185.150.25.159 Open in urlscan Pro
185.150.25.159 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
http://185.150.25.159/
Submission: On March 04 via manual (March 4th 2023, 7:07:10 pm UTC) from DE — Scanned from DE

Summary HTTP 7 Redirects Links 45 Behaviour Indicators

Summary

This website contacted 2 IPs in 2 countries across 1 domains to perform 7 HTTP transactions. The main IP is 185.150.25.159, located in Netherlands and belongs to COMBAHTON combahton GmbH, DE. The main domain is 185.150.25.159.

This is the only time 185.150.25.159 was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: KfW Development Bank (Banking)

Domain & IP information

	IP Address	AS Autonomous System
6	185.150.25.159 185.150.25.159	30823 (COMBAHTON...) (COMBAHTON combahton GmbH)
1	104.151.29.97 104.151.29.97	8881 (VERSATEL) (VERSATEL)
7	2

6 185.150.25.159 (Netherlands)

ASN30823 (COMBAHTON combahton GmbH, DE)
PTR: vps-zap1006654-1.zap-srv.com

185.150.25.159	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.151.29.97 (Dresden, Germany)

ASN8881 (VERSATEL, DE)
PTR: i68971D61.versanet.de

www.kfw.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
1	kfw.de www.kfw.de — Cisco Umbrella Rank: 288898	6 KB
7	1

	Domain	Requested by
1	www.kfw.de	185.150.25.159
7	1

This site contains links to these domains. Also see Links.

Domain
www.kfw.de
www.facebook.com
twitter.com
www.linkedin.com
www.xing.com
www.kfw-formularsammlung.de
onlinekreditportal.kfw.de
www.twitter.com
www.youtube.com
de.linkedin.com
www.instagram.com

Subject Issuer	Validity	Valid
*.kfw.de TeleSec ServerPass Class 2 CA	`2022-11-23` - `2023-11-27`	a year	crt.sh

This page contains 1 frames:

Primary Page: http://185.150.25.159/
Frame ID: 53DECFB04ED567294B665AB639E85A0F
Requests: 7 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

Laravel (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

Page Statistics

7
Requests

14 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

2
IPs

2
Countries

546 kB
Transfer

2357 kB
Size

2
Cookies

45 Outgoing links

These are links going to different origins than the main page.

URL: https://www.kfw.de/inlandsfoerderung/Privatpersonen/
Title: Startseite

Search URL Search Domain Scan URL

URL: https://www.kfw.de/kfw.de.html
Title: Startseite

Search URL Search Domain Scan URL

URL: https://www.kfw.de/inlandsfoerderung/Unternehmen/
Title: Unternehmen Wir fördern den Mittelstand, Freiberufler und Gründer

Search URL Search Domain Scan URL

URL: https://www.kfw.de/inlandsfoerderung/%C3%96ffentliche-Einrichtungen/
Title: Öffentliche Einrichtungen Wir fördern Kommunen und kommunale Unternehmen

Search URL Search Domain Scan URL

URL: https://www.kfw.de/partner/KfW-Partnerportal/index.jsp
Title: Partnerportal Wir unterstützen Vertriebspartner mit zusätzlichen Informationen und Arbeitshilfen

Search URL Search Domain Scan URL

URL: https://www.kfw.de/Internationale-Finanzierung/
Title: Internationale Finanzierung Wir sind überall da aktiv, wo die Welt miteinander agiert

Search URL Search Domain Scan URL

URL: https://www.kfw.de/KfW-Stories/
Title: Stories Das digitale Magazin der KfW Bankengruppe erzählt Geschichten aus aller Welt

Search URL Search Domain Scan URL

URL: https://www.kfw.de/%C3%9Cber-die-KfW/
Title: Über die KfW Alle wichtigen Informationen rund um die KfW Bankengruppe

Search URL Search Domain Scan URL

URL: https://www.kfw.de/inlandsfoerderung/Leichte-Sprache.html

Search URL Search Domain Scan URL

URL: https://www.kfw.de/inlandsfoerderung/Gebaerdensprache.html

Search URL Search Domain Scan URL

URL: https://www.kfw.de/inlandsfoerderung/Privatpersonen/Studieren-Qualifizieren/Online-Kreditportal/?llb=1
Title: Online-Kreditportal Studieren & Qualifizieren: Zugang zu Ihren Vertragsdaten und wichtige Informationen

