urlscan.io logo urlscan.io
SecurityTrails logo

meine-loggin.luxurytravelinstyle.eu Open in urlscan Pro
195.242.111.150  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://meine-loggin.luxurytravelinstyle.eu/
Effective URL: https://meine-loggin.luxurytravelinstyle.eu/meine/id.php
Submission: On March 20 via manual from DE — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 2 IPs in 2 countries across 2 domains to perform 10 HTTP transactions. The main IP is 195.242.111.150, located in Virgin Islands (British) and belongs to INTERNET-IT, VG. The main domain is meine-loggin.luxurytravelinstyle.eu.
TLS certificate: Issued by R3 on March 20th 2023. Valid for: 3 months.
This is the only time meine-loggin.luxurytravelinstyle.eu was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Postbank (Banking)

Domain & IP information

IP Address AS Autonomous System
2 9 195.242.111.150 200313 (INTERNET-IT)
3 2600:9000:225... 16509 (AMAZON-02)
10 2
Apex Domain
Subdomains		 Transfer
9 luxurytravelinstyle.eu
meine-loggin.luxurytravelinstyle.eu
495 KB
3 deutsche-bank.de
www.deutsche-bank.de — Cisco Umbrella Rank: 165522
53 KB
10 2
Domain Requested by
9 meine-loggin.luxurytravelinstyle.eu 2 redirects meine-loggin.luxurytravelinstyle.eu
3 www.deutsche-bank.de client
www.deutsche-bank.de
10 2

This site contains links to these domains. Also see Links.

Domain
banking.postbank.de
Subject Issuer Validity Valid
luxurytravelinstyle.eu
R3		 2023-03-20 -
2023-06-18		 3 months crt.sh
www.deutsche-bank.de
DigiCert EV RSA CA G2		 2022-11-15 -
2023-11-14		 a year crt.sh

This page contains 2 frames:

Primary Page: https://meine-loggin.luxurytravelinstyle.eu/meine/id.php
Frame ID: EB97F11E9FD08368E573F6C4C0A68BE1
Requests: 9 HTTP requests in this frame

Frame: https://meine-loggin.luxurytravelinstyle.eu/meine/assets/cross-domain-bridge.html
Frame ID: B5DAE02F1A73C97A69263D0FA8BBBBBD
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Postbank Banking & Brokeragepb-logo

Page URL History Show full URLs

  1. https://meine-loggin.luxurytravelinstyle.eu/ HTTP 302
    https://meine-loggin.luxurytravelinstyle.eu/meine/ HTTP 302
    https://meine-loggin.luxurytravelinstyle.eu/meine/id.php Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • \.php(?:$|\?)

Page Statistics

10
Requests

100 %
HTTPS

50 %
IPv6

2
Domains

2
Subdomains

2
IPs

2
Countries

547 kB
Transfer

1303 kB
Size

1
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://meine-loggin.luxurytravelinstyle.eu/ HTTP 302
    https://meine-loggin.luxurytravelinstyle.eu/meine/ HTTP 302
    https://meine-loggin.luxurytravelinstyle.eu/meine/id.php Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

10 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request id.php
meine-loggin.luxurytravelinstyle.eu/meine/
Redirect Chain
  • https://meine-loggin.luxurytravelinstyle.eu/
  • https://meine-loggin.luxurytravelinstyle.eu/meine/
  • https://meine-loggin.luxurytravelinstyle.eu/meine/id.php
682 KB
161 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://meine-loggin.luxurytravelinstyle.eu/meine/id.php
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
195.242.111.150 , Virgin Islands (British), ASN200313 (INTERNET-IT, VG),
Reverse DNS
info6.ptr1.ru
Software
nginx /
Resource Hash
25e610d00f6f8b9e9a107d4450efeffd0e15be875458e085766f0a82aca2717b

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

content-encoding
gzip
content-type
text/html; charset=UTF-8
date
Mon, 20 Mar 2023 15:30:44 GMT
server
nginx
vary
Accept-Encoding

