erneuerung-einverstaendnis.xyz Open in urlscan Pro
2a06:98c1:3120::7 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://cutt.ly/KOWUixY
Effective URL:
https://erneuerung-einverstaendnis.xyz/login/dgYaPfaHFjEUrLxDbv&WzDhzUGOfituwQGue=wJIBqElBKjpI-FSVczbmnpAQ&tOBbFlindyQKErnuGIW=xHvVZSiq...
Submission Tags: volksbank phishing Search All
Submission: On February 02 via manual (February 2nd 2022, 8:03:23 pm UTC) from DE — Scanned from DE

Summary HTTP 9 Redirects Behaviour Indicators

Summary

This website contacted 2 IPs in 1 countries across 5 domains to perform 9 HTTP transactions. The main IP is 2a06:98c1:3120::7, located in United States and belongs to CLOUDFLARENET, US. The main domain is erneuerung-einverstaendnis.xyz.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on January 26th 2022. Valid for: a year.

This is the only time erneuerung-einverstaendnis.xyz was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Volksbank (Banking)

Domain & IP information

	IP Address	AS Autonomous System
1 1	2606:4700:10:... 2606:4700:10::6816:e8	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 1	172.67.167.135 172.67.167.135	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 1	2606:4700:303... 2606:4700:3035::6815:138e	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 8	2a06:98c1:312... 2a06:98c1:3120::7	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2606:4700::68... 2606:4700::6810:125e	13335 (CLOUDFLAR...) (CLOUDFLARENET)
9	2

1 2606:4700:10::6816:e8 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

cutt.ly	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.67.167.135 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

jkxtsk.xyz	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:3035::6815:138e (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

glockschuss.xyz	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2a06:98c1:3120::7 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

erneuerung-einverstaendnis.xyz	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6810:125e (United States)

ASN13335 (CLOUDFLARENET, US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
8	erneuerung-einverstaendnis.xyz 1 redirects erneuerung-einverstaendnis.xyz	126 KB
2	cloudflare.com cdnjs.cloudflare.com — Cisco Umbrella Rank: 227	31 KB
1	glockschuss.xyz 1 redirects glockschuss.xyz	596 B
1	jkxtsk.xyz 1 redirects jkxtsk.xyz	683 B
1	cutt.ly 1 redirects cutt.ly — Cisco Umbrella Rank: 63623	441 B
9	5

	Domain	Requested by
8	erneuerung-einverstaendnis.xyz	1 redirects erneuerung-einverstaendnis.xyz
2	cdnjs.cloudflare.com	erneuerung-einverstaendnis.xyz
1	glockschuss.xyz	1 redirects
1	jkxtsk.xyz	1 redirects
1	cutt.ly	1 redirects
9	5

This site contains no links.

Subject Issuer	Validity	Valid
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2022-01-26` - `2023-01-25`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://erneuerung-einverstaendnis.xyz/login/dgYaPfaHFjEUrLxDbv&WzDhzUGOfituwQGue=wJIBqElBKjpI-FSVczbmnpAQ&tOBbFlindyQKErnuGIW=xHvVZSiqINyUI
Frame ID: B120D762252A54FF6029E7F26FC8DFA5
Requests: 9 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Anmeldung - Volksbank eG Online-Filiale

Page URL History Show full URLs

https://cutt.ly/KOWUixY HTTP 301
http://jkxtsk.xyz/6HLLb6LA HTTP 302
https://glockschuss.xyz/hurensohn HTTP 307
https://erneuerung-einverstaendnis.xyz/?s=rgik20t09yf1ofy15oibi3xjs1garj6n HTTP 302
https://erneuerung-einverstaendnis.xyz/login/dgYaPfaHFjEUrLxDbv&WzDhzUGOfituwQGue=wJIBqElBKjpI-FSVczbmnpAQ&tOBbFlin... Page URL

