ec2-52-40-90-220.us-west-2.compute.amazonaws.com Open in urlscan Pro
52.40.90.220  Malicious Activity! Public Scan

3 Outgoing links

These are links going to different origins than the main page.

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Redirected requests

There were HTTP redirect chains for the following requests:

15 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request Cookie set enter-password Show response ec2-52-40-90-220.us-west-2.compute.amazonaws.com/reconstruct/mp_/https://account.booking.com/oauth/	101 KB 37 KB	1708ms 1307ms	Document text/html	52.40.90.220 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://ec2-52-40-90-220.us-west-2.compute.amazonaws.com/reconstruct/mp_/https://account.booking.com/oauth/enter-password Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 52.40.90.220 Boardman, United States, ASN16509 (AMAZON-02, US), Reverse DNS ec2-52-40-90-220.us-west-2.compute.amazonaws.com Software nginx/1.12.1 / Resource Hash 8af771ecd78bef056f7aca370cec50cfa34ba345bbae6ab5be23147da90f4520 Request headers Host ec2-52-40-90-220.us-west-2.compute.amazonaws.com Connection keep-alive Pragma no-cache Cache-Control no-cache Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 Sec-Fetch-Site none Sec-Fetch-Mode navigate Sec-Fetch-User ?1 Sec-Fetch-Dest document Accept-Encoding gzip, deflate, br Accept-Language en-US Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Server nginx/1.12.1 Date Tue, 14 Apr 2020 07:35:31 GMT Content-Type text/html; charset=UTF-8 Transfer-Encoding chunked Connection keep-alive X-Archive-Orig-server nginx X-Archive-Orig-date Tue, 14 Apr 2020 07:35:30 GMT X-Archive-Orig-transfer-encoding chunked X-Archive-Orig-vary Accept-Encoding X-Archive-Orig-content-security-policy frame-ancestors https://*.booking.com 'self'; report-uri https://csp-receiver.booking.com/csp_violation?type=block&tag=42&pid=1e3e3561fcbf0126&a=page_Oauth__EnterPassword__Index&p=accounts-portal; X-Archive-Orig-content-security-policy-report-only frame-src https://www.youtube.com/embed/Vv4w5SmRkss *.bstatic.com https://www.google.com bstatic.com vars.hotjar.com 'self'; connect-src saa.booking.com www.google-analytics.com collector-pxikkul2rm.perimeterx.net b.perimeterx.net collector-pxikkul2rm.pxchk.net collector-pxikkul2rm.px-cdn.net b.px-cdn.net collector-pxikkul2rm.px-cloud.net vc.hotjar.io in.hotjar.com 'self' 'report-sample'; style-src *.bstatic.com bstatic.com *.static.booking.cn 'self' 'nonce-aYi17nWKjMjJy4d'; object-src 'none'; report-uri https://csp-receiver.booking.com/csp_violation?type=report&tag=41&pid=1e3e3561fcbf0126&a=page_Oauth__EnterPassword__Index&p=accounts-portal; default-src *.bstatic.com bstatic.com 'self'; script-src saa.booking.com *.bstatic.com bstatic.com *.static.booking.cn www.google-analytics.com client.perimeterx.net static.hotjar.com script.hotjar.com 'self' 'nonce-aYi17nWKjMjJy4d' 'report-sample'; img-src 'self' data: www.booking.com account.booking.com *.bstatic.com bstatic.com *.static.booking.cn www.google-analytics.com www.google.com stats.g.doubleclick.net collector-pxikkul2rm.px-cloud.net b.px-cdn.net collector-pxikkul2rm.perimeterx.net collector-a.perimeterx.net www.gstatic.com; base-uri 'none'; X-Archive-Orig-strict-transport-security max-age=17280000 X-Archive-Orig-content-encoding gzip X-Archive-Orig-x-xss-protection 1; mode=block content-encoding gzip Set-Cookie pywb.timestamp=20200414073531; max-age=60
GET H/1.1	200 OK	error_catcher Show response account.booking.com/	35 KB 10 KB	236ms 122ms	Script application/x-javascript	5.57.16.14 BOOKING-BV Bookin...
