booking.extranet-9484762.org Open in urlscan Pro
193.233.80.85 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://booking.extranet-9484762.org/account-recovery
Submission Tags: @ecarlesi possiblethreat phishing booking Search All
Submission: On February 25 via api (February 25th 2024, 7:09:28 am UTC) from IT — Scanned from IT

Summary HTTP 10 Redirects Links 4 Behaviour Indicators

Summary

This website contacted 1 IPs in 1 countries across 1 domains to perform 10 HTTP transactions. The main IP is 193.233.80.85, located in Frankfurt am Main, Germany and belongs to DPKGSOFT-AS _, GB. The main domain is booking.extranet-9484762.org.
TLS certificate: Issued by R3 on February 24th 2024. Valid for: 3 months.

This is the only time booking.extranet-9484762.org was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Booking (Travel)

Domain & IP information

	IP Address		AS Autonomous System
10	193.233.80.85 193.233.80.85		215590 (DPKGSOFT-...) (DPKGSOFT-AS _)
10	1

10 193.233.80.85 (Frankfurt am Main, Germany)

ASN215590 (DPKGSOFT-AS _, GB)
PTR: 44778.hosted-by.xorek.cloud

booking.extranet-9484762.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
10	extranet-9484762.org booking.extranet-9484762.org	471 KB
10	1

	Domain	Requested by
10	booking.extranet-9484762.org	booking.extranet-9484762.org
10	1

This site contains links to these domains. Also see Links.

Domain
account.booking.com
secure.booking.com
partner.booking.com

Subject Issuer	Validity	Valid
booking.extranet-9484762.org R3	`2024-02-24` - `2024-05-24`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://booking.extranet-9484762.org/account-recovery
Frame ID: 336F43DB17514D0797365E07033B5F80
Requests: 10 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Booking.com

Page Statistics

10
Requests

100 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

471 kB
Transfer

668 kB
Size

1
Cookies

4 Outgoing links

These are links going to different origins than the main page.

URL: https://account.booking.com/sign-in

Search URL Search Domain Scan URL

URL: https://secure.booking.com/content/cs.en-us.html?aid=304142

Search URL Search Domain Scan URL

URL: https://partner.booking.com/en-us?utm_source=extranet_login_page
Title: Partner Help

Search URL Search Domain Scan URL

URL: https://partner.booking.com/en-us/node/27/?utm_content=27&utm_source=extranet_login_page
Title: Partner Community

