admin.hoteladmin.africanjewell.co.za
Open in
urlscan Pro
41.185.8.122
Malicious Activity!
Public Scan
Submission: On October 27 via manual from NL
Summary
This is the only time admin.hoteladmin.africanjewell.co.za was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Booking (Travel)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
5 | 41.185.8.122 41.185.8.122 | 36943 (webafrica) (webafrica) | |
4 | 5.57.16.100 5.57.16.100 | 43996 (BOOKING-B...) (BOOKING-BV Booking.com) | |
16 | 5.57.16.51 5.57.16.51 | 43996 (BOOKING-B...) (BOOKING-BV Booking.com) | |
1 | 5.57.17.220 5.57.17.220 | 43996 (BOOKING-B...) (BOOKING-BV Booking.com) | |
1 | 198.232.124.194 198.232.124.194 | 54104 (AS-NETDNA) (AS-NETDNA - netDNA) | |
2 | 5.57.16.99 5.57.16.99 | 43996 (BOOKING-B...) (BOOKING-BV Booking.com) | |
1 | 94.31.29.249 94.31.29.249 | 54104 (AS-NETDNA) (AS-NETDNA - netDNA) | |
1 | 2a00:1450:400... 2a00:1450:4001:816::200e | 15169 (GOOGLE) (GOOGLE - Google Inc.) | |
32 | 9 |
ASN36943 (webafrica, ZA)
PTR: srv22.hostserv.co.za
admin.hoteladmin.africanjewell.co.za |
ASN43996 (BOOKING-BV Booking.com, NL)
PTR: admin.booking.com
admin.booking.com |
ASN43996 (BOOKING-BV Booking.com, NL)
PTR: www.booking.com
www.booking.com |
ASN54104 (AS-NETDNA - netDNA, US)
PTR: 194-124-232-198.static.unitasglobal.net
static.hotjar.com |
ASN54104 (AS-NETDNA - netDNA, US)
PTR: 94.31.29.249.IPYX-077437-ZYO.above.net
script.hotjar.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
17 |
booking.com
admin.booking.com www.booking.com |
35 KB |
6 |
bstatic.com
r.bstatic.com q.bstatic.com |
61 KB |
5 |
africanjewell.co.za
admin.hoteladmin.africanjewell.co.za |
33 KB |
2 |
hotjar.com
static.hotjar.com script.hotjar.com vars.hotjar.com Failed |
71 KB |
1 |
google-analytics.com
www.google-analytics.com |
14 KB |
32 | 5 |
Domain | Requested by | |
---|---|---|
16 | admin.booking.com |
admin.hoteladmin.africanjewell.co.za
admin.booking.com |
5 | admin.hoteladmin.africanjewell.co.za |
admin.hoteladmin.africanjewell.co.za
|
4 | r.bstatic.com |
admin.hoteladmin.africanjewell.co.za
|
2 | q.bstatic.com |
admin.hoteladmin.africanjewell.co.za
|
1 | www.google-analytics.com |
admin.hoteladmin.africanjewell.co.za
|
1 | script.hotjar.com |
static.hotjar.com
|
1 | static.hotjar.com |
admin.hoteladmin.africanjewell.co.za
|
1 | www.booking.com |
admin.hoteladmin.africanjewell.co.za
|
0 | vars.hotjar.com Failed |
static.hotjar.com
|
32 | 9 |
This site contains links to these domains. Also see Links.
Domain |
---|
admin.booking.com |
www.booking.com |
join.booking.com |
Subject Issuer | Validity | Valid | |
---|---|---|---|
*.bstatic.com DigiCert SHA2 Secure Server CA |
2017-09-18 - 2018-11-20 |
a year | crt.sh |
admin.booking.com DigiCert SHA2 Extended Validation Server CA |
2016-11-06 - 2017-11-15 |
a year | crt.sh |
www.booking.com DigiCert SHA2 Extended Validation Server CA |
2017-04-06 - 2018-04-11 |
a year | crt.sh |
*.hotjar.com Gandi Standard SSL CA 2 |
2015-10-23 - 2018-11-16 |
3 years | crt.sh |
*.google-analytics.com Google Internet Authority G3 |
2017-10-17 - 2018-01-09 |
3 months | crt.sh |
This page contains 2 frames:
Primary Page:
http://admin.hoteladmin.africanjewell.co.za/hoteladmin/extranet/
Frame ID: 4493.1
Requests: 31 HTTP requests in this frame
Frame:
https://vars.hotjar.com/rcj-99d43ead6bdf30da8ed5ffcb4f17100c.html
Frame ID: 4493.2
Requests: 1 HTTP requests in this frame
Screenshot
Detected technologies
Apache (Web Servers) ExpandDetected patterns
- headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|)HTTPD)/i
Hotjar (Analytics) Expand
Detected patterns
- script /^\/\/static\.hotjar\.com\/c\/hotjar-/i
Modernizr (JavaScript Libraries) Expand
Detected patterns
- script /modernizr(?:-([\d.]*[\d]))?.*\.js/i
Twitter Bootstrap () Expand
Detected patterns
- html /<link[^>]+?href="[^"]+bootstrap(?:\.min)?\.css/i
Page Statistics
7 Outgoing links
These are links going to different origins than the main page.