General Check archive.org Show headers Download Go to Full URL https://account.booking.com/error_catcher Requested by Host: ec2-52-40-90-220.us-west-2.compute.amazonaws.com URL: https://ec2-52-40-90-220.us-west-2.compute.amazonaws.com/reconstruct/mp_/https://account.booking.com/oauth/enter-password Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 5.57.16.14 Amsterdam, Netherlands, ASN43996 (BOOKING-BV Booking.com, NL), Reverse DNS Software nginx / Resource Hash cd4f42cc325fbfb0485d3878c56fa4d0c0d831b3fd6e69c626c8322758f0c60b Security Headers Name Value Content-Security-Policy frame-ancestors https://*.booking.com 'self'; report-uri https://csp-receiver.booking.com/csp_violation?type=block&tag=42&pid=798d35614048035f&a=error_catcher&p=accounts-portal; Strict-Transport-Security max-age=17280000 X-Xss-Protection 1; mode=block Request headers Referer https://ec2-52-40-90-220.us-west-2.compute.amazonaws.com/reconstruct/mp_/https://account.booking.com/oauth/enter-password User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers content-security-policy frame-ancestors https://*.booking.com 'self'; report-uri https://csp-receiver.booking.com/csp_violation?type=block&tag=42&pid=798d35614048035f&a=error_catcher&p=accounts-portal; content-encoding gzip content-security-policy-report-only report-uri https://csp-receiver.booking.com/csp_violation?type=report&tag=41&pid=798d35614048035f&a=error_catcher&p=accounts-portal; default-src *.bstatic.com bstatic.com 'self'; object-src 'none'; connect-src saa.booking.com www.google-analytics.com collector-pxikkul2rm.perimeterx.net b.perimeterx.net collector-pxikkul2rm.pxchk.net collector-pxikkul2rm.px-cdn.net b.px-cdn.net collector-pxikkul2rm.px-cloud.net vc.hotjar.io in.hotjar.com 'self' 'report-sample'; img-src 'self' data: www.booking.com account.booking.com *.bstatic.com bstatic.com *.static.booking.cn www.google-analytics.com www.google.com stats.g.doubleclick.net collector-pxikkul2rm.px-cloud.net b.px-cdn.net collector-pxikkul2rm.perimeterx.net collector-a.perimeterx.net www.gstatic.com; script-src saa.booking.com *.bstatic.com bstatic.com *.static.booking.cn www.google-analytics.com client.perimeterx.net static.hotjar.com script.hotjar.com 'self' 'nonce-CFuxbdu8wCB9eYz' 'report-sample'; frame-src https://www.youtube.com/embed/Vv4w5SmRkss *.bstatic.com https://www.google.com bstatic.com vars.hotjar.com 'self'; base-uri 'none'; style-src *.bstatic.com bstatic.com *.static.booking.cn 'self' 'nonce-CFuxbdu8wCB9eYz'; server nginx date Tue, 14 Apr 2020 07:35:31 GMT vary Accept-Encoding, User-Agent content-type application/x-javascript strict-transport-security max-age=17280000 content-length 8238 x-xss-protection 1; mode=block
GET H2	200	3_5a38c2bb8c616aa744ae.css q-cf.bstatic.com/psb/accountsportal/assets/	105 KB 14 KB	37ms 9ms	Stylesheet text/css	2600:9000:21f3:f400:1f:e2ee:200:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://q-cf.bstatic.com/psb/accountsportal/assets/3_5a38c2bb8c616aa744ae.css Requested by Host: ec2-52-40-90-220.us-west-2.compute.amazonaws.com URL: https://ec2-52-40-90-220.us-west-2.compute.amazonaws.com/reconstruct/mp_/https://account.booking.com/oauth/enter-password Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 2600:9000:21f3:f400:1f:e2ee:200:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software nginx / Resource Hash 286e607cd7bcb96bf2a9f4f8436d273997b7ba6860abc94c71b30b0d6f8dbfd2 Security Headers Name Value Strict-Transport-Security max-age=31536000 X-Xss-Protection 1; mode=block Request headers Referer https://ec2-52-40-90-220.us-west-2.compute.amazonaws.com/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers strict-transport-security max-age=31536000 content-encoding br etag "4064cccc98e697771a55b719e0810050" age 1964811 x-amz-server-side-encryption AES256 x-cache Hit from cloudfront status 200 x-amz-meta-x-deployment-hash 3e8d64084f01c0d7faf8de50b6c894aa821f8bd0 x-xss-protection 1; mode=block access-control-allow-origin * last-modified Fri, 21 Feb 2020 13:37:29 GMT server nginx date Sun, 22 Mar 2020 13:48:40 GMT vary Accept-Encoding content-type text/css via 1.1 edfd22ec6695cdc9d7ac634220af1315.cloudfront.net (CloudFront) cache-control max-age=2592000 x-amz-cf-pop FRA2-C2 timing-allow-origin * x-amz-cf-id PPu9GcFmHoP8tpXa_iCydcqmt4lIFvqyUef57be8a6cyQJdiKqWixA== expires Tue, 21 Apr 2020 13:48:40 GMT
