kfw-isfp-01.com
Open in
urlscan Pro
2606:4700:3031::ac43:beb9
Malicious Activity!
Public Scan
Effective URL: https://kfw-isfp-01.com/
Submission: On February 21 via manual from DE — Scanned from DE
Summary
TLS certificate: Issued by GTS CA 1P5 on February 6th 2023. Valid for: 3 months.
This is the only time kfw-isfp-01.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: KfW Development Bank (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 1 | 91.240.118.57 91.240.118.57 | 57523 (CHANGWAY-AS) (CHANGWAY-AS) | |
6 | 2606:4700:303... 2606:4700:3031::ac43:beb9 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
2 | 2a04:4e42:200... 2a04:4e42:200::485 | 54113 (FASTLY) (FASTLY) | |
3 | 2606:4700::68... 2606:4700::6811:190e | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 2001:4de0:ac1... 2001:4de0:ac18::1:a:2a | 20446 (STACKPATH...) (STACKPATH-CDN) | |
1 | 104.151.29.97 104.151.29.97 | 8881 (VERSATEL) (VERSATEL) | |
13 | 5 |
Apex Domain Subdomains |
Transfer | |
---|---|---|
6 |
kfw-isfp-01.com
kfw-isfp-01.com |
272 KB |
3 |
cloudflare.com
cdnjs.cloudflare.com — Cisco Umbrella Rank: 196 |
25 KB |
2 |
jsdelivr.net
cdn.jsdelivr.net — Cisco Umbrella Rank: 346 |
22 KB |
1 |
kfw.de
www.kfw.de — Cisco Umbrella Rank: 284003 |
6 KB |
1 |
jquery.com
code.jquery.com — Cisco Umbrella Rank: 699 |
30 KB |
1 |
sweacarolina.com
1 redirects
sweacarolina.com |
242 B |
13 | 6 |
Domain | Requested by | |
---|---|---|
6 | kfw-isfp-01.com |
kfw-isfp-01.com
|
3 | cdnjs.cloudflare.com |
kfw-isfp-01.com
|
2 | cdn.jsdelivr.net |
kfw-isfp-01.com
|
1 | www.kfw.de |
kfw-isfp-01.com
|
1 | code.jquery.com |
kfw-isfp-01.com
|
1 | sweacarolina.com | 1 redirects |
13 | 6 |
This site contains links to these domains. Also see Links.
Domain |
---|
www.kfw.de |
www.facebook.com |
twitter.com |
www.linkedin.com |
www.xing.com |
www.kfw-formularsammlung.de |
onlinekreditportal.kfw.de |
www.twitter.com |
www.youtube.com |
de.linkedin.com |
www.instagram.com |
Subject Issuer | Validity | Valid | |
---|---|---|---|
*.kfw-isfp-01.com GTS CA 1P5 |
2023-02-06 - 2023-05-07 |
3 months | crt.sh |
jsdelivr.net GlobalSign Atlas R3 DV TLS CA 2022 Q4 |
2022-12-23 - 2024-01-24 |
a year | crt.sh |
sni.cloudflaressl.com Cloudflare Inc ECC CA-3 |
2022-08-03 - 2023-08-02 |
a year | crt.sh |
*.jquery.com Sectigo RSA Domain Validation Secure Server CA |
2022-08-03 - 2023-07-14 |
a year | crt.sh |
*.kfw.de TeleSec ServerPass Class 2 CA |
2022-11-23 - 2023-11-27 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://kfw-isfp-01.com/
Frame ID: EF436D179893F5B2A41C7EEF48C902AB
Requests: 13 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
-
http://sweacarolina.com/html/?FlkwiTCOhy
HTTP 302
https://kfw-isfp-01.com/ Page URL
Detected technologies
Laravel (Web Frameworks) ExpandDetected patterns
Font Awesome (Font Scripts) Expand
Detected patterns
- <link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
- (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
Select2 (JavaScript Libraries) Expand
Detected patterns
- select2(?:\.min|\.full)?\.js
jQuery (JavaScript Libraries) Expand
Detected patterns
- jquery[.-]([\d.]*\d)[^/]*\.js
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
jsDelivr (CDN) Expand
Detected patterns
- <link [^>]*?href="?[a-zA-Z]*?:?//cdn\.jsdelivr\.net/
- //cdn\.jsdelivr\.net/
Page Statistics
45 Outgoing links
These are links going to different origins than the main page.
