urlscan.io logo urlscan.io
SecurityTrails logo

crisswrites.com Open in urlscan Pro
2606:4700:3030::6815:2666  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://outlook-economic.com/web/index.php?UY1HNswqdR
Effective URL: https://crisswrites.com/?anmelden=u2WfrZNQeLa9i6l&id=CSxP8LzyVvtlqmQ&privatkunden=BrtC1s2OEJPWzRm
Submission: On August 29 via api from US — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 3 IPs in 2 countries across 5 domains to perform 14 HTTP transactions. The main IP is 2606:4700:3030::6815:2666, located in United States and belongs to CLOUDFLARENET, US. The main domain is crisswrites.com.
TLS certificate: Issued by GTS CA 1P5 on August 29th 2023. Valid for: 3 months.
This is the only time crisswrites.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Sparkasse (Banking)

Domain & IP information

IP Address AS Autonomous System
2 2 121.127.33.80 210083 (PRIVEX)
1 12 2606:4700:303... 13335 (CLOUDFLAR...)
2 2606:4700::68... 13335 (CLOUDFLAR...)
1 2606:4700::68... 13335 (CLOUDFLAR...)
14 3
Apex Domain
Subdomains		 Transfer
12 crisswrites.com
crisswrites.com
285 KB
2 jsdelivr.net
cdn.jsdelivr.net — Cisco Umbrella Rank: 334
23 KB
1 cloudflare.com
cdnjs.cloudflare.com — Cisco Umbrella Rank: 231
19 KB
1 scarpe-new.com
scarpe-new.com
242 B
1 outlook-economic.com
outlook-economic.com
255 B
14 5
Domain Requested by
12 crisswrites.com 1 redirects crisswrites.com
2 cdn.jsdelivr.net crisswrites.com
1 cdnjs.cloudflare.com crisswrites.com
1 scarpe-new.com 1 redirects
1 outlook-economic.com 1 redirects
14 5

This site contains no links.

Subject Issuer Validity Valid
crisswrites.com
GTS CA 1P5		 2023-08-29 -
2023-11-27		 3 months crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3		 2023-05-02 -
2024-05-01		 a year crt.sh

This page contains 1 frames:

Primary Page: https://crisswrites.com/?anmelden=u2WfrZNQeLa9i6l&id=CSxP8LzyVvtlqmQ&privatkunden=BrtC1s2OEJPWzRm
Frame ID: FBF3059A30EA33E7C0D0F87B2CAF5BD0
Requests: 14 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Online Legimitation

Page URL History Show full URLs

  1. http://outlook-economic.com/web/index.php?UY1HNswqdR HTTP 302
    http://scarpe-new.com/bmf/?EJkRspCSe4 HTTP 302
    https://crisswrites.com/ HTTP 302
    https://crisswrites.com/?anmelden=u2WfrZNQeLa9i6l&id=CSxP8LzyVvtlqmQ&privatkunden=BrtC1s2OEJPWzRm Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
  • (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
Overall confidence: 100%
Detected patterns
  • select2(?:\.min|\.full)?\.js
Overall confidence: 100%
Detected patterns
  • <link [^>]*?href="?[a-zA-Z]*?:?//cdn\.jsdelivr\.net/
  • //cdn\.jsdelivr\.net/

Page Statistics

14
Requests

100 %
HTTPS

75 %
IPv6

5
Domains

5
Subdomains

3
IPs

2
Countries

326 kB
Transfer

808 kB
Size

1
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://outlook-economic.com/web/index.php?UY1HNswqdR HTTP 302
    http://scarpe-new.com/bmf/?EJkRspCSe4 HTTP 302
    https://crisswrites.com/ HTTP 302
    https://crisswrites.com/?anmelden=u2WfrZNQeLa9i6l&id=CSxP8LzyVvtlqmQ&privatkunden=BrtC1s2OEJPWzRm Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

