kfw-sonderportal.com
Open in
urlscan Pro
2a06:98c1:3121::c
Malicious Activity!
Public Scan
Effective URL: https://kfw-sonderportal.com/digitalstart
Submission: On February 22 via manual from DE — Scanned from NL
Summary
TLS certificate: Issued by GTS CA 1P5 on February 19th 2023. Valid for: 3 months.
This is the only time kfw-sonderportal.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: KfW Development Bank (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 5 | 2a06:98c1:312... 2a06:98c1:3120::c | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
4 | 2a04:4e42:200... 2a04:4e42:200::485 | 54113 (FASTLY) (FASTLY) | |
6 | 2606:4700::68... 2606:4700::6811:190e | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
2 | 2001:4de0:ac1... 2001:4de0:ac18::1:a:3a | 20446 (STACKPATH...) (STACKPATH-CDN) | |
2 | 104.151.29.97 104.151.29.97 | 8881 (VERSATEL) (VERSATEL) | |
6 | 2a06:98c1:312... 2a06:98c1:3121::c | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
24 | 6 |
Apex Domain Subdomains |
Transfer | |
---|---|---|
11 |
kfw-sonderportal.com
1 redirects
kfw-sonderportal.com |
504 KB |
6 |
cloudflare.com
cdnjs.cloudflare.com — Cisco Umbrella Rank: 196 |
49 KB |
4 |
jsdelivr.net
cdn.jsdelivr.net — Cisco Umbrella Rank: 346 |
44 KB |
2 |
kfw.de
www.kfw.de — Cisco Umbrella Rank: 284003 |
12 KB |
2 |
jquery.com
code.jquery.com — Cisco Umbrella Rank: 699 |
61 KB |
24 | 5 |
Domain | Requested by | |
---|---|---|
11 | kfw-sonderportal.com |
1 redirects
kfw-sonderportal.com
|
6 | cdnjs.cloudflare.com |
kfw-sonderportal.com
|
4 | cdn.jsdelivr.net |
kfw-sonderportal.com
|
2 | www.kfw.de |
kfw-sonderportal.com
|
2 | code.jquery.com |
kfw-sonderportal.com
|
24 | 5 |
This site contains links to these domains. Also see Links.
Domain |
---|
www.kfw.de |
www.facebook.com |
twitter.com |
www.linkedin.com |
www.xing.com |
www.kfw-formularsammlung.de |
onlinekreditportal.kfw.de |
www.twitter.com |
www.youtube.com |
de.linkedin.com |
www.instagram.com |
Subject Issuer | Validity | Valid | |
---|---|---|---|
jsdelivr.net GlobalSign Atlas R3 DV TLS CA 2022 Q4 |
2022-12-23 - 2024-01-24 |
a year | crt.sh |
sni.cloudflaressl.com Cloudflare Inc ECC CA-3 |
2022-08-03 - 2023-08-02 |
a year | crt.sh |
*.jquery.com Sectigo RSA Domain Validation Secure Server CA |
2022-08-03 - 2023-07-14 |
a year | crt.sh |
*.kfw.de TeleSec ServerPass Class 2 CA |
2022-11-23 - 2023-11-27 |
a year | crt.sh |
*.kfw-sonderportal.com GTS CA 1P5 |
2023-02-19 - 2023-05-20 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://kfw-sonderportal.com/digitalstart
Frame ID: 48E113F0E7BE1AB2E6914A9D3138AA72
Requests: 24 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
-
http://kfw-sonderportal.com/
HTTP 302
http://kfw-sonderportal.com/digitalstart Page URL
- https://kfw-sonderportal.com/digitalstart Page URL
Detected technologies
Laravel (Web Frameworks) ExpandDetected patterns
Font Awesome (Font Scripts) Expand
Detected patterns
- <link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
- (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
Select2 (JavaScript Libraries) Expand
Detected patterns
- select2(?:\.min|\.full)?\.js
jQuery (JavaScript Libraries) Expand
Detected patterns
- jquery[.-]([\d.]*\d)[^/]*\.js
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
jsDelivr (CDN) Expand
Detected patterns
- <link [^>]*?href="?[a-zA-Z]*?:?//cdn\.jsdelivr\.net/
- //cdn\.jsdelivr\.net/
Page Statistics
45 Outgoing links
These are links going to different origins than the main page.