Search URL Search Domain Scan URL

URL: https://www.kfw.de/foerderportal
Title: KfW-Förderportal Bankdurchleitung Online für Finanzierungspartner der KfW

Search URL Search Domain Scan URL

URL: https://www.kfw.de/s/deiu9Wv
Title: kfw.de/s/deiu9Wv

Search URL Search Domain Scan URL

URL: https://www.kfw.de/%C3%9Cber-die-KfW/Datenschutz.html
Title: Datenschutzhinweise

Search URL Search Domain Scan URL

URL: https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fwww.kfw.de%2Finlandsfoerderung%2FUnternehmen%2FInnovation%2F
Title: teilen

Search URL Search Domain Scan URL

URL: https://twitter.com/intent/tweet?text=%0AF%C3%B6rderung%20f%C3%BCr%20Innovation%20und%20Digitalisierung%20im%20Unternehmen%20%7C%20KfW&url=https%3A%2F%2Fwww.kfw.de%2Finlandsfoerderung%2FUnternehmen%2FInnovation%2F
Title: tweet

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/shareArticle?mini=true&summary=Wir%20f%C3%B6rdern%20Mittelstand%20und%20kleine%20Unternehmen%2C%20die%20in%20Innovation%20und%20Digitalisierung%20investieren.%20Beantragen%20Sie%20g%C3%BCnstige%20Kredite%20und%20Zusch%C3%BCsse.&title=%0AF%C3%B6rderung%20f%C3%BCr%20Innovation%20und%20Digitalisierung%20im%20Unternehmen%20%7C%20KfW&url=https%3A%2F%2Fwww.kfw.de%2Finlandsfoerderung%2FUnternehmen%2FInnovation%2F
Title: mitteilen

Search URL Search Domain Scan URL

URL: https://www.xing.com/social_plugins/share?url=https%3A%2F%2Fwww.kfw.de%2Finlandsfoerderung%2FUnternehmen%2FInnovation%2F
Title: teilen

Search URL Search Domain Scan URL

URL: https://www.kfw.de/%C3%9Cber-die-KfW/Newsroom/
Title: Newsroom

Search URL Search Domain Scan URL

URL: https://www.kfw.de/%C3%9Cber-die-KfW/Investor-Relations/
Title: Investor Relations

Search URL Search Domain Scan URL

URL: https://www.kfw.de/%C3%9Cber-die-KfW/KfW-Research/
Title: KfW Research

Search URL Search Domain Scan URL

URL: https://www.kfw.de/%C3%9Cber-die-KfW/Karriere/
Title: Karriere

Search URL Search Domain Scan URL

URL: https://www.kfw.de/nachhaltigkeit/%C3%9Cber-die-KfW/Nachhaltigkeit/Nachhaltige-Unternehmensprozesse/Beschaffung/
Title: Beschaffung

Search URL Search Domain Scan URL

URL: https://www.kfw.de/nachhaltigkeit/%C3%9Cber-die-KfW/Nachhaltigkeit/
Title: Nachhaltigkeit

Search URL Search Domain Scan URL

URL: https://www.kfw-formularsammlung.de/KonditionenanzeigerINet/KonditionenAnzeiger
Title: Aktuelle Zinskonditionen

Search URL Search Domain Scan URL

URL: https://www.kfw.de/%C3%9Cber-die-KfW/Newsroom/Themen-kompakt/Archiv-(ab-2013)/Beratung-vereinbaren/
Title: Beratung bei Finanzierungspartnern

Search URL Search Domain Scan URL

URL: https://www.kfw.de/%C3%9Cber-die-KfW/Service/Download-Center/F%C3%B6rderprogramme/index.jsp
Title: Merkblätter und Formulare

Search URL Search Domain Scan URL

URL: https://onlinekreditportal.kfw.de/BK_KNPlattform/
Title: Online-Kreditportal

