ScanMalware.com

Security Scan Report: intranet.altour.com

Redirected to:
https://travelleaders.okta.com/oauth2/v1/authorize?client_id=0oajlg46r...
Site favicon
Submitted: May 17, 2026, 9:52:42 AMCompleted: May 17, 2026, 9:54:43 AMpubliccompleted
Loading additional data...

Summary

This website contacted 4 IPs in 1 country across 4 domains to perform 13 HTTP transactions. The main domain is travelleaders.okta.com and was registered NaN years ago.

Submitted URL: https://intranet.altour.com

Effective URL: https://travelleaders.okta.com/oauth2/v1/authorize?client_id=0oajlg46rk5LU8uT5357&redirect_uri=https%3A%2F%2Ftravelleaders.cloudflareaccess.com%2Fcdn-cgi%2Faccess%2Fcallback&response_type=code&scope=openid%20groups%20profile%20email&state=e771e071dc98cf03b2c43f08c5b97aec200d643b68d1fd55bf818232eec3862c.JTdCJTIyaWF0JTIyJTNBMTc3OTAxMTU4MiUyQyUyMmF1dGhEb21haW4lMjIlM0ElMjJ0cmF2ZWxsZWFkZXJzLmNsb3VkZmxhcmVhY2Nlc3MuY29tJTIyJTJDJTIyaG9zdG5hbWUlMjIlM0ElMjJpbnRyYW5ldC5hbHRvdXIuY29tJTIyJTJDJTIycmVkaXJlY3RVUkwlMjIlM0ElMjIlMkYlMjIlMkMlMjJhdWQlMjIlM0ElMjI4M2I0MWZmN2VlZjk3ZjQyZjA0MGJmZWQ3OGUzZjQ2MDI5ZGU0M2IyZTI4MjUyYTY2OGJhMWYzZDk3ZTUwOWNjJTIyJTJDJTIyaXNTYW1lU2l0ZU5vbmVDb21wYXRpYmxlJTIyJTNBdHJ1ZSUyQyUyMmlzSURQVGVzdCUyMiUzQWZhbHNlJTJDJTIyaXNSZWZyZXNoJTIyJTNBZmFsc2UlMkMlMjJub25jZSUyMiUzQSUyMm5uUjI2VFNCMXZ3SHZ4Qzc4JTIyJTJDJTIyaWRwSWQlMjIlM0ElMjI1Y2NkMWY1NS04ZTdiLTQxN2EtOTY0OC0yYWRhMTMwYjRhNDYlMjIlMkMlMjJzZXJ2aWNlX3Rva2VuX3N0YXR1cyUyMiUzQWZhbHNlJTJDJTIyYXV0aF9zdGF0dXMlMjIlM0ElMjJOT05FJTIyJTJDJTIyaXNfd2FycCUyMiUzQWZhbHNlJTJDJTIyaXNfZ2F0ZXdheSUyMiUzQWZhbHNlJTJDJTIybXRsc19hdXRoJTIyJTNBJTdCJTIyY2VydF9pc3N1ZXJfZG4lMjIlM0ElMjIlMjIlMkMlMjJjZXJ0X3NlcmlhbCUyMiUzQSUyMiUyMiUyQyUyMmNlcnRfaXNzdWVyX3NraSUyMiUzQSUyMiUyMiUyQyUyMmNlcnRfcHJlc2VudGVkJTIyJTNBZmFsc2UlMkMlMjJjb21tb25fbmFtZSUyMiUzQSUyMiUyMiUyQyUyMmF1dGhfc3RhdHVzJTIyJTNBJTIyTk9ORSUyMiU3RCUyQyUyMmFwcFNlc3Npb25IYXNoJTIyJTNBJTIyNGI3ZjFhODkzN2ZlYjIzMWIzNmU5NDNjYjM0M2E2MTRmNTRlYjY0NzEwZDkyMGU3ODliOGY5ZDUwZGE5OGZmNiUyMiU3RA%253D%253DRedirected

The Cisco Umbrella rank of the primary domain is #612,542 of the top 1 million websites

AI Security Verdict

Confirmed Scam

Confidence: 92%

9
Risk Score

The site impersonates Internova Travel Group, uses a low‑rank domain with a password‑only form, and triggers critical IDS alerts – confirmed credential‑phishing scam.

Risk Factors
Low Cisco Umbrella ranking for a site claiming a well‑known travel brand
Credential‑only password field suggests phishing kit behavior
Critical network IDS alert indicating possible malware or data exfiltration
Heavy JavaScript obfuscation (charcode manipulation, base64 encoding)
Brand impersonation without official domain
Domain age information unavailable

Details

Page Title

Internova Travel Group - Production - Sign In

Scan Type

public

Language

🇺🇸

English

(80% confidence)

Category

technology software

(75%)

Domain Information

You're looking at domain 'intranet.altour.com' on the commercial generic top-level domain (.com) with subdomain 'intranet'. Its registrable label 'altour' stretches across 6 characters holding 3 vowels versus three consonants. Word splitting yields two words: al, tour. Expect 3 characters per word on average. No strong language cues emerged from the frequency lists.

Screenshot

Security scan screenshot of https://intranet.altour.com

Page Load Overview

3.55s
Total Load Time
23
HTTP Requests
5
Domains
333 KB
Total Size

Language Analysis

Primary Language

🇺🇸English
Code: en
Confidence:80%
Script:Latin
Direction:ltr

Detection Details

Language Code:en
Detection Confidence:80%
Script Type:Latin
HTML Lang Attribute:en
Text Length:477 chars
Detector Agreement:100%

Website Classification

Primary Category

technology software75% confidence
Type: dynamic
Method: ml+structural

All Detected Categories

technology software
75%
documentation technical
68%
travel tourism
50%
adult content
48%
government public service
43%

Detected Features

No structural features detected

Domain & IP Information

RequestsIP AddressLocationAS Autonomous System
835.71.178.224United States
AS16509Amazon.com, Inc.
5104.19.194.29United States
AS13335Cloudflare, Inc.
53.161.82.15United States
AS16509Amazon.com, Inc.
5104.18.24.43United States
AS13335Cloudflare, Inc.
234--

Detected Technologies3

PasswordField
100%
Cloudflare Bot Management
40%
Cloudflare
40%

Content Similarity HashesFor malware variant detection

TLSH (Trend Micro Locality Sensitive Hash)

Security-focused

Specialized for malware detection and similarity analysis

T1D50318C21D0ADADD16C96D88A63B5546350282C3C3A0EEC077FDCDCAAF99D4B745E60C

ssdeep (Context Triggered Piecewise Hashing)

Context-aware

Detects similar content even with modifications

768:IEc0SS/hTmshwkuvCPEXkeZiCPEXkeZCZTmxls/G:Pc0xhTmsbuqakyakvZTmxlYG

sdhash (Similarity Digest Hashing)

High-precision

High-precision similarity detection for forensic analysis

sdhash:3:39236:TxiBdJIxEEAAgIlwo4GQIRDyIlMAaTYIaImDGoXAJKBAjAgEqQkUBgxYeFkBwehaicDq5wEYxJYSCNlkIICAFEJVQFYBCcMo

These hashes enable detection of similar websites and malware variants by comparing content similarity even when exact matches aren't found.

Image Hashes

Perceptual Hashes

Average Hash:3f7fffffffffffff
Perceptual Hash:800002070f7fffff
Difference Hash:e080000000000000
Wavelet Hash:20c0f0f0f0f0f0f0
Color Hash:#796ce0

Other Hashes

Crop Resistant:e080000000000000

Scan History

Scan history not available

Unable to load historical scan data