airbnb-paiement.com Open in urlscan Pro
62.210.119.191 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://airbnb-paiement.com/fr/
Effective URL:
https://airbnb-paiement.com/fr/
Submission: On April 09 via automatic, source openphish (April 9th 2022, 1:18:00 pm UTC) — Scanned from FR

Summary HTTP 9 Redirects Links 10 Behaviour Indicators

Summary

This website contacted 1 IPs in 1 countries across 1 domains to perform 9 HTTP transactions. The main IP is 62.210.119.191, located in Valenton, France and belongs to Online SAS, FR. The main domain is airbnb-paiement.com.
TLS certificate: Issued by R3 on April 7th 2022. Valid for: 3 months.

This is the only time airbnb-paiement.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Airbnb (Hospitality)

Domain & IP information

	IP Address		AS Autonomous System
1 10	62.210.119.191 62.210.119.191		12876 (Online SAS) (Online SAS)
9	1

10 62.210.119.191 (Valenton, France) 1 redirects

ASN12876 (Online SAS, FR)

airbnb-paiement.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
10	airbnb-paiement.com 1 redirects airbnb-paiement.com	129 KB
9	1

	Domain	Requested by
10	airbnb-paiement.com	1 redirects airbnb-paiement.com
9	1

This site contains links to these domains. Also see Links.

Domain
www.airbnb.org
community.airbnb.com
press.atairbnb.com
news.airbnb.com
careers.airbnb.com
investors.airbnb.com
www.facebook.com
twitter.com
instagram.com

Subject Issuer	Validity	Valid
airbnb-paiement.com R3	`2022-04-07` - `2022-07-06`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://airbnb-paiement.com/fr/
Frame ID: 18BF2D0BE7FA6E1EE5C0C7D0B4EFE8FB
Requests: 9 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Information Facturation

Page URL History Show full URLs

http://airbnb-paiement.com/fr/ HTTP 301
https://airbnb-paiement.com/fr/ Page URL

Detected technologies

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

9
Requests

100 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

129 kB
Transfer

389 kB
Size

1
Cookies

10 Outgoing links

These are links going to different origins than the main page.

URL: https://www.airbnb.org/?locale=fr
Title: Airbnb.org : réponse aux catastrophes

Search URL Search Domain Scan URL

URL: https://www.airbnb.org/refugees
Title: Soutenir les réfugiés afghans

Search URL Search Domain Scan URL

URL: https://community.airbnb.com/?profile.language=fr
Title: Forum de la communauté

Search URL Search Domain Scan URL

URL: https://press.atairbnb.com/fr/
Title: Newsroom

Search URL Search Domain Scan URL

URL: https://news.airbnb.com/what-makes-airbnb-airbnb
Title: Lettre de nos fondateurs

Search URL Search Domain Scan URL

URL: https://careers.airbnb.com/
Title: Carrières

Search URL Search Domain Scan URL

URL: https://investors.airbnb.com/
Title: Investisseurs

Search URL Search Domain Scan URL

URL: https://www.facebook.com/AirbnbFrance

Search URL Search Domain Scan URL

URL: https://twitter.com/airbnb_fr

Search URL Search Domain Scan URL

URL: https://instagram.com/airbnb

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://airbnb-paiement.com/fr/ HTTP 301
https://airbnb-paiement.com/fr/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