Redirect headers

cache-control
no-store, no-cache, must-revalidate
content-length
0
content-type
text/html; charset=UTF-8
date
Mon, 20 Mar 2023 15:30:44 GMT
expires
Thu, 19 Nov 1981 08:52:00 GMT
location
./id.php
pragma
no-cache
server
nginx
styles.70d6ae8c7a953b81.css
meine-loggin.luxurytravelinstyle.eu/meine/assets/ 		271 KB
41 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://meine-loggin.luxurytravelinstyle.eu/meine/assets/styles.70d6ae8c7a953b81.css
Requested by
Host: meine-loggin.luxurytravelinstyle.eu
URL: https://meine-loggin.luxurytravelinstyle.eu/meine/id.php
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
195.242.111.150 , Virgin Islands (British), ASN200313 (INTERNET-IT, VG),
Reverse DNS
info6.ptr1.ru
Software
nginx /
Resource Hash
3cb4ec283d959d8da35ce21bb1a2bbd68d407d70f75e7b3b70e9de3c97ad125d

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://meine-loggin.luxurytravelinstyle.eu/meine/id.php
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date
Mon, 20 Mar 2023 15:30:44 GMT
content-encoding
gzip
last-modified
Sun, 12 Feb 2023 14:26:50 GMT
server
nginx
etag
W/"63e8f72a-43c03"
vary
Accept-Encoding
content-type
text/css
cache-control
max-age=315360000
expires
Thu, 31 Dec 2037 23:55:55 GMT
fonts.css
www.deutsche-bank.de/cip-content/assets/pb-unity/fonts/ 		1 KB
859 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.deutsche-bank.de/cip-content/assets/pb-unity/fonts/fonts.css
Requested by
Host: client
URL: about:client
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2251:f200:13:46b5:7d80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Apache /
Resource Hash
adc96b6efe5919552898681732312c97108a36e5d17d1bd20044c09f31b7e43b
Security Headers
Name Value
Content-Security-Policy frame-ancestors https://*.deutsche-bank.de
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN, allow-from https://meine.deutsche-bank.de

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://meine-loggin.luxurytravelinstyle.eu/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date
Mon, 20 Mar 2023 15:30:44 GMT
strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
via
1.1 0c792defeeaa18965559ad74895ea56a.cloudfront.net (CloudFront)
content-security-policy
frame-ancestors https://*.deutsche-bank.de
x-amz-cf-pop
FRA60-P3
x-cache
Miss from cloudfront
content-length
226
last-modified
Wed, 24 Feb 2021 08:20:14 GMT
server
Apache
db-nickname
VTJGc2RHVmtYMThhVnlIWGFCWnR6bkhtT0JZRnY2aTNreUNvL2NpNEpxND0=
vary
Accept-Encoding,Origin
x-frame-options
SAMEORIGIN, allow-from https://meine.deutsche-bank.de
content-type
text/css
access-control-allow-origin
*
cache-control
max-age=31536000, must-revalidate
accept-ranges
bytes
x-amz-cf-id
I7Jb2WqrDKvADvP03hgDIh02w6jWIgM1RFKE1R3q3KvJ2xre3xO7fg==
expires
Tue, 19 Mar 2024 15:30:44 GMT
cross-domain-bridge.html
meine-loggin.luxurytravelinstyle.eu/meine/assets/ Frame B5DA 		3 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://meine-loggin.luxurytravelinstyle.eu/meine/assets/cross-domain-bridge.html
Requested by
Host: meine-loggin.luxurytravelinstyle.eu
URL: https://meine-loggin.luxurytravelinstyle.eu/meine/id.php
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
195.242.111.150 , Virgin Islands (British), ASN200313 (INTERNET-IT, VG),
Reverse DNS
info6.ptr1.ru
Software
nginx /
Resource Hash
b2ec3cbddbfcd0bb004de60088c2dabde8df94222d3070f89e4a0208e9a0e6ac

Request headers

Referer
https://meine-loggin.luxurytravelinstyle.eu/meine/id.php
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

content-encoding
gzip
content-type
text/html; charset=utf-8
date
Mon, 20 Mar 2023 15:30:44 GMT
etag
W/"ce6-5f7532f8440a1"
last-modified
Mon, 20 Mar 2023 11:25:35 GMT
server
nginx
vary
Accept-Encoding
teaser-image-pb.jpg
meine-loggin.luxurytravelinstyle.eu/meine/assets/ 		44 KB
44 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://meine-loggin.luxurytravelinstyle.eu/meine/assets/teaser-image-pb.jpg
Requested by
Host: meine-loggin.luxurytravelinstyle.eu
URL: https://meine-loggin.luxurytravelinstyle.eu/meine/id.php
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
195.242.111.150 , Virgin Islands (British), ASN200313 (INTERNET-IT, VG),
Reverse DNS
info6.ptr1.ru
Software
nginx /
Resource Hash
97fe447ddc107dc8b5f84af5b559f36c71eb2da143a98ef3080014d1f17c994a

