booking.admin-acconnt.com Open in urlscan Pro
158.160.101.213  Malicious Activity! Public Scan

Submitted URL: http://book-redirect.xyz/
Effective URL: https://booking.admin-acconnt.com/appb/login?op_token=EgVvYXV0aCJHChQ2Wjcyb0hPZDM2Tm43emszcGlyaBIJYXV0aG9yaXplGhpodHRwczovL2FkbWlu...
Submission: On December 12 via manual from PH — Scanned from DE

Summary

This website contacted 1 IPs in 2 countries across 2 domains to perform 8 HTTP transactions. The main IP is 158.160.101.213, located in Moscow, Russian Federation and belongs to YANDEXCLOUD, RU. The main domain is booking.admin-acconnt.com.
TLS certificate: Issued by R3 on December 7th 2023. Valid for: 3 months.
This is the only time booking.admin-acconnt.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Booking (Travel)

Domain & IP information

IP Address AS Autonomous System
2 2 2606:4700:303... 13335 (CLOUDFLAR...)
8 158.160.101.213 200350 (YANDEXCLOUD)
8 1
Apex Domain
Subdomains
Transfer
8 admin-acconnt.com
booking.admin-acconnt.com
325 KB
2 book-redirect.xyz
book-redirect.xyz
2 KB
8 2
Domain Requested by
8 booking.admin-acconnt.com booking.admin-acconnt.com
2 book-redirect.xyz 2 redirects
8 2

This site contains no links.

Subject Issuer Validity Valid
booking.admin-acconnt.com
R3
2023-12-07 -
2024-03-06
3 months crt.sh

This page contains 1 frames:

Primary Page: https://booking.admin-acconnt.com/appb/login?op_token=EgVvYXV0aCJHChQ2Wjcyb0hPZDM2Tm43emszcGlyaBIJYXV0aG9yaXplGhpodHRwczovL2FkbWluLmJvb2tpbmcuY29tLyoCe31CBGNvZGUqEjCU9v2G9tYmOgBCAFjj-pKrBg
Frame ID: 2358A62CA6DE1C86F6051C6929F131C0
Requests: 8 HTTP requests in this frame

Screenshot

Page Title

Booking.com

Page URL History Show full URLs

  1. http://book-redirect.xyz/ HTTP 301
    https://book-redirect.xyz/ HTTP 302
    https://booking.admin-acconnt.com/appb/login?op_token=EgVvYXV0aCJHChQ2Wjcyb0hPZDM2Tm43emszcGlyaBIJYXV0aG9yaXpl... Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

8
Requests

100 %
HTTPS

50 %
IPv6

2
Domains

2
Subdomains

1
IPs

2
Countries

325 kB
Transfer

408 kB
Size

3
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://book-redirect.xyz/ HTTP 301
    https://book-redirect.xyz/ HTTP 302
    https://booking.admin-acconnt.com/appb/login?op_token=EgVvYXV0aCJHChQ2Wjcyb0hPZDM2Tm43emszcGlyaBIJYXV0aG9yaXplGhpodHRwczovL2FkbWluLmJvb2tpbmcuY29tLyoCe31CBGNvZGUqEjCU9v2G9tYmOgBCAFjj-pKrBg Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

8 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request login
booking.admin-acconnt.com/appb/
Redirect Chain
  • http://book-redirect.xyz/
  • https://book-redirect.xyz/
  • https://booking.admin-acconnt.com/appb/login?op_token=EgVvYXV0aCJHChQ2Wjcyb0hPZDM2Tm43emszcGlyaBIJYXV0aG9yaXplGhpodHRwczovL2FkbWluLmJvb2tpbmcuY29tLyoCe31CBGNvZGUqEjCU9v2G9tYmOgBCAFjj-pKrBg
97 KB
10 KB
Document
General
Full URL
https://booking.admin-acconnt.com/appb/login?op_token=EgVvYXV0aCJHChQ2Wjcyb0hPZDM2Tm43emszcGlyaBIJYXV0aG9yaXplGhpodHRwczovL2FkbWluLmJvb2tpbmcuY29tLyoCe31CBGNvZGUqEjCU9v2G9tYmOgBCAFjj-pKrBg
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server
158.160.101.213 Moscow, Russian Federation, ASN200350 (YANDEXCLOUD, RU),
Reverse DNS
Software
nginx /
Resource Hash
c0a5e42015f6e1151eeaf73f4524df3954ef0915c397dec4329cd0d35af0626e

