Report - booking-villas.com/robots.txtconfirm.htmlconfirm.htmlconfirm.htmlconfirm.htmlconfirm.htmlconfirm.htmlconfirm.htmlconfirm.htmlconfirm.html

Report Overview

Visited public
2023-11-28 12:42:58
Tags
suspicious
URL
booking-villas.com/robots.txtconfirm.htmlconfirm.htmlconfirm.htmlconfirm.htmlconfirm.htmlconfirm.htmlconfirm.htmlconfirm.htmlconfirm.html
Finishing URL
booking-villas.com/confirm.html
IP / ASN
75.98.175.85
#55293 A2HOSTING
Title
BUSINESS SUITE
Suspicious - Suspicious Javascript code

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
booking-villas.com	unknown	2023-08-15	2015-07-15 01:37:20	2023-11-28 09:39:45	3.4 kB	192 kB	75.98.175.85
www.google.com	7	1997-09-15	2015-05-10 13:11:19	2023-11-19 18:48:38	858 B	2.8 kB	142.250.74.100
www.gstatic.com	unknown	2008-02-11	2016-07-26 11:37:06	2023-11-28 07:45:19	2.0 kB	387 kB	142.250.74.67
api.ipify.org	3267	2014-01-05	2014-10-06 14:38:43	2023-11-27 18:12:51	447 B	219 B	173.231.16.77
api.ipgeolocation.io	39679	2018-02-26	2018-06-28 13:07:23	2023-11-27 13:28:21	489 B	1.3 kB	104.20.61.122

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2023-11-28 12:42:45	low	Client IP	Internal IP	ET INFO External IP Lookup Domain (ipify .org) in DNS Lookup
2023-11-28 12:42:45	low	Client IP	Internal IP	ET INFO External IP Lookup Domain (ipify .org) in DNS Lookup
2023-11-28 12:42:45	low	Client IP	173.231.16.77	ET INFO External IP Address Lookup Domain (ipify .org) in TLS SNI

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

Scan Date	Severity	Indicator	Alert
2023-11-28	medium	booking-villas.com/robots.txtconfirm.htmlconfirm.htmlconfirm.htmlconfirm.htmlconfirm.htmlconfirm.htmlconfirm.htmlconfirm.htmlconfirm.html	Facebook, Inc.
2023-11-24	medium	booking-villas.com/confirm.html	Facebook, Inc.
2023-11-23	medium	booking-villas.com/	Facebook, Inc.
2023-11-23	medium	booking-villas.com/	Facebook, Inc.
2023-11-24	medium	booking-villas.com/confirm.html	Facebook, Inc.
2023-11-23	medium	booking-villas.com/	Facebook, Inc.
2023-11-24	medium	booking-villas.com/confirm.html	Facebook, Inc.

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (4)

	URL	From	Size	First Seen	Last Seen
	www.google.com/recaptcha/api.js?render=explicit	ScriptElement	852 B	2023-11-14	2024-08-20
Pretty URL www.google.com/recaptcha/api.js?render=explicit IP 142.250.74.100 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-11-14 09:04 Last Seen2024-08-20 19:39 Times Seen2436 Hash 045e7f9c6c8e847b367568c957bc95d5 402aeda930f2952fa7618f9980444b844493250b 3aee9726f94b463ddb032522c13856b54261dda89b35907b3f88505b8b83ada9 Loading...

	www.google.com/recaptcha/api.js	ScriptElement	850 B	2023-11-14	2024-08-20
Pretty URL www.google.com/recaptcha/api.js IP 142.250.74.100 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-11-14 09:30 Last Seen2024-08-20 19:39 Times Seen3579 Hash 57e10dcd72dd2953878092014eae522b 95ba7e48825c26c5d9395ef2edb73e790bce6fa7 c7b54326365940d062bce26ed41579eebcb4946a86ba280790b603926692bd59 Loading...