Detected technologies

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

/([\d.]+)/jquery(?:\.min)?\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

9
Requests

100 %
HTTPS

80 %
IPv6

5
Domains

5
Subdomains

2
IPs

1
Countries

156 kB
Transfer

426 kB
Size

2
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://cutt.ly/KOWUixY HTTP 301
http://jkxtsk.xyz/6HLLb6LA HTTP 302
https://glockschuss.xyz/hurensohn HTTP 307
https://erneuerung-einverstaendnis.xyz/?s=rgik20t09yf1ofy15oibi3xjs1garj6n HTTP 302
https://erneuerung-einverstaendnis.xyz/login/dgYaPfaHFjEUrLxDbv&WzDhzUGOfituwQGue=wJIBqElBKjpI-FSVczbmnpAQ&tOBbFlindyQKErnuGIW=xHvVZSiqINyUI Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

9 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request dgYaPfaHFjEUrLxDbv&WzDhzUGOfituwQGue=wJIBqElBKjpI-FSVczbmnpAQ&tOBbFlindyQKErnuGIW=xHvVZSiqINyUI Show response
erneuerung-einverstaendnis.xyz/login/
Redirect Chain

https://cutt.ly/KOWUixY
http://jkxtsk.xyz/6HLLb6LA
https://glockschuss.xyz/hurensohn
https://erneuerung-einverstaendnis.xyz/?s=rgik20t09yf1ofy15oibi3xjs1garj6n
https://erneuerung-einverstaendnis.xyz/login/dgYaPfaHFjEUrLxDbv&WzDhzUGOfituwQGue=wJIBqElBKjpI-FSVczbmnpAQ&tOBbFlindyQKErnuGIW=xHvVZSiqINyUI

7 KB
2 KB

201ms
200ms

Document
text/html

2a06:98c1:3120::7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://erneuerung-einverstaendnis.xyz/login/dgYaPfaHFjEUrLxDbv&WzDhzUGOfituwQGue=wJIBqElBKjpI-FSVczbmnpAQ&tOBbFlindyQKErnuGIW=xHvVZSiqINyUI
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a06:98c1:3120::7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3b6538fd507f985616627af0c1f2db1081531c42d9ea94e2beb5d29472257b95

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9

Response headers

date: Wed, 02 Feb 2022 20:03:18 GMT
content-type: text/html; charset=UTF-8
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
vary: Accept-Encoding
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7Jtux%2BTlKU3lt57Js9znOAc7HF0u6MFskd756g%2FRSvYWRy3aRGDoJ%2BN8LPvt1QT8iMaTCXw5hqvNaw1ic34xI5widv3dOw6Cr2amqgpQbSuRdsyVHYI%2FKmnL428VklEJVCInzd%2FH6csFFi0Iy%2FI8ROvKph%2Fj%2FhDQbLFVFmo%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 6d7605a70bcb5b92-FRA
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

Redirect headers

date: Wed, 02 Feb 2022 20:03:18 GMT
content-type: text/html; charset=UTF-8
location: https://erneuerung-einverstaendnis.xyz/login/dgYaPfaHFjEUrLxDbv&WzDhzUGOfituwQGue=wJIBqElBKjpI-FSVczbmnpAQ&tOBbFlindyQKErnuGIW=xHvVZSiqINyUI
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ns0o5i0HzeOPu4%2FCKfycOZz1oKp3eHEuuAjsrA4z1XuVEdkLwsF0%2BdobgKsuJZGgeIzdw0DUClgEir9KpnUi8XCgfgnbHSsdjqFRrh9JdhlpdCkJk8TOdTMss2sVmZ0x%2FnUqBrnX1JzkAp4t5OWixNk5Ykc5HQW9eDnLW0Y%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 6d7605a569045b92-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H3 200 c3R5bGUuY3NzLXFiN3I1djlxMnVjODZkOWF2OWVmc2psOGoz
erneuerung-einverstaendnis.xyz/assets/css/style/ 190 KB
27 KB 289ms
289ms Stylesheet
text/css 2a06:98c1:3120::7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://erneuerung-einverstaendnis.xyz/assets/css/style/c3R5bGUuY3NzLXFiN3I1djlxMnVjODZkOWF2OWVmc2psOGoz
Requested by: Host: erneuerung-einverstaendnis.xyz
URL: https://erneuerung-einverstaendnis.xyz/login/dgYaPfaHFjEUrLxDbv&WzDhzUGOfituwQGue=wJIBqElBKjpI-FSVczbmnpAQ&tOBbFlindyQKErnuGIW=xHvVZSiqINyUI
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a06:98c1:3120::7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: dc7b12d27bf3d0ce6ac848dc52e9ab6534f325de89fde07bdab0c868e1151bce