9 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request / Show response airbnb-paiement.com/fr/ Redirect Chain http://airbnb-paiement.com/fr/ https://airbnb-paiement.com/fr/	53 KB 9 KB	68ms 29ms	Document text/html	62.210.119.191 Online SAS
General Check archive.org Show headers Download Go to Full URL https://airbnb-paiement.com/fr/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 62.210.119.191 Valenton, France, ASN12876 (Online SAS, FR), Reverse DNS Software nginx / PHP/8.0.17 PleskLin Resource Hash `4b5d36bdbb98b3c233f491a63605502ee107c9a2447cb3a9bb87d19aebad617f` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36 accept-language fr-FR,fr;q=0.9 Response headers cache-control no-store, no-cache, must-revalidate content-encoding gzip content-length 8881 content-type text/html; charset=UTF-8 date Sat, 09 Apr 2022 13:17:55 GMT expires Thu, 19 Nov 1981 08:52:00 GMT pragma no-cache server nginx vary Accept-Encoding x-powered-by PHP/8.0.17 PleskLin Redirect headers Connection keep-alive Content-Length 162 Content-Type text/html Date Sat, 09 Apr 2022 13:17:55 GMT Location https://airbnb-paiement.com/fr/ Server nginx
GET H2	200	jquery-1.11.3.min.js Show response airbnb-paiement.com/fr/js/	85 KB 29 KB	57ms 56ms	Script application/javascript	62.210.119.191 Online SAS
General Check archive.org Show headers Download Go to Full URL https://airbnb-paiement.com/fr/js/jquery-1.11.3.min.js Requested by Host: airbnb-paiement.com URL: https://airbnb-paiement.com/fr/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 62.210.119.191 Valenton, France, ASN12876 (Online SAS, FR), Reverse DNS Software nginx / PleskLin Resource Hash `160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef` Request headers accept-language fr-FR,fr;q=0.9 Referer https://airbnb-paiement.com/fr/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36 Response headers date Sat, 09 Apr 2022 13:17:55 GMT content-encoding br etag W/"621f720d-15392" last-modified Wed, 02 Mar 2022 13:33:01 GMT server nginx x-powered-by PleskLin content-type application/javascript
GET H2	200	fontair.css airbnb-paiement.com/fr/css/	8 KB 2 KB	76ms 75ms	Stylesheet text/css	62.210.119.191 Online SAS
General Check archive.org Show headers Download Go to Full URL https://airbnb-paiement.com/fr/css/fontair.css Requested by Host: airbnb-paiement.com URL: https://airbnb-paiement.com/fr/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 62.210.119.191 Valenton, France, ASN12876 (Online SAS, FR), Reverse DNS Software nginx / PleskLin Resource Hash `44440dd4c0ad4aafccfc023e4c5336177c27db0f556f1e7f4a816fe8fffcfdba` Request headers Referer https://airbnb-paiement.com/fr/ Origin https://airbnb-paiement.com accept-language fr-FR,fr;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36 Response headers date Sat, 09 Apr 2022 13:17:55 GMT content-encoding br etag W/"624e32de-21e9" last-modified Thu, 07 Apr 2022 00:39:58 GMT server nginx x-powered-by PleskLin content-type text/css
GET H2	200	1.css airbnb-paiement.com/fr/css/	92 KB 10 KB	77ms 76ms	Stylesheet text/css	62.210.119.191 Online SAS
General Check archive.org Show headers Download Go to Full URL https://airbnb-paiement.com/fr/css/1.css Requested by Host: airbnb-paiement.com URL: https://airbnb-paiement.com/fr/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 62.210.119.191 Valenton, France, ASN12876 (Online SAS, FR), Reverse DNS Software nginx / PleskLin Resource Hash `8762cffec2504703067e6a7077ecdfe9c9429866a83419fc5ed051fa8cf915cc` Request headers accept-language fr-FR,fr;q=0.9 Referer https://airbnb-paiement.com/fr/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36 Response headers date Sat, 09 Apr 2022 13:17:55 GMT content-encoding br etag W/"624e144b-16fc0" last-modified Wed, 06 Apr 2022 22:29:31 GMT server nginx x-powered-by PleskLin content-type text/css
GET H2	200	2.css airbnb-paiement.com/fr/css/	80 KB 9 KB	75ms 74ms	Stylesheet text/css	62.210.119.191 Online SAS
General Check archive.org Show headers Download Go to Full URL https://airbnb-paiement.com/fr/css/2.css Requested by Host: airbnb-paiement.com URL: https://airbnb-paiement.com/fr/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 62.210.119.191 Valenton, France, ASN12876 (Online SAS, FR), Reverse DNS Software nginx / PleskLin Resource Hash `e17256bd1b2520dfc436ab42b0e24e7091165919ab9b095f00ec9e7f2451b869` Request headers accept-language fr-FR,fr;q=0.9 Referer https://airbnb-paiement.com/fr/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36 Response headers date Sat, 09 Apr 2022 13:17:55 GMT content-encoding br etag W/"624e144b-140ba" last-modified Wed, 06 Apr 2022 22:29:31 GMT server nginx x-powered-by PleskLin content-type text/css
GET H2	404	IXEOMQ8 airbnb-paiement.com/fr/s0Aa/egFn/nJ/FIo6/QW9A/5uEXSpQNp9ri/dyIVCmg/dmMl/	0 0	45ms 45ms	Script text/html	62.210.119.191 Online SAS
General Check archive.org Show headers Download Go to Full URL https://airbnb-paiement.com/fr/s0Aa/egFn/nJ/FIo6/QW9A/5uEXSpQNp9ri/dyIVCmg/dmMl/IXEOMQ8 Requested by Host: airbnb-paiement.com URL: https://airbnb-paiement.com/fr/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 62.210.119.191 Valenton, France, ASN12876 (Online SAS, FR), Reverse DNS Software nginx / Resource Hash Request headers accept-language fr-FR,fr;q=0.9 Referer https://airbnb-paiement.com/fr/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36 Response headers date Sat, 09 Apr 2022 13:17:55 GMT content-encoding br last-modified Thu, 07 Apr 2022 21:17:47 GMT server nginx etag W/"328-5dc170274e089" content-type text/html
GET H2	200	Airbnb_Cereal-Medium-50fc004b3082375f12ff0cfb67bf8e56.woff2 airbnb-paiement.com/fr/css/	24 KB 24 KB	29ms 29ms	Font font/woff2	62.210.119.191 Online SAS
General Check archive.org Show headers Download Go to Full URL https://airbnb-paiement.com/fr/css/Airbnb_Cereal-Medium-50fc004b3082375f12ff0cfb67bf8e56.woff2 Requested by Host: airbnb-paiement.com URL: https://airbnb-paiement.com/fr/css/fontair.css Protocol H2 Security TLS 1.3, , AES_256_GCM Server 62.210.119.191 Valenton, France, ASN12876 (Online SAS, FR), Reverse DNS Software nginx / PleskLin Resource Hash `b06428a4009f63f0edb5c8cf89ffb84ea978a2b559cc4c14c8e7a0e130ceefc4` Request headers Referer https://airbnb-paiement.com/fr/css/fontair.css Origin https://airbnb-paiement.com accept-language fr-FR,fr;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36 Response headers date Sat, 09 Apr 2022 13:17:55 GMT last-modified Thu, 07 Apr 2022 00:39:56 GMT server nginx x-powered-by PleskLin etag "624e32dc-5e08" content-type font/woff2 accept-ranges bytes content-length 24072
GET H2	200	Airbnb_Cereal-Book-9a1c9cca9bb3d65fefa2aa487617805e.woff2 airbnb-paiement.com/fr/css/	24 KB 24 KB	50ms 50ms	Font font/woff2	62.210.119.191 Online SAS
General Check archive.org Show headers Download Go to Full URL https://airbnb-paiement.com/fr/css/Airbnb_Cereal-Book-9a1c9cca9bb3d65fefa2aa487617805e.woff2 Requested by Host: airbnb-paiement.com URL: https://airbnb-paiement.com/fr/css/fontair.css Protocol H2 Security TLS 1.3, , AES_256_GCM Server 62.210.119.191 Valenton, France, ASN12876 (Online SAS, FR), Reverse DNS Software nginx / PleskLin Resource Hash `b11f01105c8b416bc49025877708638fc1955dc31d2a3fa7904d4e0b0f4ac4b4` Request headers Referer https://airbnb-paiement.com/fr/css/fontair.css Origin https://airbnb-paiement.com accept-language fr-FR,fr;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36 Response headers date Sat, 09 Apr 2022 13:17:55 GMT last-modified Thu, 07 Apr 2022 00:40:00 GMT server nginx x-powered-by PleskLin etag "624e32e0-5ef0" content-type font/woff2 accept-ranges bytes content-length 24304
GET H2	200	Airbnb_Cereal-Bold-bdfb98485e7836ba31b456f65cded088.woff2 airbnb-paiement.com/fr/css/	23 KB 23 KB	60ms 60ms	Font font/woff2	62.210.119.191 Online SAS
General Check archive.org Show headers Download Go to Full URL https://airbnb-paiement.com/fr/css/Airbnb_Cereal-Bold-bdfb98485e7836ba31b456f65cded088.woff2 Requested by Host: airbnb-paiement.com URL: https://airbnb-paiement.com/fr/css/fontair.css Protocol H2 Security TLS 1.3, , AES_256_GCM Server 62.210.119.191 Valenton, France, ASN12876 (Online SAS, FR), Reverse DNS Software nginx / PleskLin Resource Hash `b848d7113c5d21f463bd7b248115b78ae386d1628459bfcdb154f82f083bfc97` Request headers Referer https://airbnb-paiement.com/fr/css/fontair.css Origin https://airbnb-paiement.com accept-language fr-FR,fr;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36 Response headers date Sat, 09 Apr 2022 13:17:55 GMT last-modified Thu, 07 Apr 2022 00:39:59 GMT server nginx x-powered-by PleskLin etag "624e32df-5d48" content-type font/woff2 accept-ranges bytes content-length 23880