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Connection
keep-alive
Content-Encoding
gzip
Content-Type
text/html; charset=utf-8
Date
Tue, 12 Dec 2023 03:48:02 GMT
Server
nginx
Transfer-Encoding
chunked
Vary
Cookie

Redirect headers

access-control-allow-origin
*
alt-svc
h3=":443"; ma=86400
cache-control
no-cache, no-store, must-revalidate
cf-cache-status
DYNAMIC
cf-ray
8342fd2c0f7a65cd-FRA
content-type
text/html; charset=utf-8
date
Tue, 12 Dec 2023 03:47:57 GMT
expires
Tue, 12 Dec 2023 03:47:57 GMT
location
https://booking.admin-acconnt.com/appb/login?op_token=EgVvYXV0aCJHChQ2Wjcyb0hPZDM2Tm43emszcGlyaBIJYXV0aG9yaXplGhpodHRwczovL2FkbWluLmJvb2tpbmcuY29tLyoCe31CBGNvZGUqEjCU9v2G9tYmOgBCAFjj-pKrBg
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zZXu9PcQ3XlLicpray5ALro7X57RMxb2kmRjcAv7h%2FLrccqCnT4%2BTY%2FBtVAuuttUz47okIHMC6VnHVE3lgEQJYBASNkIuEM70zwxIDJsWfByKwNtA4jcHGgo%2F1ezHfK%2FIq4tFD2iZBMcBb7n2H9XEA%3D%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
925_1975cbc2f7eaad75f590.css
booking.admin-acconnt.com/appb/static/psb/accountsportal/assets/
90 KB
91 KB
Stylesheet
General
Full URL
https://booking.admin-acconnt.com/appb/static/psb/accountsportal/assets/925_1975cbc2f7eaad75f590.css
Requested by
Host: booking.admin-acconnt.com
URL: https://booking.admin-acconnt.com/appb/login?op_token=EgVvYXV0aCJHChQ2Wjcyb0hPZDM2Tm43emszcGlyaBIJYXV0aG9yaXplGhpodHRwczovL2FkbWluLmJvb2tpbmcuY29tLyoCe31CBGNvZGUqEjCU9v2G9tYmOgBCAFjj-pKrBg
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server
158.160.101.213 Moscow, Russian Federation, ASN200350 (YANDEXCLOUD, RU),
Reverse DNS
Software
nginx /
Resource Hash
2d74100a825fc1a4af9272c442187ca4005d0dc1b7b8b61066e02059ada4ab13

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://booking.admin-acconnt.com/appb/login?op_token=EgVvYXV0aCJHChQ2Wjcyb0hPZDM2Tm43emszcGlyaBIJYXV0aG9yaXplGhpodHRwczovL2FkbWluLmJvb2tpbmcuY29tLyoCe31CBGNvZGUqEjCU9v2G9tYmOgBCAFjj-pKrBg
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