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://erneuerung-einverstaendnis.xyz/login/dgYaPfaHFjEUrLxDbv&WzDhzUGOfituwQGue=wJIBqElBKjpI-FSVczbmnpAQ&tOBbFlindyQKErnuGIW=xHvVZSiqINyUI
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 02 Feb 2022 20:03:18 GMT
content-encoding: br
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PFbapTK7JL43sVd1RYsLMuygu84U9JGYt2mVAvG16ChLQSdsc%2BE%2BKeWFB9yJw25X4ry2%2BgmIH2eA7NKUBRpFrSNPStYOUA9NJPNtEuoHI27bE7wA5PhI0fmjK3t6xRoQf3dCGJuyA1LFgjcms9ZDnSxlCsM%2BVMWO18MdOCM%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css;charset=UTF-8
cache-control: no-store, no-cache, must-revalidate
cf-ray: 6d7605a86a8d5c14-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
expires: Thu, 19 Nov 1981 08:52:00 GMT

GET
H3 200 invisible.js Show response
erneuerung-einverstaendnis.xyz/cdn-cgi/challenge-platform/h/g/scripts/ 45 KB
16 KB 78ms
78ms Script
text/javascript 2a06:98c1:3120::7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://erneuerung-einverstaendnis.xyz/cdn-cgi/challenge-platform/h/g/scripts/invisible.js
Requested by: Host: erneuerung-einverstaendnis.xyz
URL: https://erneuerung-einverstaendnis.xyz/login/dgYaPfaHFjEUrLxDbv&WzDhzUGOfituwQGue=wJIBqElBKjpI-FSVczbmnpAQ&tOBbFlindyQKErnuGIW=xHvVZSiqINyUI
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a06:98c1:3120::7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f98c05f5c4c46c92cd88d97c5f19cc9805626ff24359c15edaaf1a24ebaa18e4

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://erneuerung-einverstaendnis.xyz/login/dgYaPfaHFjEUrLxDbv&WzDhzUGOfituwQGue=wJIBqElBKjpI-FSVczbmnpAQ&tOBbFlindyQKErnuGIW=xHvVZSiqINyUI
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 02 Feb 2022 20:03:18 GMT
content-encoding: br
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LrzOjWZG1o1PWKPEjrlYAh%2FN8li0c%2B82FLMZ1Y7oIvNqjC3N%2FtEVEfOTGs%2FZGyqvlfibtB6p%2BTByW3uOr3gp7osj4dr36IBOBYeZG2yKG9dMRSHFWcKRqE8r%2BMev9f4XVhU96j5QeMhjNvc62L9llxPd%2BZX2Nfqu1zNYftA%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/javascript
cache-control: max-age=604800, public
x-control-type-options: nosniff
cf-ray: 6d7605a86a915c14-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H3 200 echtzeit.jpg
erneuerung-einverstaendnis.xyz/images/ 65 KB
65 KB 453ms
452ms Image
image/jpeg 2a06:98c1:3120::7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://erneuerung-einverstaendnis.xyz/images/echtzeit.jpg?ofjvinrAqJiG
Requested by: Host: erneuerung-einverstaendnis.xyz
URL: https://erneuerung-einverstaendnis.xyz/login/dgYaPfaHFjEUrLxDbv&WzDhzUGOfituwQGue=wJIBqElBKjpI-FSVczbmnpAQ&tOBbFlindyQKErnuGIW=xHvVZSiqINyUI
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a06:98c1:3120::7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f925f4c3b3aef454d845b98490601cb26f391720bfe36879a466b02c74b61e95

