capitaloneonlinesecure.com Open in urlscan Pro
172.67.165.78 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://capitaloneonlinesecure.com/
Effective URL:
https://capitaloneonlinesecure.com/
Submission: On July 15 via api (July 15th 2024, 2:13:49 pm UTC) from GB — Scanned from GB

Summary HTTP 13 Redirects Behaviour Indicators

Summary

This website contacted 1 IPs in 1 countries across 1 domains to perform 13 HTTP transactions. The main IP is 172.67.165.78, located in United States and belongs to CLOUDFLARENET, US. The main domain is capitaloneonlinesecure.com.
TLS certificate: Issued by WE1 on July 14th 2024. Valid for: 3 months.

This is the only time capitaloneonlinesecure.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Generic Cloudflare (Online)

Domain & IP information

	IP Address		AS Autonomous System
3 16	172.67.165.78 172.67.165.78		13335 (CLOUDFLAR...) (CLOUDFLARENET)
13	1

16 172.67.165.78 (United States) 3 redirects

ASN13335 (CLOUDFLARENET, US)

capitaloneonlinesecure.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
16	capitaloneonlinesecure.com 3 redirects capitaloneonlinesecure.com	39 KB
13	1

	Domain	Requested by
16	capitaloneonlinesecure.com	3 redirects capitaloneonlinesecure.com
13	1

This site contains no links.

Subject Issuer	Validity	Valid
capitaloneonlinesecure.com WE1	`2024-07-14` - `2024-10-12`	3 months	crt.sh

This page contains 3 frames:

Primary Page: https://capitaloneonlinesecure.com/
Frame ID: 50BF65C454E4C243EC9A74A75B19D483
Requests: 9 HTTP requests in this frame

Frame: https://capitaloneonlinesecure.com/cdn-cgi/challenge-platform/h/g/scripts/jsd/7a55c9ccbaaa/main.js
Frame ID: E70E38766043C896D83D3970C875AD9C
Requests: 2 HTTP requests in this frame

Frame: https://capitaloneonlinesecure.com/cdn-cgi/challenge-platform/h/g/scripts/jsd/7a55c9ccbaaa/main.js
Frame ID: AEF6C25E55A2B0D5EA62E3FA5795A380
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

403 Forbidden

Page URL History Show full URLs

http://capitaloneonlinesecure.com/ HTTP 307
https://capitaloneonlinesecure.com/ Page URL
https://capitaloneonlinesecure.com/cdn-cgi/phish-bypass?atok=XlkqPREohEKiKdW0qF3j19mFJEI43VU99b1Tk52aGaA-172105... HTTP 301
https://capitaloneonlinesecure.com/ Page URL
https://capitaloneonlinesecure.com/ Page URL

Page Statistics

13
Requests

85 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

38 kB
Transfer

65 kB
Size

16
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://capitaloneonlinesecure.com/ HTTP 307
https://capitaloneonlinesecure.com/ Page URL
https://capitaloneonlinesecure.com/cdn-cgi/phish-bypass?atok=XlkqPREohEKiKdW0qF3j19mFJEI43VU99b1Tk52aGaA-1721052819-0.0.1.1-%2F HTTP 301
https://capitaloneonlinesecure.com/ Page URL
https://capitaloneonlinesecure.com/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0

http://capitaloneonlinesecure.com/ HTTP 307
https://capitaloneonlinesecure.com/

Request Chain 4

https://capitaloneonlinesecure.com/cdn-cgi/phish-bypass?atok=XlkqPREohEKiKdW0qF3j19mFJEI43VU99b1Tk52aGaA-1721052819-0.0.1.1-%2F HTTP 301
https://capitaloneonlinesecure.com/

Request Chain 6

https://capitaloneonlinesecure.com/cdn-cgi/challenge-platform/scripts/jsd/main.js HTTP 302
https://capitaloneonlinesecure.com/cdn-cgi/challenge-platform/h/g/scripts/jsd/7a55c9ccbaaa/main.js