GET H2	200	runtime~Index_5fab51472fb6ca1a193a.js Show response q-cf.bstatic.com/psb/accountsportal/assets/	1 KB 1 KB	37ms 9ms	Script application/javascript	2600:9000:21f3:f400:1f:e2ee:200:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://q-cf.bstatic.com/psb/accountsportal/assets/runtime~Index_5fab51472fb6ca1a193a.js Requested by Host: ec2-52-40-90-220.us-west-2.compute.amazonaws.com URL: https://ec2-52-40-90-220.us-west-2.compute.amazonaws.com/reconstruct/mp_/https://account.booking.com/oauth/enter-password Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 2600:9000:21f3:f400:1f:e2ee:200:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software nginx / Resource Hash 7d94226796322a81bf6f68df1a4f6a8fd60e1102668db8de105fbe1297345c2a Security Headers Name Value Strict-Transport-Security max-age=31536000 X-Xss-Protection 1; mode=block Request headers Referer https://ec2-52-40-90-220.us-west-2.compute.amazonaws.com/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers date Thu, 09 Apr 2020 00:29:07 GMT content-encoding br age 457584 x-amz-server-side-encryption AES256 x-cache Hit from cloudfront status 200 x-amz-meta-x-deployment-hash 3e8d64084f01c0d7faf8de50b6c894aa821f8bd0 strict-transport-security max-age=31536000 x-xss-protection 1; mode=block access-control-allow-origin * x-amz-expiration expiry-date="Sat, 20 Jun 2020 13:37:29 GMT", rule-id="" last-modified Fri, 21 Feb 2020 13:37:29 GMT server nginx etag W/"82295cbf4c91f145f7e3bafa7c6cbf3d" vary Accept-Encoding content-type application/javascript via 1.1 edfd22ec6695cdc9d7ac634220af1315.cloudfront.net (CloudFront) cache-control max-age=2592000 x-amz-cf-pop FRA2-C2 timing-allow-origin * x-amz-cf-id BzAOIRnlBauhGDo1FnktTMArA-I2Zs2Ed2fZM6LXR8RmMljVbjsIxQ== expires Sat, 09 May 2020 00:29:07 GMT
GET H2	200	0_ae816ae13a4109e8c787.js Show response q-cf.bstatic.com/psb/accountsportal/assets/	15 KB 6 KB	49ms 23ms	Script application/javascript	2600:9000:21f3:f400:1f:e2ee:200:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://q-cf.bstatic.com/psb/accountsportal/assets/0_ae816ae13a4109e8c787.js Requested by Host: ec2-52-40-90-220.us-west-2.compute.amazonaws.com URL: https://ec2-52-40-90-220.us-west-2.compute.amazonaws.com/reconstruct/mp_/https://account.booking.com/oauth/enter-password Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 2600:9000:21f3:f400:1f:e2ee:200:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software nginx / Resource Hash 040e887a9b298b688fada4b7cf4254188be61e8dc4f18419414e6d6839114bab Security Headers Name Value Strict-Transport-Security max-age=31536000 X-Xss-Protection 1; mode=block Request headers Referer https://ec2-52-40-90-220.us-west-2.compute.amazonaws.com/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers strict-transport-security max-age=31536000 content-encoding br etag "b6a211f2866b63a85514932dbe728e33" age 1964811 x-amz-server-side-encryption AES256 x-cache Hit from cloudfront status 200 x-amz-meta-x-deployment-hash 3e8d64084f01c0d7faf8de50b6c894aa821f8bd0 x-xss-protection 1; mode=block access-control-allow-origin * last-modified Fri, 21 Feb 2020 13:37:28 GMT server nginx date Sun, 22 Mar 2020 13:48:40 GMT vary Accept-Encoding content-type application/javascript via 1.1 edfd22ec6695cdc9d7ac634220af1315.cloudfront.net (CloudFront) cache-control max-age=2592000 x-amz-cf-pop FRA2-C2 timing-allow-origin * x-amz-cf-id RrhPFQjKw1LK4h09AlPiRhRdtxAgyt9DifThh9z_iB0X_tlfgRFXsA== expires Tue, 21 Apr 2020 13:48:40 GMT