Title: Startseite
Search URL Search Domain Scan URL
Title: Startseite
Search URL Search Domain Scan URL
Title: Unternehmen Wir fördern den Mittelstand, Freiberufler und Gründer
Search URL Search Domain Scan URL
Title: Öffentliche Einrichtungen Wir fördern Kommunen und kommunale Unternehmen
Search URL Search Domain Scan URL
Title: Partnerportal Wir unterstützen Vertriebspartner mit zusätzlichen Informationen und Arbeitshilfen
Search URL Search Domain Scan URL
Title: Internationale Finanzierung Wir sind überall da aktiv, wo die Welt miteinander agiert
Search URL Search Domain Scan URL
Title: Stories Das digitale Magazin der KfW Bankengruppe erzählt Geschichten aus aller Welt
Search URL Search Domain Scan URL
Title: Ãœber die KfW Alle wichtigen Informationen rund um die KfW Bankengruppe
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Title: Online-Kreditportal Studieren & Qualifizieren: Zugang zu Ihren Vertragsdaten und wichtige Informationen
Search URL Search Domain Scan URL
Title: KfW-Förderportal Bankdurchleitung Online für Finanzierungspartner der KfW
Search URL Search Domain Scan URL
Title: kfw.de/s/deiu9Wv
Search URL Search Domain Scan URL
Title: Datenschutzhinweise
Search URL Search Domain Scan URL
Title: teilen
Search URL Search Domain Scan URL
Title: tweet
Search URL Search Domain Scan URL
Title: mitteilen
Search URL Search Domain Scan URL
Title: teilen
Search URL Search Domain Scan URL
Title: Newsroom
Search URL Search Domain Scan URL
Title: Investor Relations
Search URL Search Domain Scan URL
Title: KfW Research
Search URL Search Domain Scan URL
Title: Karriere
Search URL Search Domain Scan URL
Title: Beschaffung
Search URL Search Domain Scan URL
Title: Nachhaltigkeit
Search URL Search Domain Scan URL
Title: Aktuelle Zinskonditionen
Search URL Search Domain Scan URL
Title: Beratung bei Finanzierungspartnern
Search URL Search Domain Scan URL
Title: Merkblätter und Formulare
Search URL Search Domain Scan URL
Title: Online-Kreditportal
Search URL Search Domain Scan URL
Title: Download Center
Search URL Search Domain Scan URL
Title: KfW-Newsdienste
Search URL Search Domain Scan URL
Title: Tilgungsrechner
Search URL Search Domain Scan URL
Title: Service
Search URL Search Domain Scan URL
Title: Kontakt
Search URL Search Domain Scan URL
Title: Beschwerden
Search URL Search Domain Scan URL
Title: Pressestelle
Search URL Search Domain Scan URL
Title: Twitter
Search URL Search Domain Scan URL
Title: Youtube
Search URL Search Domain Scan URL
Title: XING
Search URL Search Domain Scan URL
Title: LinkedIn
Search URL Search Domain Scan URL
Title: Instagram
Search URL Search Domain Scan URL
Title: Sitemap
Search URL Search Domain Scan URL
Title: Barrierefreiheit
Search URL Search Domain Scan URL
Title: Barriere melden
Search URL Search Domain Scan URL
Title: Rechtliche Hinweise
Search URL Search Domain Scan URL
Title: Impressum
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
http://sweacarolina.com/html/?FlkwiTCOhy
HTTP 302
https://kfw-isfp-01.com/ Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
13 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
/
kfw-isfp-01.com/ Redirect Chain
|
217 KB 22 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
kfw.main.css
kfw-isfp-01.com/ |
2 MB 166 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
select2.min.css
cdn.jsdelivr.net/npm/select2@4.1.0-rc.0/dist/css/ |
16 KB 2 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