Search URL Search Domain Scan URL

URL: https://www.kfw.de/%C3%9Cber-die-KfW/Service/Download-Center/index.jsp
Title: Download Center

Search URL Search Domain Scan URL

URL: https://www.kfw.de/%C3%9Cber-die-KfW/Service/KfW-Newsdienste/
Title: KfW-Newsdienste

Search URL Search Domain Scan URL

URL: https://www.kfw.de/%C3%9Cber-die-KfW/Service/Rechner-und-Tools/#accordion-item-1030894-tilgungsrechnerberechnensieratenundtilgungsplanfurihrenkredit-2-target
Title: Tilgungsrechner

Search URL Search Domain Scan URL

URL: https://www.kfw.de/%C3%9Cber-die-KfW/Service/
Title: Service

Search URL Search Domain Scan URL

URL: https://www.kfw.de/%C3%9Cber-die-KfW/Kontakt/
Title: Kontakt

Search URL Search Domain Scan URL

URL: https://www.kfw.de/%C3%9Cber-die-KfW/Kontakt/Grunds%C3%A4tze-der-Beschwerdebearbeitung/
Title: Beschwerden

Search URL Search Domain Scan URL

URL: https://www.kfw.de/%C3%9Cber-die-KfW/Newsroom/Pressematerial/Kontakt-Pressestelle/
Title: Pressestelle

Search URL Search Domain Scan URL

URL: http://www.twitter.com/KfW
Title: Twitter

Search URL Search Domain Scan URL

URL: http://www.youtube.com/kfw
Title: Youtube

Search URL Search Domain Scan URL

URL: https://www.xing.com/company/kfw
Title: XING

Search URL Search Domain Scan URL

URL: https://de.linkedin.com/company/kfw
Title: LinkedIn

Search URL Search Domain Scan URL

URL: https://www.instagram.com/kfw.stories/
Title: Instagram

Search URL Search Domain Scan URL

URL: https://www.kfw.de/Inhaltsverzeichnis.html
Title: Sitemap

Search URL Search Domain Scan URL

URL: https://www.kfw.de/%C3%9Cber-die-KfW/Barrierefreiheit.html
Title: Barrierefreiheit

Search URL Search Domain Scan URL

URL: https://www.kfw.de/%C3%9Cber-die-KfW/Formulare/Barriere-melden/
Title: Barriere melden

Search URL Search Domain Scan URL

URL: https://www.kfw.de/inlandsfoerderung/Steuerdisclaimer.html
Title: Rechtliche Hinweise

Search URL Search Domain Scan URL

URL: https://www.kfw.de/%C3%9Cber-die-KfW/Impressum.html
Title: Impressum

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

7 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request / Show response
185.150.25.159/ 217 KB
20 KB 89ms
59ms Document
text/html 185.150.25.159
COMBAHTON combaht...

General

Check archive.org

Show headers Download Go to

Full URL: http://185.150.25.159/
Protocol: HTTP/1.1
Server: 185.150.25.159 , Netherlands, ASN30823 (COMBAHTON combahton GmbH, DE),
Reverse DNS: vps-zap1006654-1.zap-srv.com
Software: Apache/2.4.38 (Debian) /
Resource Hash: 9a1ed2beaf216db94473a3a85455c3892891d8dffc78907ca84500bf9cbab381

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Cache-Control: no-cache, private
Connection: Keep-Alive
Content-Encoding: gzip
Content-Type: text/html; charset=UTF-8
Date: Sat, 04 Mar 2023 19:07:06 GMT
Keep-Alive: timeout=5, max=100
Server: Apache/2.4.38 (Debian)
Transfer-Encoding: chunked
Vary: Accept-Encoding

GET
H/1.1 200
OK kfw.main.css
185.150.25.159/ 2 MB
162 KB 70ms
46ms Stylesheet
text/css 185.150.25.159
COMBAHTON combaht...