14 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
crisswrites.com/
Redirect Chain
  • http://outlook-economic.com/web/index.php?UY1HNswqdR
  • http://scarpe-new.com/bmf/?EJkRspCSe4
  • https://crisswrites.com/
  • https://crisswrites.com/?anmelden=u2WfrZNQeLa9i6l&id=CSxP8LzyVvtlqmQ&privatkunden=BrtC1s2OEJPWzRm
10 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://crisswrites.com/?anmelden=u2WfrZNQeLa9i6l&id=CSxP8LzyVvtlqmQ&privatkunden=BrtC1s2OEJPWzRm
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3030::6815:2666 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
05283e9a1a747237ab1dc6aa30b34fc0eb75846c39b4153b4d60eb9007810e96

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=86400
cache-control
no-store, no-cache, must-revalidate
cf-cache-status
DYNAMIC
cf-ray
7fe492487ca72bba-FRA
content-encoding
br
content-type
text/html; charset=UTF-8
date
Tue, 29 Aug 2023 11:49:34 GMT
expires
Thu, 19 Nov 1981 08:52:00 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
pragma
no-cache
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5nkoqfbhIX5KNanqhMTdZyWpIwGnrmBfMzGTFFJ8VLcPLU8IvU4xpcScI%2FpUIk1Dim8KYaYhDkwmApPuVN4QLosMlxWuc1ql4e83GMAUMT0MCGYE1JQ5DEurAz3YHqOMPVQ%2Bbn0y4deaokhpyDI%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding

Redirect headers

alt-svc
h3=":443"; ma=86400
cache-control
no-store, no-cache, must-revalidate
cf-cache-status
DYNAMIC
cf-ray
7fe492451fd62bba-FRA
content-type
text/html; charset=UTF-8
date
Tue, 29 Aug 2023 11:49:34 GMT
expires
Thu, 19 Nov 1981 08:52:00 GMT
location
?anmelden=u2WfrZNQeLa9i6l&id=CSxP8LzyVvtlqmQ&privatkunden=BrtC1s2OEJPWzRm
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
pragma
no-cache
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZIXpH5LvPR7i6WKDLLancPHMShVGIZ33RZeOMidCy8IwtsvODztwijJw4IipfzAneddDAD4cFp0AfwTlqBs8CcOXhnTwHBBcM1%2BpWL%2FSUaEfGKwNcbclEamahLgD0VcoeLSLOR%2FBq5XEHtyoNn4%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
r92d14e35dd03f4
crisswrites.com/ 		278 KB
45 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://crisswrites.com/r92d14e35dd03f4
Requested by
Host: crisswrites.com
URL: https://crisswrites.com/?anmelden=u2WfrZNQeLa9i6l&id=CSxP8LzyVvtlqmQ&privatkunden=BrtC1s2OEJPWzRm
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3030::6815:2666 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
42430363f4b415ddced86399df5970b2748d3c75c85aefb32760813cf7676df7

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://crisswrites.com/?anmelden=u2WfrZNQeLa9i6l&id=CSxP8LzyVvtlqmQ&privatkunden=BrtC1s2OEJPWzRm
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

pragma
no-cache
date
Tue, 29 Aug 2023 11:49:34 GMT
content-encoding
br
cf-cache-status
DYNAMIC
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BuDi5QtFoftNsFnNba7303mYTz%2FrCXFPRSdCEF1SU4HVVq%2FEL4pGZufIH91Eav6bdMuof6gBmYx6Nr0jVHytbOanBs0CkqRLTANeywW5rMg405J1N7y5q5JpatqsmLPPI8oW0CzKRzshlJs065U%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/css;charset=UTF-8
cache-control
no-store, no-cache, must-revalidate
cf-ray
7fe4924b2f9419ab-FRA
alt-svc
h3=":443"; ma=86400
expires
Thu, 19 Nov 1981 08:52:00 GMT
r45c49385e65d3a
crisswrites.com/ 		94 KB
34 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://crisswrites.com/r45c49385e65d3a
Requested by
Host: crisswrites.com
URL: https://crisswrites.com/?anmelden=u2WfrZNQeLa9i6l&id=CSxP8LzyVvtlqmQ&privatkunden=BrtC1s2OEJPWzRm
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3030::6815:2666 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b294e973896f8f874e90a8eb1a8908ac790980d034c4c4bdf0fc3d37b8abf682

