urlscan.io logo urlscan.io
SecurityTrails logo

aurumproject.ru Open in urlscan Pro
178.208.83.10  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://www.reneehindman.com/reneeh9/
Effective URL: https://aurumproject.ru/modules/mod_articles_popular/tmpl/httpd/melis/
Submission: On December 17 via api from US — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 1 IPs in 2 countries across 2 domains to perform 7 HTTP transactions. The main IP is 178.208.83.10, located in Russian Federation and belongs to EUROBYTE Eurobyte LLC, RU. The main domain is aurumproject.ru.
TLS certificate: Issued by R3 on November 26th 2021. Valid for: 3 months.
This is the only time aurumproject.ru was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Lufthansa (Transportation)

Domain & IP information

IP Address AS Autonomous System
1 1 104.244.124.27 22611 (INMOTION)
7 178.208.83.10 210079 (EUROBYTE ...)
7 1
Apex Domain
Subdomains		 Transfer
7 aurumproject.ru
aurumproject.ru
136 KB
1 reneehindman.com
www.reneehindman.com
120 B
7 2
Domain Requested by
7 aurumproject.ru aurumproject.ru
1 www.reneehindman.com 1 redirects
7 2

This site contains no links.

Subject Issuer Validity Valid
aurumproject.ru
R3		 2021-11-26 -
2022-02-24		 3 months crt.sh

This page contains 1 frames:

Primary Page: https://aurumproject.ru/modules/mod_articles_popular/tmpl/httpd/melis/
Frame ID: 34CB3F6CDDA75C523A138FE6E8131870
Requests: 7 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Miles and More Online-Kartenkonto

Page URL History Show full URLs

  1. https://www.reneehindman.com/reneeh9/ HTTP 302
    https://aurumproject.ru/modules/mod_articles_popular/tmpl/httpd/melis/ Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • <div [^>]*class="[^"]*(?:small|medium|large)-\d{1,2} columns

Page Statistics

7
Requests

100 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

1
IPs

2
Countries

136 kB
Transfer

443 kB
Size

0
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://www.reneehindman.com/reneeh9/ HTTP 302
    https://aurumproject.ru/modules/mod_articles_popular/tmpl/httpd/melis/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

7 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
aurumproject.ru/modules/mod_articles_popular/tmpl/httpd/melis/
Redirect Chain
  • https://www.reneehindman.com/reneeh9/
  • https://aurumproject.ru/modules/mod_articles_popular/tmpl/httpd/melis/
7 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://aurumproject.ru/modules/mod_articles_popular/tmpl/httpd/melis/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server
178.208.83.10 , Russian Federation, ASN210079 (EUROBYTE Eurobyte LLC, RU),
Reverse DNS
s6.h.mchost.ru
Software
nginx /
Resource Hash
9ef7cbe5e66bdc77cd5e6397c161e4ba162d502cef31166ae86bbe059a2a0548
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language
de-DE,de;q=0.9

Response headers

server
nginx
date
Fri, 17 Dec 2021 16:05:00 GMT
content-type
text/html
vary
Accept-Encoding
x-content-type-options
nosniff
last-modified
Sun, 17 Oct 2021 10:21:40 GMT
etag
W/"458580e-1db0-5ce89cb49b500"
content-encoding
gzip

Redirect headers

location
https://aurumproject.ru/modules/mod_articles_popular/tmpl/httpd/melis/
content-type
text/html; charset=UTF-8
date
Fri, 17 Dec 2021 16:05:00 GMT
server
Apache
brand-min.css
aurumproject.ru/modules/mod_articles_popular/tmpl/httpd/melis/Style/ 		374 KB
71 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://aurumproject.ru/modules/mod_articles_popular/tmpl/httpd/melis/Style/brand-min.css
Requested by
Host: aurumproject.ru
URL: https://aurumproject.ru/modules/mod_articles_popular/tmpl/httpd/melis/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server
178.208.83.10 , Russian Federation, ASN210079 (EUROBYTE Eurobyte LLC, RU),
Reverse DNS
s6.h.mchost.ru
Software
nginx /
Resource Hash
9ad52c89368e82b25de969e746012890b5d1d3cce524ff2b06095faefd0e219c

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://aurumproject.ru/modules/mod_articles_popular/tmpl/httpd/melis/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Fri, 17 Dec 2021 16:05:00 GMT
content-encoding
gzip
last-modified
Sun, 17 Oct 2021 07:18:20 GMT
server
nginx
etag
W/"616bce3c-5d784"
vary
Accept-Encoding
content-type
text/css
cache-control
max-age=315360000
expires
Thu, 31 Dec 2037 23:55:55 GMT
logo.png
aurumproject.ru/modules/mod_articles_popular/tmpl/httpd/melis/Style/ 		3 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://aurumproject.ru/modules/mod_articles_popular/tmpl/httpd/melis/Style/logo.png
Requested by
Host: aurumproject.ru
URL: https://aurumproject.ru/modules/mod_articles_popular/tmpl/httpd/melis/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server
178.208.83.10 , Russian Federation, ASN210079 (EUROBYTE Eurobyte LLC, RU),
Reverse DNS
s6.h.mchost.ru
Software
nginx /
Resource Hash
5f860bda689940395f68c8d2177985332efc38df1add0814a05fe6a5f96d2439