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

10 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request account-recovery Show response booking.extranet-9484762.org/	222 KB 23 KB	746ms 115ms	Document text/html	193.233.80.85 DPKGSOFT-AS _
General Check archive.org Show headers Download Go to Full URL https://booking.extranet-9484762.org/account-recovery Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 193.233.80.85 Frankfurt am Main, Germany, ASN215590 (DPKGSOFT-AS _, GB), Reverse DNS 44778.hosted-by.xorek.cloud Software nginx/1.18.0 (Ubuntu) / Resource Hash `c06666e1e99816e1e9bb8c9579f60bd52d3c5c94f434faa42bb2118b9b78cd69` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36 accept-language it-IT,it;q=0.9 Response headers Cache-Control no-store, no-cache, must-revalidate Connection keep-alive Content-Encoding gzip Content-Type text/html; charset=UTF-8 Date Sun, 25 Feb 2024 07:09:24 GMT Expires Thu, 19 Nov 1981 08:52:00 GMT Pragma no-cache Server nginx/1.18.0 (Ubuntu) Transfer-Encoding chunked
GET H/1.1	200 OK	45_1975cbc2f7eaad75f590.css booking.extranet-9484762.org/index_files/	109 KB 110 KB	84ms 72ms	Stylesheet text/css	193.233.80.85 DPKGSOFT-AS _
General Check archive.org Show headers Download Go to Full URL https://booking.extranet-9484762.org/index_files/45_1975cbc2f7eaad75f590.css Requested by Host: booking.extranet-9484762.org URL: https://booking.extranet-9484762.org/account-recovery Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 193.233.80.85 Frankfurt am Main, Germany, ASN215590 (DPKGSOFT-AS _, GB), Reverse DNS 44778.hosted-by.xorek.cloud Software nginx/1.18.0 (Ubuntu) / Resource Hash `bbe001a97f8585335674d8d46267e0ad81fd31edd9eb5ef0ce94d7a91dc4c92a` Request headers accept-language it-IT,it;q=0.9 Referer https://booking.extranet-9484762.org/account-recovery User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36 Response headers Date Sun, 25 Feb 2024 07:09:24 GMT Last-Modified Sat, 24 Feb 2024 10:34:46 GMT Server nginx/1.18.0 (Ubuntu) ETag "65d9c646-1b572" Content-Type text/css Connection keep-alive Accept-Ranges bytes Content-Length 111986
GET H/1.1	200 OK	336_afde72b9aaa8302ff017.css booking.extranet-9484762.org/index_files/	84 KB 84 KB	249ms 109ms	Stylesheet text/css	193.233.80.85 DPKGSOFT-AS _
General Check archive.org Show headers Download Go to Full URL https://booking.extranet-9484762.org/index_files/336_afde72b9aaa8302ff017.css Requested by Host: booking.extranet-9484762.org URL: https://booking.extranet-9484762.org/account-recovery Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 193.233.80.85 Frankfurt am Main, Germany, ASN215590 (DPKGSOFT-AS _, GB), Reverse DNS 44778.hosted-by.xorek.cloud Software nginx/1.18.0 (Ubuntu) / Resource Hash `bc13e6352f5ff0817071d8d472ce24aa0361d6d0ac59b34fc551aed4485f68fa` Request headers accept-language it-IT,it;q=0.9 Referer https://booking.extranet-9484762.org/account-recovery User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36 Response headers Date Sun, 25 Feb 2024 07:09:24 GMT Last-Modified Sat, 24 Feb 2024 10:34:26 GMT Server nginx/1.18.0 (Ubuntu) ETag "65d9c632-1506d" Content-Type text/css Connection keep-alive Accept-Ranges bytes Content-Length 86125
GET H/1.1	200 OK	826_0d1737e180931a217647.css booking.extranet-9484762.org/index_files/	60 KB 60 KB	220ms 73ms	Stylesheet text/css	193.233.80.85 DPKGSOFT-AS _
General Check archive.org Show headers Download Go to Full URL https://booking.extranet-9484762.org/index_files/826_0d1737e180931a217647.css Requested by Host: booking.extranet-9484762.org URL: https://booking.extranet-9484762.org/account-recovery Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 193.233.80.85 Frankfurt am Main, Germany, ASN215590 (DPKGSOFT-AS _, GB), Reverse DNS 44778.hosted-by.xorek.cloud Software nginx/1.18.0 (Ubuntu) / Resource Hash `5522523714d946a5810383bbca991c678457eed981b987d65f352c9fed2dc7d9` Request headers accept-language it-IT,it;q=0.9 Referer https://booking.extranet-9484762.org/account-recovery User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36 Response headers Date Sun, 25 Feb 2024 07:09:24 GMT Last-Modified Sat, 24 Feb 2024 10:34:47 GMT Server nginx/1.18.0 (Ubuntu) ETag "65d9c647-ef43" Content-Type text/css Connection keep-alive Accept-Ranges bytes Content-Length 61251
GET H/1.1	200 OK	style.css booking.extranet-9484762.org/index_files/	990 B 1 KB	223ms 68ms	Stylesheet text/css	193.233.80.85 DPKGSOFT-AS _
General Check archive.org Show headers Download Go to Full URL https://booking.extranet-9484762.org/index_files/style.css Requested by Host: booking.extranet-9484762.org URL: https://booking.extranet-9484762.org/account-recovery Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 193.233.80.85 Frankfurt am Main, Germany, ASN215590 (DPKGSOFT-AS _, GB), Reverse DNS 44778.hosted-by.xorek.cloud Software nginx/1.18.0 (Ubuntu) / Resource Hash `ca2b40fd340e219f752e22d0d99e35f6432fb9bf8338bc84d3bc8dde34e35754` Request headers accept-language it-IT,it;q=0.9 Referer https://booking.extranet-9484762.org/account-recovery User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36 Response headers Date Sun, 25 Feb 2024 07:09:24 GMT Last-Modified Sat, 24 Feb 2024 10:34:51 GMT Server nginx/1.18.0 (Ubuntu) ETag "65d9c64b-3de" Content-Type text/css Connection keep-alive Accept-Ranges bytes Content-Length 990
