coronaapp-pp.azureedge.net Open in urlscan Pro
2606:2800:133:206e:1315:22a5:2006:24fd Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://coronaapp-pp.azureedge.net/
Submission: On September 21 via automatic, source certstream-suspicious (September 21st 2020, 8:42:11 am UTC)

Summary HTTP 11 Redirects Links 5 Behaviour Indicators

Summary

This website contacted 4 IPs in 2 countries across 4 domains to perform 11 HTTP transactions. The main IP is 2606:2800:133:206e:1315:22a5:2006:24fd, located in United States and belongs to EDGECAST, US. The main domain is coronaapp-pp.azureedge.net.
TLS certificate: Issued by Microsoft IT TLS CA 2 on March 18th 2020. Valid for: 2 years.

This is the only time coronaapp-pp.azureedge.net was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: KfW Development Bank (Banking)

Domain & IP information

	IP Address	AS Autonomous System
8	2606:2800:133... 2606:2800:133:206e:1315:22a5:2006:24fd	15133 (EDGECAST) (EDGECAST)
1	185.54.150.22 185.54.150.22	60164 (WEBTREKK-AS) (WEBTREKK-AS)
1 2	185.54.150.61 185.54.150.61	60164 (WEBTREKK-AS) (WEBTREKK-AS)
1 2	185.54.150.123 185.54.150.123	60164 (WEBTREKK-AS) (WEBTREKK-AS)
11	4

8 2606:2800:133:206e:1315:22a5:2006:24fd (United States)

ASN15133 (EDGECAST, US)

coronaapp-pp.azureedge.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.54.150.22 (Berlin, Germany)

ASN60164 (WEBTREKK-AS, DE)

responder.wt-safetag.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.54.150.61 (Berlin, Germany) 1 redirects

ASN60164 (WEBTREKK-AS, DE)

image.kfw.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.54.150.123 (Berlin, Germany) 1 redirects

ASN60164 (WEBTREKK-AS, DE)

fbc.wcfbc.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
8	azureedge.net coronaapp-pp.azureedge.net	2 MB
2	wcfbc.net 1 redirects fbc.wcfbc.net	643 B
2	kfw.de 1 redirects image.kfw.de	1 KB
1	wt-safetag.com responder.wt-safetag.com	353 B
11	4

	Domain	Requested by
8	coronaapp-pp.azureedge.net	coronaapp-pp.azureedge.net
2	fbc.wcfbc.net	1 redirects
2	image.kfw.de	1 redirects coronaapp-pp.azureedge.net
1	responder.wt-safetag.com	coronaapp-pp.azureedge.net
11	4

This site contains links to these domains. Also see Links.

Domain
www.kfw.de
foerderassistent.kfw.de

Subject Issuer	Validity	Valid
*.vo.msecnd.net Microsoft IT TLS CA 2	`2020-03-18` - `2022-03-18`	2 years	crt.sh
*.wt-safetag.com Sectigo RSA Domain Validation Secure Server CA	`2020-08-17` - `2022-11-19`	2 years	crt.sh
image.kfw.de TeleSec ServerPass Class 2 CA	`2019-03-19` - `2021-03-24`	2 years	crt.sh
fbc.wcfbc.net Go Daddy Secure Certificate Authority - G2	`2018-01-11` - `2021-01-11`	3 years	crt.sh

This page contains 1 frames:

Primary Page: https://coronaapp-pp.azureedge.net/
Frame ID: C01C1BE44BC95D0D0FFD3EAEB3AE2118
Requests: 11 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

Microsoft HTTPAPI (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /Microsoft-HTTPAPI(?:\/([\d.]+))?/i

Page Statistics

11
Requests

100 %
HTTPS

25 %
IPv6

4
Domains

4
Subdomains

4
IPs

2
Countries

1725 kB
Transfer

1721 kB
Size

3
Cookies

5 Outgoing links

These are links going to different origins than the main page.

URL: https://www.kfw.de/

Search URL Search Domain Scan URL

URL: https://foerderassistent.kfw.de/
Title: direkt weiter zu Stufe 2.

