urlscan.io logo urlscan.io
SecurityTrails logo

kfw-isfp-01.com Open in urlscan Pro
2606:4700:3031::ac43:beb9  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://sweacarolina.com/html/?FlkwiTCOhy
Effective URL: https://kfw-isfp-01.com/
Submission: On February 21 via manual from DE — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 5 IPs in 4 countries across 6 domains to perform 13 HTTP transactions. The main IP is 2606:4700:3031::ac43:beb9, located in United States and belongs to CLOUDFLARENET, US. The main domain is kfw-isfp-01.com.
TLS certificate: Issued by GTS CA 1P5 on February 6th 2023. Valid for: 3 months.
This is the only time kfw-isfp-01.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: KfW Development Bank (Banking)

Domain & IP information

IP Address AS Autonomous System
1 1 91.240.118.57 57523 (CHANGWAY-AS)
6 2606:4700:303... 13335 (CLOUDFLAR...)
2 2a04:4e42:200... 54113 (FASTLY)
3 2606:4700::68... 13335 (CLOUDFLAR...)
1 2001:4de0:ac1... 20446 (STACKPATH...)
1 104.151.29.97 8881 (VERSATEL)
13 5
1    91.240.118.57 (Hong Kong)

ASN57523 (CHANGWAY-AS, HK)
sweacarolina.com
6    2606:4700:3031::ac43:beb9 (United States)

ASN13335 (CLOUDFLARENET, US)
kfw-isfp-01.com
2    2a04:4e42:200::485 (United States)

ASN54113 (FASTLY, US)
cdn.jsdelivr.net
3    2606:4700::6811:190e (United States)

ASN13335 (CLOUDFLARENET, US)
cdnjs.cloudflare.com
1    2001:4de0:ac18::1:a:2a (Netherlands)

ASN20446 (STACKPATH-CDN, US)
code.jquery.com
1    104.151.29.97 (Dresden, Germany)

ASN8881 (VERSATEL, DE)
PTR: i68971D61.versanet.de
www.kfw.de
Apex Domain
Subdomains		 Transfer
6 kfw-isfp-01.com
kfw-isfp-01.com
272 KB
3 cloudflare.com
cdnjs.cloudflare.com — Cisco Umbrella Rank: 196
25 KB
2 jsdelivr.net
cdn.jsdelivr.net — Cisco Umbrella Rank: 346
22 KB
1 kfw.de
www.kfw.de — Cisco Umbrella Rank: 284003
6 KB
1 jquery.com
code.jquery.com — Cisco Umbrella Rank: 699
30 KB
1 sweacarolina.com
sweacarolina.com
242 B
13 6
Domain Requested by
6 kfw-isfp-01.com kfw-isfp-01.com
3 cdnjs.cloudflare.com kfw-isfp-01.com
2 cdn.jsdelivr.net kfw-isfp-01.com
1 www.kfw.de kfw-isfp-01.com
1 code.jquery.com kfw-isfp-01.com
1 sweacarolina.com 1 redirects
13 6
Subject Issuer Validity Valid
*.kfw-isfp-01.com
GTS CA 1P5		 2023-02-06 -
2023-05-07		 3 months crt.sh
jsdelivr.net
GlobalSign Atlas R3 DV TLS CA 2022 Q4		 2022-12-23 -
2024-01-24		 a year crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3		 2022-08-03 -
2023-08-02		 a year crt.sh
*.jquery.com
Sectigo RSA Domain Validation Secure Server CA		 2022-08-03 -
2023-07-14		 a year crt.sh
*.kfw.de
TeleSec ServerPass Class 2 CA		 2022-11-23 -
2023-11-27		 a year crt.sh

This page contains 1 frames:

Primary Page: https://kfw-isfp-01.com/
Frame ID: EF436D179893F5B2A41C7EEF48C902AB
Requests: 13 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page URL History Show full URLs

  1. http://sweacarolina.com/html/?FlkwiTCOhy HTTP 302
    https://kfw-isfp-01.com/ Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
  • (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
Overall confidence: 100%
Detected patterns
  • select2(?:\.min|\.full)?\.js
Overall confidence: 100%
Detected patterns
  • jquery[.-]([\d.]*\d)[^/]*\.js
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Overall confidence: 100%
Detected patterns
  • <link [^>]*?href="?[a-zA-Z]*?:?//cdn\.jsdelivr\.net/
  • //cdn\.jsdelivr\.net/