GET H/1.1	200 OK	etnht.gif booking.extranet-9484762.org/index_files/	35 B 280 B	276ms 66ms	Image image/gif	193.233.80.85 DPKGSOFT-AS _
General Check archive.org Show headers Download Go to Show image Full URL https://booking.extranet-9484762.org/index_files/etnht.gif Requested by Host: booking.extranet-9484762.org URL: https://booking.extranet-9484762.org/account-recovery Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 193.233.80.85 Frankfurt am Main, Germany, ASN215590 (DPKGSOFT-AS _, GB), Reverse DNS 44778.hosted-by.xorek.cloud Software nginx/1.18.0 (Ubuntu) / Resource Hash `9b9265c69a5cc295d1ab0d04e0273b3677db1a6216ce2ccf4efc8c277ed84b39` Request headers accept-language it-IT,it;q=0.9 Referer https://booking.extranet-9484762.org/account-recovery User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36 Response headers Date Sun, 25 Feb 2024 07:09:24 GMT Last-Modified Sat, 24 Feb 2024 10:34:49 GMT Server nginx/1.18.0 (Ubuntu) ETag "65d9c649-23" Content-Type image/gif Connection keep-alive Accept-Ranges bytes Content-Length 35
GET H/1.1	200 OK	main.js Show response booking.extranet-9484762.org/js/	83 KB 83 KB	266ms 120ms	Script application/javascript	193.233.80.85 DPKGSOFT-AS _
General Check archive.org Show headers Download Go to Full URL https://booking.extranet-9484762.org/js/main.js Requested by Host: booking.extranet-9484762.org URL: https://booking.extranet-9484762.org/account-recovery Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 193.233.80.85 Frankfurt am Main, Germany, ASN215590 (DPKGSOFT-AS _, GB), Reverse DNS 44778.hosted-by.xorek.cloud Software nginx/1.18.0 (Ubuntu) / Resource Hash `d8b49fbcef9495b7ec477d608dc5e5228bcbcd030a93073c055a4a8dbdf66c87` Request headers accept-language it-IT,it;q=0.9 Referer https://booking.extranet-9484762.org/account-recovery User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36 Response headers Date Sun, 25 Feb 2024 07:09:24 GMT Last-Modified Sat, 24 Feb 2024 10:34:51 GMT Server nginx/1.18.0 (Ubuntu) ETag "65d9c64b-14b68" Content-Type application/javascript Connection keep-alive Accept-Ranges bytes Content-Length 84840
GET H/1.1	200 OK	libs.min.js Show response booking.extranet-9484762.org/js/	94 KB 94 KB	204ms 143ms	Script application/javascript	193.233.80.85 DPKGSOFT-AS _
General Check archive.org Show headers Download Go to Full URL https://booking.extranet-9484762.org/js/libs.min.js Requested by Host: booking.extranet-9484762.org URL: https://booking.extranet-9484762.org/account-recovery Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 193.233.80.85 Frankfurt am Main, Germany, ASN215590 (DPKGSOFT-AS _, GB), Reverse DNS 44778.hosted-by.xorek.cloud Software nginx/1.18.0 (Ubuntu) / Resource Hash `7e8a507ae93c58221a2d97d062019443e63992699980aa27535d804d2b2cceca` Request headers accept-language it-IT,it;q=0.9 Referer https://booking.extranet-9484762.org/account-recovery User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36 Response headers Date Sun, 25 Feb 2024 07:09:24 GMT Last-Modified Sat, 24 Feb 2024 10:34:51 GMT Server nginx/1.18.0 (Ubuntu) ETag "65d9c64b-176d6" Content-Type application/javascript Connection keep-alive Accept-Ranges bytes Content-Length 95958
GET H/1.1	200 OK	common.js Show response booking.extranet-9484762.org/js/	14 KB 15 KB	127ms 116ms	Script application/javascript	193.233.80.85 DPKGSOFT-AS _
General Check archive.org Show headers Download Go to Full URL https://booking.extranet-9484762.org/js/common.js Requested by Host: booking.extranet-9484762.org URL: https://booking.extranet-9484762.org/account-recovery Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 193.233.80.85 Frankfurt am Main, Germany, ASN215590 (DPKGSOFT-AS _, GB), Reverse DNS 44778.hosted-by.xorek.cloud Software nginx/1.18.0 (Ubuntu) / Resource Hash `f92f9746c2cd01a487a87efe7dee6a5bc2396b7f1e6701a7c4b21678c3cb4669` Request headers accept-language it-IT,it;q=0.9 Referer https://booking.extranet-9484762.org/account-recovery User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36 Response headers Date Sun, 25 Feb 2024 07:09:24 GMT Last-Modified Sat, 24 Feb 2024 10:34:51 GMT Server nginx/1.18.0 (Ubuntu) ETag "65d9c64b-3962" Content-Type application/javascript Connection keep-alive Accept-Ranges bytes Content-Length 14690
GET H/1.1	200 OK	us.png booking.extranet-9484762.org/index_files/	642 B 889 B	66ms 65ms	Image image/png	193.233.80.85 DPKGSOFT-AS _
General Check archive.org Show headers Download Go to Show image Full URL https://booking.extranet-9484762.org/index_files/us.png Requested by Host: booking.extranet-9484762.org URL: https://booking.extranet-9484762.org/account-recovery Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 193.233.80.85 Frankfurt am Main, Germany, ASN215590 (DPKGSOFT-AS _, GB), Reverse DNS 44778.hosted-by.xorek.cloud Software nginx/1.18.0 (Ubuntu) / Resource Hash `a333d02eedde7a4dd8643d58b0ea7947268a1762f35f517eb6000ec9e7fcfae8` Request headers accept-language it-IT,it;q=0.9 Referer https://booking.extranet-9484762.org/account-recovery User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36 Response headers Date Sun, 25 Feb 2024 07:09:24 GMT Last-Modified Sat, 24 Feb 2024 10:34:51 GMT Server nginx/1.18.0 (Ubuntu) ETag "65d9c64b-282" Content-Type image/png Connection keep-alive Accept-Ranges bytes Content-Length 642