Date
Tue, 12 Dec 2023 03:48:02 GMT
Last-Modified
Sun, 01 Oct 2023 10:41:18 GMT
Server
nginx
ETag
"1696156878.0-92562-2980586041"
Vary
Cookie
Content-Type
text/css; charset=utf-8
Cache-Control
no-cache
Content-Disposition
inline; filename=925_1975cbc2f7eaad75f590.css
Connection
keep-alive
Content-Length
92562
549_19b6685c719a431686fc.css
booking.admin-acconnt.com/appb/static/psb/accountsportal/assets/
73 KB
73 KB
Stylesheet
General
Full URL
https://booking.admin-acconnt.com/appb/static/psb/accountsportal/assets/549_19b6685c719a431686fc.css
Requested by
Host: booking.admin-acconnt.com
URL: https://booking.admin-acconnt.com/appb/login?op_token=EgVvYXV0aCJHChQ2Wjcyb0hPZDM2Tm43emszcGlyaBIJYXV0aG9yaXplGhpodHRwczovL2FkbWluLmJvb2tpbmcuY29tLyoCe31CBGNvZGUqEjCU9v2G9tYmOgBCAFjj-pKrBg
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server
158.160.101.213 Moscow, Russian Federation, ASN200350 (YANDEXCLOUD, RU),
Reverse DNS
Software
nginx /
Resource Hash
806167d33dcf6095d8845679246e520d3cb1d6453f492712ca0096bf43517849

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://booking.admin-acconnt.com/appb/login?op_token=EgVvYXV0aCJHChQ2Wjcyb0hPZDM2Tm43emszcGlyaBIJYXV0aG9yaXplGhpodHRwczovL2FkbWluLmJvb2tpbmcuY29tLyoCe31CBGNvZGUqEjCU9v2G9tYmOgBCAFjj-pKrBg
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

Date
Tue, 12 Dec 2023 03:48:02 GMT
Last-Modified
Sun, 01 Oct 2023 10:41:10 GMT
Server
nginx
ETag
"1696156870.0-74320-2777162114"
Vary
Cookie
Content-Type
text/css; charset=utf-8
Cache-Control
no-cache
Content-Disposition
inline; filename=549_19b6685c719a431686fc.css
Connection
keep-alive
Content-Length
74320
826_870c205e4e40b913b2fc.css
booking.admin-acconnt.com/appb/static/psb/accountsportal/assets/
60 KB
61 KB
Stylesheet
General
Full URL
https://booking.admin-acconnt.com/appb/static/psb/accountsportal/assets/826_870c205e4e40b913b2fc.css
Requested by
Host: booking.admin-acconnt.com
URL: https://booking.admin-acconnt.com/appb/login?op_token=EgVvYXV0aCJHChQ2Wjcyb0hPZDM2Tm43emszcGlyaBIJYXV0aG9yaXplGhpodHRwczovL2FkbWluLmJvb2tpbmcuY29tLyoCe31CBGNvZGUqEjCU9v2G9tYmOgBCAFjj-pKrBg
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server
158.160.101.213 Moscow, Russian Federation, ASN200350 (YANDEXCLOUD, RU),
Reverse DNS
Software
nginx /
Resource Hash
0e27699587add2db711900ce3fe3eb78eb8c3ea99948cc1b673c6e49d392f66b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://booking.admin-acconnt.com/appb/login?op_token=EgVvYXV0aCJHChQ2Wjcyb0hPZDM2Tm43emszcGlyaBIJYXV0aG9yaXplGhpodHRwczovL2FkbWluLmJvb2tpbmcuY29tLyoCe31CBGNvZGUqEjCU9v2G9tYmOgBCAFjj-pKrBg
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

Date
Tue, 12 Dec 2023 03:48:02 GMT
Last-Modified
Sun, 01 Oct 2023 10:41:08 GMT
Server
nginx
ETag
"1696156868.0-61284-2819432904"
Vary
Cookie
Content-Type
text/css; charset=utf-8
Cache-Control
no-cache
Content-Disposition
inline; filename=826_870c205e4e40b913b2fc.css
Connection
keep-alive
Content-Length
61284
jquery.min.js
booking.admin-acconnt.com/appb/static/js/
87 KB
88 KB
Script
General
Full URL
https://booking.admin-acconnt.com/appb/static/js/jquery.min.js
Requested by
Host: booking.admin-acconnt.com
URL: https://booking.admin-acconnt.com/appb/login?op_token=EgVvYXV0aCJHChQ2Wjcyb0hPZDM2Tm43emszcGlyaBIJYXV0aG9yaXplGhpodHRwczovL2FkbWluLmJvb2tpbmcuY29tLyoCe31CBGNvZGUqEjCU9v2G9tYmOgBCAFjj-pKrBg
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server
158.160.101.213 Moscow, Russian Federation, ASN200350 (YANDEXCLOUD, RU),
Reverse DNS
Software
nginx /
Resource Hash
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://booking.admin-acconnt.com/appb/login?op_token=EgVvYXV0aCJHChQ2Wjcyb0hPZDM2Tm43emszcGlyaBIJYXV0aG9yaXplGhpodHRwczovL2FkbWluLmJvb2tpbmcuY29tLyoCe31CBGNvZGUqEjCU9v2G9tYmOgBCAFjj-pKrBg
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