Search URL Search Domain Scan URL

URL: https://www.kfw.de/KfW-Konzern/Datenschutz.html
Title: Datenschutz

Search URL Search Domain Scan URL

URL: https://www.kfw.de/inlandsfoerderung/Steuerdisclaimer.html
Title: Rechtliche Hinweise

Search URL Search Domain Scan URL

URL: https://www.kfw.de/KfW-Konzern/Impressum.html
Title: Impressum

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 9

https://image.kfw.de/431121349990569/cc?a=r&c=wteid_431121349990569&t=https%3A%2F%2Ffbc.wcfbc.net%2Fv1%2Ffbc%3Fp%3D447%2C0%26acc%3D431121349990569%26t%3D1600677715984%26err%3D HTTP 301
https://fbc.wcfbc.net/v1/fbc?p=447,0&acc=431121349990569&t=1600677715984&err=&c=wteid_431121349990569&v=4160067771500938390 HTTP 307
https://fbc.wcfbc.net/v1/fbc?p=447,0&acc=431121349990569&t=1600677715984&err=&c=wteid_431121349990569&v=4160067771500938390&rc

11 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request / Show response coronaapp-pp.azureedge.net/	3 KB 4 KB	179ms 132ms	Document text/html	2606:2800:133:206e:1315:22a5:2006:24fd EDGECAST
General Check archive.org Show headers Download Go to Full URL https://coronaapp-pp.azureedge.net/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2606:2800:133:206e:1315:22a5:2006:24fd , United States, ASN15133 (EDGECAST, US), Reverse DNS Software Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0 / Resource Hash `2aba3566acdfb9fb6c6c75d727c87d48f897fa35d6fca4c6836a212c13a8aba1` Request headers :method GET :authority coronaapp-pp.azureedge.net :scheme https :path / pragma no-cache cache-control no-cache upgrade-insecure-requests 1 user-agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 accept text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9 sec-fetch-site none sec-fetch-mode navigate sec-fetch-user ?1 sec-fetch-dest document accept-encoding gzip, deflate, br accept-language en-US Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers status 200 accept-ranges bytes content-md5 0VNmp9po0aVmRQOZT84i0Q== content-type text/html date Mon, 21 Sep 2020 08:41:52 GMT etag "0x8D85B35CC96B5CB" last-modified Thu, 17 Sep 2020 18:16:29 GMT server Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0 x-ms-request-id bb5119db-501e-00f2-3ff3-8ff5c2000000 x-ms-version 2018-03-28 content-length 3470
GET H2	200	webtrekk_v4.min.js Show response coronaapp-pp.azureedge.net/	64 KB 64 KB	111ms 109ms	Script application/javascript	2606:2800:133:206e:1315:22a5:2006:24fd EDGECAST
General Check archive.org Show headers Download Go to Full URL https://coronaapp-pp.azureedge.net/webtrekk_v4.min.js Requested by Host: coronaapp-pp.azureedge.net URL: https://coronaapp-pp.azureedge.net/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2606:2800:133:206e:1315:22a5:2006:24fd , United States, ASN15133 (EDGECAST, US), Reverse DNS Software Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0 / Resource Hash `7c1fb6927511b488d115694902f5b1dafdbf342742a23a2eb6f3ece2a33b97d2` Request headers Referer https://coronaapp-pp.azureedge.net/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Mon, 21 Sep 2020 08:41:51 GMT last-modified Thu, 17 Sep 2020 18:16:29 GMT server Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0 content-md5 Wq2DXrAmnpv17/j3+KNjDQ== etag "0x8D85B35CC8EC524" content-type application/javascript status 200 x-ms-request-id 36e5ad44-e01e-0027-56f3-8fbd1f000000 x-ms-version 2018-03-28 accept-ranges bytes content-length 65047
GET H2	200	main.de888ba6.chunk.css coronaapp-pp.azureedge.net/static/css/	762 KB 763 KB	2738ms 2738ms	Stylesheet text/css	2606:2800:133:206e:1315:22a5:2006:24fd EDGECAST
General Check archive.org Show headers Download Go to Full URL https://coronaapp-pp.azureedge.net/static/css/main.de888ba6.chunk.css Requested by Host: coronaapp-pp.azureedge.net URL: https://coronaapp-pp.azureedge.net/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2606:2800:133:206e:1315:22a5:2006:24fd , United States, ASN15133 (EDGECAST, US), Reverse DNS Software Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0 / Resource Hash `d8d55d8e113672eca058812cbfd0123cda0d381c607542715db9cbea8be0454f` Request headers Referer https://coronaapp-pp.azureedge.net/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Mon, 21 Sep 2020 08:41:54 GMT last-modified Thu, 17 Sep 2020 18:16:29 GMT server Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0 content-md5 VAwhcfGNKAxx0M1ZaKbTpw== etag "0x8D85B35CCB3B8E4" content-type text/css status 200 x-ms-request-id 2135ad6f-c01e-0074-7ff3-8fa110000000 x-ms-version 2018-03-28 accept-ranges bytes content-length 780708
GET H2	200	2.18c2c6a0.chunk.js Show response coronaapp-pp.azureedge.net/static/js/	467 KB 467 KB	2740ms 2739ms	Script application/javascript	2606:2800:133:206e:1315:22a5:2006:24fd EDGECAST
