Report - ellianajennifer.info/AqPEJ

Report Overview

Submitted URL
ellianajennifer.info/AqPEJ
IP
104.21.64.67
ASN
#13335 CLOUDFLARENET
Submitted
2024-05-10 04:28:37
Access
public
Website Title
Booking.com
Final URL
booking.com-03111.info/?utm=7770
Tags
hotel travel phishing
urlquery detections
Phishing - Booking.com

Detections

urlquery
5
Network Intrusion Detection
0
Threat Detection Systems
2

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
ellianajennifer.info	unknown	unknown	No data	No data	482 B	471 kB	172.67.177.83
code.jquery.com	634	2005-12-10	2012-05-21	2024-05-09	453 B	32 kB	151.101.130.137
booking.com-03111.info	unknown	unknown	No data	No data	2.2 kB	491 kB	188.114.97.1

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

Scan Date	Severity	Indicator	Alert
2024-05-09	medium	ellianajennifer.info/AqPEJ	Booking.com

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (3)

	URL	Size	First Seen	Last Seen
	booking.com-03111.info/?utm=7770	847 B	2023-03-07	2024-05-20
Pretty URL booking.com-03111.info/?utm=7770 IP 188.114.97.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:03:07 Last Seen2024-05-20 18:44:24 Times Seen1584 Hash 261fa5f948bd99fdf005f80595805744 51d57156b1974322b3ba8542f48893082199d5e1 1dcf3b0e1f92d593867169c5ee26771d2f3b77f552eee6c73beba961b91d61b7 Loading...

	code.jquery.com/jquery-3.6.0.min.js	90 kB	2023-03-07	2024-05-20
Pretty URL code.jquery.com/jquery-3.6.0.min.js IP 151.101.130.137 ASN #54113 FASTLY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:13 Last Seen2024-05-20 19:10:49 Times Seen275492 Hash 8fb8fee4fcc3cc86ff6c724154c49c42 b82d238d4e31fdf618bae8ac11a6c812c03dd0d4 ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e Loading...

	booking.com-03111.info/?utm=7770	1.5 kB	2024-04-29	2024-05-10
Pretty URL booking.com-03111.info/?utm=7770 IP 188.114.97.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-04-29 08:06:42 Last Seen2024-05-10 06:29:05 Times Seen6 Hash 71d1f46dd9d8902aef4825d687b6c2cd 787eefd5c42dfa30201354a6347a7e882f2e7777 22e9582a0a836805d869d879f4349faa58e22d195730aa7a4fd1cb7a8155c1d4 Loading...

HTTP Transactions (6)

URL IP Response Size

code.jquery.com/jquery-3.6.0.min.js

151.101.130.137

200 OK

31 kB

URL GET HTTP/2
code.jquery.com/jquery-3.6.0.min.js
IP
151.101.130.137:443
ASN
#54113 FASTLY

Requested by
https://booking.com-03111.info/?utm=7770
Certificate
IssuerSectigo Limited
Subject*.jquery.com
FingerprintD2:19:0A:AD:CE:BB:9C:61:17:5D:29:4B:A2:54:E8:C6:91:B8:F9:8D
ValidityTue, 11 Jul 2023 00:00:00 GMT - Sun, 14 Jul 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (65447)
Size
31 kB (30875 bytes)
Hash
8fb8fee4fcc3cc86ff6c724154c49c42
b82d238d4e31fdf618bae8ac11a6c812c03dd0d4
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e

HTTP Headers

GET /jquery-3.6.0.min.js HTTP/1.1
Host: code.jquery.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://booking.com-03111.info
DNT: 1
Connection: keep-alive
Referer: https://booking.com-03111.info/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
content-type: application/javascript; charset=utf-8
last-modified: Fri, 18 Oct 1991 12:00:00 GMT
etag: W/"28feccc0-15d9d"
cache-control: public, max-age=31536000, stale-while-revalidate=604800
access-control-allow-origin: *
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Fri, 10 May 2024 04:28:12 GMT
age: 1171473
x-served-by: cache-lga21931-LGA, cache-hel1410033-HEL
x-cache: HIT, HIT
x-cache-hits: 3, 217731
x-timer: S1715315293.561181,VS0,VE0
vary: Accept-Encoding
content-length: 30875
X-Firefox-Spdy: h2