Search URL Search Domain Scan URL
Title: Log out
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Title: Forgot your password?
Search URL Search Domain Scan URL
Title: Terms of Use
Search URL Search Domain Scan URL
Title: Privacy and Cookie Statement
Search URL Search Domain Scan URL
Title: List your property
Search URL Search Domain Scan URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 25- http://www.google-analytics.com/analytics.js HTTP 307
- https://www.google-analytics.com/analytics.js
32 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
/
admin.hoteladmin.africanjewell.co.za/hoteladmin/extranet/ |
33 KB 33 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
bootstrap.min.css
r.bstatic.com/libs/bootstrap/3.0.0/css/ |
95 KB 16 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
notification.v6523v.css
admin.booking.com/hotel/hoteladmin/extranet_ng/static/css_transpiled/modules/ |
756 B 756 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
tooltip.v6523v.css
admin.booking.com/hotel/hoteladmin/extranet_ng/static/css_transpiled/modules/ |
7 KB 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
46cd9cf9bfd54c484a5601bd35dcc80de105e087.css
r.bstatic.com/backend_static/extranet/css/login_page/ |
12 KB 3 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
new-login.v6523v.css
admin.booking.com/hotel/hoteladmin/extranet_ng/static/css_transpiled/modules/ |
3 KB 967 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
booking_iconfont.v6523v.css
admin.booking.com/hotel/hoteladmin/extranet_ng/static/css_transpiled/ |
18 KB 4 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
error_catcher
admin.booking.com/ |
35 KB 8 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
modernizr.custom.min.js
r.bstatic.com/libs/modernizr/2.6.2/ |
15 KB 6 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
logo.png
admin.booking.com/hotel/hoteladmin/i/ |
2 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
_etnht
www.booking.com/ |
35 B 35 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
hotjar-301883.js
static.hotjar.com/c/ |
12 KB 3 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
ae6c9b84ea8c95bbdc7ea7eede0a827770cd6c63.png
q.bstatic.com/backend_static/extranet/img/logo/homesprite_caption/ |
3 KB 3 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery.min.js
q.bstatic.com/libs/jquery/1.11/ |
94 KB 32 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery.cookie.custom.min.js
r.bstatic.com/libs/jquery-cookie/1.3.1/ |
1 KB 687 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
cookie.warning.v6523v.js
admin.booking.com/hotel/hoteladmin/extranet_ng/static/js/ |
3 KB 882 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
event-names.v6523v.js
admin.booking.com/hotel/hoteladmin/extranet_ng/static/js/modules/ |
2 KB 527 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
tooltip.v6523v.js
admin.booking.com/hotel/hoteladmin/extranet_ng/static/js/modules/ |
12 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
index.v6523v.js
admin.booking.com/hotel/hoteladmin/extranet_ng/static/js/login/ |
4 KB 1 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
ec.v6523v.js
admin.booking.com/hotel/hoteladmin/ec/ |
6 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Cookie set
ui.json
admin.booking.com/hotel/hoteladmin/ec/ |
201 B 190 B |
Script
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
bfp.v6523v.js
admin.booking.com/hotel/hoteladmin/bfp/ |
1 KB 697 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
ga_track_events.v6523v.js
admin.booking.com/hotel/hoteladmin/extranet_ng/static/js/login/ |
3 KB 1 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
fp2.js
admin.booking.com/hotel/hoteladmin/bfp/dependencies/ |
