35 lines
875 B
YAML
35 lines
875 B
YAML
id: booking-phish
|
|
|
|
info:
|
|
name: booking phishing Detection
|
|
author: rxerium
|
|
severity: info
|
|
description: |
|
|
A booking phishing website was detected
|
|
reference:
|
|
- https://booking.com
|
|
metadata:
|
|
max-request: 1
|
|
tags: phishing,booking,osint
|
|
http:
|
|
- method: GET
|
|
path:
|
|
- "{{BaseURL}}"
|
|
|
|
host-redirects: true
|
|
max-redirects: 2
|
|
|
|
matchers-condition: and
|
|
matchers:
|
|
- type: word
|
|
words:
|
|
- 'Booking.com | Official site | The best hotels, flights, car rentals & accommodations'
|
|
|
|
- type: status
|
|
status:
|
|
- 200
|
|
|
|
- type: dsl
|
|
dsl:
|
|
- '!contains(host,"booking.com")'
|
|
# digest: 480a0045304302205f3ce54d1d781a586316f76018d953e6f1a5b085c4be0887df7dc073b15363d3021f1162d48bf769a566a9e920702c70b9f4c2f28faf6fe41491149613194f4674:922c64590222798bb761d5b6d8e72950 |