General Check archive.org Show headers Download Go to Full URL https://coronaapp-pp.azureedge.net/static/js/2.18c2c6a0.chunk.js Requested by Host: coronaapp-pp.azureedge.net URL: https://coronaapp-pp.azureedge.net/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2606:2800:133:206e:1315:22a5:2006:24fd , United States, ASN15133 (EDGECAST, US), Reverse DNS Software Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0 / Resource Hash `b9202a979f263796b9c89d351c2ae0ae2dad7eee35f2989525e0346469f5bde5` Request headers Referer https://coronaapp-pp.azureedge.net/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Mon, 21 Sep 2020 08:41:54 GMT last-modified Thu, 17 Sep 2020 18:16:30 GMT server Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0 content-md5 OhXPY1bK54zcWpGpol5aUQ== etag "0x8D85B35CCCB3CB5" content-type application/javascript status 200 x-ms-request-id 6b7d78e4-201e-0018-08f3-8f0ac3000000 x-ms-version 2018-03-28 accept-ranges bytes content-length 478006
GET H2	200	main.a33b9b98.chunk.js Show response coronaapp-pp.azureedge.net/static/js/	76 KB 76 KB	1185ms 1184ms	Script application/javascript	2606:2800:133:206e:1315:22a5:2006:24fd EDGECAST
General Check archive.org Show headers Download Go to Full URL https://coronaapp-pp.azureedge.net/static/js/main.a33b9b98.chunk.js Requested by Host: coronaapp-pp.azureedge.net URL: https://coronaapp-pp.azureedge.net/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2606:2800:133:206e:1315:22a5:2006:24fd , United States, ASN15133 (EDGECAST, US), Reverse DNS Software Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0 / Resource Hash `7d71a5db958d6e0df087f7f15cba8b2dacb633dfcba9522632fd887ef69e3b45` Request headers Referer https://coronaapp-pp.azureedge.net/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Mon, 21 Sep 2020 08:41:53 GMT last-modified Thu, 17 Sep 2020 18:16:30 GMT server Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0 content-md5 OSDrk/Nr0W7uMaF4eunKcA== etag "0x8D85B35CCD242D2" content-type application/javascript status 200 x-ms-request-id f5424c56-701e-00ee-23f3-8f2dd5000000 x-ms-version 2018-03-28 accept-ranges bytes content-length 77652
GET H/1.1	200 OK	111111111111111 Show response responder.wt-safetag.com/resp/api/get/	12 B 353 B	117ms 26ms	Script application/x-javascript	185.54.150.22 WEBTREKK-AS
General Check archive.org Show headers Download Go to Full URL https://responder.wt-safetag.com/resp/api/get/111111111111111?url=https%3A%2F%2Fcoronaapp-pp.azureedge.net%2F Requested by Host: coronaapp-pp.azureedge.net URL: https://coronaapp-pp.azureedge.net/webtrekk_v4.min.js Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 185.54.150.22 Berlin, Germany, ASN60164 (WEBTREKK-AS, DE), Reverse DNS Software nginx / Resource Hash `62b1c17c5287f5f4020baecda856004a6c5316d3c2b4cd9a1a01a5e18841e92c` Request headers Referer https://coronaapp-pp.azureedge.net/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Date Mon, 21 Sep 2020 08:41:52 GMT Server nginx Connection keep-alive Content-Length 12 Content-Type application/octet-stream, application/x-javascript
GET H2	200	header-corona.b21a5721.jpg coronaapp-pp.azureedge.net/static/media/	311 KB 311 KB	169ms 169ms	Image image/jpeg	2606:2800:133:206e:1315:22a5:2006:24fd EDGECAST
General Check archive.org Show headers Download Go to Show image Full URL https://coronaapp-pp.azureedge.net/static/media/header-corona.b21a5721.jpg Requested by Host: coronaapp-pp.azureedge.net URL: https://coronaapp-pp.azureedge.net/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2606:2800:133:206e:1315:22a5:2006:24fd , United States, ASN15133 (EDGECAST, US), Reverse DNS Software Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0 / Resource Hash `f0ad476f8f011cce00dd89ed76d9537495a63701ca81b1e37e04e4fb8d18d299` Request headers Referer https://coronaapp-pp.azureedge.net/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Mon, 21 Sep 2020 08:41:55 GMT last-modified Thu, 17 Sep 2020 18:16:29 GMT server Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0 content-md5 shpXISBhS7EtgBCH8Woq9g== etag "0x8D85B35CCA473E1" content-type image/jpeg status 200 x-ms-request-id dde761ce-201e-007e-2bf3-8fb899000000 x-ms-version 2018-03-28 accept-ranges bytes content-length 318320
GET H2	200	kfw_font.c9c12d70.woff2 coronaapp-pp.azureedge.net/static/media/	24 KB 24 KB	108ms 108ms	Font application/octet-stream	2606:2800:133:206e:1315:22a5:2006:24fd EDGECAST