GET H2	200	1_a223fcf19528b4b45a73.js Show response q-cf.bstatic.com/psb/accountsportal/assets/	27 KB 10 KB	37ms 10ms	Script application/javascript	2600:9000:21f3:f400:1f:e2ee:200:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://q-cf.bstatic.com/psb/accountsportal/assets/1_a223fcf19528b4b45a73.js Requested by Host: ec2-52-40-90-220.us-west-2.compute.amazonaws.com URL: https://ec2-52-40-90-220.us-west-2.compute.amazonaws.com/reconstruct/mp_/https://account.booking.com/oauth/enter-password Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 2600:9000:21f3:f400:1f:e2ee:200:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software nginx / Resource Hash dc6090cbf192bef9c6f48091fd963c12a6f6b7aea6ae3e7c721aefe1becd243b Security Headers Name Value Strict-Transport-Security max-age=31536000 X-Xss-Protection 1; mode=block Request headers Referer https://ec2-52-40-90-220.us-west-2.compute.amazonaws.com/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers date Thu, 19 Mar 2020 19:00:22 GMT content-encoding br age 2205309 x-amz-server-side-encryption AES256 x-cache Hit from cloudfront status 200 x-amz-meta-x-deployment-hash 3e8d64084f01c0d7faf8de50b6c894aa821f8bd0 strict-transport-security max-age=31536000 x-xss-protection 1; mode=block access-control-allow-origin * x-amz-expiration expiry-date="Sat, 20 Jun 2020 13:37:29 GMT", rule-id="" last-modified Fri, 21 Feb 2020 13:37:29 GMT server nginx etag W/"85913df084c808f5ab4da2175a5320d9" vary Accept-Encoding content-type application/javascript via 1.1 edfd22ec6695cdc9d7ac634220af1315.cloudfront.net (CloudFront) cache-control max-age=2592000 x-amz-cf-pop FRA2-C2 timing-allow-origin * x-amz-cf-id bwWOkyagLQQLMVdNgLmni5gvhCsILqEujQaD5E1F75gYmk0KxswLzA== expires Sat, 18 Apr 2020 19:00:22 GMT
GET H2	200	3_297d85fc514022cfdc4c.js Show response q-cf.bstatic.com/psb/accountsportal/assets/	726 KB 125 KB	39ms 13ms	Script application/javascript	2600:9000:21f3:f400:1f:e2ee:200:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://q-cf.bstatic.com/psb/accountsportal/assets/3_297d85fc514022cfdc4c.js Requested by Host: ec2-52-40-90-220.us-west-2.compute.amazonaws.com URL: https://ec2-52-40-90-220.us-west-2.compute.amazonaws.com/reconstruct/mp_/https://account.booking.com/oauth/enter-password Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 2600:9000:21f3:f400:1f:e2ee:200:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software nginx / Resource Hash 28782bcd7a92a3fb8e3bfbf9b49664c65e25dbfe579b2dc85e93ed4b6207e566 Security Headers Name Value Strict-Transport-Security max-age=31536000 X-Xss-Protection 1; mode=block Request headers Referer https://ec2-52-40-90-220.us-west-2.compute.amazonaws.com/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers date Fri, 03 Apr 2020 11:13:36 GMT content-encoding br age 937314 x-amz-server-side-encryption AES256 x-cache Hit from cloudfront status 200 x-amz-meta-x-deployment-hash 6adcef92aa1c4c03876ce27ff4fdddd055d48cfe strict-transport-security max-age=31536000 x-xss-protection 1; mode=block access-control-allow-origin * x-amz-expiration expiry-date="Sat, 01 Aug 2020 11:05:46 GMT", rule-id="" last-modified Fri, 03 Apr 2020 11:05:46 GMT server nginx etag W/"2b9f9e4023b91778db7209418b72a11c" vary Accept-Encoding content-type application/javascript via 1.1 edfd22ec6695cdc9d7ac634220af1315.cloudfront.net (CloudFront) cache-control max-age=2592000 x-amz-cf-pop FRA2-C2 timing-allow-origin * x-amz-cf-id Z4ts1312HTy9ZkKI5e_-KirStHFNP2MAcKig3VSDN8_BL8_2lRyK4w== expires Sun, 03 May 2020 11:13:36 GMT
GET H/1.1	200 OK	fvtrpw.gif account.booking.com/_/	35 B 2 KB	272ms 193ms	Image image/gif	5.57.16.14 BOOKING-BV Bookin...