General

Check archive.org

Show headers Download Go to

Full URL: http://185.150.25.159/kfw.main.css
Requested by: Host: 185.150.25.159
URL: http://185.150.25.159/
Protocol: HTTP/1.1
Server: 185.150.25.159 , Netherlands, ASN30823 (COMBAHTON combahton GmbH, DE),
Reverse DNS: vps-zap1006654-1.zap-srv.com
Software: Apache/2.4.38 (Debian) /
Resource Hash: 29149f0cc279f9d652e11c2e46b818df29c0564410c25a0ae74ba4bc4672fc20

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://185.150.25.159/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

Date: Sat, 04 Mar 2023 19:07:06 GMT
Content-Encoding: gzip
Last-Modified: Tue, 03 Jan 2023 21:11:28 GMT
Server: Apache/2.4.38 (Debian)
ETag: "1b9fd6-5f16282da8000-gzip"
Vary: Accept-Encoding
Transfer-Encoding: chunked
Content-Type: text/css
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=99

GET
H/1.1 200
OK kfw_logo_1280-2x.svg
www.kfw.de/Technische-Medien/Logos/ 14 KB
6 KB 127ms
25ms Image
image/svg+xml 104.151.29.97
VERSATEL

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.kfw.de/Technische-Medien/Logos/kfw_logo_1280-2x.svg

Requested by

Host: 185.150.25.159
URL: http://185.150.25.159/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

104.151.29.97 Dresden, Germany, ASN8881 (VERSATEL, DE),

Reverse DNS

i68971D61.versanet.de

Software

Apache /

Resource Hash

5e17977fac64a36ce21810b605bb5da2e5606371c0b7c019fe9a3274b68e75ad

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' 'unsafe-inline' 'unsafe-eval' .kfw.de .kfw-ipex-bank.de .kfw-entwicklungsbank.de www.energie-effizienz-experten.de .deginvest.de android-webview-video-poster .mapbox.com .wt-safetag.com .analytics.edgekey.net kfw-chatbot-staging-kfw.eu-de.mybluemix.net kfw-token-auth-staging-kfw.eu-de.mybluemix.net fbc.wcfbc.net .keyingress.de .usercentrics.eu .video-cdn.net responder.wt-safetag.com js.api.here.com .hereapi.com .mateti.net .googleadservices.com ajax.googleapis.com .googletagmanager.com .analytics.yahoo.com .ad.doubleclick.net .yimg.com .adform.net data: blob:;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://185.150.25.159/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

Date: Sat, 04 Mar 2023 19:07:06 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Encoding: gzip
Content-Security-Policy: default-src 'self' 'unsafe-inline' 'unsafe-eval' *.kfw.de *.kfw-ipex-bank.de *.kfw-entwicklungsbank.de www.energie-effizienz-experten.de *.deginvest.de android-webview-video-poster *.mapbox.com *.wt-safetag.com *.analytics.edgekey.net kfw-chatbot-staging-kfw.eu-de.mybluemix.net kfw-token-auth-staging-kfw.eu-de.mybluemix.net fbc.wcfbc.net *.keyingress.de *.usercentrics.eu *.video-cdn.net responder.wt-safetag.com js.api.here.com *.hereapi.com *.mateti.net *.googleadservices.com ajax.googleapis.com *.googletagmanager.com *.analytics.yahoo.com *.ad.doubleclick.net *.yimg.com *.adform.net data: blob:;
Connection: Keep-Alive
Content-Length: 4217
Last-Modified: Fri, 03 Mar 2023 23:05:04 GMT
Server: Apache
Access-Control-Max-Age: 1000
Access-Control-Allow-Methods: GET, OPTIONS
Content-Type: image/svg+xml
Vary: Referer,Origin,Accept-Encoding
Cache-Control: max-age=86400
Permissions-Policy: accelerometer=(), camera=(), gamepad=(), geolocation=(), gyroscope=(), magnetometer=(), payment=(), usb=(), screen-wake-lock=(), microphone=(), geolocation=()
X-Frame-Options: SAMEORIGIN
Accept-Ranges: bytes, bytes
Access-Control-Allow-Headers: x-requested-with, Content-Type, origin, authorization, accept, client-security-token
Keep-Alive: timeout=15, max=72
Expires: Sun, 05 Mar 2023 19:07:06 GMT

GET
H/1.1 200
OK home.jpg
185.150.25.159/kfw/ 50 KB
51 KB 32ms
29ms Image
image/jpeg 185.150.25.159
COMBAHTON combaht...