	booking-villas.com/confirm.html	ScriptElement	10 kB	2023-11-23	2024-08-20
Pretty URL booking-villas.com/confirm.html IP 75.98.175.85 ASN #55293 A2HOSTING Introduced by scriptElement Embedded in HTML true Observations First Seen2023-11-23 22:41 Last Seen2024-08-20 18:07 Times Seen16 Hash 266988952375ba370226549d929a086f b6534c54759f52f37ca2bca808fafaa5ccd90002 416f7ad83118100884c0faf441aadfdd85d0d858e80e3cb536a6c0ee65abd87d Loading...

	www.gstatic.com/recaptcha/releases/-QbJqHfGOUB8nuVRLvzFLVed/recaptcha__en.js	ScriptElement	476 kB	2023-11-14	2024-08-20
Pretty URL www.gstatic.com/recaptcha/releases/-QbJqHfGOUB8nuVRLvzFLVed/recaptcha__en.js IP 142.250.74.67 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-11-14 09:02 Last Seen2024-08-20 19:39 Times Seen12206 Hash 23b9dd721490a4062ba8d01454ef6ba9 efdbb7331585411f7d397dacbf51fd3e95f3031d 4970c7161d03503a3eb5ec49e4190a03445c50cd5a9081714bd13183d2d948a7 Loading...

HTTP Transactions (15)

URL IP Response Size

booking-villas.com/robots.txtconfirm.htmlconfirm.htmlconfirm.htmlconfirm.htmlconfirm.htmlconfirm.htmlconfirm.htmlconfirm.htmlconfirm.html

75.98.175.85

302 Moved Temporarily

1.5 kB

URL User Request GET HTTP/1.1
booking-villas.com/robots.txtconfirm.htmlconfirm.htmlconfirm.htmlconfirm.htmlconfirm.htmlconfirm.htmlconfirm.htmlconfirm.htmlconfirm.html
IP
75.98.175.85:443
ASN
#55293 A2HOSTING

Certificate
IssuercPanel, Inc.
Subjectbooking-villas.com
FingerprintF3:E8:08:DE:52:B1:4B:F7:95:AF:D6:12:1A:13:8F:65:46:36:1F:F2
ValidityThu, 23 Nov 2023 00:00:00 GMT - Wed, 21 Feb 2024 23:59:59 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (767), with CRLF line terminators
Size
1.5 kB (1499 bytes)
Hash
ea4b5fd0f74965a7e97dcb908d2415de
23e2d4e906b0641f5104c51520e51f32f366f8fa
f61b0af90358070692843ae37acbf69a3cc54375a072c277bbccddafd22608fc

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Facebook, Inc.

HTTP Headers

GET /robots.txtconfirm.htmlconfirm.htmlconfirm.htmlconfirm.htmlconfirm.htmlconfirm.htmlconfirm.htmlconfirm.htmlconfirm.html HTTP/1.1
Host: booking-villas.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Moved Temporarily
Date: Tue, 28 Nov 2023 12:42:40 GMT
Server: Apache
X-Powered-By: PHP/7.4.33
Strict-Transport-Security: max-age=63072000; includeSubDomains
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Location: confirm.html
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 1499
Keep-Alive: timeout=3, max=500
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

booking-villas.com/confirm.html

75.98.175.85

200 OK

54 kB

URL GET HTTP/1.1
booking-villas.com/confirm.html
IP
75.98.175.85:443
ASN
#55293 A2HOSTING

Requested by
https://booking-villas.com/confirm.html
Certificate
IssuercPanel, Inc.
Subjectbooking-villas.com
FingerprintF3:E8:08:DE:52:B1:4B:F7:95:AF:D6:12:1A:13:8F:65:46:36:1F:F2
ValidityThu, 23 Nov 2023 00:00:00 GMT - Wed, 21 Feb 2024 23:59:59 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (32223), with CRLF line terminators
Size
54 kB (53471 bytes)
Hash
67b30b18ca847a1520f277157fba99a7
f30e1e5c2d7c1d02b6a9d06a26b9bde3c6c9f3fe
b71dbcecfa27fd31c50ba0adfecfd0cf01b9e7d63ffc3a05c530c770e91cca40

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Facebook, Inc.