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://erneuerung-einverstaendnis.xyz/login/dgYaPfaHFjEUrLxDbv&WzDhzUGOfituwQGue=wJIBqElBKjpI-FSVczbmnpAQ&tOBbFlindyQKErnuGIW=xHvVZSiqINyUI
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 02 Feb 2022 20:03:18 GMT
cf-cache-status: MISS
last-modified: Tue, 09 Jul 2019 18:44:25 GMT
server: cloudflare
etag: "10322-58d43f3227440"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KqyR5aZaw9cymHEmJJ%2FZMPreInybXi4NxNBvD9juKrYnNrd6u7DaoariaPGSfZgl2%2FM4tdbq4lAcCPl9zP%2Fim8rO0geza4eMIeNPpbApPchvKxABd1C6se3Txc%2B%2BYf%2F2yDFPDqf9XtXXN8grZf%2Fl5zPH7EhduXqcgSyzFIw%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: max-age=14400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 6d7605a86a985c14-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 66338

GET
H2 200 jquery.min.js Show response
cdnjs.cloudflare.com/ajax/libs/jquery/3.4.1/ 86 KB
28 KB 65ms
27ms Script
application/javascript 2606:4700::6810:125e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/jquery/3.4.1/jquery.min.js

Requested by

Host: erneuerung-einverstaendnis.xyz
URL: https://erneuerung-einverstaendnis.xyz/login/dgYaPfaHFjEUrLxDbv&WzDhzUGOfituwQGue=wJIBqElBKjpI-FSVczbmnpAQ&tOBbFlindyQKErnuGIW=xHvVZSiqINyUI

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:125e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0925e8ad7bd971391a8b1e98be8e87a6971919eb5b60c196485941c3c1df089a

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://erneuerung-einverstaendnis.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 02 Feb 2022 20:03:18 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 728465
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 27748
timing-allow-origin: *
last-modified: Mon, 04 May 2020 16:11:48 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03ec4-15851"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15780000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=OnBfaM9%2BGDf8uzfyOO4fmGQdl4KQs5x7zxW0Pfdu%2F%2Fk0Lc9om1Ae%2B4%2BkcJCIyPa1iRO8OF10exujcU2XteRuaijs5%2F%2FjGSvSO%2FneOykXDSZcIcWxvOpvoBrvG1HFsVQ%2BATsbl7rUnptXG0GR2jTrHGUt"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=30672000
accept-ranges: bytes
cf-ray: 6d7605a8a9b791d7-FRA
expires: Mon, 23 Jan 2023 20:03:18 GMT

GET
H2 200 jquery.mask.min.js Show response
cdnjs.cloudflare.com/ajax/libs/jquery.mask/1.14.15/ 8 KB
3 KB 68ms
30ms Script
application/javascript 2606:4700::6810:125e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/jquery.mask/1.14.15/jquery.mask.min.js

Requested by

Host: erneuerung-einverstaendnis.xyz
URL: https://erneuerung-einverstaendnis.xyz/login/dgYaPfaHFjEUrLxDbv&WzDhzUGOfituwQGue=wJIBqElBKjpI-FSVczbmnpAQ&tOBbFlindyQKErnuGIW=xHvVZSiqINyUI

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:125e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

bbb318e841b96acb3c2614eec417a4d7caf9606ea996507dccba84e2f6724e7e

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://erneuerung-einverstaendnis.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 02 Feb 2022 20:03:18 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 3736
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 3038
timing-allow-origin: *
last-modified: Mon, 04 May 2020 16:11:47 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03ec3-1ff9"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15780000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LalQDHcwMnPsBntrUw1Key%2F8cN5F0HFrjJ4AJy%2BufPdLGs3TDLGl2BngOnLAfJ%2BphTnWG4waaNd%2B1BiegrdNPle8gkqNL%2Fj%2B7Ligk4TtvG3PiNmQTcH1u6QAdW6D4Fkk%2BepObCECPRkcEL8XNTIhDDHc"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=30672000
accept-ranges: bytes
cf-ray: 6d7605a8a9ba91d7-FRA
expires: Mon, 23 Jan 2023 20:03:18 GMT