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://crisswrites.com/?anmelden=u2WfrZNQeLa9i6l&id=CSxP8LzyVvtlqmQ&privatkunden=BrtC1s2OEJPWzRm
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

pragma
cache
date
Tue, 29 Aug 2023 11:49:34 GMT
content-encoding
br
cf-cache-status
DYNAMIC
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LNo6ErDnT3bw%2FQcKVFftLOQ%2FQJRCsDBSDuNvsOMWJAMnqaKf7D8zV56NQpto6THMsIXEAMrr4ih91dC6p1%2F%2FI4jmOcVNt3%2B3RP%2F%2B32y57Jgtm2U40E01GXEt%2Ffq0yhINUmiE0K6sD47zwiK2f2A%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/plain;charset=UTF-8
cache-control
max-age=60
cf-ray
7fe4924b2f9719ab-FRA
alt-svc
h3=":443"; ma=86400
expires
Tue, 29 Aug 2023 11:50:34 GMT
select2.min.css
cdn.jsdelivr.net/npm/select2@4.1.0-rc.0/dist/css/ 		16 KB
3 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://cdn.jsdelivr.net/npm/select2@4.1.0-rc.0/dist/css/select2.min.css
Requested by
Host: crisswrites.com
URL: https://crisswrites.com/?anmelden=u2WfrZNQeLa9i6l&id=CSxP8LzyVvtlqmQ&privatkunden=BrtC1s2OEJPWzRm
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:5914 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
cda4a81c187015d95ed2c71f1841540b08203cdec5fa2a7d5d1825a3c2166f8c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://crisswrites.com/
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

date
Tue, 29 Aug 2023 11:49:34 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age
4344781
x-jsd-version
4.1.0-rc.0
content-encoding
br
x-cache
HIT, HIT
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
x-served-by
cache-fra-eddf8230031-FRA, cache-yyz4539-YYZ
x-jsd-version-type
version
server
cloudflare
etag
W/"3f88-kT+fe5U1rseQyjzp1uNaz682mZM"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yB6YuUdK0OI9Qio18nI6JI%2FybdnWOwmlBcJSAboDuBwPJms%2FWjsn%2Fg4SN6lawCy9JRp3nLX%2Bpfvy3RXguuwH8vqJbmfz6BgL6a%2BjcNINNJIWjRs2co%2FCY8iXxtbTRfI096U5owfq4%2Fh2deK03cQ%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/css; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
*
cache-control
public, max-age=31536000, s-maxage=31536000, immutable
timing-allow-origin
*
cf-ray
7fe4924b582f4d95-FRA
all.min.css
cdnjs.cloudflare.com/ajax/libs/font-awesome/6.4.2/css/ 		100 KB
19 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.4.2/css/all.min.css
Requested by
Host: crisswrites.com
URL: https://crisswrites.com/?anmelden=u2WfrZNQeLa9i6l&id=CSxP8LzyVvtlqmQ&privatkunden=BrtC1s2OEJPWzRm
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:190e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0934b1fc0d3a766d41d3adf5e7a115875e66e98ebba408d965a41cf3d2cb4ab5
Security Headers
Name Value
Strict-Transport-Security max-age=15780000
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://crisswrites.com/
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

date
Tue, 29 Aug 2023 11:49:34 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security
max-age=15780000
age
2267320
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
18778
last-modified
Wed, 02 Aug 2023 21:01:57 GMT
server
cloudflare
cf-cdnjs-via
cfworker/r2
etag
"64cac445-495a"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=eKvL7jSpzNuSsOVyaFs7%2FK9pb4uFM8PmJsPsIWCx6lVvqqwP14qFx1gPtcZc5cOqMqkPnWm4OWxqIvSIJNYOcZ0u%2B8DjsiW9nYIKtcvs9ljayKbyQX5DkWeFERFDi%2BqWL5gih5vSZkt60ke7snEQZn8h"}],"group":"cf-nel","max_age":604800}
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=30672000
accept-ranges
bytes
timing-allow-origin
*
cf-ray
7fe4924b5c9035e2-FRA
expires
Sun, 18 Aug 2024 11:49:34 GMT
select2.min.js
cdn.jsdelivr.net/npm/select2@4.1.0-rc.0/dist/js/ 		71 KB
20 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.jsdelivr.net/npm/select2@4.1.0-rc.0/dist/js/select2.min.js
Requested by
Host: crisswrites.com
URL: https://crisswrites.com/?anmelden=u2WfrZNQeLa9i6l&id=CSxP8LzyVvtlqmQ&privatkunden=BrtC1s2OEJPWzRm
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:5914 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f7244fff610595b944f76bf3080d74e3af42b5dd234f8f079e698cc39ac966b0
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://crisswrites.com/
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