General Check archive.org Show headers Download Go to Show image Full URL https://account.booking.com/_/fvtrpw.gif Requested by Host: ec2-52-40-90-220.us-west-2.compute.amazonaws.com URL: https://ec2-52-40-90-220.us-west-2.compute.amazonaws.com/reconstruct/mp_/https://account.booking.com/oauth/enter-password Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 5.57.16.14 Amsterdam, Netherlands, ASN43996 (BOOKING-BV Booking.com, NL), Reverse DNS Software nginx / Resource Hash 9b9265c69a5cc295d1ab0d04e0273b3677db1a6216ce2ccf4efc8c277ed84b39 Security Headers Name Value Content-Security-Policy frame-ancestors https://*.booking.com 'self'; report-uri https://csp-receiver.booking.com/csp_violation?type=block&tag=42&pid=76a83561dbca0010&a=phishing_pixel&p=accounts-portal; Strict-Transport-Security max-age=17280000 X-Xss-Protection 1; mode=block Request headers Referer https://ec2-52-40-90-220.us-west-2.compute.amazonaws.com/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers date Tue, 14 Apr 2020 07:35:31 GMT server nginx content-security-policy-report-only base-uri 'none'; object-src 'none'; default-src *.bstatic.com bstatic.com 'self'; img-src 'self' data: www.booking.com account.booking.com *.bstatic.com bstatic.com *.static.booking.cn www.google-analytics.com www.google.com stats.g.doubleclick.net collector-pxikkul2rm.px-cloud.net b.px-cdn.net collector-pxikkul2rm.perimeterx.net collector-a.perimeterx.net www.gstatic.com; style-src *.bstatic.com bstatic.com *.static.booking.cn 'self' 'nonce-ttLXwu9Rd0uWXB7'; report-uri https://csp-receiver.booking.com/csp_violation?type=report&tag=41&pid=76a83561dbca0010&a=phishing_pixel&p=accounts-portal; connect-src saa.booking.com www.google-analytics.com collector-pxikkul2rm.perimeterx.net b.perimeterx.net collector-pxikkul2rm.pxchk.net collector-pxikkul2rm.px-cdn.net b.px-cdn.net collector-pxikkul2rm.px-cloud.net vc.hotjar.io in.hotjar.com 'self' 'report-sample'; script-src saa.booking.com *.bstatic.com bstatic.com *.static.booking.cn www.google-analytics.com client.perimeterx.net static.hotjar.com script.hotjar.com 'self' 'nonce-ttLXwu9Rd0uWXB7' 'report-sample'; frame-src https://www.youtube.com/embed/Vv4w5SmRkss *.bstatic.com https://www.google.com bstatic.com vars.hotjar.com 'self'; content-type image/gif content-disposition attachment; filename=etnht.gif transfer-encoding chunked content-security-policy frame-ancestors https://*.booking.com 'self'; report-uri https://csp-receiver.booking.com/csp_violation?type=block&tag=42&pid=76a83561dbca0010&a=phishing_pixel&p=accounts-portal; strict-transport-security max-age=17280000 x-xss-protection 1; mode=block
GET H/1.1	200 OK	etnht.gif account.booking.com/_/	35 B 2 KB	67ms 66ms	Image image/gif	5.57.16.14 BOOKING-BV Bookin...