HTTP Headers

GET /confirm.html HTTP/1.1
Host: booking-villas.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 28 Nov 2023 12:42:41 GMT
Server: Apache
Strict-Transport-Security: max-age=63072000; includeSubDomains
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Last-Modified: Thu, 23 Nov 2023 13:52:28 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Cache-Control: max-age=3600, must-revalidate
Keep-Alive: timeout=3, max=499
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html

booking-villas.com/style.css

75.98.175.85

200 OK

24 kB

URL GET HTTP/1.1
booking-villas.com/style.css
IP
75.98.175.85:443
ASN
#55293 A2HOSTING

Requested by
https://booking-villas.com/confirm.html
Certificate
IssuercPanel, Inc.
Subjectbooking-villas.com
FingerprintF3:E8:08:DE:52:B1:4B:F7:95:AF:D6:12:1A:13:8F:65:46:36:1F:F2
ValidityThu, 23 Nov 2023 00:00:00 GMT - Wed, 21 Feb 2024 23:59:59 GMT

File type
Unicode text, UTF-8 text, with very long lines (65080), with CRLF line terminators
Size
24 kB (24235 bytes)
Hash
2fef660aafc470b8ae6b276c28cdd776
12b5451b26793f887a869e9af45897254879e1b8
cc8b1a0c0827d63eec2c7b9a30d4794ea64fe479cab57c61e86a9d6ad339e4d5

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Facebook, Inc.

HTTP Headers

GET /style.css HTTP/1.1
Host: booking-villas.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://booking-villas.com/confirm.html
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 28 Nov 2023 12:42:41 GMT
Server: Apache
Strict-Transport-Security: max-age=63072000; includeSubDomains
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Last-Modified: Sun, 12 Nov 2023 15:12:22 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Cache-Control: max-age=604800, public
Content-Length: 24235
Keep-Alive: timeout=3, max=498
Connection: Keep-Alive
Content-Type: text/css

www.google.com/recaptcha/api.js

142.250.74.100

200 OK

1.0 kB

URL GET HTTP/2
www.google.com/recaptcha/api.js
IP
142.250.74.100:443
ASN
#15169 GOOGLE

Requested by
https://booking-villas.com/confirm.html
Certificate
IssuerGoogle Trust Services LLC
Subjectwww.google.com
FingerprintB0:8E:97:10:7E:30:90:F6:42:A1:32:63:5C:78:27:D3:A8:F1:05:D1
ValidityMon, 23 Oct 2023 11:24:57 GMT - Mon, 15 Jan 2024 11:24:56 GMT

File type
gzip compressed data\012- data
Size
1.0 kB (1027 bytes)
Hash
a40ccc4f97d487f7066c7e56d2b13dea
01df07a20c9f2c1919579d7222013eaa7bba963d
64f8312ed0de45264ef4a8edd8fd1e852b5a5782607bd28c475dd4034dd43d5f

HTTP Headers

GET /recaptcha/api.js HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://booking-villas.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/javascript; charset=utf-8
expires: Tue, 28 Nov 2023 12:42:41 GMT
date: Tue, 28 Nov 2023 12:42:41 GMT
cache-control: private, max-age=300
cross-origin-resource-policy: cross-origin
content-encoding: gzip
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
content-security-policy: frame-ancestors 'self'
x-xss-protection: 1; mode=block
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

booking-villas.com/Segoe.73e9cd89613cc1d9a962.ttf

75.98.175.85

302 Moved Temporarily

1.5 kB

URL GET HTTP/1.1
booking-villas.com/Segoe.73e9cd89613cc1d9a962.ttf
IP
75.98.175.85:443
ASN
#55293 A2HOSTING