booking.com-03111.info/window.php

188.114.97.1

200 OK

3.5 kB

URL POST HTTP/3
booking.com-03111.info/window.php
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://booking.com-03111.info/?utm=7770
Certificate
IssuerGoogle Trust Services LLC
Subjectcom-03111.info
FingerprintFA:7C:85:E1:D2:13:18:09:4D:D7:56:AA:A3:38:DE:89:AD:CF:E3:72
ValidityWed, 08 May 2024 09:02:22 GMT - Tue, 06 Aug 2024 09:02:21 GMT

File type
JSON text data
Size
3.5 kB (3483 bytes)
Hash
e2eac3687e17b5927676476319984d60
4000c654e7c3c817f7d6216de91fb4b20050f2b2
3dd6ce6d6c16a472bbb56ad171ecd50420232dc8c55e8fac71709c806527bd24

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Booking.com

HTTP Headers

POST /window.php HTTP/1.1
Host: booking.com-03111.info
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://booking.com-03111.info/?utm=7770
Content-type: application/x-www-form-urlencoded
Content-Length: 4
Origin: https://booking.com-03111.info
DNT: 1
Connection: keep-alive
Cookie: bk-utm=7770; admin-bk=74373449
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 10 May 2024 04:28:17 GMT
content-type: text/html; charset=UTF-8
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=VCmNcuAgW6isFHr1S2qUFwsCr4lV8lDhYzw8q0zpeOdR09A6qGay%2BbiBewmn%2BLXL8ExS5ff5OtlRFr1V3ZIrvjSqH5VRxRvnwZhrOQGydS%2Fyr%2FdRJvmvdtF6hczjXp9eAK%2BrZuPfcAJ4"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 88172e7c5d1056ab-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

booking.com-03111.info/window.php

188.114.97.1

200 OK

7.3 kB

URL POST HTTP/3
booking.com-03111.info/window.php
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://booking.com-03111.info/?utm=7770
Certificate
IssuerGoogle Trust Services LLC
Subjectcom-03111.info
FingerprintFA:7C:85:E1:D2:13:18:09:4D:D7:56:AA:A3:38:DE:89:AD:CF:E3:72
ValidityWed, 08 May 2024 09:02:22 GMT - Tue, 06 Aug 2024 09:02:21 GMT

File type
JSON text data
Size
7.3 kB (7279 bytes)
Hash
e2eac3687e17b5927676476319984d60
4000c654e7c3c817f7d6216de91fb4b20050f2b2
3dd6ce6d6c16a472bbb56ad171ecd50420232dc8c55e8fac71709c806527bd24

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Booking.com

HTTP Headers

POST /window.php HTTP/1.1
Host: booking.com-03111.info
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://booking.com-03111.info/?utm=7770
Content-type: application/x-www-form-urlencoded
Content-Length: 4
Origin: https://booking.com-03111.info
DNT: 1
Connection: keep-alive
Cookie: bk-utm=7770; admin-bk=74373449
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 10 May 2024 04:28:19 GMT
content-type: text/html; charset=UTF-8
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ileg0UyX5uCCmDgpe%2BP%2B1QLf38Qu7s7uEuRAvLbi3HzHOEEeXRvIQqN%2FB3TRF7vAISz1PfMP%2FHHQ%2BkciTSiJneE72PY5jSwqvxcMBHuxkcOkOhjMYYm%2Bbw4wJuo2EnEQDLGiADzfbuhw"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 88172e88dd5856ab-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

booking.com-03111.info/window.php

188.114.97.1

200 OK

7.9 kB

URL POST HTTP/3
booking.com-03111.info/window.php
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://booking.com-03111.info/?utm=7770
Certificate
IssuerGoogle Trust Services LLC
Subjectcom-03111.info
FingerprintFA:7C:85:E1:D2:13:18:09:4D:D7:56:AA:A3:38:DE:89:AD:CF:E3:72
ValidityWed, 08 May 2024 09:02:22 GMT - Tue, 06 Aug 2024 09:02:21 GMT

