urlscan.io logo urlscan.io
SecurityTrails logo

www.fewojena-am-waldrand.de Open in urlscan Pro
85.31.185.154  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
URL: https://www.fewojena-am-waldrand.de/captcha/i/de/
Submission: On February 04 via api from US — Scanned from AU
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 8 IPs in 3 countries across 6 domains to perform 17 HTTP transactions. The main IP is 85.31.185.154, located in Germany and belongs to ISPPRO-AS ISPPRO-AS covers the networks of ISPpro, DE. The main domain is www.fewojena-am-waldrand.de.
TLS certificate: Issued by R3 on January 1st 2024. Valid for: 3 months.
This is the only time www.fewojena-am-waldrand.de was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: ING Group (Banking)

Domain & IP information

IP Address AS Autonomous System
2 85.31.185.154 35366 (ISPPRO-AS...)
1 104.18.10.207 13335 (CLOUDFLAR...)
5 142.250.71.68 15169 (GOOGLE)
1 103.102.166.240 14907 (WIKIMEDIA)
1 151.101.66.137 54113 (FASTLY)
6 142.250.66.195 15169 (GOOGLE)
1 142.251.221.67 15169 (GOOGLE)
17 8
2    85.31.185.154 (Germany)

ASN35366 (ISPPRO-AS ISPPRO-AS covers the networks of ISPpro, DE)
PTR: 85-31-185-154.blue.kundencontroller.de
www.fewojena-am-waldrand.de
1    104.18.10.207 (None, )

ASN13335 (CLOUDFLARENET, US)
stackpath.bootstrapcdn.com
5    142.250.71.68 (Plainview, United States)

ASN15169 (GOOGLE, US)
PTR: syd15s17-in-f4.1e100.net
www.google.com
1    103.102.166.240 (United States)

ASN14907 (WIKIMEDIA, US)
PTR: upload-lb.eqsin.wikimedia.org
upload.wikimedia.org
1    151.101.66.137 (United States)

ASN54113 (FASTLY, US)
code.jquery.com
6    142.250.66.195 (Plainview, United States)

ASN15169 (GOOGLE, US)
PTR: syd09s23-in-f3.1e100.net
www.gstatic.com
1    142.251.221.67 (Farmingdale, United States)

ASN15169 (GOOGLE, US)
PTR: syd09s31-in-f3.1e100.net
fonts.gstatic.com
Apex Domain
Subdomains		 Transfer
7 gstatic.com
www.gstatic.com
fonts.gstatic.com
648 KB
5 google.com
www.google.com — Cisco Umbrella Rank: 2
39 KB
2 fewojena-am-waldrand.de
www.fewojena-am-waldrand.de
4 KB
1 jquery.com
code.jquery.com — Cisco Umbrella Rank: 760
31 KB
1 wikimedia.org
upload.wikimedia.org — Cisco Umbrella Rank: 2907
116 KB
1 bootstrapcdn.com
stackpath.bootstrapcdn.com — Cisco Umbrella Rank: 2998
25 KB
17 6
Domain Requested by
6 www.gstatic.com www.google.com
www.gstatic.com
5 www.google.com www.fewojena-am-waldrand.de
www.gstatic.com
www.google.com
2 www.fewojena-am-waldrand.de code.jquery.com
1 fonts.gstatic.com www.google.com
1 code.jquery.com www.fewojena-am-waldrand.de
1 upload.wikimedia.org www.fewojena-am-waldrand.de
1 stackpath.bootstrapcdn.com www.fewojena-am-waldrand.de
17 7

This site contains no links.