General Check archive.org Show headers Download Go to Full URL https://coronaapp-pp.azureedge.net/static/media/kfw_font.c9c12d70.woff2 Requested by Host: coronaapp-pp.azureedge.net URL: https://coronaapp-pp.azureedge.net/static/css/main.de888ba6.chunk.css Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2606:2800:133:206e:1315:22a5:2006:24fd , United States, ASN15133 (EDGECAST, US), Reverse DNS Software Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0 / Resource Hash `d0f179552547e4a25ac601b3f909ce9b325f39381096a3d9ab27e0e8d74acdfa` Request headers Origin https://coronaapp-pp.azureedge.net Referer https://coronaapp-pp.azureedge.net/static/css/main.de888ba6.chunk.css User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Mon, 21 Sep 2020 08:41:55 GMT last-modified Thu, 17 Sep 2020 18:16:29 GMT server Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0 content-md5 ycEtcPk7iOZP3ojb6fkUpw== etag "0x8D85B35CCA1DB5E" vary Origin content-type application/octet-stream status 200 x-ms-request-id 776e69ed-101e-013d-1ff3-8fd425000000 x-ms-version 2018-03-28 accept-ranges bytes content-length 24300
GET H2	200	kfw_logo.c9c878b2.svg coronaapp-pp.azureedge.net/static/media/	14 KB 15 KB	229ms 229ms	Image image/svg+xml	2606:2800:133:206e:1315:22a5:2006:24fd EDGECAST
General Check archive.org Show headers Download Go to Show image Full URL https://coronaapp-pp.azureedge.net/static/media/kfw_logo.c9c878b2.svg Requested by Host: coronaapp-pp.azureedge.net URL: https://coronaapp-pp.azureedge.net/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2606:2800:133:206e:1315:22a5:2006:24fd , United States, ASN15133 (EDGECAST, US), Reverse DNS Software Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0 / Resource Hash `5e17977fac64a36ce21810b605bb5da2e5606371c0b7c019fe9a3274b68e75ad` Request headers Referer https://coronaapp-pp.azureedge.net/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Mon, 21 Sep 2020 08:41:55 GMT last-modified Thu, 17 Sep 2020 18:16:29 GMT server Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0 content-md5 ych4srBpUHfP6lfbjUp5hw== etag "0x8D85B35CCAFC08E" content-type image/svg+xml status 200 x-ms-request-id f330c6cd-401e-00a2-03f3-8feaca000000 x-ms-version 2018-03-28 accept-ranges bytes content-length 14833
GET H/1.1	200 OK	wt image.kfw.de/431121349990569/	43 B 827 B	123ms 27ms	Image image/gif	185.54.150.61 WEBTREKK-AS
General Check archive.org Show headers Download Go to Show image Full URL https://image.kfw.de/431121349990569/wt?p=447,coronaapp%7Canfrageformular%7Cv1%7Cindex,1,1600x1200,24,1,1600677715635,0,1600x1200,0&la=en&np=&pu=https%3A%2F%2Fcoronaapp-pp.azureedge.net%2F Requested by Host: coronaapp-pp.azureedge.net URL: https://coronaapp-pp.azureedge.net/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 185.54.150.61 Berlin, Germany, ASN60164 (WEBTREKK-AS, DE), Reverse DNS Software 13 / Resource Hash `b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b` Request headers Referer https://coronaapp-pp.azureedge.net/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Pragma no-cache Date Mon, 21 Sep 2020 08:41:54 GMT Last-Modified Mon, 21 Sep 2020 08:41:55 GMT Server 13 X-Robots-Tag noindex, nofollow, noarchive P3P policyref="https://q3.webtrekk.net/w3c/p3p.xml", CP="NOI DSP IND COM NAV INT" Cache-Control no-store, no-cache, must-revalidate, proxy-revalidate, private, post-check=0, pre-check=0 Content-Type image/gif;charset=UTF-8 Content-Length 43 Expires Mon, 26 Jul 1997 05:00:00 GMT
GET H/1.1	200 OK	fbc fbc.wcfbc.net/v1/ Redirect Chain https://image.kfw.de/431121349990569/cc?a=r&c=wteid_431121349990569&t=https%3A%2F%2Ffbc.wcfbc.net%2Fv1%2Ffbc%3Fp%3D447%2C0%26acc%3D431121349990569%26t%3D1600677715984%26err%3D https://fbc.wcfbc.net/v1/fbc?p=447,0&acc=431121349990569&t=1600677715984&err=&c=wteid_431121349990569&v=4160067771500938390 https://fbc.wcfbc.net/v1/fbc?p=447,0&acc=431121349990569&t=1600677715984&err=&c=wteid_431121349990569&v=4160067771500938390&rc	69 B 209 B	27ms 27ms	Image image/png	185.54.150.123 WEBTREKK-AS
General Check archive.org Show headers Download Go to Show image Full URL https://fbc.wcfbc.net/v1/fbc?p=447,0&acc=431121349990569&t=1600677715984&err=&c=wteid_431121349990569&v=4160067771500938390&rc Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 185.54.150.123 Berlin, Germany, ASN60164 (WEBTREKK-AS, DE), Reverse DNS Software nginx / Resource Hash `c1a69853198ae592f980806d6d489f43d03ee49f60df58b32ad375c03127703a` Request headers Referer https://coronaapp-pp.azureedge.net/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Date Mon, 21 Sep 2020 08:41:56 GMT Server nginx Connection keep-alive Content-Length 69 Content-Type image/png Redirect headers Location /v1/fbc?p=447,0&acc=431121349990569&t=1600677715984&err=&c=wteid_431121349990569&v=4160067771500938390&rc Date Mon, 21 Sep 2020 08:41:56 GMT Server nginx Connection keep-alive Content-Length 217 Content-Type text/html; charset=UTF-8