Date
Tue, 12 Dec 2023 03:48:02 GMT
Last-Modified
Thu, 10 Nov 2022 16:02:20 GMT
Server
nginx
ETag
"1668096140.0-89476-1951667661"
Vary
Cookie
Content-Type
text/javascript; charset=utf-8
Cache-Control
no-cache
Content-Disposition
inline; filename=jquery.min.js
Connection
keep-alive
Content-Length
89476
chunk.35dr42t4.js
booking.admin-acconnt.com/appb/static/js/
117 B
814 B
Script
General
Full URL
https://booking.admin-acconnt.com/appb/static/js/chunk.35dr42t4.js
Requested by
Host: booking.admin-acconnt.com
URL: https://booking.admin-acconnt.com/appb/login?op_token=EgVvYXV0aCJHChQ2Wjcyb0hPZDM2Tm43emszcGlyaBIJYXV0aG9yaXplGhpodHRwczovL2FkbWluLmJvb2tpbmcuY29tLyoCe31CBGNvZGUqEjCU9v2G9tYmOgBCAFjj-pKrBg
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server
158.160.101.213 Moscow, Russian Federation, ASN200350 (YANDEXCLOUD, RU),
Reverse DNS
Software
nginx /
Resource Hash
9ce9e48e3361cfb183e7b6e0fa40271fc20dac44c2f6fef6f14fdd0ed3ab677c

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://booking.admin-acconnt.com/appb/login?op_token=EgVvYXV0aCJHChQ2Wjcyb0hPZDM2Tm43emszcGlyaBIJYXV0aG9yaXplGhpodHRwczovL2FkbWluLmJvb2tpbmcuY29tLyoCe31CBGNvZGUqEjCU9v2G9tYmOgBCAFjj-pKrBg
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

Date
Tue, 12 Dec 2023 03:48:02 GMT
Last-Modified
Sun, 29 Oct 2023 12:46:58 GMT
Server
nginx
ETag
"1698583618.0-117-3331987022"
Vary
Cookie
Content-Type
text/javascript; charset=utf-8
Cache-Control
no-cache
Content-Disposition
inline; filename=chunk.35dr42t4.js
Connection
keep-alive
Content-Length
117
chunk.6dyxqtdf.js
booking.admin-acconnt.com/appb/static/js/
234 B
931 B
Script
General
Full URL
https://booking.admin-acconnt.com/appb/static/js/chunk.6dyxqtdf.js
Requested by
Host: booking.admin-acconnt.com
URL: https://booking.admin-acconnt.com/appb/login?op_token=EgVvYXV0aCJHChQ2Wjcyb0hPZDM2Tm43emszcGlyaBIJYXV0aG9yaXplGhpodHRwczovL2FkbWluLmJvb2tpbmcuY29tLyoCe31CBGNvZGUqEjCU9v2G9tYmOgBCAFjj-pKrBg
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server
158.160.101.213 Moscow, Russian Federation, ASN200350 (YANDEXCLOUD, RU),
Reverse DNS
Software
nginx /
Resource Hash
0d55161f3499bb3130bec577208321bf966010398849e6303a6444e48fa31d59

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://booking.admin-acconnt.com/appb/login?op_token=EgVvYXV0aCJHChQ2Wjcyb0hPZDM2Tm43emszcGlyaBIJYXV0aG9yaXplGhpodHRwczovL2FkbWluLmJvb2tpbmcuY29tLyoCe31CBGNvZGUqEjCU9v2G9tYmOgBCAFjj-pKrBg
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

Date
Tue, 12 Dec 2023 03:48:02 GMT
Last-Modified
Mon, 30 Oct 2023 13:04:48 GMT
Server
nginx
ETag
"1698671088.0-234-3442284348"
Vary
Cookie
Content-Type
text/javascript; charset=utf-8
Cache-Control
no-cache
Content-Disposition
inline; filename=chunk.6dyxqtdf.js
Connection
keep-alive
Content-Length
234
us.png
booking.admin-acconnt.com/appb/static/backend_static/common/flags/new/48-squared/
642 B
950 B
Image
General
Full URL
https://booking.admin-acconnt.com/appb/static/backend_static/common/flags/new/48-squared/us.png
Requested by
Host: booking.admin-acconnt.com
URL: https://booking.admin-acconnt.com/appb/login?op_token=EgVvYXV0aCJHChQ2Wjcyb0hPZDM2Tm43emszcGlyaBIJYXV0aG9yaXplGhpodHRwczovL2FkbWluLmJvb2tpbmcuY29tLyoCe31CBGNvZGUqEjCU9v2G9tYmOgBCAFjj-pKrBg
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server
158.160.101.213 Moscow, Russian Federation, ASN200350 (YANDEXCLOUD, RU),
Reverse DNS
Software
nginx /
Resource Hash
a333d02eedde7a4dd8643d58b0ea7947268a1762f35f517eb6000ec9e7fcfae8

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://booking.admin-acconnt.com/appb/login?op_token=EgVvYXV0aCJHChQ2Wjcyb0hPZDM2Tm43emszcGlyaBIJYXV0aG9yaXplGhpodHRwczovL2FkbWluLmJvb2tpbmcuY29tLyoCe31CBGNvZGUqEjCU9v2G9tYmOgBCAFjj-pKrBg
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

Date
Tue, 12 Dec 2023 03:48:02 GMT
Last-Modified
Sun, 29 Oct 2023 11:48:12 GMT
Server
nginx
ETag
"1698580092.0-642-411312647"
Vary
Cookie
Content-Type
image/png
Cache-Control
no-cache
Content-Disposition
inline; filename=us.png
Connection
keep-alive
Content-Length
642

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Booking (Travel)

8 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| documentPictureInPicture function| $ function| jQuery function| v function| p function| n function| g function| s

3 Cookies

Domain/Path Name / Value
book-redirect.xyz/ Name: _subid
Value: 2pj69q92jh
book-redirect.xyz/ Name: a7b95
Value: eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkYXRhIjoie1wic3RyZWFtc1wiOntcIjhcIjoxNzAyMzUyODc3fSxcImNhbXBhaWduc1wiOntcIjdcIjoxNzAyMzUyODc3fSxcInRpbWVcIjoxNzAyMzUyODc3fSJ9.vyGtESz0ztSSfMzCi6zUJEueN-gYVuA_bDt8DNGEqX4
booking.admin-acconnt.com/ Name: session
Value: .eJwdjsFugjAAQP-lZ5tAQbZ6G1XrGNucGSpeTAstDFvaCdTgsn8f2eUdXt7h_YCzvIquBgvJVCdmQLG2AgsgWjh0YAaMPffmItpJraq9y497j5FkQ-oPdGiKkXv19rR8RZ86DITu7gVVI4ufk_-O4pEdraK1NeVmdyvuxqVofeEHNaQ6cRz1lutiyBHu09EQEfgkpm_uRLPvVUMy7BDFfa7fq5g8rZsG2pdrXE1P7qucdkKJfSmDEiIZRTDkDxw-BsKfMBdehFCIPQl-_wDzeEgJ.ZXfX8g.6-fllyymV7emi1xP-N53MCFIGbY