Subject Issuer Validity Valid
fewojena-am-waldrand.de
R3		 2024-01-01 -
2024-03-31		 3 months crt.sh
bootstrapcdn.com
GTS CA 1P5		 2024-01-28 -
2024-04-27		 3 months crt.sh
www.google.com
GTS CA 1C3		 2024-01-09 -
2024-04-02		 3 months crt.sh
*.wikipedia.org
DigiCert TLS Hybrid ECC SHA384 2020 CA1		 2023-10-18 -
2024-10-16		 a year crt.sh
*.jquery.com
Sectigo RSA Domain Validation Secure Server CA		 2023-07-11 -
2024-07-14		 a year crt.sh
*.gstatic.com
GTS CA 1C3		 2024-01-09 -
2024-04-02		 3 months crt.sh

This page contains 3 frames:

Primary Page: https://www.fewojena-am-waldrand.de/captcha/i/de/
Frame ID: 6D3CB79A02E04D75F31DDEA04EF0C1A7
Requests: 7 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LfbTF4pAAAAAF4V20nk-pyN5M_oPOuU1O2jJdnP&co=aHR0cHM6Ly93d3cuZmV3b2plbmEtYW0td2FsZHJhbmQuZGU6NDQz&hl=en&v=MHBiAvbtvk5Wb2eTZHoP1dUd&size=normal&cb=1z2gsui25whr
Frame ID: 940AE7D36E877B1B98CD656B2EC3C8D4
Requests: 9 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/bframe?hl=en&v=MHBiAvbtvk5Wb2eTZHoP1dUd&k=6LfbTF4pAAAAAF4V20nk-pyN5M_oPOuU1O2jJdnP
Frame ID: AE4FFEAE42AF45802BCD9A4024EBEE33
Requests: 3 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Sicherheitsüberprüfung

Detected technologies

Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
  • bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js
Overall confidence: 100%
Detected patterns
  • jquery[.-]([\d.]*\d)[^/]*\.js
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Overall confidence: 100%
Detected patterns
  • <div[^>]+class="g-recaptcha"
  • /recaptcha/api\.js

Page Statistics

17
Requests

100 %
HTTPS

0 %
IPv6

6
Domains

7
Subdomains

8
IPs

3
Countries

862 kB
Transfer

2041 kB
Size

0
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

17 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
www.fewojena-am-waldrand.de/captcha/i/de/ 		3 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.fewojena-am-waldrand.de/captcha/i/de/
Protocol
HTTP/1.1
Security
TLS 1.3, , CHACHA20_POLY1305
Server
85.31.185.154 , Germany, ASN35366 (ISPPRO-AS ISPPRO-AS covers the networks of ISPpro, DE),
Reverse DNS
85-31-185-154.blue.kundencontroller.de
Software
Apache/2.4.6 (CentOS) PHP/7.2.34 / PHP/7.2.34
Resource Hash
7fc4aed3e93e697b9bc628ce22db9ab5b766236afaa9e8dd701bc71b0c93f1ca

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36
accept-language
en-AU,en;q=0.9

Response headers

content-length
3356
content-type
text/html; charset=UTF-8
date
Sun, 04 Feb 2024 21:01:20 GMT
server
Apache/2.4.6 (CentOS) PHP/7.2.34
vary
Host
x-powered-by
PHP/7.2.34
bootstrap.min.css
stackpath.bootstrapcdn.com/bootstrap/4.5.2/css/ 		157 KB
25 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://stackpath.bootstrapcdn.com/bootstrap/4.5.2/css/bootstrap.min.css
Requested by
Host: www.fewojena-am-waldrand.de
URL: https://www.fewojena-am-waldrand.de/captcha/i/de/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.10.207 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
5b0fbe5b7ad705f6a937c4998ad02f73d8f0d976fe231b74aef0ec996990c93a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://www.fewojena-am-waldrand.de/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date
Sun, 04 Feb 2024 21:01:22 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
br
cdn-edgestorageid
995
age
6321018
cdn-cachedat
09/25/2022 20:57:45
cdn-pullzone
252412
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
last-modified
Mon, 25 Jan 2021 22:04:11 GMT
cdn-proxyver
1.02
cdn-requestpullcode
200
server
cloudflare
etag
W/"816af0eddd3b4822c2756227c7e7b7ee"
vary
Accept-Encoding
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cdn-cache
HIT
cdn-uid
b1941f61-b576-4f40-80de-5677acb38f74
cache-control
public, max-age=31919000
cdn-requestid
d5f9eec0066e2b5e82f1b7704768ef16
timing-allow-origin
*
cdn-requestcountrycode
US
cdn-status
200
cf-ray
8505d936aa6c572c-SYD
cdn-requestpullsuccess
True
api.js
www.google.com/recaptcha/ 		1 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google.com/recaptcha/api.js
Requested by
Host: www.fewojena-am-waldrand.de
URL: https://www.fewojena-am-waldrand.de/captcha/i/de/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.71.68 Plainview, United States, ASN15169 (GOOGLE, US),
Reverse DNS
syd15s17-in-f4.1e100.net
Software
GSE /
Resource Hash
f2e3876ae23eb7172110ab1ad802c3f78f558c6bca52ff2c5f3c875cd4ff48a9
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://www.fewojena-am-waldrand.de/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date
Sun, 04 Feb 2024 21:01:22 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy
frame-ancestors 'self'
server
GSE
x-frame-options
SAMEORIGIN
content-type
text/javascript; charset=utf-8
cache-control
private, max-age=300
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
1; mode=block
expires
Sun, 04 Feb 2024 21:01:22 GMT
2560px-ING-DiBa-Logo.svg.png
upload.wikimedia.org/wikipedia/commons/thumb/1/14/ING-DiBa-Logo.svg/ 		115 KB
116 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://upload.wikimedia.org/wikipedia/commons/thumb/1/14/ING-DiBa-Logo.svg/2560px-ING-DiBa-Logo.svg.png
Requested by
Host: www.fewojena-am-waldrand.de
URL: https://www.fewojena-am-waldrand.de/captcha/i/de/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
103.102.166.240 , United States, ASN14907 (WIKIMEDIA, US),
Reverse DNS
upload-lb.eqsin.wikimedia.org
Software
envoy /
Resource Hash
5d4cb2e63117b3173dbcdea9c397ede1bd84dbd348f4779813447e382cf7f2c6
Security Headers
Name Value
Strict-Transport-Security max-age=106384710; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://www.fewojena-am-waldrand.de/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date
Sun, 04 Feb 2024 16:27:22 GMT
strict-transport-security
max-age=106384710; includeSubDomains; preload
x-content-type-options
nosniff
nel
{ "report_to": "wm_nel", "max_age": 604800, "failure_fraction": 0.05, "success_fraction": 0.0}
age
16440
x-cache-status
hit-front
x-cache
cp5027 hit, cp5027 hit/6
content-disposition
inline;filename*=UTF-8''ING-DiBa-Logo.svg.png
server-timing
cache;desc="hit-front", host;desc="cp5027"
content-length
117522
x-client-ip
66.203.112.166
last-modified
Wed, 11 May 2022 19:38:13 GMT
server
envoy
etag
26393b8504e346da117bc5aba557c4ca
report-to
{ "group": "wm_nel", "max_age": 604800, "endpoints": [{ "url": "https://intake-logging.wikimedia.org/v1/events?stream=w3c.reportingapi.network_error&schema_uri=/w3c/reportingapi/network_error/1.0.0" }] }
content-type
image/png
access-control-allow-origin
*
access-control-expose-headers
Age, Date, Content-Length, Content-Range, X-Content-Duration, X-Cache
accept-ranges
bytes
timing-allow-origin
*
jquery-3.6.4.min.js
code.jquery.com/ 		88 KB
31 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://code.jquery.com/jquery-3.6.4.min.js
Requested by
Host: www.fewojena-am-waldrand.de
URL: https://www.fewojena-am-waldrand.de/captcha/i/de/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.66.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
a0fe8723dcf55da64d06b25446d0a8513e52527c45afcb37073465f9c6f352af

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://www.fewojena-am-waldrand.de/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date
Sun, 04 Feb 2024 21:01:22 GMT
content-encoding
gzip
via
1.1 varnish, 1.1 varnish
age
12278283
x-cache
HIT, HIT
content-length
31011
x-served-by
cache-lga21953-LGA, cache-bne12522-BNE
last-modified
Fri, 18 Oct 1991 12:00:00 GMT
server
nginx
x-timer
S1707080482.377720,VS0,VE0
etag
W/"28feccc0-15ec3"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=31536000, stale-while-revalidate=604800
accept-ranges
bytes
x-cache-hits
72, 76083
visitors.php
www.fewojena-am-waldrand.de/captcha/i/de/ 		40 B
236 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.fewojena-am-waldrand.de/captcha/i/de/visitors.php
Requested by
Host: code.jquery.com
URL: https://code.jquery.com/jquery-3.6.4.min.js
Protocol
HTTP/1.1
Security
TLS 1.3, , CHACHA20_POLY1305
Server
85.31.185.154 , Germany, ASN35366 (ISPPRO-AS ISPPRO-AS covers the networks of ISPpro, DE),
Reverse DNS
85-31-185-154.blue.kundencontroller.de
Software
Apache/2.4.6 (CentOS) PHP/7.2.34 / PHP/7.2.34
Resource Hash
2beca36f607e1086c8af41558fab33305d717b25f21948963d81c5498159320b

Request headers

Accept
*/*
Referer
https://www.fewojena-am-waldrand.de/captcha/i/de/
X-Requested-With
XMLHttpRequest
accept-language
en-AU,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date
Sun, 04 Feb 2024 21:01:22 GMT
server
Apache/2.4.6 (CentOS) PHP/7.2.34
x-powered-by
PHP/7.2.34
content-length
40
vary
Host
content-type
text/html; charset=UTF-8
recaptcha__en.js
www.gstatic.com/recaptcha/releases/MHBiAvbtvk5Wb2eTZHoP1dUd/ 		488 KB
194 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.gstatic.com/recaptcha/releases/MHBiAvbtvk5Wb2eTZHoP1dUd/recaptcha__en.js
Requested by
Host: www.google.com
URL: https://www.google.com/recaptcha/api.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.66.195 Plainview, United States, ASN15169 (GOOGLE, US),
Reverse DNS
syd09s23-in-f3.1e100.net
Software
sffe /
Resource Hash
689c72d7718868395eaf4bbe26e9f52e92f16daaa1d5486b53ae3744a996f1e2
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.fewojena-am-waldrand.de/
Origin
https://www.fewojena-am-waldrand.de
accept-language
en-AU,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date
Sun, 04 Feb 2024 16:25:49 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
16533
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
198255
x-xss-protection
0
last-modified
Mon, 29 Jan 2024 03:01:23 GMT
server
sffe
cross-origin-opener-policy
same-origin-allow-popups; report-to="recaptcha"
vary
Accept-Encoding
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Mon, 03 Feb 2025 16:25:49 GMT
anchor
www.google.com/recaptcha/api2/ Frame 940A 		46 KB
29 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LfbTF4pAAAAAF4V20nk-pyN5M_oPOuU1O2jJdnP&co=aHR0cHM6Ly93d3cuZmV3b2plbmEtYW0td2FsZHJhbmQuZGU6NDQz&hl=en&v=MHBiAvbtvk5Wb2eTZHoP1dUd&size=normal&cb=1z2gsui25whr
Requested by
Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/MHBiAvbtvk5Wb2eTZHoP1dUd/recaptcha__en.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.71.68 Plainview, United States, ASN15169 (GOOGLE, US),
Reverse DNS
syd15s17-in-f4.1e100.net
Software
GSE /
Resource Hash
64ffed2b988f28c0d76632d1355024a4bf8a1d7699f1256f6eaddd85f4763c14
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-2orKJSgHPHM8DHuf5PTHjg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.fewojena-am-waldrand.de/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36
accept-language
en-AU,en;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
no-cache, no-store, max-age=0, must-revalidate
content-encoding
gzip
content-security-policy
script-src 'report-sample' 'nonce-2orKJSgHPHM8DHuf5PTHjg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type
text/html; charset=utf-8
cross-origin-embedder-policy
require-corp
cross-origin-resource-policy
cross-origin
date
Sun, 04 Feb 2024 21:01:23 GMT
expires
Mon, 01 Jan 1990 00:00:00 GMT
pragma
no-cache
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server
GSE
x-content-type-options
nosniff
x-xss-protection
1; mode=block
styles__ltr.css
www.gstatic.com/recaptcha/releases/MHBiAvbtvk5Wb2eTZHoP1dUd/ Frame 940A 		55 KB
25 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.gstatic.com/recaptcha/releases/MHBiAvbtvk5Wb2eTZHoP1dUd/styles__ltr.css
Requested by
Host: www.google.com
URL: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LfbTF4pAAAAAF4V20nk-pyN5M_oPOuU1O2jJdnP&co=aHR0cHM6Ly93d3cuZmV3b2plbmEtYW0td2FsZHJhbmQuZGU6NDQz&hl=en&v=MHBiAvbtvk5Wb2eTZHoP1dUd&size=normal&cb=1z2gsui25whr
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.66.195 Plainview, United States, ASN15169 (GOOGLE, US),
Reverse DNS
syd09s23-in-f3.1e100.net
Software
sffe /
Resource Hash
7859a62e04b0acb06516eb12454de6673883ecfaeaed6c254659bca7cd59c050
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://www.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date
Sun, 04 Feb 2024 16:26:10 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
16513
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
24606
x-xss-protection
0
last-modified
Mon, 29 Jan 2024 03:01:23 GMT
server
sffe
cross-origin-opener-policy
same-origin-allow-popups; report-to="recaptcha"
vary
Accept-Encoding
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type
text/css
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Mon, 03 Feb 2025 16:26:10 GMT
recaptcha__en.js
www.gstatic.com/recaptcha/releases/MHBiAvbtvk5Wb2eTZHoP1dUd/ Frame 940A 		488 KB
194 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.gstatic.com/recaptcha/releases/MHBiAvbtvk5Wb2eTZHoP1dUd/recaptcha__en.js
Requested by
Host: www.google.com
URL: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LfbTF4pAAAAAF4V20nk-pyN5M_oPOuU1O2jJdnP&co=aHR0cHM6Ly93d3cuZmV3b2plbmEtYW0td2FsZHJhbmQuZGU6NDQz&hl=en&v=MHBiAvbtvk5Wb2eTZHoP1dUd&size=normal&cb=1z2gsui25whr
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.66.195 Plainview, United States, ASN15169 (GOOGLE, US),
Reverse DNS
syd09s23-in-f3.1e100.net
Software
sffe /
Resource Hash
689c72d7718868395eaf4bbe26e9f52e92f16daaa1d5486b53ae3744a996f1e2
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://www.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date
Sun, 04 Feb 2024 16:25:49 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
16534
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
198255
x-xss-protection
0
last-modified
Mon, 29 Jan 2024 03:01:23 GMT
server
sffe
cross-origin-opener-policy
same-origin-allow-popups; report-to="recaptcha"
vary
Accept-Encoding
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Mon, 03 Feb 2025 16:25:49 GMT
truncated
/ Frame 940A 		14 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
0964d141519db34adc6aa127a33dbc6761cda1e56b584ea402082d99c44afb9e

Request headers

accept-language
en-AU,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

Content-Type
image/png
truncated
/ Frame 940A 		2 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
43ef4025567f7a15859b5252b6ccc1efe2ff8c7331b1aefbea7ce88eb5084d27

Request headers

accept-language
en-AU,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

Content-Type
image/png
logo_48.png
www.gstatic.com/recaptcha/api2/ Frame 940A 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.gstatic.com/recaptcha/api2/logo_48.png
Requested by
Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/MHBiAvbtvk5Wb2eTZHoP1dUd/styles__ltr.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.66.195 Plainview, United States, ASN15169 (GOOGLE, US),
Reverse DNS
syd09s23-in-f3.1e100.net
Software
sffe /
Resource Hash
1b9efb22c938500971aac2b2130a475fa23684dd69e43103894968df83145b8a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://www.gstatic.com/recaptcha/releases/MHBiAvbtvk5Wb2eTZHoP1dUd/styles__ltr.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date
Sat, 03 Feb 2024 02:03:14 GMT
x-content-type-options
nosniff
age
154689
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
2228
x-xss-protection
0
last-modified
Tue, 03 Mar 2020 20:15:00 GMT
server
sffe
cross-origin-opener-policy
same-origin-allow-popups; report-to="recaptcha"
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type
image/png
cache-control
public, max-age=604800
accept-ranges
bytes
expires
Sat, 10 Feb 2024 02:03:14 GMT
KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v18/ Frame 940A 		15 KB
16 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2
Requested by
Host: www.google.com
URL: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LfbTF4pAAAAAF4V20nk-pyN5M_oPOuU1O2jJdnP&co=aHR0cHM6Ly93d3cuZmV3b2plbmEtYW0td2FsZHJhbmQuZGU6NDQz&hl=en&v=MHBiAvbtvk5Wb2eTZHoP1dUd&size=normal&cb=1z2gsui25whr
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.251.221.67 Farmingdale, United States, ASN15169 (GOOGLE, US),
Reverse DNS
syd09s31-in-f3.1e100.net
Software
sffe /
Resource Hash
3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.google.com/
Origin
https://www.google.com
accept-language
en-AU,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date
Sat, 03 Feb 2024 02:00:35 GMT
x-content-type-options
nosniff
age
154848
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
15344
x-xss-protection
0
last-modified
Mon, 16 Oct 2017 17:32:55 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Sun, 02 Feb 2025 02:00:35 GMT
qMev7i6X24vl5sjxzUkBtmX7wXFxxkn-xHhhygtdWMk.js
www.google.com/js/bg/ Frame 940A 		17 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google.com/js/bg/qMev7i6X24vl5sjxzUkBtmX7wXFxxkn-xHhhygtdWMk.js
Requested by
Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/MHBiAvbtvk5Wb2eTZHoP1dUd/recaptcha__en.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.71.68 Plainview, United States, ASN15169 (GOOGLE, US),
Reverse DNS
syd15s17-in-f4.1e100.net
Software
sffe /
Resource Hash
a8c7afee2e97db8be5e6c8f1cd4901b665fbc17171c649fec47861ca0b5d58c9
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LfbTF4pAAAAAF4V20nk-pyN5M_oPOuU1O2jJdnP&co=aHR0cHM6Ly93d3cuZmV3b2plbmEtYW0td2FsZHJhbmQuZGU6NDQz&hl=en&v=MHBiAvbtvk5Wb2eTZHoP1dUd&size=normal&cb=1z2gsui25whr
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date
Sun, 04 Feb 2024 02:20:01 GMT
content-encoding
br
x-content-type-options
nosniff
age
67282
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
6914
x-xss-protection
0
last-modified
Mon, 15 Jan 2024 10:00:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="botguard-scs"
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Mon, 03 Feb 2025 02:20:01 GMT
webworker.js
www.google.com/recaptcha/api2/ Frame 940A 		102 B
209 B 		Other
General
Check archive.org
Download Go to
Full URL
https://www.google.com/recaptcha/api2/webworker.js?hl=en&v=MHBiAvbtvk5Wb2eTZHoP1dUd
Requested by
Host: www.google.com
URL: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LfbTF4pAAAAAF4V20nk-pyN5M_oPOuU1O2jJdnP&co=aHR0cHM6Ly93d3cuZmV3b2plbmEtYW0td2FsZHJhbmQuZGU6NDQz&hl=en&v=MHBiAvbtvk5Wb2eTZHoP1dUd&size=normal&cb=1z2gsui25whr
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.71.68 Plainview, United States, ASN15169 (GOOGLE, US),
Reverse DNS
syd15s17-in-f4.1e100.net
Software
GSE /
Resource Hash
99953d3788a76b3b5392d7c3c2fc57a741f5d5c2b263616fdd07938aa2aa1b5b
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LfbTF4pAAAAAF4V20nk-pyN5M_oPOuU1O2jJdnP&co=aHR0cHM6Ly93d3cuZmV3b2plbmEtYW0td2FsZHJhbmQuZGU6NDQz&hl=en&v=MHBiAvbtvk5Wb2eTZHoP1dUd&size=normal&cb=1z2gsui25whr
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date
Sun, 04 Feb 2024 21:01:23 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy
frame-ancestors 'self'
server
GSE
cross-origin-embedder-policy
require-corp
x-frame-options
SAMEORIGIN
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type
text/javascript; charset=utf-8
cache-control
private, max-age=300
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
1; mode=block
expires
Sun, 04 Feb 2024 21:01:23 GMT
bframe
www.google.com/recaptcha/api2/ Frame AE4F 		7 KB
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.google.com/recaptcha/api2/bframe?hl=en&v=MHBiAvbtvk5Wb2eTZHoP1dUd&k=6LfbTF4pAAAAAF4V20nk-pyN5M_oPOuU1O2jJdnP
Requested by
Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/MHBiAvbtvk5Wb2eTZHoP1dUd/recaptcha__en.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.71.68 Plainview, United States, ASN15169 (GOOGLE, US),
Reverse DNS
syd15s17-in-f4.1e100.net
Software
GSE /
Resource Hash
ee388ca17d12e17638e4e2820d62069d29a5a2e4a6929a79fd043db8f945e90a
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-DUztc2RcKXnbixarp1-CsQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.fewojena-am-waldrand.de/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36
accept-language
en-AU,en;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
no-cache, no-store, max-age=0, must-revalidate
content-encoding
gzip
content-security-policy
script-src 'report-sample' 'nonce-DUztc2RcKXnbixarp1-CsQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type
text/html; charset=utf-8
cross-origin-embedder-policy
require-corp
cross-origin-resource-policy
cross-origin
date
Sun, 04 Feb 2024 21:01:23 GMT
expires
Mon, 01 Jan 1990 00:00:00 GMT
pragma
no-cache
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server
GSE
x-content-type-options
nosniff
x-xss-protection
1; mode=block
styles__ltr.css
www.gstatic.com/recaptcha/releases/MHBiAvbtvk5Wb2eTZHoP1dUd/ Frame AE4F 		55 KB
24 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.gstatic.com/recaptcha/releases/MHBiAvbtvk5Wb2eTZHoP1dUd/styles__ltr.css
Requested by
Host: www.google.com
URL: https://www.google.com/recaptcha/api2/bframe?hl=en&v=MHBiAvbtvk5Wb2eTZHoP1dUd&k=6LfbTF4pAAAAAF4V20nk-pyN5M_oPOuU1O2jJdnP
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.66.195 Plainview, United States, ASN15169 (GOOGLE, US),
Reverse DNS
syd09s23-in-f3.1e100.net
Software
sffe /
Resource Hash
7859a62e04b0acb06516eb12454de6673883ecfaeaed6c254659bca7cd59c050
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://www.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date
Sun, 04 Feb 2024 16:26:10 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
16514
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
24606
x-xss-protection
0
last-modified
Mon, 29 Jan 2024 03:01:23 GMT
server
sffe
cross-origin-opener-policy
same-origin-allow-popups; report-to="recaptcha"
vary
Accept-Encoding
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type
text/css
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Mon, 03 Feb 2025 16:26:10 GMT
recaptcha__en.js
www.gstatic.com/recaptcha/releases/MHBiAvbtvk5Wb2eTZHoP1dUd/ Frame AE4F 		488 KB
194 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.gstatic.com/recaptcha/releases/MHBiAvbtvk5Wb2eTZHoP1dUd/recaptcha__en.js
Requested by
Host: www.google.com
URL: https://www.google.com/recaptcha/api2/bframe?hl=en&v=MHBiAvbtvk5Wb2eTZHoP1dUd&k=6LfbTF4pAAAAAF4V20nk-pyN5M_oPOuU1O2jJdnP
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.66.195 Plainview, United States, ASN15169 (GOOGLE, US),
Reverse DNS
syd09s23-in-f3.1e100.net
Software
sffe /
Resource Hash
689c72d7718868395eaf4bbe26e9f52e92f16daaa1d5486b53ae3744a996f1e2
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://www.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date
Sun, 04 Feb 2024 16:25:49 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
16535
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
198255
x-xss-protection
0
last-modified
Mon, 29 Jan 2024 03:01:23 GMT
server
sffe
cross-origin-opener-policy
same-origin-allow-popups; report-to="recaptcha"
vary
Accept-Encoding
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Mon, 03 Feb 2025 16:25:49 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: ING Group (Banking)

12 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| 2 function| validateCaptcha function| $ function| jQuery object| ___grecaptcha_cfg object| grecaptcha string| __recaptcha_api boolean| __google_recaptcha_client object| recaptcha object| closure_lm_725758

0 Cookies