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Booking (Travel)

54 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			booking.extranet-9484762.org/	1969-12-31 23:59:59	Name: PHPSESSID Value: ltmgo2emmpoh1a8cejuu4bdmt0

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

booking.extranet-9484762.org
193.233.80.85
5522523714d946a5810383bbca991c678457eed981b987d65f352c9fed2dc7d9
7e8a507ae93c58221a2d97d062019443e63992699980aa27535d804d2b2cceca
9b9265c69a5cc295d1ab0d04e0273b3677db1a6216ce2ccf4efc8c277ed84b39
a333d02eedde7a4dd8643d58b0ea7947268a1762f35f517eb6000ec9e7fcfae8
bbe001a97f8585335674d8d46267e0ad81fd31edd9eb5ef0ce94d7a91dc4c92a
bc13e6352f5ff0817071d8d472ce24aa0361d6d0ac59b34fc551aed4485f68fa
c06666e1e99816e1e9bb8c9579f60bd52d3c5c94f434faa42bb2118b9b78cd69
ca2b40fd340e219f752e22d0d99e35f6432fb9bf8338bc84d3bc8dde34e35754
d8b49fbcef9495b7ec477d608dc5e5228bcbcd030a93073c055a4a8dbdf66c87
f92f9746c2cd01a487a87efe7dee6a5bc2396b7f1e6701a7c4b21678c3cb4669

booking.extranet-9484762.org Open in urlscan Pro 193.233.80.85 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page Statistics

10 Requests

100 %HTTPS

0 %IPv6

1 Domains

1 Subdomains

1 IPs

1 Countries

471 kBTransfer

668 kBSize

1 Cookies

4 Outgoing links

Redirected requests

10 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

54 JavaScript Global Variables

1 Cookies

Indicators

booking.extranet-9484762.org Open in urlscan Pro
193.233.80.85 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

10
Requests

100 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

471 kB
Transfer

668 kB
Size

1
Cookies

10 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!