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://meine-loggin.luxurytravelinstyle.eu/meine/id.php
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date
Mon, 20 Mar 2023 15:30:44 GMT
last-modified
Sun, 12 Feb 2023 14:32:32 GMT
server
nginx
etag
"63e8f880-b0ef"
content-type
image/jpeg
cache-control
max-age=315360000
accept-ranges
bytes
content-length
45295
expires
Thu, 31 Dec 2037 23:55:55 GMT
94a99b13acbdc92b.jpg
meine-loggin.luxurytravelinstyle.eu/meine/assets/ 		243 KB
243 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://meine-loggin.luxurytravelinstyle.eu/meine/assets/94a99b13acbdc92b.jpg
Requested by
Host: meine-loggin.luxurytravelinstyle.eu
URL: https://meine-loggin.luxurytravelinstyle.eu/meine/id.php
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
195.242.111.150 , Virgin Islands (British), ASN200313 (INTERNET-IT, VG),
Reverse DNS
info6.ptr1.ru
Software
nginx /
Resource Hash
8c477933a91763dd80d66840a72f9b25bee4250bc4adb2ec15932d5f6a473ecf

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://meine-loggin.luxurytravelinstyle.eu/meine/id.php
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date
Mon, 20 Mar 2023 15:30:44 GMT
last-modified
Sun, 12 Feb 2023 14:32:12 GMT
server
nginx
etag
"63e8f86c-3cbb5"
content-type
image/jpeg
cache-control
max-age=315360000
accept-ranges
bytes
content-length
248757
expires
Thu, 31 Dec 2037 23:55:55 GMT
pb-logo-with-title-no-subline.e1d194a4d3600cb0.svg
meine-loggin.luxurytravelinstyle.eu/meine/assets/ 		7 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://meine-loggin.luxurytravelinstyle.eu/meine/assets/pb-logo-with-title-no-subline.e1d194a4d3600cb0.svg
Requested by
Host: meine-loggin.luxurytravelinstyle.eu
URL: https://meine-loggin.luxurytravelinstyle.eu/meine/id.php
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
195.242.111.150 , Virgin Islands (British), ASN200313 (INTERNET-IT, VG),
Reverse DNS
info6.ptr1.ru
Software
nginx /
Resource Hash
12164efcaf829ad24ff7a8367cdcd40dde1d4c23d437d28d791617a8827d7115

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://meine-loggin.luxurytravelinstyle.eu/meine/id.php
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date
Mon, 20 Mar 2023 15:30:44 GMT
content-encoding
gzip
last-modified
Sun, 12 Feb 2023 14:32:24 GMT
server
nginx
etag
W/"63e8f878-1bab"
vary
Accept-Encoding
content-type
image/svg+xml
cache-control
max-age=315360000
expires
Thu, 31 Dec 2037 23:55:55 GMT
pb-logo-splash.e83ae1f69ca2f23d.svg
meine-loggin.luxurytravelinstyle.eu/meine/assets/ 		1 KB
822 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://meine-loggin.luxurytravelinstyle.eu/meine/assets/pb-logo-splash.e83ae1f69ca2f23d.svg
Requested by
Host: meine-loggin.luxurytravelinstyle.eu
URL: https://meine-loggin.luxurytravelinstyle.eu/meine/assets/styles.70d6ae8c7a953b81.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
195.242.111.150 , Virgin Islands (British), ASN200313 (INTERNET-IT, VG),
Reverse DNS
info6.ptr1.ru
Software
nginx /
Resource Hash
3ab65524380fa9267bbcf2d4df64def918baeeaf4df69a2d58026d2149b68d96

