coronaapp-pp.azureedge.net
Open in
urlscan Pro
2606:2800:133:206e:1315:22a5:2006:24fd
Malicious Activity!
Public Scan
Submission: On September 21 via automatic, source certstream-suspicious
Summary
TLS certificate: Issued by Microsoft IT TLS CA 2 on March 18th 2020. Valid for: 2 years.
This is the only time coronaapp-pp.azureedge.net was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: KfW Development Bank (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
8 | 2606:2800:133... 2606:2800:133:206e:1315:22a5:2006:24fd | 15133 (EDGECAST) (EDGECAST) | |
1 | 185.54.150.22 185.54.150.22 | 60164 (WEBTREKK-AS) (WEBTREKK-AS) | |
1 2 | 185.54.150.61 185.54.150.61 | 60164 (WEBTREKK-AS) (WEBTREKK-AS) | |
1 2 | 185.54.150.123 185.54.150.123 | 60164 (WEBTREKK-AS) (WEBTREKK-AS) | |
11 | 4 |
ASN15133 (EDGECAST, US)
coronaapp-pp.azureedge.net |
Apex Domain Subdomains |
Transfer | |
---|---|---|
8 |
azureedge.net
coronaapp-pp.azureedge.net |
2 MB |
2 |
wcfbc.net
1 redirects
fbc.wcfbc.net |
643 B |
2 |
kfw.de
1 redirects
image.kfw.de |
1 KB |
1 |
wt-safetag.com
responder.wt-safetag.com |
353 B |
11 | 4 |
Domain | Requested by | |
---|---|---|
8 | coronaapp-pp.azureedge.net |
coronaapp-pp.azureedge.net
|
2 | fbc.wcfbc.net | 1 redirects |
2 | image.kfw.de |
1 redirects
coronaapp-pp.azureedge.net
|
1 | responder.wt-safetag.com |
coronaapp-pp.azureedge.net
|
11 | 4 |
This site contains links to these domains. Also see Links.
Domain |
---|
www.kfw.de |
foerderassistent.kfw.de |
Subject Issuer | Validity | Valid | |
---|---|---|---|
*.vo.msecnd.net Microsoft IT TLS CA 2 |
2020-03-18 - 2022-03-18 |
2 years | crt.sh |
*.wt-safetag.com Sectigo RSA Domain Validation Secure Server CA |
2020-08-17 - 2022-11-19 |
2 years | crt.sh |
image.kfw.de TeleSec ServerPass Class 2 CA |
2019-03-19 - 2021-03-24 |
2 years | crt.sh |
fbc.wcfbc.net Go Daddy Secure Certificate Authority - G2 |
2018-01-11 - 2021-01-11 |
3 years | crt.sh |
This page contains 1 frames:
Primary Page:
https://coronaapp-pp.azureedge.net/
Frame ID: C01C1BE44BC95D0D0FFD3EAEB3AE2118
Requests: 11 HTTP requests in this frame
Screenshot
Detected technologies
Microsoft HTTPAPI (Web Servers) ExpandDetected patterns
- headers server /Microsoft-HTTPAPI(?:\/([\d.]+))?/i
Page Statistics
5 Outgoing links
These are links going to different origins than the main page.
Search URL Search Domain Scan URL
Title: direkt weiter zu Stufe 2.
Search URL Search Domain Scan URL
Title: Datenschutz
Search URL Search Domain Scan URL
Title: Rechtliche Hinweise
Search URL Search Domain Scan URL
Title: Impressum
Search URL Search Domain Scan URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 9- https://image.kfw.de/431121349990569/cc?a=r&c=wteid_431121349990569&t=https%3A%2F%2Ffbc.wcfbc.net%2Fv1%2Ffbc%3Fp%3D447%2C0%26acc%3D431121349990569%26t%3D1600677715984%26err%3D HTTP 301
- https://fbc.wcfbc.net/v1/fbc?p=447,0&acc=431121349990569&t=1600677715984&err=&c=wteid_431121349990569&v=4160067771500938390 HTTP 307
- https://fbc.wcfbc.net/v1/fbc?p=447,0&acc=431121349990569&t=1600677715984&err=&c=wteid_431121349990569&v=4160067771500938390&rc
11 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
/
coronaapp-pp.azureedge.net/ |
3 KB 4 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
webtrekk_v4.min.js
coronaapp-pp.azureedge.net/ |
64 KB 64 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
main.de888ba6.chunk.css
coronaapp-pp.azureedge.net/static/css/ |
762 KB 763 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
2.18c2c6a0.chunk.js
coronaapp-pp.azureedge.net/static/js/ |
467 KB 467 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
main.a33b9b98.chunk.js
coronaapp-pp.azureedge.net/static/js/ |
76 KB 76 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
111111111111111
responder.wt-safetag.com/resp/api/get/ |
12 B 353 B |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
header-corona.b21a5721.jpg
coronaapp-pp.azureedge.net/static/media/ |
311 KB 311 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
kfw_font.c9c12d70.woff2
coronaapp-pp.azureedge.net/static/media/ |
24 KB 24 KB |
Font
application/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
kfw_logo.c9c878b2.svg
coronaapp-pp.azureedge.net/static/media/ |
14 KB 15 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
wt
image.kfw.de/431121349990569/ |
43 B 827 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
fbc
fbc.wcfbc.net/v1/ Redirect Chain
|
69 B 209 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: KfW Development Bank (Banking)15 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| trustedTypes object| webtrekkConfig object| wts object| wt_safetagConfig object| webtrekkUnloadObjects object| webtrekkLinktrackObjects object| webtrekkHeatmapObjects function| WebtrekkV3 function| webtrekkV3 function| safetagLoaderHandler number| wt_r object| webpackJsonpkfw-corona-frontend number| 2f1acc6c3a606b082e5eef5e54414ffb object| regeneratorRuntime object| wt3 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
.azureedge.net/ | Name: wt_rla Value: 431121349990569%2C1%2C1600677715637 |
|
.azureedge.net/ | Name: wt_cdbeid Value: 1 |
|
coronaapp-pp.azureedge.net/ | Name: wt_r Value: 1 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
coronaapp-pp.azureedge.net
fbc.wcfbc.net
image.kfw.de
responder.wt-safetag.com
185.54.150.123
185.54.150.22
185.54.150.61
2606:2800:133:206e:1315:22a5:2006:24fd
2aba3566acdfb9fb6c6c75d727c87d48f897fa35d6fca4c6836a212c13a8aba1
5e17977fac64a36ce21810b605bb5da2e5606371c0b7c019fe9a3274b68e75ad
62b1c17c5287f5f4020baecda856004a6c5316d3c2b4cd9a1a01a5e18841e92c
7c1fb6927511b488d115694902f5b1dafdbf342742a23a2eb6f3ece2a33b97d2
7d71a5db958d6e0df087f7f15cba8b2dacb633dfcba9522632fd887ef69e3b45
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b9202a979f263796b9c89d351c2ae0ae2dad7eee35f2989525e0346469f5bde5
c1a69853198ae592f980806d6d489f43d03ee49f60df58b32ad375c03127703a
d0f179552547e4a25ac601b3f909ce9b325f39381096a3d9ab27e0e8d74acdfa
d8d55d8e113672eca058812cbfd0123cda0d381c607542715db9cbea8be0454f
f0ad476f8f011cce00dd89ed76d9537495a63701ca81b1e37e04e4fb8d18d299