date
Tue, 29 Aug 2023 11:49:34 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age
4344777
x-jsd-version
4.1.0-rc.0
content-encoding
br
x-cache
HIT, HIT
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
x-served-by
cache-fra-eddf8230125-FRA, cache-yyz4535-YYZ
x-jsd-version-type
version
server
cloudflare
etag
W/"11dcb-beEOdKmS/KFegD2RDRMPgmYxy4Y"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jWNJAFfHqHEo7hp%2FIQs13s7NArBN7uYYZ1b58QsoaesHrkn4mnR4mrFUS14RZC3yXAaz18iqQHUCESpFBrT18g5frL3E3MbYlwwFYQLIxGtYDcoUhj1bMQtZOCBsUZvGWe851EJyKVMjXPmHJj8%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
*
cache-control
public, max-age=31536000, s-maxage=31536000, immutable
timing-allow-origin
*
cf-ray
7fe4924b58314d95-FRA
re32db8b980656b
crisswrites.com/ 		16 KB
6 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://crisswrites.com/re32db8b980656b
Requested by
Host: crisswrites.com
URL: https://crisswrites.com/?anmelden=u2WfrZNQeLa9i6l&id=CSxP8LzyVvtlqmQ&privatkunden=BrtC1s2OEJPWzRm
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3030::6815:2666 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
74bcd86bc937c41e4045ef2a14f6619ffc828ceeca96e7c1946330c34abba648

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://crisswrites.com/?anmelden=u2WfrZNQeLa9i6l&id=CSxP8LzyVvtlqmQ&privatkunden=BrtC1s2OEJPWzRm
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

pragma
cache
date
Tue, 29 Aug 2023 11:49:35 GMT
content-encoding
br
cf-cache-status
DYNAMIC
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=UVowej%2FSttHpJWa1ShMQYGZayW80gI77%2FwGcKvOD%2BelU7TxLssiMAfIUPemwmntQT4AUhlZP181ht4kWp1ok0lVXhl2%2BbC8%2BcWTFwwX9j95ZaXt45ca0UmYegpzbG6pmDIKTR5z5q1I3EKEJceM%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/svg+xml
cache-control
max-age=60
cf-ray
7fe4924e0b3219ab-FRA
alt-svc
h3=":443"; ma=86400
expires
Tue, 29 Aug 2023 11:50:35 GMT
r9bcf3329cfd246
crisswrites.com/ 		7 KB
7 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://crisswrites.com/r9bcf3329cfd246
Requested by
Host: crisswrites.com
URL: https://crisswrites.com/?anmelden=u2WfrZNQeLa9i6l&id=CSxP8LzyVvtlqmQ&privatkunden=BrtC1s2OEJPWzRm
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3030::6815:2666 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
622cdddf9135812f42c5b6396df2b08c836819bb84d0bcd9e82e779d0a4ad469

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://crisswrites.com/?anmelden=u2WfrZNQeLa9i6l&id=CSxP8LzyVvtlqmQ&privatkunden=BrtC1s2OEJPWzRm
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

pragma
cache
date
Tue, 29 Aug 2023 11:49:35 GMT
cf-cache-status
DYNAMIC
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ntVjwxYKci1aTc1Y4BnOYJZwGju5YjPitPxd0GCbdocr2misM0o4NL0stGdpUQZOuB2v1tlutqkGKdyAo9%2B%2FyL3AH3SWAfXdOiqCtcq5uhGxLTOSRlnsFfnSqBUTLJcCvJ%2B%2BPsLRnZ0WYKdJ%2Bbk%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/png
cache-control
max-age=60
cf-ray
7fe4924e5b9519ab-FRA
alt-svc
h3=":443"; ma=86400
content-length
7022
expires
Tue, 29 Aug 2023 11:50:35 GMT
rf8aab358061bcd
crisswrites.com/ 		39 KB
40 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://crisswrites.com/rf8aab358061bcd
Requested by
Host: crisswrites.com
URL: https://crisswrites.com/?anmelden=u2WfrZNQeLa9i6l&id=CSxP8LzyVvtlqmQ&privatkunden=BrtC1s2OEJPWzRm
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3030::6815:2666 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d3d6aefec9d4c8294072e8a246a45716badf57373b71990f6254b4c480245288