Requested by
https://booking-villas.com/confirm.html
Certificate
IssuercPanel, Inc.
Subjectbooking-villas.com
FingerprintF3:E8:08:DE:52:B1:4B:F7:95:AF:D6:12:1A:13:8F:65:46:36:1F:F2
ValidityThu, 23 Nov 2023 00:00:00 GMT - Wed, 21 Feb 2024 23:59:59 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (767), with CRLF line terminators
Size
1.5 kB (1499 bytes)
Hash
ea4b5fd0f74965a7e97dcb908d2415de
23e2d4e906b0641f5104c51520e51f32f366f8fa
f61b0af90358070692843ae37acbf69a3cc54375a072c277bbccddafd22608fc

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Facebook, Inc.

HTTP Headers

GET /Segoe.73e9cd89613cc1d9a962.ttf HTTP/1.1
Host: booking-villas.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://booking-villas.com/style.css
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Moved Temporarily
Date: Tue, 28 Nov 2023 12:42:41 GMT
Server: Apache
X-Powered-By: PHP/7.4.33
Strict-Transport-Security: max-age=63072000; includeSubDomains
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Location: confirm.html
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 1499
Keep-Alive: timeout=3, max=497
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

booking-villas.com/confirm.html

75.98.175.85

200 OK

54 kB

URL GET HTTP/1.1
booking-villas.com/confirm.html
IP
75.98.175.85:443
ASN
#55293 A2HOSTING

Requested by
https://booking-villas.com/confirm.html
Certificate
IssuercPanel, Inc.
Subjectbooking-villas.com
FingerprintF3:E8:08:DE:52:B1:4B:F7:95:AF:D6:12:1A:13:8F:65:46:36:1F:F2
ValidityThu, 23 Nov 2023 00:00:00 GMT - Wed, 21 Feb 2024 23:59:59 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (32223), with CRLF line terminators
Size
54 kB (53471 bytes)
Hash
67b30b18ca847a1520f277157fba99a7
f30e1e5c2d7c1d02b6a9d06a26b9bde3c6c9f3fe
b71dbcecfa27fd31c50ba0adfecfd0cf01b9e7d63ffc3a05c530c770e91cca40

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Facebook, Inc.

HTTP Headers

GET /confirm.html HTTP/1.1
Host: booking-villas.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://booking-villas.com/style.css
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 28 Nov 2023 12:42:41 GMT
Server: Apache
Strict-Transport-Security: max-age=63072000; includeSubDomains
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Last-Modified: Thu, 23 Nov 2023 13:52:28 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Cache-Control: max-age=3600, must-revalidate
Keep-Alive: timeout=3, max=496
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html

www.gstatic.com/recaptcha/releases/-QbJqHfGOUB8nuVRLvzFLVed/recaptcha__en.js

142.250.74.67

200 OK

191 kB

URL GET HTTP/2
www.gstatic.com/recaptcha/releases/-QbJqHfGOUB8nuVRLvzFLVed/recaptcha__en.js
IP
142.250.74.67:443
ASN
#15169 GOOGLE

Requested by
https://booking-villas.com/confirm.html
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintE5:79:1F:1A:04:3F:B9:B0:FB:41:4E:B5:E5:97:AD:FE:D9:2C:4A:CD
ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT

File type
ASCII text, with very long lines (563)
Size
191 kB (190682 bytes)
Hash
23b9dd721490a4062ba8d01454ef6ba9
efdbb7331585411f7d397dacbf51fd3e95f3031d
4970c7161d03503a3eb5ec49e4190a03445c50cd5a9081714bd13183d2d948a7

