urlscan.io logo urlscan.io
SecurityTrails logo

extranet.67841l.com Open in urlscan Pro
2a06:98c1:3121::3  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
URL: https://extranet.67841l.com/254943125
Submission: On February 03 via manual from CA — Scanned from NL
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 3 IPs in 1 countries across 2 domains to perform 10 HTTP transactions. The main IP is 2a06:98c1:3121::3, located in United States and belongs to CLOUDFLARENET, US. The main domain is extranet.67841l.com.
TLS certificate: Issued by E1 on February 2nd 2024. Valid for: 3 months.
This is the only time extranet.67841l.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Booking (Travel)

Domain & IP information

IP Address AS Autonomous System
1 9 2a06:98c1:312... 13335 (CLOUDFLAR...)
1 2600:9000:225... 16509 (AMAZON-02)
10 3
Apex Domain
Subdomains		 Transfer
9 67841l.com
extranet.67841l.com
62 KB
1 bstatic.com
q-xx.bstatic.com — Cisco Umbrella Rank: 15869
125 KB
10 2
Domain Requested by
9 extranet.67841l.com 1 redirects extranet.67841l.com
1 q-xx.bstatic.com extranet.67841l.com
10 2

This site contains no links.

Subject Issuer Validity Valid
67841l.com
E1		 2024-02-02 -
2024-05-02		 3 months crt.sh
*.bstatic.com
DigiCert Global G2 TLS RSA SHA256 2020 CA1		 2023-11-29 -
2024-11-28		 a year crt.sh

This page contains 3 frames:

Primary Page: https://extranet.67841l.com/254943125
Frame ID: E889BB3E5627862E071461EA9F4CB76F
Requests: 7 HTTP requests in this frame

Frame: https://extranet.67841l.com/supportChatFrame/254943125
Frame ID: BB1FA7CE50E6D82D598B7A7E3520BFB3
Requests: 1 HTTP requests in this frame

Frame: https://extranet.67841l.com/cdn-cgi/challenge-platform/h/b/scripts/jsd/24864818/main.js
Frame ID: 91A0033D720288CEC51B13AAB3FDA6EB
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Booking.com - Payment information

Page Statistics

10
Requests

80 %
HTTPS

100 %
IPv6

2
Domains

2
Subdomains

3
IPs

1
Countries

187 kB
Transfer

269 kB
Size

2
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 7
  • https://extranet.67841l.com/cdn-cgi/challenge-platform/scripts/jsd/main.js HTTP 302
  • https://extranet.67841l.com/cdn-cgi/challenge-platform/h/b/scripts/jsd/24864818/main.js

10 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request 254943125
extranet.67841l.com/ 		58 KB
14 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://extranet.67841l.com/254943125
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / Express
Resource Hash
2ace03f7b51800745d3bc99632c1751040884caa7fe7119bf94c4d4ce92a5a3d

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36
accept-language
nl-NL,nl;q=0.9

Response headers

alt-svc
h3=":443"; ma=86400
cf-cache-status
DYNAMIC
cf-ray
84fc0efb98fbb96f-AMS
content-encoding
br
content-type
text/html; charset=utf-8
date
Sat, 03 Feb 2024 16:30:40 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=TpIus5a6dlmdUuSbbVHFWtRqfgqmzoYX8EvXT1EE0X2SaLTiL7je2CejPiF4mKyautd2%2FdfSkELu%2F97maJM0yiI3tR8lmxmB1jUX8DTmkLwrPATOC3EVEd3XsFHpfhVoXwsirdqiHAOkCy%2F%2FqB%2BqvYS5"}],"group":"cf-nel","max_age":604800}
server
cloudflare
x-powered-by
Express
script.js
extranet.67841l.com/services/booking/js/ 		12 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://extranet.67841l.com/services/booking/js/script.js
Requested by
Host: extranet.67841l.com
URL: https://extranet.67841l.com/254943125
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / Express
Resource Hash
a140484b48096baf0db17d9db57a330c818b6bca7607152884b2eefce4e02b87