rangeslider.min.css
cdnjs.cloudflare.com/ajax/libs/rangeslider.js/2.3.3/ |
4 KB 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
all.min.css
cdnjs.cloudflare.com/ajax/libs/font-awesome/6.2.0/css/ |
99 KB 19 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery-3.6.1.min.js
code.jquery.com/ |
88 KB 30 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
select2.min.js
cdn.jsdelivr.net/npm/select2@4.1.0-rc.0/dist/js/ |
71 KB 20 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
rangeslider.js
cdnjs.cloudflare.com/ajax/libs/rangeslider.js/2.3.3/ |
18 KB 5 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
kfw_logo_1280-2x.svg
www.kfw.de/Technische-Medien/Logos/ |
14 KB 6 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
kfw-icons.woff2
kfw-isfp-01.com/fonts/kfw-icons/ |
10 KB 10 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
home.jpg
kfw-isfp-01.com/kfw/ |
50 KB 51 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
email-decode.min.js
kfw-isfp-01.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/ |
1 KB 1 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
KFWCentroSans-Reg.woff2
kfw-isfp-01.com/fonts/KfW_Centro_Sans/KfW_Centro_Sans_Regular/ |
21 KB 21 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: KfW Development Bank (Banking)4 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
boolean| credentialless object| oncontentvisibilityautostatechange function| $ function| jQuery2 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
kfw-isfp-01.com/ | Name: XSRF-TOKEN Value: eyJpdiI6IjlRaE16Y21aU3Flbmk0Wmw4QTdwYUE9PSIsInZhbHVlIjoiMVRzZitvM0lqTThGV3E0UzNjNmNFNjIrcjlMajk4QWc4cVhCRFlCc1VkQXRUWnd1UW1jWklnMDJQbDRxR2ZkanZHTnlrR3F1T2lJbFpNYlFyN2NnaUtIOG1kc2YvZEFUUDNjdWx1dWExTkpPTzBkTTlMZXhiVTI2eTRFWE5jcEUiLCJtYWMiOiJlOWQwY2EyNmM5NDBlNTEyNzg0YWE4NTljMWI0OWQzY2JkNTQzZjM2NDcxZTY4NWExMWU1NzFjNWNiOTU3NzYxIiwidGFnIjoiIn0%3D |
|
kfw-isfp-01.com/ | Name: laravel_session Value: eyJpdiI6Ijd6Y0J4WERjNDFIM05ISi84RjJIbmc9PSIsInZhbHVlIjoiaTRKc0M0bEdDYTRjRzhhb1lpV1BSSkNnaGVjQnlkcUJtR3BySW8xU3RMWTlTbXp2Q3FPaGVlQ2lVYjVqcnc5K2RTVVlwT1hRc0hkQmszR1M1cFpQN3FsSVpOMDZvdllueXhEc2t1bGJCeCs2c2g2YStLV1hLSnZjeUpqV2xKZEQiLCJtYWMiOiIzZTk5OWY2OTY3YjBjZGM2YmVkM2FkNmM1ZDhhNmE5NTY5ZmM0MWQ5NDZjNWQ4MDJhZGI2NzA1NzI1NjBhZDFhIiwidGFnIjoiIn0%3D |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
cdn.jsdelivr.net
cdnjs.cloudflare.com
code.jquery.com
kfw-isfp-01.com
sweacarolina.com
www.kfw.de
104.151.29.97
2001:4de0:ac18::1:a:2a
2606:4700:3031::ac43:beb9
2606:4700::6811:190e
2a04:4e42:200::485
91.240.118.57
01b035efb5dfa529c512f82962ed633328222da6f33c224244806d4798c67349
07dc762e320c2d1bc8214768f7890ed7841b34ef72f7c8a383ebd5b8d8bc1947
17c8336d8d80d554dfe3d88eadcf0bb2dfd4bdc52da05af79b28b1d1632236a0
2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8
3a8af5e267fb5fdf74b53335f7a7f014f66d95ccd6c28a4babbd95b211942b18
5e17977fac64a36ce21810b605bb5da2e5606371c0b7c019fe9a3274b68e75ad
661a5c216c7c18fb65d55124c95db65fb1874b35f5342769e81bdb5cc0c723f8
a3cf00c109d907e543bc4f6dbc85eb31068f94515251347e9e57509b52ee3d74
aaa564c2c01f4e51856ebf075e1abcf6ff44f54f415960cb35e4c91f8edd8b62
cda4a81c187015d95ed2c71f1841540b08203cdec5fa2a7d5d1825a3c2166f8c
d5d50931acae886ca358094a4329c7a12e1e7acf405b192642fcf8b936a39a3b
dd58f6fb683b21b7e134482437aca13fb03b192fd9cb2042b2baf45691633449
f7244fff610595b944f76bf3080d74e3af42b5dd234f8f079e698cc39ac966b0