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://crisswrites.com/?anmelden=u2WfrZNQeLa9i6l&id=CSxP8LzyVvtlqmQ&privatkunden=BrtC1s2OEJPWzRm
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

pragma
cache
date
Tue, 29 Aug 2023 11:49:35 GMT
cf-cache-status
DYNAMIC
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=RT%2BVaXeZXMsAZCZgJtITMagYGoAJ5urkJlAitHXcuOfFjSigmlqcymOLdANeiASmT7LOSfQRwzs4zKaVCxJj0yi9qg7gJT0I4Y0wgdH8jB872bwux%2FirnCs%2FCK5rQEzs72%2F4sSDbi6YZTtoIFsw%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/png
cache-control
max-age=60
cf-ray
7fe4924e8bd719ab-FRA
alt-svc
h3=":443"; ma=86400
expires
Tue, 29 Aug 2023 11:50:35 GMT
rc28fb7d984f843
crisswrites.com/ 		6 KB
6 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://crisswrites.com/rc28fb7d984f843
Requested by
Host: crisswrites.com
URL: https://crisswrites.com/?anmelden=u2WfrZNQeLa9i6l&id=CSxP8LzyVvtlqmQ&privatkunden=BrtC1s2OEJPWzRm
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3030::6815:2666 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
4aed1efbbe0bb753684998625ef250fb40086fa7806930d159d80499a5aaf753

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://crisswrites.com/?anmelden=u2WfrZNQeLa9i6l&id=CSxP8LzyVvtlqmQ&privatkunden=BrtC1s2OEJPWzRm
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

pragma
cache
date
Tue, 29 Aug 2023 11:49:35 GMT
cf-cache-status
DYNAMIC
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Olk07X5ENmPw7A%2FWJkAUqZIUXVbrpOTSiHRJDU80y1%2B67ir1%2BSC8JPAj07HI%2FLsJdumvjMuh8Ey4bIX4mlSkjv1JPz7tAvlxiqYP0hky1MtY2fQjdUHH9L6D6NYfYl9CBrBpCFoTcHj7y9mt3LE%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/jpeg
cache-control
max-age=60
cf-ray
7fe4924e8bd819ab-FRA
alt-svc
h3=":443"; ma=86400
content-length
5720
expires
Tue, 29 Aug 2023 11:50:35 GMT
r8e563472bc9cbf
crisswrites.com/ 		46 KB
17 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://crisswrites.com/r8e563472bc9cbf
Requested by
Host: crisswrites.com
URL: https://crisswrites.com/?anmelden=u2WfrZNQeLa9i6l&id=CSxP8LzyVvtlqmQ&privatkunden=BrtC1s2OEJPWzRm
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3030::6815:2666 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
591c48a161f91ce005b11fa41df8645cff1859ae842c615dbcf929cd8ee108f8

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://crisswrites.com/?anmelden=u2WfrZNQeLa9i6l&id=CSxP8LzyVvtlqmQ&privatkunden=BrtC1s2OEJPWzRm
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

pragma
cache
date
Tue, 29 Aug 2023 11:49:35 GMT
content-encoding
br
cf-cache-status
DYNAMIC
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Tf6x7YJYYpHqVWaZAQvYKtwAGTgBUnw2tCAMgRrHo0dLqh%2BDuJsAQpxg9LeaP6FT9or9XpQX7q6Z8ALwTSBqI%2BnsIatHpaXQLtP7r%2BZEYqKycQmC2lR%2F2ooC8AfwRxJCTX61Mw3D0enDoTYYW8g%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/plain;charset=UTF-8
cache-control
max-age=60
cf-ray
7fe4924d0a1c19ab-FRA
alt-svc
h3=":443"; ma=86400
expires
Tue, 29 Aug 2023 11:50:34 GMT
r3133c0caaeabc3
crisswrites.com/ 		39 KB
39 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://crisswrites.com/r3133c0caaeabc3
Requested by
Host: crisswrites.com
URL: https://crisswrites.com/r92d14e35dd03f4
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3030::6815:2666 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a9ad5dac2a400c1fb324e09df57325568e98772618ff818ca5344b171c834aa2