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://extranet.67841l.com/254943125
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date
Sat, 03 Feb 2024 16:30:40 GMT
content-encoding
br
cf-cache-status
EXPIRED
last-modified
Sat, 07 Oct 2023 14:59:48 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
x-powered-by
Express
etag
W/"2fc7-18b0aa6d6a0"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=U9xtwOB4tcBMNIwqtuaPQSLAWgwIowP09NzdeDVXdAJYBskJw8HN%2FPJTk3QLiiurHDuvYjZjZ2uPc77dEpsxYIrqvIt8HYCOOQXmTdVSlSljdV3igMlMhJ8%2B7oiPUwbXxFzoL%2Blbk86n%2BIQEru3hBCnI"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=UTF-8
cache-control
public, max-age=14400
cf-ray
84fc0f4dd9ffb96f-AMS
alt-svc
h3=":443"; ma=86400
styles.css
extranet.67841l.com/services/booking/css/ 		32 KB
8 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://extranet.67841l.com/services/booking/css/styles.css
Requested by
Host: extranet.67841l.com
URL: https://extranet.67841l.com/254943125
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / Express
Resource Hash
b2e3158656f24d0f69988896ea2facd530904745d286f84eadb67ceb2ce9d4c2

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://extranet.67841l.com/254943125
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date
Sat, 03 Feb 2024 16:30:40 GMT
content-encoding
br
cf-cache-status
EXPIRED
last-modified
Sat, 19 Aug 2023 22:18:27 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
x-powered-by
Express
etag
W/"802a-18a0fe0d338"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=d%2FRxa%2FVI2DT6DtJEziPUwRwsUPt%2BPYXfBCmHWmWzmTFDV4iq2LkBNUcdavAgiPSq1reyoumxrSx%2BQV%2Bs4EboZ5L8LlFqWzCEanAF0%2FCzOuwXEEPNLXREuKIiqRcoDlqfZTZBCTIzeis%2BtIAJDDrysNQo"}],"group":"cf-nel","max_age":604800}
content-type
text/css; charset=UTF-8
cache-control
public, max-age=14400
cf-ray
84fc0f4dd9fcb96f-AMS
alt-svc
h3=":443"; ma=86400
support_parent.css
extranet.67841l.com/css/ 		5 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://extranet.67841l.com/css/support_parent.css
Requested by
Host: extranet.67841l.com
URL: https://extranet.67841l.com/254943125
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / Express
Resource Hash
20f5cc0ebb84eb9bdeb82a9b908e9f922ab10ea415857c8b00b8302e00c61a5c

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://extranet.67841l.com/254943125
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date
Sat, 03 Feb 2024 16:30:40 GMT
content-encoding
br
cf-cache-status
EXPIRED
last-modified
Wed, 23 Aug 2023 14:42:51 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
x-powered-by
Express
etag
W/"12b3-18a22d925f8"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=h%2FnjYy6EpGur0czDIs0%2B6%2F%2BPR28uONJ4%2FDXH%2FEAX%2B1mXDQf%2FXXZoFB0palooMaBVJs4Q80zAztIK124Se8aUnSZfFzjcuHmjUIrqCuOwUFtFWyTUsFLgh9yaDv%2BKGiaBdywGwoNJky%2FTpgm4NAYKl1Vn"}],"group":"cf-nel","max_age":604800}
content-type
text/css; charset=UTF-8
cache-control
public, max-age=14400
cf-ray
84fc0f4dfa1ab96f-AMS
alt-svc
h3=":443"; ma=86400
485683517.jpg
q-xx.bstatic.com/xdata/images/hotel/max1024x768/ 		125 KB
125 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://q-xx.bstatic.com/xdata/images/hotel/max1024x768/485683517.jpg?k=832816e82e1d9dbc28862b7d87ad23927c3caf6ffc28895533e35e6985e048de&o=
Requested by
Host: extranet.67841l.com
URL: https://extranet.67841l.com/254943125
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:225e:6a00:5:bf05:acc0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
f760992decea405729e1bb4636f8d0edf4989dbcc312854f78e8197380ecb0d7
Security Headers
Name Value
X-Xss-Protection 1; mode=block