File type
JSON text data
Size
7.9 kB (7888 bytes)
Hash
e2eac3687e17b5927676476319984d60
4000c654e7c3c817f7d6216de91fb4b20050f2b2
3dd6ce6d6c16a472bbb56ad171ecd50420232dc8c55e8fac71709c806527bd24

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Booking.com

HTTP Headers

POST /window.php HTTP/1.1
Host: booking.com-03111.info
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://booking.com-03111.info/?utm=7770
Content-type: application/x-www-form-urlencoded
Content-Length: 4
Origin: https://booking.com-03111.info
DNT: 1
Connection: keep-alive
Cookie: bk-utm=7770; admin-bk=74373449
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 10 May 2024 04:28:16 GMT
content-type: text/html; charset=UTF-8
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=4%2BaXVfablNXR9ds%2BKJmJdHU%2Fkx3cPMdN0L2UGdPJI4Vriah1FEeH66SmY8ygq0LRyAl16HiaJIn6KDMjnKW6qyH%2Bh39%2FTvUVZ5%2FlmPu0AyuTe928BRSYJz%2FLWTcZv6CZayRfcIlq9jax"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 88172e76195b56ab-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

booking.com-03111.info/?utm=7770

188.114.97.1

200 OK

470 kB

URL User Request GET HTTP/2
booking.com-03111.info/?utm=7770
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services LLC
Subjectcom-03111.info
FingerprintFA:7C:85:E1:D2:13:18:09:4D:D7:56:AA:A3:38:DE:89:AD:CF:E3:72
ValidityWed, 08 May 2024 09:02:22 GMT - Tue, 06 Aug 2024 09:02:21 GMT

File type

Size
470 kB (470189 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Booking.com

HTTP Headers

GET /?utm=7770 HTTP/1.1
Host: booking.com-03111.info
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 10 May 2024 04:28:12 GMT
content-type: text/html; charset=UTF-8
set-cookie: bk-utm=7770
bk-utm=7770
admin-bk=74373449
vary: Accept-Encoding
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=g9OXempwsLFfkEfIyvvJp0K7RtXdDrU%2Bbnh5IYksdM5kdfgBQhiSFWzsbYMthQjA%2FplzFevTkgDj9nVU7dccFh09u%2FlZh47LdXju8niR4VBDLdepJF%2F7WhrzpCMzr8lRs1JkgHSWy8r7"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 88172e604ea6b4f9-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

ellianajennifer.info/AqPEJ

172.67.177.83

301 Moved Permanently

470 kB

URL User Request GET HTTP/2
ellianajennifer.info/AqPEJ
IP
172.67.177.83:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services LLC
Subjectellianajennifer.info
FingerprintDD:2E:8B:5C:5C:E1:06:54:BC:85:25:32:FF:12:98:8C:56:02:0E:EF
ValidityWed, 08 May 2024 12:11:52 GMT - Tue, 06 Aug 2024 12:11:51 GMT

File type

Size
470 kB (470189 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Booking.com

HTTP Headers

GET /AqPEJ HTTP/1.1
Host: ellianajennifer.info
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 301 Moved Permanently
date: Fri, 10 May 2024 04:28:12 GMT
content-type: text/html; charset=UTF-8
location: https://booking.com-03111.info/?utm=7770
x-powered-by: PHP/7.4.33
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
set-cookie: PHPSESSID=b5b23dc850e8ca727417e32ce8a40312; path=/
short_239=1; expires=Fri, 10-May-2024 04:43:12 GMT; Max-Age=900; path=/; HttpOnly
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=vFOUGj0ZP8xPxKB%2BFox1Q8t2Bn%2Fm7H3VobhzSeXKK1Nw7OB2p46MTPpmyJjK%2BCo1oobgJEm%2FSjh3tlXQWb1D6vcArHRy7KI7UNVkTTWg9HgDDMJbUpbtjjixiR91cQpPYp03bpOcmA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 88172e5d8ce9b527-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (3)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (6)

URL GET HTTP/2

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL POST HTTP/3

IP

ASN

Requested by

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL POST HTTP/3

IP

ASN

Requested by

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL POST HTTP/3

IP

ASN