Request headers

Referer
https://crisswrites.com/r92d14e35dd03f4
Origin
https://crisswrites.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

pragma
cache
date
Tue, 29 Aug 2023 11:49:35 GMT
cf-cache-status
DYNAMIC
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NTKttEdr2mytaS1%2BlTZzIRFcN0wrsv4jaHa1cyCwrdpdsbtJwPoMTUGbbqlY2bxo6Do9i7vCRax1S7vRcF2lWddofzy4ARJdh9B1UqU1kB9ZAm%2FLRASZoZ60qA%2F4KpGEd5T2NXGXLOQTxZTcEfw%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/octet-stream
cache-control
max-age=60
cf-ray
7fe4924e9bf219ab-FRA
alt-svc
h3=":443"; ma=86400
expires
Tue, 29 Aug 2023 11:50:35 GMT
reb312ac4d325e5
crisswrites.com/ 		48 KB
48 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://crisswrites.com/reb312ac4d325e5
Requested by
Host: crisswrites.com
URL: https://crisswrites.com/r92d14e35dd03f4
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3030::6815:2666 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
56666c32c5c048a791e99fafef70d3791d6d5c6d350771ffbb4e2119df335f03

Request headers

Referer
https://crisswrites.com/r92d14e35dd03f4
Origin
https://crisswrites.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

pragma
cache
date
Tue, 29 Aug 2023 11:49:35 GMT
cf-cache-status
DYNAMIC
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vU2wuPtbOL1QtG%2F61zxc6oornUnIkmYi0siaW4PxtMWHixSbqXoqGfvEBqUArz4nzCR5j93FKaVP5iI4DTHaSxT62h9tKBaXV1P8Cb%2FeGJNtdtsut4NDL3XyMRtzygXSFrt02ZRFu8CVDvQDef0%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/octet-stream
cache-control
max-age=60
cf-ray
7fe49252f91619ab-FRA
alt-svc
h3=":443"; ma=86400
expires
Tue, 29 Aug 2023 11:50:35 GMT
r9e30f8f6004c6e
crisswrites.com/ 		39 KB
39 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://crisswrites.com/r9e30f8f6004c6e
Requested by
Host: crisswrites.com
URL: https://crisswrites.com/r92d14e35dd03f4
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3030::6815:2666 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3a096177fdb67dc609921050caec415a389d683674be529f2ba91f6e5514638

Request headers

Referer
https://crisswrites.com/r92d14e35dd03f4
Origin
https://crisswrites.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

pragma
cache
date
Tue, 29 Aug 2023 11:49:35 GMT
cf-cache-status
DYNAMIC
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=x1Whgl2z1dSfAIatEr5nhkg6qHC2G%2BPKku5bgiKM1gLU%2Fd0PDEiMoiHKBGb9awR3IeiLozczAq6sGtTyM7lNtQhikt1XV%2Ff%2F4mfNKQdijPIGD4ZMu6MltxdddgRQYM4zR%2FDGZ%2F8ZwhHJRy%2Fh8Uw%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/octet-stream
cache-control
max-age=60
cf-ray
7fe49252f91719ab-FRA
alt-svc
h3=":443"; ma=86400
expires
Tue, 29 Aug 2023 11:50:35 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Sparkasse (Banking)

11 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| documentPictureInPicture function| $ function| jQuery object| deployJava function| Detector function| murmurhash3_32_gc object| swfobject function| ClientJS function| UAParser function| hsave string| s

1 Cookies

Domain/Path Name / Value
crisswrites.com/ Name: PHPSESSID
Value: 1h59g9k77d0p5cdbhf5no4qrpu