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://extranet.67841l.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date
Fri, 02 Feb 2024 18:39:53 GMT
via
1.1 544049d1dc4d534822b40b9f9c7529da.cloudfront.net (CloudFront)
server
nginx
x-amz-cf-pop
FRA60-P4
age
78647
etag
"49f1e7e3d2847cb7bf9f51424a7f8475a304dbcf"
x-cache
Hit from cloudfront
content-language
127589
access-control-allow-origin
*
content-type
image/jpeg
cache-control
max-age=2592000
timing-allow-origin
*
x-amz-cf-id
MCQCuzykrRawcmjSccofvXwCBLQwkVlsQO5oknCaxlxMXKVU2gziyw==
x-xss-protection
1; mode=block
254943125
extranet.67841l.com/supportChatFrame/ Frame BB1F 		0
0
flags.png
extranet.67841l.com/services/booking/images/ 		30 KB
30 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://extranet.67841l.com/services/booking/images/flags.png
Requested by
Host: extranet.67841l.com
URL: https://extranet.67841l.com/254943125
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / Express
Resource Hash
fc78e1550450ab81964ef660b05cb14fb17e0b895b261925ad7e6e073502dfc4

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://extranet.67841l.com/254943125
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date
Sat, 03 Feb 2024 16:30:40 GMT
cf-cache-status
EXPIRED
last-modified
Sat, 19 Aug 2023 17:18:32 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
x-powered-by
Express
etag
W/"77d8-18a0ece3e40"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=m6fE2oBNhJbT2vf5B1%2B4t15lFWy2RwhxS67oWEAvtw8r%2BAS8SQfdD1kcRyLQWaG2xDo89zK9oUj2m%2F627QDXSsRHrdmGcY%2FSy06t5T%2FNJhTFaRP2hEinzMBk1GzQnClYoVnMGO7U5rQv11Ajha1uYUzl"}],"group":"cf-nel","max_age":604800}
content-type
image/png
cache-control
public, max-age=14400
accept-ranges
bytes
cf-ray
84fc0f4ea9a06627-AMS
alt-svc
h3=":443"; ma=86400
content-length
30680
pluxurydarklord.svg
extranet.67841l.com/img/ 		1 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://extranet.67841l.com/img/pluxurydarklord.svg
Requested by
Host: extranet.67841l.com
URL: https://extranet.67841l.com/css/support_parent.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / Express
Resource Hash
fbb307bc48c763f9a4893ba918ca9a322f4e084dbb994504d526af90c1a4d1e9

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://extranet.67841l.com/css/support_parent.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date
Sat, 03 Feb 2024 16:30:40 GMT
content-encoding
br
cf-cache-status
EXPIRED
last-modified
Wed, 23 Aug 2023 14:41:00 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
x-powered-by
Express
etag
W/"4b6-18a22d77460"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MaH8SVG61C5%2FUgQFagYeS%2FXGvUb2qqueYrbHuUoghQvlpPkGVCq1ipaC%2F%2FWMQ1d5ZOGzEtcgAXirDI5%2FIr8p0TjHZcaBoFFp1BBvG84PYd2c3zsDro21mpT4DSwTMIF%2BM1XO%2BBic0WilP22orcmJf%2FOD"}],"group":"cf-nel","max_age":604800}
content-type
image/svg+xml
cache-control
public, max-age=14400
cf-ray
84fc0f4ea9a36627-AMS
alt-svc
h3=":443"; ma=86400
main.js
extranet.67841l.com/cdn-cgi/challenge-platform/h/b/scripts/jsd/24864818/ Frame 91A0
Redirect Chain
  • https://extranet.67841l.com/cdn-cgi/challenge-platform/scripts/jsd/main.js
  • https://extranet.67841l.com/cdn-cgi/challenge-platform/h/b/scripts/jsd/24864818/main.js
7 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://extranet.67841l.com/cdn-cgi/challenge-platform/h/b/scripts/jsd/24864818/main.js
Requested by
Host: extranet.67841l.com
URL: https://extranet.67841l.com/254943125
Protocol
H3
Server
2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
635e8a773ee018a124a33247a4aff7e7818a70c90449d9fd53697ac15295c16e
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date
Sat, 03 Feb 2024 16:30:40 GMT
content-encoding
br
x-content-type-options
nosniff
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
accept-encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VyclZGg1ELAPxOn4oJy17goT%2BjGNdIbclxmaZti%2F2WS385ZyKr6xQGs8dV2zCirataxFPgGcwmtZ4YyZgIKM6Lyk3FyMpsiHodLglVEsufbJ4pDIzJ5ZujGumeeWT%2Fo32tRTFZswLqmOmisNvGBw9IGF"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=UTF-8
cache-control
max-age=14400, public
cf-ray
84fc0f4efa316627-AMS
alt-svc
h3=":443"; ma=86400