Title: Startseite
Search URL Search Domain Scan URL
Title: Startseite
Search URL Search Domain Scan URL
Title: Unternehmen Wir fördern den Mittelstand, Freiberufler und Gründer
Search URL Search Domain Scan URL
Title: Öffentliche Einrichtungen Wir fördern Kommunen und kommunale Unternehmen
Search URL Search Domain Scan URL
Title: Partnerportal Wir unterstützen Vertriebspartner mit zusätzlichen Informationen und Arbeitshilfen
Search URL Search Domain Scan URL
Title: Internationale Finanzierung Wir sind überall da aktiv, wo die Welt miteinander agiert
Search URL Search Domain Scan URL
Title: Stories Das digitale Magazin der KfW Bankengruppe erzählt Geschichten aus aller Welt
Search URL Search Domain Scan URL
Title: Ãœber die KfW Alle wichtigen Informationen rund um die KfW Bankengruppe
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Title: Online-Kreditportal Studieren & Qualifizieren: Zugang zu Ihren Vertragsdaten und wichtige Informationen
Search URL Search Domain Scan URL
Title: KfW-Förderportal Bankdurchleitung Online für Finanzierungspartner der KfW
Search URL Search Domain Scan URL
Title: kfw.de/s/deiu9Wv
Search URL Search Domain Scan URL
Title: Datenschutzhinweise
Search URL Search Domain Scan URL
Title: teilen
Search URL Search Domain Scan URL
Title: tweet
Search URL Search Domain Scan URL
Title: mitteilen
Search URL Search Domain Scan URL
Title: teilen
Search URL Search Domain Scan URL
Title: Newsroom
Search URL Search Domain Scan URL
Title: Investor Relations
Search URL Search Domain Scan URL
Title: KfW Research
Search URL Search Domain Scan URL
Title: Karriere
Search URL Search Domain Scan URL
Title: Beschaffung
Search URL Search Domain Scan URL
Title: Nachhaltigkeit
Search URL Search Domain Scan URL
Title: Aktuelle Zinskonditionen
Search URL Search Domain Scan URL
Title: Beratung bei Finanzierungspartnern
Search URL Search Domain Scan URL
Title: Merkblätter und Formulare
Search URL Search Domain Scan URL
Title: Online-Kreditportal
Search URL Search Domain Scan URL
Title: Download Center
Search URL Search Domain Scan URL
Title: KfW-Newsdienste
Search URL Search Domain Scan URL
Title: Tilgungsrechner
Search URL Search Domain Scan URL
Title: Service
Search URL Search Domain Scan URL
Title: Kontakt
Search URL Search Domain Scan URL
Title: Beschwerden
Search URL Search Domain Scan URL
Title: Pressestelle
Search URL Search Domain Scan URL
Title: Twitter
Search URL Search Domain Scan URL
Title: Youtube
Search URL Search Domain Scan URL
Title: XING
Search URL Search Domain Scan URL
Title: LinkedIn
Search URL Search Domain Scan URL
Title: Instagram
Search URL Search Domain Scan URL
Title: Sitemap
Search URL Search Domain Scan URL
Title: Barrierefreiheit
Search URL Search Domain Scan URL
Title: Barriere melden
Search URL Search Domain Scan URL
Title: Rechtliche Hinweise
Search URL Search Domain Scan URL
Title: Impressum
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
http://kfw-sonderportal.com/
HTTP 302
http://kfw-sonderportal.com/digitalstart Page URL
- https://kfw-sonderportal.com/digitalstart Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 0- http://kfw-sonderportal.com/ HTTP 302
- http://kfw-sonderportal.com/digitalstart
24 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
digitalstart
kfw-sonderportal.com/ Redirect Chain
|
196 KB 19 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
kfw.main.css
kfw-sonderportal.com/ |
2 MB 162 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
select2.min.css
cdn.jsdelivr.net/npm/select2@4.1.0-rc.0/dist/css/ |
16 KB 2 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
rangeslider.min.css
cdnjs.cloudflare.com/ajax/libs/rangeslider.js/2.3.3/ |
4 KB 2 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
all.min.css
cdnjs.cloudflare.com/ajax/libs/font-awesome/6.2.0/css/ |
99 KB 19 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery-3.6.1.min.js
code.jquery.com/ |
88 KB 30 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
select2.min.js
cdn.jsdelivr.net/npm/select2@4.1.0-rc.0/dist/js/ |
71 KB 20 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
rangeslider.js
cdnjs.cloudflare.com/ajax/libs/rangeslider.js/2.3.3/ |
18 KB 4 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
