miles-and-more-kartenabrechnug.com Open in urlscan Pro
37.9.175.196 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://tabienhengheng.com/wp-content/jetpack-waf/store/index-.php/
Effective URL:
https://miles-and-more-kartenabrechnug.com/login/c574524/Sign_in.php
Submission: On September 26 via api (September 26th 2024, 9:40:55 pm UTC) from US — Scanned from CA

Summary HTTP 15 Redirects Behaviour Indicators

Summary

This website contacted 2 IPs in 3 countries across 3 domains to perform 15 HTTP transactions. The main IP is 37.9.175.196, located in Slovakia and belongs to WEBSUPPORT-SRO-SK-AS, SK. The main domain is miles-and-more-kartenabrechnug.com.
TLS certificate: Issued by R10 on September 25th 2024. Valid for: 3 months.

This is the only time miles-and-more-kartenabrechnug.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Lufthansa (Transportation)

Domain & IP information

	IP Address	AS Autonomous System
1 1	203.170.190.149 203.170.190.149	9891 (CSLOX-IDC...) (CSLOX-IDC-AS-AP CS LOXINFO Public Company Limited.)
3 3	2a00:4b40:aaa... 2a00:4b40:aaaa:2009::6	51013 (WEBSUPPOR...) (WEBSUPPORT-SRO-SK-AS)
12	37.9.175.196 37.9.175.196	51013 (WEBSUPPOR...) (WEBSUPPORT-SRO-SK-AS)
3	104.17.25.14 104.17.25.14	13335 (CLOUDFLAR...) (CLOUDFLARENET)
15	2

1 203.170.190.149 (Thailand) 1 redirects

ASN9891 (CSLOX-IDC-AS-AP CS LOXINFO Public Company Limited., TH)
PTR: thsv43.hostatom.com

tabienhengheng.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:4b40:aaaa:2009::6 (Slovakia) 3 redirects

ASN51013 (WEBSUPPORT-SRO-SK-AS, SK)

miles-and-more-kartenabrechnug.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 37.9.175.196 (Slovakia)

ASN51013 (WEBSUPPORT-SRO-SK-AS, SK)
PTR: ing.r6.websupport.sk

miles-and-more-kartenabrechnug.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 104.17.25.14 (None, )

ASN13335 (CLOUDFLARENET, US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
15	miles-and-more-kartenabrechnug.com 3 redirects miles-and-more-kartenabrechnug.com	171 KB
3	cloudflare.com cdnjs.cloudflare.com — Cisco Umbrella Rank: 257	134 KB
1	tabienhengheng.com 1 redirects tabienhengheng.com	154 B
15	3

	Domain	Requested by
15	miles-and-more-kartenabrechnug.com	3 redirects miles-and-more-kartenabrechnug.com
3	cdnjs.cloudflare.com	miles-and-more-kartenabrechnug.com
1	tabienhengheng.com	1 redirects
15	3

This site contains no links.

Subject Issuer	Validity	Valid
miles-and-more-kartenabrechnug.com R10	`2024-09-25` - `2024-12-24`	3 months	crt.sh
cdnjs.cloudflare.com WE1	`2024-07-31` - `2024-10-29`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://miles-and-more-kartenabrechnug.com/login/c574524/Sign_in.php
Frame ID: C783148A9A6857168E3BA0DEFD84DBF2
Requests: 15 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Miles and More Online-Kartenkonto

Page URL History Show full URLs

https://tabienhengheng.com/wp-content/jetpack-waf/store/index-.php/ HTTP 302
https://miles-and-more-kartenabrechnug.com/login/ HTTP 302
https://miles-and-more-kartenabrechnug.com/login/c574524 HTTP 301
https://miles-and-more-kartenabrechnug.com/login/c574524/ HTTP 302
https://miles-and-more-kartenabrechnug.com/login/c574524/Sign_in.php Page URL

Detected technologies

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

\.php(?:$|\?)

AngularJS (JavaScript Frameworks) Expand

Overall confidence: 100%
Detected patterns

/([\d.]+(?:-?rc[.\d]*)*)/angular(?:\.min)?\.js
\bangular.{0,32}\.js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

/([\d.]+)/jquery(?:\.min)?\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

jQuery UI (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

([\d.]+)/jquery-ui(?:\.min)?\.js
jquery-ui.*\.js

Page Statistics

15
Requests

100 %
HTTPS

25 %
IPv6

3
Domains

3
Subdomains

2
IPs

3
Countries

304 kB
Transfer

1120 kB
Size

1
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://tabienhengheng.com/wp-content/jetpack-waf/store/index-.php/ HTTP 302
https://miles-and-more-kartenabrechnug.com/login/ HTTP 302
https://miles-and-more-kartenabrechnug.com/login/c574524 HTTP 301
https://miles-and-more-kartenabrechnug.com/login/c574524/ HTTP 302
https://miles-and-more-kartenabrechnug.com/login/c574524/Sign_in.php Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

15 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H3

200

Primary Request Sign_in.php Show response
miles-and-more-kartenabrechnug.com/login/c574524/
Redirect Chain

https://tabienhengheng.com/wp-content/jetpack-waf/store/index-.php/
https://miles-and-more-kartenabrechnug.com/login/
https://miles-and-more-kartenabrechnug.com/login/c574524
https://miles-and-more-kartenabrechnug.com/login/c574524/
https://miles-and-more-kartenabrechnug.com/login/c574524/Sign_in.php

6 KB
2 KB

197ms
197ms

Document
text/html

37.9.175.196
WEBSUPPORT-SRO-SK-AS

General

miles-and-more-kartenabrechnug.com Open in urlscan Pro 37.9.175.196 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

15 Requests

100 %HTTPS

25 %IPv6

3 Domains

3 Subdomains

2 IPs

3 Countries

304 kBTransfer

1120 kBSize

1 Cookies

0 Outgoing links

Page URL History

Redirected requests

15 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

4 JavaScript Global Variables

1 Cookies

Indicators

miles-and-more-kartenabrechnug.com Open in urlscan Pro
37.9.175.196 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

15
Requests

100 %
HTTPS

25 %
IPv6

3
Domains

3
Subdomains

2
IPs

3
Countries

304 kB
Transfer

1120 kB
Size

1
Cookies

15 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!