Redirect headers

date
Sat, 03 Feb 2024 16:30:40 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
accept-encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1hOaKFDagh3UVqUlcQAplqtZNC8wk033iL2Peal%2BYh%2BAw7DpOzYl24kJdWRoQYHvw0kKQimqeyS%2Bys3Lxm2be6wY0SbGc7sLggd1%2F8pMcpcXVoXlghF8UuGQEPFqdyHT0WP6tcD0y%2Bl86z5yKkv1CVkj"}],"group":"cf-nel","max_age":604800}
access-control-allow-origin
*
location
/cdn-cgi/challenge-platform/h/b/scripts/jsd/24864818/main.js
cache-control
max-age=300, public
cf-ray
84fc0f4ed9f36627-AMS
alt-svc
h3=":443"; ma=86400
84fc0efb98fbb96f
extranet.67841l.com/cdn-cgi/challenge-platform/h/b/jsd/r/ Frame 91A0 		0
607 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://extranet.67841l.com/cdn-cgi/challenge-platform/h/b/jsd/r/84fc0efb98fbb96f
Requested by
Host: extranet.67841l.com
URL: https://extranet.67841l.com/cdn-cgi/challenge-platform/scripts/jsd/main.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
accept-language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36
Content-Type
application/json

Response headers

date
Sat, 03 Feb 2024 16:30:40 GMT
content-encoding
br
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=UiIe7mvUT1z7EzMpXTP%2FRS%2BoKVF2t%2FULZ1jKa%2FqWpJpwsLnwY8ffEdQpd2zoteYo%2BeKJxpG221MQUsGbOg8TrDxhHWXXM%2FMy2%2BOneCQCi3NRqV57yNSYI4TD%2BcS4sAEYntQrC0%2BhGGkHlyzN3q5Yo4e9"}],"group":"cf-nel","max_age":604800}
content-type
text/plain; charset=UTF-8
cf-ray
84fc0f4fab6f6627-AMS
alt-svc
h3=":443"; ma=86400

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
extranet.67841l.com
URL
https://extranet.67841l.com/supportChatFrame/254943125

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Booking (Travel)

2 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1

2 Cookies

Domain/Path Name / Value
extranet.67841l.com/ Name: connect.sid
Value: s%3AlL414UmAC37r_exQJYKO6FOfwWx0NN1w.jR9N%2BoavxEQ%2FMhVY7uUqrQnA6slEMBA%2BPdDMr8D%2Frm4
.67841l.com/ Name: cf_clearance
Value: kiHBG3ZgIlFLNAmF4uwclMY_VJT45cBxZllxlTm4mt8-1706977840-1-AXwzG+aCepxVjVXb+yyhdkiI6wp69I768DpMWAo2fJ0afa5xNa96JiCga7R++4uFcqmRitmklqEKV/uxvk2JFC4=