=block

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://admin.booking.com.hotel-id-168432.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Tue, 01 Oct 2019 13:18:51 GMT
Content-Encoding
gzip
Last-Modified
Fri, 25 Jan 2019 03:04:15 GMT
Server
nginx
x-amz-request-id
976fb4ea-5d84-1fe7-bd2c-a81e84fabfbe
ETag
W/"5c732f23fce531c8e9456698dd00348d"
Vary
Accept-Encoding
Content-Type
text/css; charset=utf-8
Access-Control-Allow-Origin
*
Cache-Control
max-age=2592000
Transfer-Encoding
chunked
Strict-Transport-Security
max-age=31536000
Timing-Allow-Origin
*
X-XSS-Protection
1; mode=block
Expires
Thu, 31 Oct 2019 13:18:51 GMT
Index.ab5d9c4c.css
q.bstatic.com/build/asset-files-bucket/accountsportal/assets/ 		18 KB
5 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://q.bstatic.com/build/asset-files-bucket/accountsportal/assets/Index.ab5d9c4c.css
Requested by
Host: admin.booking.com.hotel-id-168432.com
URL: https://admin.booking.com.hotel-id-168432.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
5.57.17.99 Amsterdam, Netherlands, ASN43996 (BOOKING-BV Booking.com, NL),
Reverse DNS
q.bstatic.com
Software
nginx /
Resource Hash
6dbdc3975037e8ec4ca49cc78a49cf3858229d1959d0946dd0e4b1d9ab8c4aa8
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Xss-Protection 1; mode=block

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://admin.booking.com.hotel-id-168432.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Tue, 01 Oct 2019 13:18:51 GMT
Content-Encoding
gzip
Last-Modified
Wed, 23 Jan 2019 16:38:08 GMT
Server
nginx
x-amz-request-id
44927827-fff0-1fff-b139-a81e84fabb9c
ETag
W/"8af1fb5356960c0f51327cae94f52b27"
Vary
Accept-Encoding
Content-Type
text/css; charset=utf-8
Access-Control-Allow-Origin
*
Cache-Control
max-age=2592000
Transfer-Encoding
chunked
Strict-Transport-Security
max-age=31536000
Timing-Allow-Origin
*
X-XSS-Protection
1; mode=block
Expires
Thu, 31 Oct 2019 13:18:51 GMT
js_errors
admin.booking.com.hotel-id-168432.com/ 		2 KB
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://admin.booking.com.hotel-id-168432.com/js_errors
Requested by
Host: account.booking.com
URL: https://account.booking.com/error_catcher
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
54.93.239.237 Frankfurt am Main, Germany, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
ec2-54-93-239-237.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
baacc0ee488a76d48be3b315738e951639ea18d02d087f4d0411458eda0d32bb

Request headers

Sec-Fetch-Mode
cors
Referer
https://admin.booking.com.hotel-id-168432.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-type
application/x-www-form-urlencoded

Response headers

Content-Length
2343
Content-Type
text/html
js_errors
admin.booking.com.hotel-id-168432.com/ 		2 KB
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://admin.booking.com.hotel-id-168432.com/js_errors
Requested by
Host: account.booking.com
URL: https://account.booking.com/error_catcher
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
54.93.239.237 Frankfurt am Main, Germany, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
ec2-54-93-239-237.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
baacc0ee488a76d48be3b315738e951639ea18d02d087f4d0411458eda0d32bb

Request headers

Sec-Fetch-Mode
cors
Referer
https://admin.booking.com.hotel-id-168432.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-type
application/x-www-form-urlencoded

Response headers

Content-Length
2343
Content-Type
text/html

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Booking (Travel)

4 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onformdata object| onpointerrawupdate function| E_ function| onBookingError

1 Cookies

Domain/Path Name / Value
admin.booking.com.hotel-id-168432.com/ Name: 3639965C716078CDC2F7225E0A7487328EB32A3D
Value: DDCEE03D6C43D24DE6EA1914C2F185AB68B1E927

2 Console Messages

Source Level URL
Text
console-api log URL: https://account.booking.com/error_catcher(Line 768)
Message:
<Generated Stack> callback@(https://account.booking.com/error_catcher:31:1650) </Generated Stack> ReferenceError: booking is not defined at callback (https://admin.booking.com.hotel-id-168432.com/:31:1650) at wrapper (https://account.booking.com/error_catcher:756:31)
console-api log URL: https://account.booking.com/error_catcher(Line 770)
Message:
console.trace