HTTP Headers

GET /recaptcha/releases/-QbJqHfGOUB8nuVRLvzFLVed/recaptcha__en.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://booking-villas.com
DNT: 1
Connection: keep-alive
Referer: https://booking-villas.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-length: 190682
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 25 Nov 2023 17:15:26 GMT
expires: Sun, 24 Nov 2024 17:15:26 GMT
cache-control: public, max-age=31536000
last-modified: Tue, 14 Nov 2023 05:42:11 GMT
content-type: text/javascript
vary: Accept-Encoding
age: 242836
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

www.gstatic.com/recaptcha/releases/uEf7E1417z6GNSkRx7AyL8K8/recaptcha__vi.js

142.250.74.67

404 Not Found

1.6 kB

URL GET HTTP/2
www.gstatic.com/recaptcha/releases/uEf7E1417z6GNSkRx7AyL8K8/recaptcha__vi.js
IP
142.250.74.67:443
ASN
#15169 GOOGLE

Requested by
https://booking-villas.com/confirm.html
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintE5:79:1F:1A:04:3F:B9:B0:FB:41:4E:B5:E5:97:AD:FE:D9:2C:4A:CD
ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (1136)
Size
1.6 kB (1621 bytes)
Hash
77f558988aa01e1528573a29a0040cc0
59ff391fe39b76a4aef8c010ee4751eac290ec85
68a6dde7f952136e04fe8c32e5af1d7b1cdeab2ab3f3c5caf36e36f921a0e435

HTTP Headers

GET /recaptcha/releases/uEf7E1417z6GNSkRx7AyL8K8/recaptcha__vi.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://booking-villas.com
DNT: 1
Connection: keep-alive
Referer: https://booking-villas.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 404 Not Found
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
date: Tue, 28 Nov 2023 12:42:42 GMT
content-type: text/html; charset=UTF-8
server: sffe
content-length: 1621
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

www.gstatic.com/recaptcha/releases/-QbJqHfGOUB8nuVRLvzFLVed/recaptcha__en.js

142.250.74.67

200 OK

191 kB

URL GET HTTP/2
www.gstatic.com/recaptcha/releases/-QbJqHfGOUB8nuVRLvzFLVed/recaptcha__en.js
IP
142.250.74.67:443
ASN
#15169 GOOGLE

Requested by
https://booking-villas.com/confirm.html
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintE5:79:1F:1A:04:3F:B9:B0:FB:41:4E:B5:E5:97:AD:FE:D9:2C:4A:CD
ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT

File type
ASCII text, with very long lines (563)
Size
191 kB (190682 bytes)
Hash
23b9dd721490a4062ba8d01454ef6ba9
efdbb7331585411f7d397dacbf51fd3e95f3031d
4970c7161d03503a3eb5ec49e4190a03445c50cd5a9081714bd13183d2d948a7

HTTP Headers

GET /recaptcha/releases/-QbJqHfGOUB8nuVRLvzFLVed/recaptcha__en.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://booking-villas.com
DNT: 1
Connection: keep-alive
Referer: https://booking-villas.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-length: 190682
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 25 Nov 2023 17:15:26 GMT
expires: Sun, 24 Nov 2024 17:15:26 GMT
cache-control: public, max-age=31536000
last-modified: Tue, 14 Nov 2023 05:42:11 GMT
content-type: text/javascript
vary: Accept-Encoding
age: 242836
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

booking-villas.com/favicon.ico

75.98.175.85

302 Moved Temporarily

1.5 kB

URL GET HTTP/1.1
booking-villas.com/favicon.ico
IP
75.98.175.85:443
ASN
#55293 A2HOSTING

Requested by
https://booking-villas.com/confirm.html
Certificate
IssuercPanel, Inc.
Subjectbooking-villas.com
FingerprintF3:E8:08:DE:52:B1:4B:F7:95:AF:D6:12:1A:13:8F:65:46:36:1F:F2
ValidityThu, 23 Nov 2023 00:00:00 GMT - Wed, 21 Feb 2024 23:59:59 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (767), with CRLF line terminators
Size
1.5 kB (1499 bytes)
Hash
ea4b5fd0f74965a7e97dcb908d2415de
23e2d4e906b0641f5104c51520e51f32f366f8fa
f61b0af90358070692843ae37acbf69a3cc54375a072c277bbccddafd22608fc

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Facebook, Inc.