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://aurumproject.ru/modules/mod_articles_popular/tmpl/httpd/melis/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Fri, 17 Dec 2021 16:05:00 GMT
last-modified
Sun, 28 Feb 2021 22:01:00 GMT
server
nginx
etag
"603c129c-c6b"
content-type
image/png
cache-control
max-age=315360000
accept-ranges
bytes
content-length
3179
expires
Thu, 31 Dec 2037 23:55:55 GMT
calc.png
aurumproject.ru/modules/mod_articles_popular/tmpl/httpd/melis/Style/ 		474 B
649 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://aurumproject.ru/modules/mod_articles_popular/tmpl/httpd/melis/Style/calc.png
Requested by
Host: aurumproject.ru
URL: https://aurumproject.ru/modules/mod_articles_popular/tmpl/httpd/melis/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server
178.208.83.10 , Russian Federation, ASN210079 (EUROBYTE Eurobyte LLC, RU),
Reverse DNS
s6.h.mchost.ru
Software
nginx /
Resource Hash
55925c9223edddf35f6b3c8037045a31999b4d9589ffd808183d287c27c6f452

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://aurumproject.ru/modules/mod_articles_popular/tmpl/httpd/melis/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Fri, 17 Dec 2021 16:05:00 GMT
last-modified
Sun, 17 Oct 2021 08:17:26 GMT
server
nginx
etag
"616bdc16-1da"
content-type
image/png
cache-control
max-age=315360000
accept-ranges
bytes
content-length
474
expires
Thu, 31 Dec 2037 23:55:55 GMT
Login_Teaser_1.jpg
aurumproject.ru/modules/mod_articles_popular/tmpl/httpd/melis/Style/ 		11 KB
12 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://aurumproject.ru/modules/mod_articles_popular/tmpl/httpd/melis/Style/Login_Teaser_1.jpg
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server
178.208.83.10 , Russian Federation, ASN210079 (EUROBYTE Eurobyte LLC, RU),
Reverse DNS
s6.h.mchost.ru
Software
nginx /
Resource Hash
00876c3905a9c20877a672fac341a9de88eb72f08883284f2de9eb2a3d4d933d

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://aurumproject.ru/modules/mod_articles_popular/tmpl/httpd/melis/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Fri, 17 Dec 2021 16:05:00 GMT
last-modified
Sun, 17 Oct 2021 08:12:06 GMT
server
nginx
etag
"616bdad6-2df1"
content-type
image/jpeg
cache-control
max-age=315360000
accept-ranges
bytes
content-length
11761
expires
Thu, 31 Dec 2037 23:55:55 GMT
Login_Teaser_2.jpg
aurumproject.ru/modules/mod_articles_popular/tmpl/httpd/melis/Style/ 		29 KB
29 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://aurumproject.ru/modules/mod_articles_popular/tmpl/httpd/melis/Style/Login_Teaser_2.jpg
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server
178.208.83.10 , Russian Federation, ASN210079 (EUROBYTE Eurobyte LLC, RU),
Reverse DNS
s6.h.mchost.ru
Software
nginx /
Resource Hash
87be7352a44beb76fe90497c91ef9616bdfc7f7f09ddbc0cbfb1d6ca3abdaf70

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://aurumproject.ru/modules/mod_articles_popular/tmpl/httpd/melis/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Fri, 17 Dec 2021 16:05:00 GMT
last-modified
Sun, 17 Oct 2021 08:11:46 GMT
server
nginx
etag
"616bdac2-7343"
content-type
image/jpeg
cache-control
max-age=315360000
accept-ranges
bytes
content-length
29507
expires
Thu, 31 Dec 2037 23:55:55 GMT
Login_Teaser_3.jpg
aurumproject.ru/modules/mod_articles_popular/tmpl/httpd/melis/Style/ 		18 KB
18 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://aurumproject.ru/modules/mod_articles_popular/tmpl/httpd/melis/Style/Login_Teaser_3.jpg
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server
178.208.83.10 , Russian Federation, ASN210079 (EUROBYTE Eurobyte LLC, RU),
Reverse DNS
s6.h.mchost.ru
Software
nginx /
Resource Hash
9fe593f72a58398fe5a0bb041bdc1135d0044e959a66d513452561508d836e80

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://aurumproject.ru/modules/mod_articles_popular/tmpl/httpd/melis/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Fri, 17 Dec 2021 16:05:00 GMT
last-modified
Sun, 17 Oct 2021 07:29:36 GMT
server
nginx
etag
"616bd0e0-46b2"
content-type
image/jpeg
cache-control
max-age=315360000
accept-ranges
bytes
content-length
18098
expires
Thu, 31 Dec 2037 23:55:55 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Lufthansa (Transportation)

0 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
X-Content-Type-Options nosniff