GET
H3 200 c2l0ZS5qcy1xYjdyNXY5cTJ1Yzg2ZDlhdjllZnNqbDhqMw Show response
erneuerung-einverstaendnis.xyz/assets/js/site/ 12 KB
2 KB 261ms
260ms Script
text/javascript 2a06:98c1:3120::7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://erneuerung-einverstaendnis.xyz/assets/js/site/c2l0ZS5qcy1xYjdyNXY5cTJ1Yzg2ZDlhdjllZnNqbDhqMw
Requested by: Host: erneuerung-einverstaendnis.xyz
URL: https://erneuerung-einverstaendnis.xyz/login/dgYaPfaHFjEUrLxDbv&WzDhzUGOfituwQGue=wJIBqElBKjpI-FSVczbmnpAQ&tOBbFlindyQKErnuGIW=xHvVZSiqINyUI
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a06:98c1:3120::7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4b6c9377bb29212ccd43bdf80a2598eab08cb2ac4be8ecb82f6de0ea766b8e9b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://erneuerung-einverstaendnis.xyz/login/dgYaPfaHFjEUrLxDbv&WzDhzUGOfituwQGue=wJIBqElBKjpI-FSVczbmnpAQ&tOBbFlindyQKErnuGIW=xHvVZSiqINyUI
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 02 Feb 2022 20:03:18 GMT
content-encoding: br
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=i8uovVF5StAMxVVduQErQHW8hkuKZc6Dq43w93UVxxo8g1j95ckUUMm6OuqlelUmA%2FfgXZSa5o78GA6oJVoj%2FfecuO%2FcFcaRk1Y9T4fCwR3xPvUFda5KKGrHN5LKBJLWfC%2BSJcND0beOv1bg9isfdGcB%2BkMdAQpGUzKAoaw%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/javascript;charset=UTF-8
cache-control: no-store, no-cache, must-revalidate
cf-ray: 6d7605a86a945c14-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
expires: Thu, 19 Nov 1981 08:52:00 GMT

GET
H3 200 logo.png
erneuerung-einverstaendnis.xyz/images/ 11 KB
12 KB 258ms
258ms Image
image/png 2a06:98c1:3120::7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://erneuerung-einverstaendnis.xyz/images/logo.png?nOYIMXsfDPmx
Requested by: Host: erneuerung-einverstaendnis.xyz
URL: https://erneuerung-einverstaendnis.xyz/assets/css/style/c3R5bGUuY3NzLXFiN3I1djlxMnVjODZkOWF2OWVmc2psOGoz
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a06:98c1:3120::7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 484e193247ff1d9817990f0a936e75dc76ed69859cf8f1c854dff331fda44da8

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://erneuerung-einverstaendnis.xyz/assets/css/style/c3R5bGUuY3NzLXFiN3I1djlxMnVjODZkOWF2OWVmc2psOGoz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 02 Feb 2022 20:03:19 GMT
cf-cache-status: MISS
last-modified: Tue, 09 Jul 2019 18:44:25 GMT
server: cloudflare
etag: "2d6c-58d43f3227440"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9HqupRL2G%2Fjl%2FGCQbipy4F6MALS1kAV7yosraLmRRIkY0ucTeJV%2Fw9CIDXHr0x2gt2TkapO7pjY35Wyle76eH7DxF6wcej2G13UuIkuS0q612ILII64X1%2Bzx9fN7VL8vpTXmOD6HBSD1LtO4yO68p8KVJ8vdAKML6XXxJRQ%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=14400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 6d7605aae8ab5c14-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 11628

