ScanMalware.com

Security Scan Report: bs-lueneburg.de

Redirected to: https://login.microsoftonline.com/9323cc88-644e-4a5b-b004-d62bddad6b02/oauth2/v2.0/authorize?client_id=cac636da-e767-4b6e-bc7c-3d0f23d239c1&redirect_uri=https%3A%2F%2Fbs-lueneburg.de%2F&response_mode=form_post&scope=openid+email+profile&state=https%253A%252F%252Fbs-lueneburg.de%252Fwp-admin%252F&nonce=68f34391cb60d&response_type=code&sso_reload=true

Submitted: Oct 18, 2025, 7:36:39 AMCompleted: Oct 18, 2025, 7:37:43 AMpubliccompleted
Loading additional data...

Summary

This website contacted 32 IPs in 3 countries across 5 domains to perform 19 HTTP transactions. The main domain is login.microsoftonline.com.

Submitted URL: https://bs-lueneburg.de/wp-admin

Effective URL: https://login.microsoftonline.com/9323cc88-644e-4a5b-b004-d62bddad6b02/oauth2/v2.0/authorize?client_id=cac636da-e767-4b6e-bc7c-3d0f23d239c1&redirect_uri=https%3A%2F%2Fbs-lueneburg.de%2F&response_mode=form_post&scope=openid+email+profile&state=https%253A%252F%252Fbs-lueneburg.de%252Fwp-admin%252F&nonce=68f34391cb60d&response_type=code&sso_reload=trueRedirected

AI Security Verdict

Confirmed Scam

Confidence: 92%

9
Risk Score

Phishing site using a compromised WordPress domain to harvest Microsoft credentials.

Risk Factors
Compromised WordPress site used for credential harvesting
Password collection form on suspicious domain
Brand impersonation (Microsoft) on a non‑official, unranked domain
Likely newly registered domain with no reputation
Multiple redirects to a legitimate login page to harvest credentials
Domain age information unavailable

Details

Page Title

Sign in to your account

Scan Type

public

Language

🇺🇸

English

(64% confidence)

Category

unknown

(0%)

Domain Information

The domain name 'bs-lueneburg.de' uses the German country-code top-level domain (.de) without a subdomain. Count 12 characters in 'bs-lueneburg' containing 4 vowels alongside seven consonants, along with 1 hyphen. Word splitting yields four words: bs, lu, e, neburg. Median word length is 2 characters. The linguistic tilt is Italian for 'lu'. You will also see it in Albanian and Galician contexts.

Screenshot

Security scan screenshot of https://bs-lueneburg.de/wp-admin

Page Load Overview

9.49s
Total Load Time
19
HTTP Requests
5
Domains
511 KB
Total Size

Language Analysis

Primary Language

🇺🇸English
Code: en
Confidence:64%
Script:Latin
Direction:ltr

Detection Details

Language Code:en
Detection Confidence:64%
Script Type:Latin
HTML Lang Attribute:en
Text Length:109 chars
Detector Agreement:100%

Website Classification

Primary Category

unknown0% confidence
Type: webapp
Method: structural

All Detected Categories

No categories detected

Detected Features

Login Form
Search

Domain & IP Information

RequestsIP AddressLocationAS Autonomous System
1940.126.32.138Amsterdam, North Holland, Netherlands
AS8075MICROSOFT-CORP-MSN-AS-BLOCK
0217.160.0.105Germany
AS8560IONOS SE
040.126.32.76Amsterdam, North Holland, Netherlands
AS8075MICROSOFT-CORP-MSN-AS-BLOCK
023.207.210.137Frankfurt am Main, Hesse, Germany
AS20940Akamai International B.V.
020.190.160.22Amsterdam, North Holland, Netherlands
AS8075MICROSOFT-CORP-MSN-AS-BLOCK
013.107.246.44United States
AS8075MICROSOFT-CORP-MSN-AS-BLOCK
020.190.160.64Amsterdam, North Holland, Netherlands
AS8075MICROSOFT-CORP-MSN-AS-BLOCK
020.190.160.17Amsterdam, North Holland, Netherlands
AS8075MICROSOFT-CORP-MSN-AS-BLOCK
023.207.210.132Frankfurt am Main, Hesse, Germany
AS20940Akamai International B.V.
020.190.160.3Amsterdam, North Holland, Netherlands
AS8075MICROSOFT-CORP-MSN-AS-BLOCK
1932--

Detected Technologies4

X-UA-Compatible
100%
PasswordField
100%
Meta-Refresh-Redirect
100%
Ghost
15%

Content Similarity HashesFor malware variant detection

TLSH (Trend Micro Locality Sensitive Hash)

Security-focused

Specialized for malware detection and similarity analysis

T105733ADB7EB2293B824A41B5B4766E026F365903884CDD60F19CCD842FFB65E8137653

ssdeep (Context Triggered Piecewise Hashing)

Context-aware

Detects similar content even with modifications

1536:FY8GLGG3ZGqKzUoKzTEyqU6MVnvnaloMPbEEnYivC:O8IZGqWUayS2SC

sdhash (Similarity Digest Hashing)

High-precision

High-precision similarity detection for forensic analysis

sdhash:3:76775:ADEoYFSKQQcg5BKoHkAqAV4QIZKcjiyoEBojClEGoLgQGRiW0ADgSHDQdSyAAsCG6hkgQIpD8YJicsCiFIIuQFgFQS+CVACV

These hashes enable detection of similar websites and malware variants by comparing content similarity even when exact matches aren't found.

Image Hashes

Perceptual Hashes

Average Hash:ef671c1c38189683
Perceptual Hash:9c93766589984a9f
Difference Hash:0b4c71717275242e
Wavelet Hash:efe71c1c38189783
Color Hash:#bfd279

Other Hashes

Crop Resistant:e26072bcc283e4e2,0b4c71717275242e

Scan History

Scan history not available

Unable to load historical scan data