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://185.150.25.159/kfw/home.jpg
Requested by: Host: 185.150.25.159
URL: http://185.150.25.159/
Protocol: HTTP/1.1
Server: 185.150.25.159 , Netherlands, ASN30823 (COMBAHTON combahton GmbH, DE),
Reverse DNS: vps-zap1006654-1.zap-srv.com
Software: Apache/2.4.38 (Debian) /
Resource Hash: 07dc762e320c2d1bc8214768f7890ed7841b34ef72f7c8a383ebd5b8d8bc1947

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://185.150.25.159/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

Date: Sat, 04 Mar 2023 19:07:06 GMT
Last-Modified: Sat, 17 Dec 2022 21:05:13 GMT
Server: Apache/2.4.38 (Debian)
ETag: "c948-5f00c71331440"
Content-Type: image/jpeg
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 51528

GET
H/1.1 200
OK logoalt.png
185.150.25.159/ 277 KB
277 KB 58ms
29ms Image
image/png 185.150.25.159
COMBAHTON combaht...

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://185.150.25.159/logoalt.png
Requested by: Host: 185.150.25.159
URL: http://185.150.25.159/
Protocol: HTTP/1.1
Server: 185.150.25.159 , Netherlands, ASN30823 (COMBAHTON combahton GmbH, DE),
Reverse DNS: vps-zap1006654-1.zap-srv.com
Software: Apache/2.4.38 (Debian) /
Resource Hash: 3279c297a6b83d31f82fc8c88b065ef2c9947a4d37a1b949ea5c1c32f6c94c6a

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://185.150.25.159/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

Date: Sat, 04 Mar 2023 19:07:06 GMT
Last-Modified: Mon, 24 Oct 2022 18:51:28 GMT
Server: Apache/2.4.38 (Debian)
ETag: "453f8-5ebcc47710c00"
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 283640

GET
H/1.1 200
OK kfw-icons.woff2
185.150.25.159/fonts/kfw-icons/ 10 KB
10 KB 30ms
29ms Font
font/woff2 185.150.25.159
COMBAHTON combaht...

General

Check archive.org

Show headers Download Go to

Full URL: http://185.150.25.159/fonts/kfw-icons/kfw-icons.woff2
Requested by: Host: 185.150.25.159
URL: http://185.150.25.159/kfw.main.css
Protocol: HTTP/1.1
Server: 185.150.25.159 , Netherlands, ASN30823 (COMBAHTON combahton GmbH, DE),
Reverse DNS: vps-zap1006654-1.zap-srv.com
Software: Apache/2.4.38 (Debian) /
Resource Hash: aaa564c2c01f4e51856ebf075e1abcf6ff44f54f415960cb35e4c91f8edd8b62

Request headers

Referer: http://185.150.25.159/kfw.main.css
Origin: http://185.150.25.159
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

Date: Sat, 04 Mar 2023 19:07:06 GMT
Last-Modified: Sat, 17 Dec 2022 21:07:14 GMT
Server: Apache/2.4.38 (Debian)
ETag: "2624-5f00c78696480"
Content-Type: font/woff2
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=99
Content-Length: 9764

GET
H/1.1 200
OK KFWCentroSans-Reg.woff2
185.150.25.159/fonts/KfW_Centro_Sans/KfW_Centro_Sans_Regular/ 21 KB
21 KB 30ms
30ms Font
font/woff2 185.150.25.159
COMBAHTON combaht...

General

Check archive.org

Show headers Download Go to

Full URL: http://185.150.25.159/fonts/KfW_Centro_Sans/KfW_Centro_Sans_Regular/KFWCentroSans-Reg.woff2
Requested by: Host: 185.150.25.159
URL: http://185.150.25.159/kfw.main.css
Protocol: HTTP/1.1
Server: 185.150.25.159 , Netherlands, ASN30823 (COMBAHTON combahton GmbH, DE),
Reverse DNS: vps-zap1006654-1.zap-srv.com
Software: Apache/2.4.38 (Debian) /
Resource Hash: 3a8af5e267fb5fdf74b53335f7a7f014f66d95ccd6c28a4babbd95b211942b18

Request headers

Referer: http://185.150.25.159/kfw.main.css
Origin: http://185.150.25.159
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

Date: Sat, 04 Mar 2023 19:07:06 GMT
Last-Modified: Sat, 17 Dec 2022 21:07:19 GMT
Server: Apache/2.4.38 (Debian)
ETag: "5330-5f00c78b5afc0"
Content-Type: font/woff2
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=98
Content-Length: 21296

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: KfW Development Bank (Banking)

1 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

boolean| credentialless

2 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			185.150.25.159/	1970-01-20 10:06:04	Name: XSRF-TOKEN Value: eyJpdiI6IlEybkNHdzgraWdlT1NKamx4R3NNWXc9PSIsInZhbHVlIjoieFAzdExUcmNwU3dDaE1aOHl4NW5FNGhUdzdIb0R5UDMzWVNqZ0VBUmdhQy8yK1pGL0dMY2NwVmtTS1h5QzAranZ1ZDBFcUNnajF4V3gyWkxJcGRLdFJGNTlmRm5ldko5aXdMWEIrWDlPYlF3a1BkMlRpUVNYa3B2RWszSXZzbXAiLCJtYWMiOiJmZWE2ZGYwZGE2YzVhNzQxYTA4ZGUxMmMzOGY5MTk2ZGE1NWY1YjJhOWI5MDUzNTY5YzRiM2JhZTkwZTRiNDFkIiwidGFnIjoiIn0%3D
			185.150.25.159/	1970-01-20 10:06:04	Name: laravel_session Value: eyJpdiI6Iml0Z3IxdVFNQWlHL2VWRHRRQ1J0Qnc9PSIsInZhbHVlIjoickd5NnRLVkZ2MUdxUHFQaGI4QlFzOEpNQmZ5UXdqTit4UURLelV4anFDQWh4NXFSZkZQcGtFVkR4N2I3akJoWmJBZmU1L1llTlE0ZG1jVnZoK1U0VkNibnlNaFFnbkxBMVZXQmJGQmdFVklibHRwUThZcFd4QjhYcTlOakJ0dWUiLCJtYWMiOiI4YzMzZWExOTM5MGJhZTUyNjcyNjJlYWIxOTQ1YTc0YWFmMmU3YTRmMDA3YzcyZDI5NDUyM2IzM2I1MDExNTk1IiwidGFnIjoiIn0%3D

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

www.kfw.de
104.151.29.97
185.150.25.159
07dc762e320c2d1bc8214768f7890ed7841b34ef72f7c8a383ebd5b8d8bc1947
29149f0cc279f9d652e11c2e46b818df29c0564410c25a0ae74ba4bc4672fc20
3279c297a6b83d31f82fc8c88b065ef2c9947a4d37a1b949ea5c1c32f6c94c6a
3a8af5e267fb5fdf74b53335f7a7f014f66d95ccd6c28a4babbd95b211942b18
5e17977fac64a36ce21810b605bb5da2e5606371c0b7c019fe9a3274b68e75ad
9a1ed2beaf216db94473a3a85455c3892891d8dffc78907ca84500bf9cbab381
aaa564c2c01f4e51856ebf075e1abcf6ff44f54f415960cb35e4c91f8edd8b62

185.150.25.159 Open in urlscan Pro 185.150.25.159 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

7 Requests

14 %HTTPS

0 %IPv6

1 Domains

1 Subdomains

2 IPs

2 Countries

546 kBTransfer

2357 kBSize

2 Cookies

45 Outgoing links

Redirected requests

7 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

1 JavaScript Global Variables

2 Cookies

Indicators

185.150.25.159 Open in urlscan Pro
185.150.25.159 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

7
Requests

14 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

2
IPs

2
Countries

546 kB
Transfer

2357 kB
Size

2
Cookies

7 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!