General Check archive.org Show headers Download Go to Show image Full URL https://account.booking.com/_/etnht.gif Requested by Host: q-cf.bstatic.com URL: https://q-cf.bstatic.com/psb/accountsportal/assets/3_297d85fc514022cfdc4c.js Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 5.57.16.14 Amsterdam, Netherlands, ASN43996 (BOOKING-BV Booking.com, NL), Reverse DNS Software nginx / Resource Hash 9b9265c69a5cc295d1ab0d04e0273b3677db1a6216ce2ccf4efc8c277ed84b39 Security Headers Name Value Content-Security-Policy report-uri https://csp-receiver.booking.com/csp_violation?type=block&tag=42&pid=76a835619ac30160&a=phishing_pixel&p=accounts-portal; frame-ancestors https://*.booking.com 'self'; Strict-Transport-Security max-age=17280000 X-Xss-Protection 1; mode=block Request headers Referer https://q-cf.bstatic.com/psb/accountsportal/assets/3_5a38c2bb8c616aa744ae.css User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers date Tue, 14 Apr 2020 07:35:31 GMT server nginx content-security-policy-report-only style-src *.bstatic.com bstatic.com *.static.booking.cn 'self' 'nonce-moZR6mpOf0PFMaK'; default-src *.bstatic.com bstatic.com 'self'; object-src 'none'; img-src 'self' data: www.booking.com account.booking.com *.bstatic.com bstatic.com *.static.booking.cn www.google-analytics.com www.google.com stats.g.doubleclick.net collector-pxikkul2rm.px-cloud.net b.px-cdn.net collector-pxikkul2rm.perimeterx.net collector-a.perimeterx.net www.gstatic.com; base-uri 'none'; frame-src https://www.youtube.com/embed/Vv4w5SmRkss *.bstatic.com https://www.google.com bstatic.com vars.hotjar.com 'self'; script-src saa.booking.com *.bstatic.com bstatic.com *.static.booking.cn www.google-analytics.com client.perimeterx.net static.hotjar.com script.hotjar.com 'self' 'nonce-moZR6mpOf0PFMaK' 'report-sample'; connect-src saa.booking.com www.google-analytics.com collector-pxikkul2rm.perimeterx.net b.perimeterx.net collector-pxikkul2rm.pxchk.net collector-pxikkul2rm.px-cdn.net b.px-cdn.net collector-pxikkul2rm.px-cloud.net vc.hotjar.io in.hotjar.com 'self' 'report-sample'; report-uri https://csp-receiver.booking.com/csp_violation?type=report&tag=41&pid=76a835619ac30160&a=phishing_pixel&p=accounts-portal; content-type image/gif content-disposition attachment; filename=etnht.gif transfer-encoding chunked content-security-policy report-uri https://csp-receiver.booking.com/csp_violation?type=block&tag=42&pid=76a835619ac30160&a=phishing_pixel&p=accounts-portal; frame-ancestors https://*.booking.com 'self'; strict-transport-security max-age=17280000 x-xss-protection 1; mode=block
GET H2	200	analytics.js Show response www.google-analytics.com/	44 KB 18 KB	6ms 5ms	Script text/javascript	2a00:1450:4001:817::200e GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.google-analytics.com/analytics.js Requested by Host: ec2-52-40-90-220.us-west-2.compute.amazonaws.com URL: https://ec2-52-40-90-220.us-west-2.compute.amazonaws.com/reconstruct/mp_/https://account.booking.com/oauth/enter-password Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:817::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Golfe2 / Resource Hash eaf1b128b927ac2868755cb7366d35554255c8af362235afe270f9614f8c806d Security Headers Name Value Strict-Transport-Security max-age=10886400; includeSubDomains; preload X-Content-Type-Options nosniff Request headers Referer https://ec2-52-40-90-220.us-west-2.compute.amazonaws.com/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers strict-transport-security max-age=10886400; includeSubDomains; preload content-encoding gzip x-content-type-options nosniff last-modified Thu, 06 Feb 2020 00:21:02 GMT server Golfe2 age 7016 date Tue, 14 Apr 2020 05:38:35 GMT vary Accept-Encoding content-type text/javascript status 200 cache-control public, max-age=7200 alt-svc quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000 content-length 18174 expires Tue, 14 Apr 2020 07:38:35 GMT
GET H2	200	collect www.google-analytics.com/	35 B 98 B	6ms 5ms	Image image/gif	2a00:1450:4001:817::200e GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://www.google-analytics.com/collect?v=1&_v=j81&a=1836098637&t=pageview&_s=1&dl=https%3A%2F%2Fec2-52-40-90-220.us-west-2.compute.amazonaws.com%2Freconstruct%2Fmp_%2Fhttps%3A%2F%2Faccount.booking.com%2Foauth%2Fenter-password&dp=%2Freconstruct%2Fmp_%2Fhttps%3A%2F%2Faccount.booking.com%2Foauth%2Fenter-password&ul=en-us&de=UTF-8&dt=Booking.com%20Account&sd=24-bit&sr=1600x1200&vp=1585x1200&je=0&_u=YEBAAEAB~&cid=1896751356.1586849732&tid=UA-116109-18&_gid=997113305.1586849732&z=463381294 Requested by Host: ec2-52-40-90-220.us-west-2.compute.amazonaws.com URL: https://ec2-52-40-90-220.us-west-2.compute.amazonaws.com/reconstruct/mp_/https://account.booking.com/oauth/enter-password Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:817::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Golfe2 / Resource Hash 8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015 Security Headers Name Value X-Content-Type-Options nosniff Request headers Referer https://ec2-52-40-90-220.us-west-2.compute.amazonaws.com/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers pragma no-cache date Mon, 13 Apr 2020 07:57:02 GMT x-content-type-options nosniff last-modified Sun, 17 May 1998 03:00:00 GMT server Golfe2 age 85109 status 200 content-type image/gif access-control-allow-origin * cache-control no-cache, no-store, must-revalidate alt-svc quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000 content-length 35 expires Mon, 01 Jan 1990 00:00:00 GMT
GET H2	200	main.min.js Show response client.perimeterx.net/PXikKuL2RM/	153 KB 62 KB	107ms 33ms	Script application/javascript	151.101.14.110 FASTLY
General Check archive.org Show headers Download Go to Full URL https://client.perimeterx.net/PXikKuL2RM/main.min.js Requested by Host: ec2-52-40-90-220.us-west-2.compute.amazonaws.com URL: https://ec2-52-40-90-220.us-west-2.compute.amazonaws.com/reconstruct/mp_/https://account.booking.com/oauth/enter-password Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 151.101.14.110 Frankfurt am Main, Germany, ASN54113 (FASTLY, US), Reverse DNS Software / Resource Hash e0b2987d65064a236d6f27c3228dfcc25d65aa8636c87651621546712a468766 Request headers Referer https://ec2-52-40-90-220.us-west-2.compute.amazonaws.com/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers date Tue, 14 Apr 2020 07:35:32 GMT content-encoding gzip age 248 x-cache HIT status 200 content-length 63438 x-served-by cache-fra19134-FRA access-control-allow-origin * x-timer S1586849732.022601,VS0,VE0 etag W/"26466-ln4wYEjT3ZSJ1EaoMKLwqDgnexE" vary Accept-Encoding content-type application/javascript; charset=utf-8 via 1.1 varnish cache-control public, max-age=600 accept-ranges bytes x-cache-hits 5
POST H2	200	collector Show response collector-pxikkul2rm.px-cloud.net/api/v2/	779 B 1 KB	137ms 76ms	XHR application/json	35.186.220.184 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://collector-pxikkul2rm.px-cloud.net/api/v2/collector Requested by Host: client.perimeterx.net URL: https://client.perimeterx.net/PXikKuL2RM/main.min.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 35.186.220.184 Mountain View, United States, ASN15169 (GOOGLE, US), Reverse DNS 184.220.186.35.bc.googleusercontent.com Software / Resource Hash dee1a420758299657a7f5be1c98ae0102f3c205f36cff2c847143658d8bf83ec Request headers Referer https://ec2-52-40-90-220.us-west-2.compute.amazonaws.com/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Content-type application/x-www-form-urlencoded Response headers date Tue, 14 Apr 2020 07:35:31 GMT via 1.1 google status 200 access-control-allow-methods GET,HEAD,PUT,PATCH,POST,DELETE content-type application/json; charset=utf-8 access-control-allow-origin https://ec2-52-40-90-220.us-west-2.compute.amazonaws.com access-control-allow-credentials true timing-allow-origin * alt-svc clear content-length 779
POST H/1.1	404 Not Found	navigation_times Show response ec2-52-40-90-220.us-west-2.compute.amazonaws.com/	571 B 726 B	198ms 197ms	XHR text/html	52.40.90.220 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://ec2-52-40-90-220.us-west-2.compute.amazonaws.com/navigation_times?sid=&pid=1e3e3561fcbf0126&nts=0,0,1586849729769,0,0,0,0,1586849729769,1586849729770,1586849729776,1586849729776,1586849730171,1586849729794,1586849730171,1586849731478,1586849731487,1586849731481,1586849731884,1586849731884,1586849731884,1586849731932,1586849731932,1586849731933,0&first=&cdn=cf&dc=1&bo=3&lang=en-us&ref_action=Oauth_EnterPassword_Index&aid=7342860&stype=&route=&ua=&ch=&lt= Requested by Host: ec2-52-40-90-220.us-west-2.compute.amazonaws.com URL: https://ec2-52-40-90-220.us-west-2.compute.amazonaws.com/reconstruct/mp_/https://account.booking.com/oauth/enter-password Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 52.40.90.220 Boardman, United States, ASN16509 (AMAZON-02, US), Reverse DNS ec2-52-40-90-220.us-west-2.compute.amazonaws.com Software nginx/1.12.1 / Resource Hash f1fcb9aeff61cc7415661e9927cea51664771fe031d4f52ef124ee55d64ad297 Request headers Referer https://ec2-52-40-90-220.us-west-2.compute.amazonaws.com/reconstruct/mp_/https://account.booking.com/oauth/enter-password X-Booking-CSRF User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Content-Type application/x-www-form-urlencoded Response headers Date Tue, 14 Apr 2020 07:35:33 GMT Server nginx/1.12.1 Connection keep-alive Content-Length 571 Content-Type text/html
POST H2	200	collector Show response collector-pxikkul2rm.px-cloud.net/api/v2/	524 B 592 B	88ms 87ms	XHR application/json	35.186.220.184 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://collector-pxikkul2rm.px-cloud.net/api/v2/collector Requested by Host: client.perimeterx.net URL: https://client.perimeterx.net/PXikKuL2RM/main.min.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 35.186.220.184 Mountain View, United States, ASN15169 (GOOGLE, US), Reverse DNS 184.220.186.35.bc.googleusercontent.com Software / Resource Hash cacf191a2bf0d1d964b8cf25129e42c23e1726cac0a9562bebd8e8175609590b Request headers Referer https://ec2-52-40-90-220.us-west-2.compute.amazonaws.com/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Content-type application/x-www-form-urlencoded Response headers date Tue, 14 Apr 2020 07:35:32 GMT via 1.1 google status 200 access-control-allow-methods GET,HEAD,PUT,PATCH,POST,DELETE content-type application/json; charset=utf-8 access-control-allow-origin https://ec2-52-40-90-220.us-west-2.compute.amazonaws.com access-control-allow-credentials true timing-allow-origin * alt-svc clear content-length 524

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Booking (Travel)

25 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onformdata object| onpointerrawupdate function| E_ function| onBookingError object| booking object| booking_extra object| B object| webpackJsonp object| __core-js_shared__ object| core object| transportHooks object| regeneratorRuntime undefined| params undefined| search_params string| GoogleAnalyticsObject function| ga object| google_tag_data object| gaplugins object| gaGlobal object| gaData string| _pxAppId string| _pxParam1 object| PXikKuL2RM object| PX undefined| _ikKuL2RMhandler

3 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			.ec2-52-40-90-220.us-west-2.compute.amazonaws.com/	1970-01-19 08:48:56	Name: _gid Value: GA1.5.997113305.1586849732
			.ec2-52-40-90-220.us-west-2.compute.amazonaws.com/	1970-01-20 02:18:41	Name: _ga Value: GA1.5.1896751356.1586849732
			ec2-52-40-90-220.us-west-2.compute.amazonaws.com/reconstruct/mp_/https://account.booking.com/oauth	1970-01-19 08:47:29	Name: pywb.timestamp Value: 20200414073531

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

account.booking.com
client.perimeterx.net
collector-pxikkul2rm.px-cloud.net
ec2-52-40-90-220.us-west-2.compute.amazonaws.com
q-cf.bstatic.com
www.google-analytics.com
151.101.14.110
2600:9000:21f3:f400:1f:e2ee:200:93a1
2a00:1450:4001:817::200e
35.186.220.184
5.57.16.14
52.40.90.220
040e887a9b298b688fada4b7cf4254188be61e8dc4f18419414e6d6839114bab
286e607cd7bcb96bf2a9f4f8436d273997b7ba6860abc94c71b30b0d6f8dbfd2
28782bcd7a92a3fb8e3bfbf9b49664c65e25dbfe579b2dc85e93ed4b6207e566
7d94226796322a81bf6f68df1a4f6a8fd60e1102668db8de105fbe1297345c2a
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
8af771ecd78bef056f7aca370cec50cfa34ba345bbae6ab5be23147da90f4520
9b9265c69a5cc295d1ab0d04e0273b3677db1a6216ce2ccf4efc8c277ed84b39
cacf191a2bf0d1d964b8cf25129e42c23e1726cac0a9562bebd8e8175609590b
cd4f42cc325fbfb0485d3878c56fa4d0c0d831b3fd6e69c626c8322758f0c60b
dc6090cbf192bef9c6f48091fd963c12a6f6b7aea6ae3e7c721aefe1becd243b
dee1a420758299657a7f5be1c98ae0102f3c205f36cff2c847143658d8bf83ec
e0b2987d65064a236d6f27c3228dfcc25d65aa8636c87651621546712a468766
eaf1b128b927ac2868755cb7366d35554255c8af362235afe270f9614f8c806d
f1fcb9aeff61cc7415661e9927cea51664771fe031d4f52ef124ee55d64ad297