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Airbnb (Hospitality)

6 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			airbnb-paiement.com/	1969-12-31 23:59:59	Name: PHPSESSID Value: bplj5mkoadg7d9d3r8hr5o2e3e

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://airbnb-paiement.com/fr/s0Aa/egFn/nJ/FIo6/QW9A/5uEXSpQNp9ri/dyIVCmg/dmMl/IXEOMQ8 Message: Failed to load resource: the server responded with a status of 404 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

airbnb-paiement.com
62.210.119.191
160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef
44440dd4c0ad4aafccfc023e4c5336177c27db0f556f1e7f4a816fe8fffcfdba
4b5d36bdbb98b3c233f491a63605502ee107c9a2447cb3a9bb87d19aebad617f
8762cffec2504703067e6a7077ecdfe9c9429866a83419fc5ed051fa8cf915cc
b06428a4009f63f0edb5c8cf89ffb84ea978a2b559cc4c14c8e7a0e130ceefc4
b11f01105c8b416bc49025877708638fc1955dc31d2a3fa7904d4e0b0f4ac4b4
b848d7113c5d21f463bd7b248115b78ae386d1628459bfcdb154f82f083bfc97
e17256bd1b2520dfc436ab42b0e24e7091165919ab9b095f00ec9e7f2451b869

airbnb-paiement.com Open in urlscan Pro 62.210.119.191 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

9 Requests

100 %HTTPS

0 %IPv6

1 Domains

1 Subdomains

1 IPs

1 Countries

129 kBTransfer

389 kBSize

1 Cookies

10 Outgoing links

Page URL History

Redirected requests

9 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

6 JavaScript Global Variables

1 Cookies

1 Console Messages

Indicators

airbnb-paiement.com Open in urlscan Pro
62.210.119.191 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

9
Requests

100 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

129 kB
Transfer

389 kB
Size

1
Cookies

9 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!