booking.admin-acconnt.com
Open in
urlscan Pro
158.160.101.213
Malicious Activity!
Public Scan
Effective URL: https://booking.admin-acconnt.com/appb/login?op_token=EgVvYXV0aCJHChQ2Wjcyb0hPZDM2Tm43emszcGlyaBIJYXV0aG9yaXplGhpodHRwczovL2FkbWlu...
Submission: On December 12 via manual from PH — Scanned from DE
Summary
TLS certificate: Issued by R3 on December 7th 2023. Valid for: 3 months.
This is the only time booking.admin-acconnt.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Booking (Travel)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
2 2 | 2606:4700:303... 2606:4700:3037::ac43:8ba9 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
8 | 158.160.101.213 158.160.101.213 | 200350 (YANDEXCLOUD) (YANDEXCLOUD) | |
8 | 1 |
ASN200350 (YANDEXCLOUD, RU)
booking.admin-acconnt.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
8 |
admin-acconnt.com
booking.admin-acconnt.com |
325 KB |
2 |
book-redirect.xyz
2 redirects
book-redirect.xyz |
2 KB |
8 | 2 |
Domain | Requested by | |
---|---|---|
8 | booking.admin-acconnt.com |
booking.admin-acconnt.com
|
2 | book-redirect.xyz | 2 redirects |
8 | 2 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
booking.admin-acconnt.com R3 |
2023-12-07 - 2024-03-06 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://booking.admin-acconnt.com/appb/login?op_token=EgVvYXV0aCJHChQ2Wjcyb0hPZDM2Tm43emszcGlyaBIJYXV0aG9yaXplGhpodHRwczovL2FkbWluLmJvb2tpbmcuY29tLyoCe31CBGNvZGUqEjCU9v2G9tYmOgBCAFjj-pKrBg
Frame ID: 2358A62CA6DE1C86F6051C6929F131C0
Requests: 8 HTTP requests in this frame
Screenshot
Page Title
Booking.comPage URL History Show full URLs
-
http://book-redirect.xyz/
HTTP 301
https://book-redirect.xyz/ HTTP 302
https://booking.admin-acconnt.com/appb/login?op_token=EgVvYXV0aCJHChQ2Wjcyb0hPZDM2Tm43emszcGlyaBIJYXV0aG9yaXpl... Page URL
Detected technologies
jQuery (JavaScript Libraries) ExpandDetected patterns
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
http://book-redirect.xyz/
HTTP 301
https://book-redirect.xyz/ HTTP 302
https://booking.admin-acconnt.com/appb/login?op_token=EgVvYXV0aCJHChQ2Wjcyb0hPZDM2Tm43emszcGlyaBIJYXV0aG9yaXplGhpodHRwczovL2FkbWluLmJvb2tpbmcuY29tLyoCe31CBGNvZGUqEjCU9v2G9tYmOgBCAFjj-pKrBg Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
8 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
login
booking.admin-acconnt.com/appb/ Redirect Chain
|
97 KB 10 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
925_1975cbc2f7eaad75f590.css
booking.admin-acconnt.com/appb/static/psb/accountsportal/assets/ |
90 KB 91 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
549_19b6685c719a431686fc.css
booking.admin-acconnt.com/appb/static/psb/accountsportal/assets/ |
73 KB 73 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
826_870c205e4e40b913b2fc.css
booking.admin-acconnt.com/appb/static/psb/accountsportal/assets/ |
60 KB 61 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery.min.js
booking.admin-acconnt.com/appb/static/js/ |
87 KB 88 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
chunk.35dr42t4.js
booking.admin-acconnt.com/appb/static/js/ |
117 B 814 B |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
chunk.6dyxqtdf.js
booking.admin-acconnt.com/appb/static/js/ |
234 B 931 B |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
us.png
booking.admin-acconnt.com/appb/static/backend_static/common/flags/new/48-squared/ |
642 B 950 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Booking (Travel)8 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| documentPictureInPicture function| $ function| jQuery function| v function| p function| n function| g function| s3 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
book-redirect.xyz/ | Name: _subid Value: 2pj69q92jh |
|
book-redirect.xyz/ | Name: a7b95 Value: eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkYXRhIjoie1wic3RyZWFtc1wiOntcIjhcIjoxNzAyMzUyODc3fSxcImNhbXBhaWduc1wiOntcIjdcIjoxNzAyMzUyODc3fSxcInRpbWVcIjoxNzAyMzUyODc3fSJ9.vyGtESz0ztSSfMzCi6zUJEueN-gYVuA_bDt8DNGEqX4 |
|
booking.admin-acconnt.com/ | Name: session Value: .eJwdjsFugjAAQP-lZ5tAQbZ6G1XrGNucGSpeTAstDFvaCdTgsn8f2eUdXt7h_YCzvIquBgvJVCdmQLG2AgsgWjh0YAaMPffmItpJraq9y497j5FkQ-oPdGiKkXv19rR8RZ86DITu7gVVI4ufk_-O4pEdraK1NeVmdyvuxqVofeEHNaQ6cRz1lutiyBHu09EQEfgkpm_uRLPvVUMy7BDFfa7fq5g8rZsG2pdrXE1P7qucdkKJfSmDEiIZRTDkDxw-BsKfMBdehFCIPQl-_wDzeEgJ.ZXfX8g.6-fllyymV7emi1xP-N53MCFIGbY |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
book-redirect.xyz
booking.admin-acconnt.com
158.160.101.213
2606:4700:3037::ac43:8ba9
0d55161f3499bb3130bec577208321bf966010398849e6303a6444e48fa31d59
0e27699587add2db711900ce3fe3eb78eb8c3ea99948cc1b673c6e49d392f66b
2d74100a825fc1a4af9272c442187ca4005d0dc1b7b8b61066e02059ada4ab13
806167d33dcf6095d8845679246e520d3cb1d6453f492712ca0096bf43517849
9ce9e48e3361cfb183e7b6e0fa40271fc20dac44c2f6fef6f14fdd0ed3ab677c
a333d02eedde7a4dd8643d58b0ea7947268a1762f35f517eb6000ec9e7fcfae8
c0a5e42015f6e1151eeaf73f4524df3954ef0915c397dec4329cd0d35af0626e
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d