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: booking-villas.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://booking-villas.com/confirm.html
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Moved Temporarily
Date: Tue, 28 Nov 2023 12:42:42 GMT
Server: Apache
X-Powered-By: PHP/7.4.33
Strict-Transport-Security: max-age=63072000; includeSubDomains
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Location: confirm.html
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 1499
Keep-Alive: timeout=3, max=495
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

www.gstatic.com/recaptcha/releases/uEf7E1417z6GNSkRx7AyL8K8/recaptcha__vi.js

142.250.74.67

404 Not Found

1.6 kB

URL GET HTTP/2
www.gstatic.com/recaptcha/releases/uEf7E1417z6GNSkRx7AyL8K8/recaptcha__vi.js
IP
142.250.74.67:443
ASN
#15169 GOOGLE

Requested by
https://booking-villas.com/confirm.html
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintE5:79:1F:1A:04:3F:B9:B0:FB:41:4E:B5:E5:97:AD:FE:D9:2C:4A:CD
ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (1136)
Size
1.6 kB (1621 bytes)
Hash
77f558988aa01e1528573a29a0040cc0
59ff391fe39b76a4aef8c010ee4751eac290ec85
68a6dde7f952136e04fe8c32e5af1d7b1cdeab2ab3f3c5caf36e36f921a0e435

HTTP Headers

GET /recaptcha/releases/uEf7E1417z6GNSkRx7AyL8K8/recaptcha__vi.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://booking-villas.com
DNT: 1
Connection: keep-alive
Referer: https://booking-villas.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 404 Not Found
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
date: Tue, 28 Nov 2023 12:42:42 GMT
content-type: text/html; charset=UTF-8
server: sffe
content-length: 1621
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

api.ipify.org/?format=json

173.231.16.77

200 OK

21 B

URL GET HTTP/1.1
api.ipify.org/?format=json
IP
173.231.16.77:443
ASN
#18450 WEBNX

Requested by
https://booking-villas.com/confirm.html
Certificate
IssuerSectigo Limited
Subject*.ipify.org
FingerprintF4:76:2D:2C:65:D1:15:BE:19:A4:C5:E0:8D:EB:89:1A:B6:75:4A:54
ValidityTue, 07 Feb 2023 00:00:00 GMT - Sun, 18 Feb 2024 23:59:59 GMT

File type
JSON data\012- , ASCII text, with no line terminators
Size
21 B (21 bytes)
Hash
7d69c71af0f191e9a72db6153f8018d1
f67c5f2887bc05654b47f76e9621e53a4091aed1
5bac6e06cf0e1ad38c55f9f9d12122272bf4b8157877629fe68cd33fe2133c65

HTTP Headers

GET /?format=json HTTP/1.1
Host: api.ipify.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://booking-villas.com/
Origin: https://booking-villas.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.25.1
Date: Tue, 28 Nov 2023 12:42:42 GMT
Content-Type: application/json
Content-Length: 21
Connection: keep-alive
Access-Control-Allow-Origin: *
Vary: Origin

booking-villas.com/confirm.html

75.98.175.85

200 OK

54 kB

URL GET HTTP/1.1
booking-villas.com/confirm.html
IP
75.98.175.85:443
ASN
#55293 A2HOSTING

Requested by
https://booking-villas.com/confirm.html
Certificate
IssuercPanel, Inc.
Subjectbooking-villas.com
FingerprintF3:E8:08:DE:52:B1:4B:F7:95:AF:D6:12:1A:13:8F:65:46:36:1F:F2
ValidityThu, 23 Nov 2023 00:00:00 GMT - Wed, 21 Feb 2024 23:59:59 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (32223), with CRLF line terminators
Size
54 kB (53471 bytes)
Hash
67b30b18ca847a1520f277157fba99a7
f30e1e5c2d7c1d02b6a9d06a26b9bde3c6c9f3fe
b71dbcecfa27fd31c50ba0adfecfd0cf01b9e7d63ffc3a05c530c770e91cca40

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Facebook, Inc.