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: KfW Development Bank (Banking)

15 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

3 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.azureedge.net/	1970-01-19 14:04:21	Name: wt_rla Value: 431121349990569%2C1%2C1600677715637
.azureedge.net/	1970-01-19 12:37:58	Name: wt_cdbeid Value: 1
coronaapp-pp.azureedge.net/	1970-01-19 12:37:57	Name: wt_r Value: 1

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

coronaapp-pp.azureedge.net
fbc.wcfbc.net
image.kfw.de
responder.wt-safetag.com
185.54.150.123
185.54.150.22
185.54.150.61
2606:2800:133:206e:1315:22a5:2006:24fd
2aba3566acdfb9fb6c6c75d727c87d48f897fa35d6fca4c6836a212c13a8aba1
5e17977fac64a36ce21810b605bb5da2e5606371c0b7c019fe9a3274b68e75ad
62b1c17c5287f5f4020baecda856004a6c5316d3c2b4cd9a1a01a5e18841e92c
7c1fb6927511b488d115694902f5b1dafdbf342742a23a2eb6f3ece2a33b97d2
7d71a5db958d6e0df087f7f15cba8b2dacb633dfcba9522632fd887ef69e3b45
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b9202a979f263796b9c89d351c2ae0ae2dad7eee35f2989525e0346469f5bde5
c1a69853198ae592f980806d6d489f43d03ee49f60df58b32ad375c03127703a
d0f179552547e4a25ac601b3f909ce9b325f39381096a3d9ab27e0e8d74acdfa
d8d55d8e113672eca058812cbfd0123cda0d381c607542715db9cbea8be0454f
f0ad476f8f011cce00dd89ed76d9537495a63701ca81b1e37e04e4fb8d18d299

coronaapp-pp.azureedge.net Open in urlscan Pro 2606:2800:133:206e:1315:22a5:2006:24fd Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

11 Requests

100 %HTTPS

25 %IPv6

4 Domains

4 Subdomains

4 IPs

2 Countries

1725 kBTransfer

1721 kBSize

3 Cookies

5 Outgoing links

Redirected requests

11 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

15 JavaScript Global Variables

3 Cookies

Indicators

coronaapp-pp.azureedge.net Open in urlscan Pro
2606:2800:133:206e:1315:22a5:2006:24fd Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

11
Requests

100 %
HTTPS

25 %
IPv6

4
Domains

4
Subdomains

4
IPs

2
Countries

1725 kB
Transfer

1721 kB
Size

3
Cookies

11 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!