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://meine-loggin.luxurytravelinstyle.eu/meine/assets/styles.70d6ae8c7a953b81.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date
Mon, 20 Mar 2023 15:30:44 GMT
content-encoding
gzip
last-modified
Sun, 12 Feb 2023 14:32:46 GMT
server
nginx
etag
W/"63e8f88e-487"
vary
Accept-Encoding
content-type
image/svg+xml
cache-control
max-age=315360000
expires
Thu, 31 Dec 2037 23:55:55 GMT
FrutigerLTW05-65Bold.woff2
www.deutsche-bank.de/cip-content/assets/pb-unity/fonts/ 		25 KB
26 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://www.deutsche-bank.de/cip-content/assets/pb-unity/fonts/FrutigerLTW05-65Bold.woff2
Requested by
Host: www.deutsche-bank.de
URL: https://www.deutsche-bank.de/cip-content/assets/pb-unity/fonts/fonts.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2251:f200:13:46b5:7d80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Apache /
Resource Hash
be4beee7d867a4c4702b8ab281d1d11884a6b7ae9a5e74aac6b141000cb248de
Security Headers
Name Value
Content-Security-Policy frame-ancestors https://*.deutsche-bank.de
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN, allow-from https://meine.deutsche-bank.de

Request headers

Referer
https://www.deutsche-bank.de/cip-content/assets/pb-unity/fonts/fonts.css
Origin
https://meine-loggin.luxurytravelinstyle.eu
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date
Mon, 20 Mar 2023 15:30:44 GMT
strict-transport-security
max-age=31536000
x-content-type-options
nosniff
content-security-policy
frame-ancestors https://*.deutsche-bank.de
via
1.1 0c792defeeaa18965559ad74895ea56a.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA60-P3
x-cache
Miss from cloudfront
content-length
26008
last-modified
Wed, 24 Feb 2021 08:20:14 GMT
server
Apache
db-nickname
VTJGc2RHVmtYMThhVnlIWGFCWnR6bkhtT0JZRnY2aTNreUNvL2NpNEpxND0=
vary
Origin
x-frame-options
SAMEORIGIN, allow-from https://meine.deutsche-bank.de
content-type
font/woff2
access-control-allow-origin
*
cache-control
max-age=31536000, must-revalidate
accept-ranges
bytes
x-amz-cf-id
nHw4UEXw-eFOcS0b3tcNqd3kECKt8vlxTG65QcMqGS1P4nmhtSt6yw==
expires
Tue, 19 Mar 2024 15:30:44 GMT
FrutigerLTW05-55Roman.woff2
www.deutsche-bank.de/cip-content/assets/pb-unity/fonts/ 		25 KB
26 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://www.deutsche-bank.de/cip-content/assets/pb-unity/fonts/FrutigerLTW05-55Roman.woff2
Requested by
Host: www.deutsche-bank.de
URL: https://www.deutsche-bank.de/cip-content/assets/pb-unity/fonts/fonts.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2251:f200:13:46b5:7d80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Apache /
Resource Hash
55cb206a77ff71092c309352fcb5927a389382ae678bab55f85ab13ed6239d31
Security Headers
Name Value
Content-Security-Policy frame-ancestors https://*.deutsche-bank.de
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN, allow-from https://meine.deutsche-bank.de

Request headers

Referer
https://www.deutsche-bank.de/cip-content/assets/pb-unity/fonts/fonts.css
Origin
https://meine-loggin.luxurytravelinstyle.eu
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date
Mon, 20 Mar 2023 15:30:44 GMT
strict-transport-security
max-age=31536000
x-content-type-options
nosniff
content-security-policy
frame-ancestors https://*.deutsche-bank.de
via
1.1 0c792defeeaa18965559ad74895ea56a.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA60-P3
x-cache
Miss from cloudfront
content-length
25764
last-modified
Wed, 24 Feb 2021 08:20:14 GMT
server
Apache
db-nickname
VTJGc2RHVmtYMStkWllPS0VGaFJOWGxraCtnMnI1TC9SWkdZMjh1K1gwMD0=
vary
Origin
x-frame-options
SAMEORIGIN, allow-from https://meine.deutsche-bank.de
content-type
font/woff2
access-control-allow-origin
*
cache-control
max-age=31536000, must-revalidate
accept-ranges
bytes
x-amz-cf-id
xnB5KnjfjPmcxbg8vgwtmbgjVUgYOewQVqZsSJ7OP91bIM_e3v9CFQ==
expires
Tue, 19 Mar 2024 15:30:44 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Postbank (Banking)

2 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 boolean| credentialless

1 Cookies

Domain/Path Name / Value
meine-loggin.luxurytravelinstyle.eu/ Name: PHPSESSID
Value: rifb7h74s5la426u7j91mooqu6

1 Console Messages

Source Level URL
Text
network error URL: https://meine-loggin.luxurytravelinstyle.eu/meine/assets/cross-domain-bridge.html
Message:
Failed to load resource: the server responded with a status of 404 ()