GET
H3 200 help.svg
erneuerung-einverstaendnis.xyz/images/ 1 KB
1 KB 257ms
257ms Image
image/svg+xml 2a06:98c1:3120::7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://erneuerung-einverstaendnis.xyz/images/help.svg?QkCHnSCotcYI
Requested by: Host: erneuerung-einverstaendnis.xyz
URL: https://erneuerung-einverstaendnis.xyz/assets/css/style/c3R5bGUuY3NzLXFiN3I1djlxMnVjODZkOWF2OWVmc2psOGoz
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a06:98c1:3120::7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 902d505be7f62ed937943900e4a9548f7e79c564a6749f9c81bd7017114d208c

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://erneuerung-einverstaendnis.xyz/assets/css/style/c3R5bGUuY3NzLXFiN3I1djlxMnVjODZkOWF2OWVmc2psOGoz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 02 Feb 2022 20:03:19 GMT
content-encoding: br
cf-cache-status: MISS
last-modified: Tue, 09 Jul 2019 18:44:25 GMT
server: cloudflare
etag: W/"4b5-58d43f3227440"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QnRK%2B%2FqXXRkoNee5T3zIAg3%2F%2B6YBN2rzzUbH0%2FcTC1QZu8cr11L43L97qmAHVECKOFE%2F0dry%2FSYLBOJm61QsxR4o5kERsx2Enw7LYth4fxcxX6Y211Jf4tyvY376YkmOMqluWNEw5zMKHVr7j05lvk9BCPNroGm0XRFCUes%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/svg+xml
cache-control: max-age=14400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 6d7605aae8ae5c14-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Volksbank (Banking)

8 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

2 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			cutt.ly/	1969-12-31 23:59:59	Name: PHPSESSID Value: 3vmpi825044qnn18omo9dueu22
			erneuerung-einverstaendnis.xyz/	1969-12-31 23:59:59	Name: PHPSESSID Value: qb7r5v9q2uc86d9av9efsjl8j3

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

cdnjs.cloudflare.com
cutt.ly
erneuerung-einverstaendnis.xyz
glockschuss.xyz
jkxtsk.xyz
172.67.167.135
2606:4700:10::6816:e8
2606:4700:3035::6815:138e
2606:4700::6810:125e
2a06:98c1:3120::7
0925e8ad7bd971391a8b1e98be8e87a6971919eb5b60c196485941c3c1df089a
3b6538fd507f985616627af0c1f2db1081531c42d9ea94e2beb5d29472257b95
484e193247ff1d9817990f0a936e75dc76ed69859cf8f1c854dff331fda44da8
4b6c9377bb29212ccd43bdf80a2598eab08cb2ac4be8ecb82f6de0ea766b8e9b
902d505be7f62ed937943900e4a9548f7e79c564a6749f9c81bd7017114d208c
bbb318e841b96acb3c2614eec417a4d7caf9606ea996507dccba84e2f6724e7e
dc7b12d27bf3d0ce6ac848dc52e9ab6534f325de89fde07bdab0c868e1151bce
f925f4c3b3aef454d845b98490601cb26f391720bfe36879a466b02c74b61e95
f98c05f5c4c46c92cd88d97c5f19cc9805626ff24359c15edaaf1a24ebaa18e4

erneuerung-einverstaendnis.xyz Open in urlscan Pro 2a06:98c1:3120::7 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

9 Requests

100 %HTTPS

80 %IPv6

5 Domains

5 Subdomains

2 IPs

1 Countries

156 kBTransfer

426 kBSize

2 Cookies

0 Outgoing links

Page URL History

Redirected requests

9 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

8 JavaScript Global Variables

2 Cookies

Indicators

erneuerung-einverstaendnis.xyz Open in urlscan Pro
2a06:98c1:3120::7 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

9
Requests

100 %
HTTPS

80 %
IPv6

5
Domains

5
Subdomains

2
IPs

1
Countries

156 kB
Transfer

426 kB
Size

2
Cookies

9 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!