Page Statistics

13
Requests

100 %
HTTPS

67 %
IPv6

6
Domains

6
Subdomains

5
IPs

4
Countries

355 kB
Transfer

2380 kB
Size

2
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://sweacarolina.com/html/?FlkwiTCOhy HTTP 302
    https://kfw-isfp-01.com/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

13 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
kfw-isfp-01.com/
Redirect Chain
  • http://sweacarolina.com/html/?FlkwiTCOhy
  • https://kfw-isfp-01.com/
217 KB
22 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://kfw-isfp-01.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3031::ac43:beb9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
dd58f6fb683b21b7e134482437aca13fb03b192fd9cb2042b2baf45691633449

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control
private, must-revalidate
cf-cache-status
DYNAMIC
cf-ray
79d0649f0beb9969-FRA
content-encoding
br
content-type
text/html; charset=UTF-8
date
Tue, 21 Feb 2023 15:07:41 GMT
expires
-1
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
pragma
no-cache
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=afkRdB1UGuCliKOfht9B5Dc1F1QRj6YdNYyeRmnA%2BtlmfnqvNSDwoU3%2Fw0HJgdRcxlOPd%2Fy97LxoZZ4z6Nyxv%2Bz8%2BQJiQkkQcCsnuwCQCEyql87V1fPtMEd1dA0PJUtsNg7%2BylU4YUh2H1SKsu4%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding

Redirect headers

Connection
Keep-Alive
Content-Length
0
Content-Type
text/html; charset=UTF-8
Date
Sun, 20 Feb 2022 18:42:35 GMT
Keep-Alive
timeout=5, max=100
Location
https://kfw-isfp-01.com/
Server
Apache/2.4.25 (Debian)
kfw.main.css
kfw-isfp-01.com/ 		2 MB
166 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://kfw-isfp-01.com/kfw.main.css
Requested by
Host: kfw-isfp-01.com
URL: https://kfw-isfp-01.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3031::ac43:beb9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d5d50931acae886ca358094a4329c7a12e1e7acf405b192642fcf8b936a39a3b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://kfw-isfp-01.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date
Tue, 21 Feb 2023 15:07:41 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Tue, 14 Feb 2023 21:22:16 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
age
4103
etag
W/"1ba92b-5f4af8ecff200-gzip"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=TtOhnqwAV%2BQODIxfvHmG3X27gTKpAxhCSjvmXRaruBRvoDmK%2BmmtsYTeQHwmG8nuQ%2FgIw1yjqszuC%2FhrxUF9lqP8GZhtoowCQfeHzQKdM8Od6WPvAzMGHogkk8Wvy%2FkXNRmTYfCHeaSlOUyo%2Blw%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/css
cache-control
max-age=14400
cf-ray
79d064a12f079969-FRA
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
select2.min.css
cdn.jsdelivr.net/npm/select2@4.1.0-rc.0/dist/css/ 		16 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://cdn.jsdelivr.net/npm/select2@4.1.0-rc.0/dist/css/select2.min.css
Requested by
Host: kfw-isfp-01.com
URL: https://kfw-isfp-01.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42:200::485 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
cda4a81c187015d95ed2c71f1841540b08203cdec5fa2a7d5d1825a3c2166f8c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://kfw-isfp-01.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
date
Tue, 21 Feb 2023 15:07:41 GMT
x-content-type-options
nosniff
content-encoding
gzip
age
10658476
x-jsd-version
4.1.0-rc.0
x-cache
HIT, HIT
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length
2162
x-served-by
cache-fra-eddf8230055-FRA, cache-hhn-etou8220020-HHN
x-jsd-version-type
version
etag
W/"3f88-kT+fe5U1rseQyjzp1uNaz682mZM"
vary
Accept-Encoding
content-type
text/css; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
*
cache-control
public, max-age=31536000, s-maxage=31536000, immutable
accept-ranges
bytes
timing-allow-origin
*
rangeslider.min.css
cdnjs.cloudflare.com/ajax/libs/rangeslider.js/2.3.3/ 		4 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://cdnjs.cloudflare.com/ajax/libs/rangeslider.js/2.3.3/rangeslider.min.css
Requested by
Host: kfw-isfp-01.com
URL: https://kfw-isfp-01.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:190e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
17c8336d8d80d554dfe3d88eadcf0bb2dfd4bdc52da05af79b28b1d1632236a0
Security Headers
Name Value
Strict-Transport-Security max-age=15780000
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://kfw-isfp-01.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date
Tue, 21 Feb 2023 15:07:41 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security
max-age=15780000
age
14376282
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
1096
last-modified
Mon, 04 May 2020 16:15:48 GMT
server
cloudflare
cf-cdnjs-via
cfworker/kv
etag
"5eb03fb4-11bc"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1qY9nlsqS9S0twGoELjJB4BcJnaT0b0vz4qrPepJOLA%2FuCDwJD76Yk%2BWBqllQRX0rvFqvCVzFLeWSaG%2Fmv3pPFLYWueiPRRpwlXwRsMpTGLrZuGE9UzXrg1X6T9aHEoZUAyxU8sA0skD%2FjLnG1ERkZyY"}],"group":"cf-nel","max_age":604800}
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=30672000
accept-ranges
bytes
timing-allow-origin
*
cf-ray
79d064a14c6191f9-FRA
expires
Sun, 11 Feb 2024 15:07:41 GMT
all.min.css
cdnjs.cloudflare.com/ajax/libs/font-awesome/6.2.0/css/ 		99 KB
19 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.2.0/css/all.min.css
Requested by
Host: kfw-isfp-01.com
URL: https://kfw-isfp-01.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:190e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
01b035efb5dfa529c512f82962ed633328222da6f33c224244806d4798c67349
Security Headers
Name Value
Strict-Transport-Security max-age=15780000
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://kfw-isfp-01.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date
Tue, 21 Feb 2023 15:07:41 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security
max-age=15780000
age
583325
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
18688
last-modified
Tue, 30 Aug 2022 20:09:06 GMT
server
cloudflare
cf-cdnjs-via
cfworker/kv
etag
"630e6e62-4900"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=R7lp5mbO8mIUXaiMU5RbEs4YCAlff7V0kp3V1DYR1wP4frMGHUtl5oZXU1muZoX3FWbLoQH4r2L1HTiY6t1Ve3V1DFRbY8gVlkQY11rQfPNi7Mx39trK9canYaFBDpqjUWY5oEa2Ba6P5QCAhmEhFKhK"}],"group":"cf-nel","max_age":604800}
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=30672000
accept-ranges
bytes
timing-allow-origin
*
cf-ray
79d064a14c6591f9-FRA
expires
Sun, 11 Feb 2024 15:07:41 GMT
jquery-3.6.1.min.js
code.jquery.com/ 		88 KB
30 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://code.jquery.com/jquery-3.6.1.min.js
Requested by
Host: kfw-isfp-01.com
URL: https://kfw-isfp-01.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4de0:ac18::1:a:2a , Netherlands, ASN20446 (STACKPATH-CDN, US),
Reverse DNS
Software
nginx /
Resource Hash
a3cf00c109d907e543bc4f6dbc85eb31068f94515251347e9e57509b52ee3d74