HTTP Headers

GET /confirm.html HTTP/1.1
Host: booking-villas.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://booking-villas.com/confirm.html
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 28 Nov 2023 12:42:42 GMT
Server: Apache
Strict-Transport-Security: max-age=63072000; includeSubDomains
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Last-Modified: Thu, 23 Nov 2023 13:52:28 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Cache-Control: max-age=3600, must-revalidate
Keep-Alive: timeout=3, max=494
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html

www.google.com/recaptcha/api.js?render=explicit

142.250.74.100

200 OK

852 B

URL GET HTTP/2
www.google.com/recaptcha/api.js?render=explicit
IP
142.250.74.100:443
ASN
#15169 GOOGLE

Requested by
https://booking-villas.com/confirm.html
Certificate
IssuerGoogle Trust Services LLC
Subjectwww.google.com
FingerprintB0:8E:97:10:7E:30:90:F6:42:A1:32:63:5C:78:27:D3:A8:F1:05:D1
ValidityMon, 23 Oct 2023 11:24:57 GMT - Mon, 15 Jan 2024 11:24:56 GMT

File type
ASCII text, with very long lines (852), with no line terminators
Size
852 B (852 bytes)
Hash
045e7f9c6c8e847b367568c957bc95d5
402aeda930f2952fa7618f9980444b844493250b
3aee9726f94b463ddb032522c13856b54261dda89b35907b3f88505b8b83ada9

HTTP Headers

GET /recaptcha/api.js?render=explicit HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://booking-villas.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/javascript; charset=utf-8
expires: Tue, 28 Nov 2023 12:42:41 GMT
date: Tue, 28 Nov 2023 12:42:41 GMT
cache-control: private, max-age=300
cross-origin-resource-policy: cross-origin
content-encoding: gzip
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
content-security-policy: frame-ancestors 'self'
x-xss-protection: 1; mode=block
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

api.ipgeolocation.io/ipgeo?apiKey=f40a6ea769ce4740b4d5462dc649bbcf

104.20.61.122

200 OK

845 B

URL GET HTTP/2
api.ipgeolocation.io/ipgeo?apiKey=f40a6ea769ce4740b4d5462dc649bbcf
IP
104.20.61.122:443
ASN
#13335 CLOUDFLARENET

Requested by
https://booking-villas.com/confirm.html
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint6E:F7:63:DC:0F:29:42:1E:46:DC:0B:5B:1B:8A:18:2F:9F:91:0E:59
ValidityFri, 28 Apr 2023 00:00:00 GMT - Sat, 27 Apr 2024 23:59:59 GMT

File type
troff or preprocessor input, ASCII text, with very long lines (977), with no line terminators
Size
845 B (845 bytes)
Hash
782f581baf2fe6ec6b6aebac56ea7d30
9adf101a6b1551a047700e8b2610b682cc4648fd
8975bb910dbb596b5dbdee63b0c5eb4be88381f2200cd5f89a5f523196dc281d

HTTP Headers

GET /ipgeo?apiKey=f40a6ea769ce4740b4d5462dc649bbcf HTTP/1.1
Host: api.ipgeolocation.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://booking-villas.com/
Origin: https://booking-villas.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 28 Nov 2023 12:42:41 GMT
content-type: application/json
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-origin: https://booking-villas.com
access-control-allow-credentials: true
cf-cache-status: DYNAMIC
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 82d2b13ab96756cb-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (4)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (15)

URL User Request GET HTTP/1.1

IP

ASN

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/1.1

IP

ASN

Requested by

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/1.1

IP

ASN

Requested by

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/2

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers