gobooking.ir Open in urlscan Pro
88.99.136.143 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://entrago.space/afda332245e2af431fb7b672a68b659d?refid=YmVybmFyZC5zYXV6ZWF0QGVnZXYuZnI=
Effective URL:
https://gobooking.ir/blog/wp-content/plugins/wp-cms/dan/tonin.php?websrc=59c275dc2e97dd3b896ed4ff2b82a8fd&dispatched=...
Submission: On December 17 via manual (December 17th 2019, 8:24:02 am UTC) from FR

Summary HTTP 69 Redirects Behaviour Indicators

Summary

This website contacted 12 IPs in 6 countries across 13 domains to perform 69 HTTP transactions. The main IP is 88.99.136.143, located in Germany and belongs to HETZNER-AS, DE. The main domain is gobooking.ir.
TLS certificate: Issued by Certum Domain Validation CA SHA2 on January 7th 2019. Valid for: a year.

This is the only time gobooking.ir was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Microsoft (Consumer)

Domain & IP information

	IP Address	AS Autonomous System
1	192.3.204.194 192.3.204.194	36352 (AS-COLOCR...) (AS-COLOCROSSING - ColoCrossing)
1	2001:4de0:ac1... 2001:4de0:ac19::1:b:2b	20446 (HIGHWINDS3) (HIGHWINDS3 - Highwinds Network Group)
3 53	88.99.136.143 88.99.136.143	24940 (HETZNER-AS) (HETZNER-AS)
3	2a02:26f0:6c0... 2a02:26f0:6c00:2bf::35c1	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	212.16.67.4 212.16.67.4	44889 (AZMA-AS) (AZMA-AS)
1	164.215.133.232 164.215.133.232	41881 (FANAVA-AS...) (FANAVA-AS Fanava Group Communication Co.)
2	2a00:1450:400... 2a00:1450:4001:814::2008	15169 (GOOGLE) (GOOGLE - Google LLC)
5	173.224.117.164 173.224.117.164	30083 (HEG-US) (HEG-US - HEG US Inc.)
1	172.217.18.98 172.217.18.98	15169 (GOOGLE) (GOOGLE - Google LLC)
1 2	2a00:1450:400... 2a00:1450:4001:815::200e	15169 (GOOGLE) (GOOGLE - Google LLC)
1 1	2a00:1450:400... 2a00:1450:400c:c00::9d	15169 (GOOGLE) (GOOGLE - Google LLC)
1 1	2a00:1450:400... 2a00:1450:4001:81d::2004	15169 (GOOGLE) (GOOGLE - Google LLC)
1	2a00:1450:400... 2a00:1450:4001:81a::2003	15169 (GOOGLE) (GOOGLE - Google LLC)
2	2a00:1450:400... 2a00:1450:4001:81b::2002	15169 (GOOGLE) (GOOGLE - Google LLC)
69	12

1 192.3.204.194 (Denver, United States)

ASN36352 (AS-COLOCROSSING - ColoCrossing, US)
PTR: wgh5.whogohost.com

entrago.space	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:4de0:ac19::1:b:2b (Netherlands)

ASN20446 (HIGHWINDS3 - Highwinds Network Group, Inc., US)

code.jquery.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

53 88.99.136.143 (Germany) 3 redirects

ASN24940 (HETZNER-AS, DE)
PTR: static.143.136.99.88.clients.your-server.de

gobooking.ir	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a02:26f0:6c00:2bf::35c1 (Ascension Island)

ASN20940 (AKAMAI-ASN1, US)

secure.aadcdn.microsoftonline-p.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 212.16.67.4 (Tehran, Iran, Islamic Republic Of)

ASN44889 (AZMA-AS, IR)

trustseal.enamad.ir	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 164.215.133.232 (Iran, Islamic Republic Of)

ASN41881 (FANAVA-AS Fanava Group Communication Co., IR)

logo.samandehi.ir	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:814::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE - Google LLC, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 173.224.117.164 (Scottsdale, United States)

ASN30083 (HEG-US - HEG US Inc., US)
PTR: mail.livesupporti.com

livesupporti.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.217.18.98 (United States)

ASN15169 (GOOGLE - Google LLC, US)
PTR: zrh04s05-in-f98.1e100.net

www.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:815::200e (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE - Google LLC, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400c:c00::9d (Brussels, Belgium) 1 redirects

ASN15169 (GOOGLE - Google LLC, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:81d::2004 (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE - Google LLC, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:81a::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE - Google LLC, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:81b::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE - Google LLC, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
53	gobooking.ir 3 redirects gobooking.ir	1 MB
5	livesupporti.com livesupporti.com	16 KB
3	doubleclick.net 1 redirects stats.g.doubleclick.net googleads.g.doubleclick.net	161 B
3	microsoftonline-p.com secure.aadcdn.microsoftonline-p.com	294 KB
2	google-analytics.com 1 redirects www.google-analytics.com	18 KB
2	googletagmanager.com www.googletagmanager.com	55 KB
1	google.de www.google.de	109 B
1	google.com 1 redirects www.google.com	183 B
1	googleadservices.com www.googleadservices.com	10 KB
1	samandehi.ir logo.samandehi.ir	26 KB
1	enamad.ir trustseal.enamad.ir	5 KB
1	jquery.com code.jquery.com	24 KB
1	entrago.space entrago.space	3 KB
69	13

	Domain	Requested by
53	gobooking.ir	3 redirects entrago.space gobooking.ir
5	livesupporti.com	gobooking.ir livesupporti.com
3	secure.aadcdn.microsoftonline-p.com	gobooking.ir
2	googleads.g.doubleclick.net	www.googleadservices.com
2	www.google-analytics.com	1 redirects www.googletagmanager.com
2	www.googletagmanager.com	gobooking.ir
1	www.google.de	gobooking.ir
1	www.google.com	1 redirects
1	stats.g.doubleclick.net	1 redirects
1	www.googleadservices.com	www.googletagmanager.com
1	logo.samandehi.ir	gobooking.ir
1	trustseal.enamad.ir	gobooking.ir
1	code.jquery.com	entrago.space
1	entrago.space
69	14

This site contains no links.

Subject Issuer	Validity	Valid
entrago.space cPanel, Inc. Certification Authority	`2019-12-15` - `2020-03-14`	3 months	crt.sh
jquery.org COMODO RSA Domain Validation Secure Server CA	`2018-10-17` - `2020-10-16`	2 years	crt.sh
gobooking.ir Certum Domain Validation CA SHA2	`2019-01-07` - `2020-01-07`	a year	crt.sh
secure.aadcdn.microsoftonline-p.com Microsoft IT TLS CA 4	`2019-07-17` - `2021-07-17`	2 years	crt.sh
*.enamad.ir Certum Domain Validation CA SHA2	`2019-11-20` - `2020-11-19`	a year	crt.sh
logo.samandehi.ir Certum Domain Validation CA SHA2	`2019-08-24` - `2020-08-23`	a year	crt.sh
*.google-analytics.com GTS CA 1O1	`2019-11-13` - `2020-02-05`	3 months	crt.sh
*.livesupporti.com Sectigo RSA Domain Validation Secure Server CA	`2019-05-02` - `2021-05-01`	2 years	crt.sh
www.googleadservices.com GTS CA 1O1	`2019-11-13` - `2020-02-05`	3 months	crt.sh
www.google.de GTS CA 1O1	`2019-11-13` - `2020-02-05`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1O1	`2019-11-13` - `2020-02-05`	3 months	crt.sh

This page contains 3 frames:

Primary Page: https://gobooking.ir/blog/wp-content/plugins/wp-cms/dan/tonin.php?websrc=59c275dc2e97dd3b896ed4ff2b82a8fd&dispatched=97&id=5256694872&email=bernard.sauzeat@egev.fr
Frame ID: 33EE68CF5330C41D900FD18E76B713BF
Requests: 11 HTTP requests in this frame

Frame: https://gobooking.ir/404
Frame ID: 490E206010ECD63970F5555CDCFEC88F
Requests: 57 HTTP requests in this frame

Frame: https://livesupporti.com/Views/clientGUI.htm?location=https://gobooking.ir/404&acc=e369498f-d7e2-4c52-9eef-d43e4f9cfdef&lng=&os=&mobile=false&popup=false&ref=https://gobooking.ir/blog/wp-content/plugins/wp-cms/dan/tonin.php?websrc=59c275dc2e97dd3b896ed4ff2b82a8fd&dispatched=97&id=5256694872&email=bernard.sauzeat@egev.fr
Frame ID: 2FF138EDD5EA6FABBE6125D800F462BC
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

https://entrago.space/afda332245e2af431fb7b672a68b659d?refid=YmVybmFyZC5zYXV6ZWF0QGVnZXYuZnI= Page URL
https://gobooking.ir/blog/wp-content/plugins/wp-cms/dan?email=YmVybmFyZC5zYXV6ZWF0QGVnZXYuZnI= HTTP 301
https://gobooking.ir/blog/wp-content/plugins/wp-cms/dan/?email=YmVybmFyZC5zYXV6ZWF0QGVnZXYuZnI= HTTP 302
https://gobooking.ir/blog/wp-content/plugins/wp-cms/dan/tonin.php?websrc=59c275dc2e97dd3b896ed4ff... Page URL

Detected technologies

Apache (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|\b)HTTPD)/i

Page Statistics

69
Requests

100 %
HTTPS

57 %
IPv6

13
Domains

14
Subdomains

12
IPs

6
Countries

1553 kB
Transfer

1936 kB
Size

5
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://entrago.space/afda332245e2af431fb7b672a68b659d?refid=YmVybmFyZC5zYXV6ZWF0QGVnZXYuZnI= Page URL
https://gobooking.ir/blog/wp-content/plugins/wp-cms/dan?email=YmVybmFyZC5zYXV6ZWF0QGVnZXYuZnI= HTTP 301
https://gobooking.ir/blog/wp-content/plugins/wp-cms/dan/?email=YmVybmFyZC5zYXV6ZWF0QGVnZXYuZnI= HTTP 302
https://gobooking.ir/blog/wp-content/plugins/wp-cms/dan/tonin.php?websrc=59c275dc2e97dd3b896ed4ff2b82a8fd&dispatched=97&id=5256694872&email=bernard.sauzeat@egev.fr Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 8

https://gobooking.ir/blog/wp-content/plugins/wp-cms/dan/data_files/Prefetch.html HTTP 302
https://gobooking.ir/404

Request Chain 61

https://www.google-analytics.com/r/collect?v=1&_v=j79&a=762431206&t=pageview&_s=1&dl=https%3A%2F%2Fgobooking.ir%2F404&ul=en-us&de=UTF-8&dt=GoBooking%20%7C%20%D8%B1%D8%B2%D8%B1%D9%88%D8%A7%D8%B3%DB%8C%D9%88%D9%86%20%D8%A2%D9%86%D9%84%D8%A7%DB%8C%D9%86%20%D9%87%D8%AA%D9%84%20%D8%AF%D8%B1%20%D8%B3%D8%B1%D8%A7%D8%B3%D8%B1%20%D8%AF%D9%86%DB%8C%D8%A7%20%D8%A8%D8%A7%20%DA%A9%D8%A7%D8%B1%D8%AA%20%D8%B4%D8%AA%D8%A7%D8%A8&sd=24-bit&sr=1600x1200&vp=&je=0&_u=IEBAAUAB~&jid=1027785892&gjid=2059250388&cid=430252968.1576571034&tid=UA-83061144-1&_gid=1178172157.1576571034&_r=1&gtm=2oac61&z=1088982273 HTTP 302
https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-83061144-1&cid=430252968.1576571034&jid=1027785892&_gid=1178172157.1576571034&gjid=2059250388&_v=j79&z=1088982273 HTTP 302
https://www.google.com/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-83061144-1&cid=430252968.1576571034&jid=1027785892&_v=j79&z=1088982273 HTTP 302
https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-83061144-1&cid=430252968.1576571034&jid=1027785892&_v=j79&z=1088982273&slf_rd=1&random=2908111283

69 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK afda332245e2af431fb7b672a68b659d Show response
entrago.space/ 3 KB
3 KB 752ms
504ms Document
text/html 192.3.204.194
ColoCrossing

General

Domain/Path	Expires	Name / Value
.gobooking.ir/	1970-01-19 23:27:23	Name: _ga Value: GA1.2.430252968.1576571034
.gobooking.ir/	1970-01-19 05:56:11	Name: _gat_gtag_UA_83061144_1 Value: 1
gobooking.ir/	1970-01-19 05:56:18	Name: laravel_session Value: eyJpdiI6Ilg0clljSXhMalFScjg2UVwvdVhQdWNBPT0iLCJ2YWx1ZSI6Imp0OFlubSt2Z0pBY2ZsQUxOa29Sa3pEb2JyaU9ucjNMUHVuS3hsbUtia0dmekNzTU5sM3BnTXB0UnJrQVRjOGtRXC9lSlhZOEFLYjUyXC9SZGdQc3ZCeGc9PSIsIm1hYyI6ImMwMmNmZDA4NTJmOWI1Y2U3MjhiMDkyMmNiNDM4NmI4Y2NkOGQ0ZWM1MzFkYjI4MDNkMmMyMWNmNjU2N2Q5ZGIifQ%3D%3D
.gobooking.ir/	1970-01-19 05:57:37	Name: _gid Value: GA1.2.1178172157.1576571034
gobooking.ir/	1969-12-31 23:59:59	Name: PHPSESSID Value: bbb0622752cc54052886b15c7eafc206

gobooking.ir Open in urlscan Pro 88.99.136.143 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

69 Requests

100 %HTTPS

57 %IPv6

13 Domains

14 Subdomains

12 IPs

6 Countries

1553 kBTransfer

1936 kBSize

5 Cookies

0 Outgoing links

Page URL History

Redirected requests

69 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

gobooking.ir Open in urlscan Pro
88.99.136.143 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

69
Requests

100 %
HTTPS

57 %
IPv6

13
Domains

14
Subdomains

12
IPs

6
Countries

1553 kB
Transfer

1936 kB
Size

5
Cookies

69 HTTP transactions
0 data transactions