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://kfw-isfp-01.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date
Tue, 21 Feb 2023 15:07:41 GMT
content-encoding
gzip
last-modified
Fri, 26 Aug 2022 17:36:05 GMT
server
nginx
etag
W/"63090485-15e40"
vary
Accept-Encoding
x-hw
1676992061.dop222.am5.t,1676992061.cds001.am5.hn,1676992061.cds012.am5.c
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=315360000, public
accept-ranges
bytes
content-length
30957
select2.min.js
cdn.jsdelivr.net/npm/select2@4.1.0-rc.0/dist/js/ 		71 KB
20 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.jsdelivr.net/npm/select2@4.1.0-rc.0/dist/js/select2.min.js
Requested by
Host: kfw-isfp-01.com
URL: https://kfw-isfp-01.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42:200::485 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
f7244fff610595b944f76bf3080d74e3af42b5dd234f8f079e698cc39ac966b0
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://kfw-isfp-01.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
date
Tue, 21 Feb 2023 15:07:41 GMT
x-content-type-options
nosniff
content-encoding
gzip
age
7127355
x-jsd-version
4.1.0-rc.0
x-cache
HIT, HIT
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length
20012
x-served-by
cache-fra-eddf8230022-FRA, cache-hhn-etou8220020-HHN
x-jsd-version-type
version
etag
W/"11dcb-beEOdKmS/KFegD2RDRMPgmYxy4Y"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
*
cache-control
public, max-age=31536000, s-maxage=31536000, immutable
accept-ranges
bytes
timing-allow-origin
*
rangeslider.js
cdnjs.cloudflare.com/ajax/libs/rangeslider.js/2.3.3/ 		18 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdnjs.cloudflare.com/ajax/libs/rangeslider.js/2.3.3/rangeslider.js
Requested by
Host: kfw-isfp-01.com
URL: https://kfw-isfp-01.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:190e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
661a5c216c7c18fb65d55124c95db65fb1874b35f5342769e81bdb5cc0c723f8
Security Headers
Name Value
Strict-Transport-Security max-age=15780000
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://kfw-isfp-01.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date
Tue, 21 Feb 2023 15:07:41 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security
max-age=15780000
age
21169562
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
3979
last-modified
Mon, 04 May 2020 16:15:48 GMT
server
cloudflare
cf-cdnjs-via
cfworker/kv
etag
"5eb03fb4-4641"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=k%2BFLlPpxg%2BLL4oMDMUxPsvN05FQuHfWc0cJxFhhCK%2FiMW5iQ6sShEII%2BI8E0dlicduglKYXMA%2BdtL6VTtZszvP0VBRr%2FB4hKTgOxuSvYt1JdO27h%2F2HjDxnT2lJm6yDsWVZrZ1oThsTrx2WJgYKRkt7e"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=30672000
accept-ranges
bytes
timing-allow-origin
*
cf-ray
79d064a14c6791f9-FRA
expires
Sun, 11 Feb 2024 15:07:41 GMT
kfw_logo_1280-2x.svg
www.kfw.de/Technische-Medien/Logos/ 		14 KB
6 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.kfw.de/Technische-Medien/Logos/kfw_logo_1280-2x.svg
Requested by
Host: kfw-isfp-01.com
URL: https://kfw-isfp-01.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
104.151.29.97 Dresden, Germany, ASN8881 (VERSATEL, DE),
Reverse DNS
i68971D61.versanet.de
Software
Apache /
Resource Hash
5e17977fac64a36ce21810b605bb5da2e5606371c0b7c019fe9a3274b68e75ad
Security Headers
Name Value
Content-Security-Policy default-src 'self' 'unsafe-inline' 'unsafe-eval' *.kfw.de *.kfw-ipex-bank.de *.kfw-entwicklungsbank.de www.energie-effizienz-experten.de *.deginvest.de android-webview-video-poster *.mapbox.com *.wt-safetag.com *.analytics.edgekey.net kfw-chatbot-staging-kfw.eu-de.mybluemix.net kfw-token-auth-staging-kfw.eu-de.mybluemix.net fbc.wcfbc.net *.keyingress.de *.usercentrics.eu *.video-cdn.net responder.wt-safetag.com js.api.here.com *.hereapi.com *.mateti.net ajax.googleapis.com *.googleadservices.com *.googletagmanager.com *.analytics.yahoo.com *.ad.doubleclick.net *.yimg.com *.adform.net data: blob:;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Frame-Options SAMEORIGIN

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://kfw-isfp-01.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

Date
Tue, 21 Feb 2023 15:07:41 GMT
Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Encoding
gzip
Content-Security-Policy
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.kfw.de *.kfw-ipex-bank.de *.kfw-entwicklungsbank.de www.energie-effizienz-experten.de *.deginvest.de android-webview-video-poster *.mapbox.com *.wt-safetag.com *.analytics.edgekey.net kfw-chatbot-staging-kfw.eu-de.mybluemix.net kfw-token-auth-staging-kfw.eu-de.mybluemix.net fbc.wcfbc.net *.keyingress.de *.usercentrics.eu *.video-cdn.net responder.wt-safetag.com js.api.here.com *.hereapi.com *.mateti.net ajax.googleapis.com *.googleadservices.com *.googletagmanager.com *.analytics.yahoo.com *.ad.doubleclick.net *.yimg.com *.adform.net data: blob:;
Connection
Keep-Alive
Content-Length
4217
Last-Modified
Tue, 21 Feb 2023 14:55:22 GMT
Server
Apache
Access-Control-Max-Age
1000
Access-Control-Allow-Methods
GET, OPTIONS
Content-Type
image/svg+xml
Vary
Referer,Origin,Accept-Encoding
Cache-Control
max-age=86400
Permissions-Policy
accelerometer=(), camera=(), gamepad=(), geolocation=(), gyroscope=(), magnetometer=(), payment=(), usb=(), screen-wake-lock=(), microphone=(), geolocation=()
X-Frame-Options
SAMEORIGIN
Accept-Ranges
bytes, bytes
Access-Control-Allow-Headers
x-requested-with, Content-Type, origin, authorization, accept, client-security-token
Keep-Alive
timeout=15, max=69
Expires
Wed, 22 Feb 2023 15:07:41 GMT
kfw-icons.woff2
kfw-isfp-01.com/fonts/kfw-icons/ 		10 KB
10 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://kfw-isfp-01.com/fonts/kfw-icons/kfw-icons.woff2
Requested by
Host: kfw-isfp-01.com
URL: https://kfw-isfp-01.com/kfw.main.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3031::ac43:beb9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
aaa564c2c01f4e51856ebf075e1abcf6ff44f54f415960cb35e4c91f8edd8b62

Request headers

Referer
https://kfw-isfp-01.com/kfw.main.css
Origin
https://kfw-isfp-01.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date
Tue, 21 Feb 2023 15:07:41 GMT
cf-cache-status
HIT
last-modified
Sat, 17 Dec 2022 21:07:14 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
age
4086
etag
"2624-5f00c78696480"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GcrGAI%2Fz6942Fp4EHsRjvBZIQaW3vZCNWK8zNxSqbysNrImxtt4hWuV7B%2FN69JIJMzi6QNAxmkWh01Ems5MYz%2FEccwxst%2FCSblJVYpMAx1ArLpVX%2F2rIVmYPBPU8xEwcGhMAKr63L5crTLqXTVE%3D"}],"group":"cf-nel","max_age":604800}
content-type
font/woff2
cache-control
max-age=14400
accept-ranges
bytes
cf-ray
79d064a25fb1366e-FRA
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
9764
home.jpg
kfw-isfp-01.com/kfw/ 		50 KB
51 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://kfw-isfp-01.com/kfw/home.jpg
Requested by
Host: kfw-isfp-01.com
URL: https://kfw-isfp-01.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3031::ac43:beb9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
07dc762e320c2d1bc8214768f7890ed7841b34ef72f7c8a383ebd5b8d8bc1947

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://kfw-isfp-01.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date
Tue, 21 Feb 2023 15:07:41 GMT
cf-cache-status
HIT
last-modified
Sat, 17 Dec 2022 21:05:13 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
age
4077
etag
"c948-5f00c71331440"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=f66vs9ag5PfGZPMbkkagky3CpQy8myZ0AMH11mKZUtmTjYl9%2FApsxK5xgwrxjaaJRU7Xv54C%2FiAVZ6q%2Fb3lbw5Q0a%2B5cD4aOAtjyR3efA4jdMJe2aRfpb4R46wk%2Bm5rGLprWsBAGAXmHmtXEXKM%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/jpeg
cache-control
max-age=14400
accept-ranges
bytes
cf-ray
79d064a26fcf366e-FRA
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
51528
email-decode.min.js
kfw-isfp-01.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/ 		1 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://kfw-isfp-01.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js
Requested by
Host: kfw-isfp-01.com
URL: https://kfw-isfp-01.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3031::ac43:beb9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://kfw-isfp-01.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date
Tue, 21 Feb 2023 15:07:41 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Wed, 15 Feb 2023 14:31:01 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
W/"63ececa5-4d7"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MXHS65AqHaB3980%2FQFj3n2yKC7IAoXCe7OchCiw83b2S%2F8%2BCC%2FSmnzRj71x3II2Ag%2FMCwwQyKymrmQTm%2B5mlbgB5HGwjVqRehn7NQF9%2BXJAgUiHKtP1YA9rcPnVYS9tZaoZ1mlUFCAp%2F6TVId2s%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
x-frame-options
DENY
cache-control
max-age=172800, public
cf-ray
79d064a26fd2366e-FRA
expires
Thu, 23 Feb 2023 15:07:41 GMT
KFWCentroSans-Reg.woff2
kfw-isfp-01.com/fonts/KfW_Centro_Sans/KfW_Centro_Sans_Regular/ 		21 KB
21 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://kfw-isfp-01.com/fonts/KfW_Centro_Sans/KfW_Centro_Sans_Regular/KFWCentroSans-Reg.woff2
Requested by
Host: kfw-isfp-01.com
URL: https://kfw-isfp-01.com/kfw.main.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3031::ac43:beb9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3a8af5e267fb5fdf74b53335f7a7f014f66d95ccd6c28a4babbd95b211942b18

Request headers

Referer
https://kfw-isfp-01.com/kfw.main.css
Origin
https://kfw-isfp-01.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date
Tue, 21 Feb 2023 15:07:41 GMT
cf-cache-status
HIT
last-modified
Sat, 17 Dec 2022 21:07:19 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
age
6790
etag
"5330-5f00c78b5afc0"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=AGn5OXnrhKNcFDwvRhDaPHkoFaZFBf%2BWrcZqy6oAlo%2BI%2FdDvP%2BaWQQpklx9gLUIE1rmDjAzOfQ%2BjDeppQkYgeV4emQCs4LfG9HfYEhu%2BRWUdytDBo1NpLXfz3U5B9ZahYgDHfWE8wSNmyoPs3Ok%3D"}],"group":"cf-nel","max_age":604800}
content-type
font/woff2
cache-control
max-age=14400
accept-ranges
bytes
cf-ray
79d064a28ffa366e-FRA
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
21296

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: KfW Development Bank (Banking)

4 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

boolean| credentialless object| oncontentvisibilityautostatechange function| $ function| jQuery

2 Cookies

Domain/Path Name / Value
kfw-isfp-01.com/ Name: XSRF-TOKEN
Value: eyJpdiI6IjlRaE16Y21aU3Flbmk0Wmw4QTdwYUE9PSIsInZhbHVlIjoiMVRzZitvM0lqTThGV3E0UzNjNmNFNjIrcjlMajk4QWc4cVhCRFlCc1VkQXRUWnd1UW1jWklnMDJQbDRxR2ZkanZHTnlrR3F1T2lJbFpNYlFyN2NnaUtIOG1kc2YvZEFUUDNjdWx1dWExTkpPTzBkTTlMZXhiVTI2eTRFWE5jcEUiLCJtYWMiOiJlOWQwY2EyNmM5NDBlNTEyNzg0YWE4NTljMWI0OWQzY2JkNTQzZjM2NDcxZTY4NWExMWU1NzFjNWNiOTU3NzYxIiwidGFnIjoiIn0%3D
kfw-isfp-01.com/ Name: laravel_session
Value: eyJpdiI6Ijd6Y0J4WERjNDFIM05ISi84RjJIbmc9PSIsInZhbHVlIjoiaTRKc0M0bEdDYTRjRzhhb1lpV1BSSkNnaGVjQnlkcUJtR3BySW8xU3RMWTlTbXp2Q3FPaGVlQ2lVYjVqcnc5K2RTVVlwT1hRc0hkQmszR1M1cFpQN3FsSVpOMDZvdllueXhEc2t1bGJCeCs2c2g2YStLV1hLSnZjeUpqV2xKZEQiLCJtYWMiOiIzZTk5OWY2OTY3YjBjZGM2YmVkM2FkNmM1ZDhhNmE5NTY5ZmM0MWQ5NDZjNWQ4MDJhZGI2NzA1NzI1NjBhZDFhIiwidGFnIjoiIn0%3D