32 KB 9 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
modules-ae1ac99481e08b5ba7df9ac9386c3db5.js
script.hotjar.com/ |
341 KB 68 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
rcj-99d43ead6bdf30da8ed5ffcb4f17100c.html
vars.hotjar.com/ Frame 4493 |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
analytics.js
www.google-analytics.com/ Redirect Chain
|
35 KB 14 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
c.html
admin.hoteladmin.africanjewell.co.za/hotel/hoteladmin/ec/ |
343 B 343 B |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
e.html
admin.hoteladmin.africanjewell.co.za/hotel/hoteladmin/ec/ |
343 B 343 B |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
c.html
admin.hoteladmin.africanjewell.co.za/hotel/hoteladmin/ec/ |
343 B 0 |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
e.html
admin.hoteladmin.africanjewell.co.za/hotel/hoteladmin/ec/ |
343 B 0 |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
navigation_times
admin.booking.com/ |
0 0 |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- vars.hotjar.com
- URL
- https://vars.hotjar.com/rcj-99d43ead6bdf30da8ed5ffcb4f17100c.html
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Booking (Travel)0 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
2 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
admin.hoteladmin.africanjewell.co.za/hoteladmin/extranet | Name: ece Value: QC3flQq75xGQZ3%2BN5VWgpwFN |
|
admin.hoteladmin.africanjewell.co.za/hoteladmin/extranet | Name: ecc Value: QC3flQq75xGQZ3%2BN5VWgpwFN |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
admin.booking.com
admin.hoteladmin.africanjewell.co.za
q.bstatic.com
r.bstatic.com
script.hotjar.com
static.hotjar.com
vars.hotjar.com
www.booking.com
www.google-analytics.com
vars.hotjar.com
198.232.124.194
2a00:1450:4001:816::200e
41.185.8.122
5.57.16.100
5.57.16.51
5.57.16.99
5.57.17.220
94.31.29.249
01f4535ac5285fb56c5d3680284b5980d9a1684c04e9dd49b842d06b72cda548
104a74380171b90ab4ef6fe3b6b644635c4acccc7aabad83cf49a740dd6779fb
14257b3cc7e3c96b897133cb3563f63a7ca47e30b34c64d61db2a6ac30519919
14a61dfbc31308483431f7b27c7f4881c74ce01503c04c6302cf61afdb527d00
1c4e25c21b03f77256fc9aaccfef79d4569d64c5681f859a85b9a4bd34f7d9d8
1cbda21998b65e08a7e936114cabd7f7783d0f590dd6efdd58c7faa8b6e7b9aa
1de87a440a08823986332d82428c40fc5e424ee4b321a75aa1dbb20f27db4942
22cdead82760a46b1e1b96732ffe6ce0018c093e63a89f66f621a1c9f3740949
33f47dbfb0e709c5626140bea3303b2e65b8cb17f7cc2a6b6b44da8c3b6eed68
45fa5c9e6fed4bf92ae35aec5d65164af6365cb957bbfeaa81c96d7aad186c5a
4deedff854a7cb30b6ec8a1ed69ea526e8bd78df07e9d0a7eb0d6fdefcd7c10e
5c5d4f13471a2610bedbb986399000deeba433888fdc32801953405e3852286a
604103a8b75eb669c332bfc82ad28a851a85f62e550f5d8ce18be42fe89e98f2
6078ecfe4b38795ca7d1be580e40fbf27456b366f3bc94d8bf940019b36ed8a0
61d3e46a74be9ba3b70080b652d87c18ffbe36afb15030b27f23a630e4570700
70232189db6d4c4dfb50c39468ad2ba3e30f337eabf694ac9d288e5879e2417d
80e9a1f9c3bdef009e606425a0cce3067c1c5cecbff3b86ecdfb83bfc4f350d4
86cc4820b9bd668a6cc3a9ec0b2752a53c7f7ebd38d36561399e963ee76a8628
991150ecbe31aa3d26907e959a59e69279a7c40ed7f9cf15632c71fef6b3d9dd
9b9265c69a5cc295d1ab0d04e0273b3677db1a6216ce2ccf4efc8c277ed84b39
9ef1dcf3a611c7f6f32ca872c8d0343a99f83874b7b9c754e96afe81e0f63cf4
9fbddc60283752d6c06bcdb7702f75eaae355309702f261f2e3913b4a77f5f6c
a50716934aba9247350a6e8093db6f2978fa97948d469189333ded935f7f607d
afff27f53c4aebc7818c568f1e957773283f498893749a120db8e3c2bd434fef
b3ab0e14f972c47d7b086a409d87e21f3d6986933328d310ea057e8940896b3e
cf44c89cfaf229970882037ce52c3ccd32fc8aabf75dca0bed6899afe7b1192c
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
ecb916133a9376911f10bc5c659952eb0031e457f5df367cde560edbfba38fb8
ed1bcb6945c899e411b74136814466bd657354fbb28730d46c6a745d8ed91a38