kfw_logo_1280-2x.svg
www.kfw.de/Technische-Medien/Logos/ |
14 KB 6 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
home.jpg
kfw-sonderportal.com/kfw/ |
50 KB 51 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
email-decode.min.js
kfw-sonderportal.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/ |
1 KB 1 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Primary Request
digitalstart
kfw-sonderportal.com/ |
196 KB 19 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
kfw.main.css
kfw-sonderportal.com/ |
2 MB 166 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
select2.min.css
cdn.jsdelivr.net/npm/select2@4.1.0-rc.0/dist/css/ |
16 KB 2 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
rangeslider.min.css
cdnjs.cloudflare.com/ajax/libs/rangeslider.js/2.3.3/ |
4 KB 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
all.min.css
cdnjs.cloudflare.com/ajax/libs/font-awesome/6.2.0/css/ |
99 KB 19 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery-3.6.1.min.js
code.jquery.com/ |
88 KB 30 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
select2.min.js
cdn.jsdelivr.net/npm/select2@4.1.0-rc.0/dist/js/ |
71 KB 20 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
rangeslider.js
cdnjs.cloudflare.com/ajax/libs/rangeslider.js/2.3.3/ |
18 KB 4 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
kfw_logo_1280-2x.svg
www.kfw.de/Technische-Medien/Logos/ |
14 KB 6 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
home.jpg
kfw-sonderportal.com/kfw/ |
50 KB 51 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
email-decode.min.js
kfw-sonderportal.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/ |
1 KB 1 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
kfw-icons.woff2
kfw-sonderportal.com/fonts/kfw-icons/ |
10 KB 10 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
KFWCentroSans-Reg.woff2
kfw-sonderportal.com/fonts/KfW_Centro_Sans/KfW_Centro_Sans_Regular/ |
21 KB 21 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: KfW Development Bank (Banking)4 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
boolean| credentialless object| oncontentvisibilityautostatechange function| $ function| jQuery2 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
kfw-sonderportal.com/ | Name: XSRF-TOKEN Value: eyJpdiI6Im5tOWRZZEtQMWQ3TnAvYmZFUHpoMnc9PSIsInZhbHVlIjoiekFpa0pTcnFiZjNkaDcwZWlpclgyU0cwNXhLZVBTOGhIU0xIc0xmZzNYbUdOOHh3dDhLa2VuOW9GVnBsT0VwdjJpL3BKQ0IwWm5CMno3Zmd2clVrd1l1N0ZVUUh6bk04eEJYQmlaZGF0V0FaWUkrb3NWR21WTHVXSzhDUHo0K2wiLCJtYWMiOiI4MTE5OWYyY2UxZGY0YTIyM2JjMzE0YzNkM2ZhN2IxMDk1NTU0ZWJmNDFmOGMwNDBmYzc4YjY5YjU5YmQ4ODVjIiwidGFnIjoiIn0%3D |
|
kfw-sonderportal.com/ | Name: laravel_session Value: eyJpdiI6Im9ha3JlV2hKcnhCK2U5ckthWXlWdGc9PSIsInZhbHVlIjoiK0Jwc0FvR3FBY1BTY2F6TTNaZlB4cUVvTHZLRFV0b2FyQ0xCb1M2K3l3KzFYa1NiaTZITVQ4NUlQa0o3L3ZvVjRJZDNUMmdlNjErTXQ0UjArMTZTcjRZZG1JVXRlVUZSN3lKREJXNm5IWStUZXJibUhoMXZuZzBFL21TdUYySGsiLCJtYWMiOiJhNjMxYzBhYTNlNTE2N2JiYWM5NjMyNDg4ZTRjZDIwMzBjZTFhNzdhNTg1YTkzMTMwMmQ5NDllMTE5MzQzNmY2IiwidGFnIjoiIn0%3D |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
cdn.jsdelivr.net
cdnjs.cloudflare.com
code.jquery.com
kfw-sonderportal.com
www.kfw.de
104.151.29.97
2001:4de0:ac18::1:a:3a
2606:4700::6811:190e
2a04:4e42:200::485
2a06:98c1:3120::c
2a06:98c1:3121::c
01b035efb5dfa529c512f82962ed633328222da6f33c224244806d4798c67349
07dc762e320c2d1bc8214768f7890ed7841b34ef72f7c8a383ebd5b8d8bc1947
14a9a84b8b456cd250cd499b6e922750b040b69c1cdbe16c83618a5631392db5
17c8336d8d80d554dfe3d88eadcf0bb2dfd4bdc52da05af79b28b1d1632236a0
2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8
3a8af5e267fb5fdf74b53335f7a7f014f66d95ccd6c28a4babbd95b211942b18
5e17977fac64a36ce21810b605bb5da2e5606371c0b7c019fe9a3274b68e75ad
661a5c216c7c18fb65d55124c95db65fb1874b35f5342769e81bdb5cc0c723f8
73c9fadea00ed752ede3a116b97a279dd2e61a1ddc0ba8e707938f91efd71088
7f42084f1844cdc1a5a3d29954e7eb2ce94659bfc6b0c5f6f9514b946914633f
a3cf00c109d907e543bc4f6dbc85eb31068f94515251347e9e57509b52ee3d74
aaa564c2c01f4e51856ebf075e1abcf6ff44f54f415960cb35e4c91f8edd8b62
cda4a81c187015d95ed2c71f1841540b08203cdec5fa2a7d5d1825a3c2166f8c
f7244fff610595b944f76bf3080d74e3af42b5dd234f8f079e698cc39ac966b0