Request Chain 9

https://capitaloneonlinesecure.com/cdn-cgi/challenge-platform/scripts/jsd/main.js HTTP 302
https://capitaloneonlinesecure.com/cdn-cgi/challenge-platform/h/g/scripts/jsd/7a55c9ccbaaa/main.js

13 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H3

200

/ Show response
capitaloneonlinesecure.com/
Redirect Chain

http://capitaloneonlinesecure.com/
https://capitaloneonlinesecure.com/

4 KB
2 KB

130ms
38ms

Document
text/html

172.67.165.78
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://capitaloneonlinesecure.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

172.67.165.78 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c989bd71abc97167f1bc96b4b9e180283910ece067dc61ee52c772d3299fbdb6

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Linux; Android 14) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.64 Mobile Safari/537.36

Response headers

cf-ray: 8a3a5ab8ac8163e1-LHR
content-encoding: gzip
content-type: text/html; charset=UTF-8
date: Mon, 15 Jul 2024 14:13:39 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=9QGMcWT45D8mEsb0%2BF4qw6jr43WVpIShHl7O6WRvFgLN0tsWH8knMZxgg2WYLigu4WE1D9WopOYa57yOzQz10GP4vugZD09YISRMZmbWootMSz20dhKWeHwfQt9oAQbSacfXZzeBvAKsYfmEKA%3D%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
x-frame-options: SAMEORIGIN

Redirect headers

Location: https://capitaloneonlinesecure.com/
Non-Authoritative-Reason: HttpsUpgrades

GET
H3 200 cf.errors.css
capitaloneonlinesecure.com/cdn-cgi/styles/ 23 KB
5 KB 37ms
37ms Stylesheet
text/css 172.67.165.78
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://capitaloneonlinesecure.com/cdn-cgi/styles/cf.errors.css

Requested by

Host: capitaloneonlinesecure.com
URL: https://capitaloneonlinesecure.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

172.67.165.78 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

84e3c77025ace5af143972b4a40fc834dcdfd4e449d4b36a57e62326f16b3091

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://capitaloneonlinesecure.com/
User-Agent: Mozilla/5.0 (Linux; Android 14) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.64 Mobile Safari/537.36

Response headers

date: Mon, 15 Jul 2024 14:13:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Thu, 11 Jul 2024 08:13:48 GMT
server: cloudflare
etag: W/"668f943c-5df3"
x-frame-options: DENY
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=7200, public
cf-ray: 8a3a5ab91d1c63e1-LHR
expires: Mon, 15 Jul 2024 16:13:39 GMT

GET
H3 200 icon-exclamation.png
capitaloneonlinesecure.com/cdn-cgi/images/ 452 B
635 B 29ms
29ms Image
image/png 172.67.165.78
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://capitaloneonlinesecure.com/cdn-cgi/images/icon-exclamation.png?1376755637

Requested by

Host: capitaloneonlinesecure.com
URL: https://capitaloneonlinesecure.com/cdn-cgi/styles/cf.errors.css

Protocol

Security

QUIC, , AES_128_GCM

Server

172.67.165.78 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f1591a5221136c49438642155691ae6c68e25b7241f3d7ebe975b09a77662016

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://capitaloneonlinesecure.com/cdn-cgi/styles/cf.errors.css
User-Agent: Mozilla/5.0 (Linux; Android 14) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.64 Mobile Safari/537.36

Response headers

date: Mon, 15 Jul 2024 14:13:39 GMT
x-content-type-options: nosniff
last-modified: Thu, 11 Jul 2024 08:13:48 GMT
server: cloudflare
etag: "668f943c-1c4"
x-frame-options: DENY
vary: Accept-Encoding
content-type: image/png
cache-control: max-age=7200, public
accept-ranges: bytes
cf-ray: 8a3a5ab9ee6e63e1-LHR
content-length: 452
expires: Mon, 15 Jul 2024 16:13:39 GMT

GET
H3 503 favicon.ico
capitaloneonlinesecure.com/ 6 KB
7 KB 610ms
610ms Other
text/html 172.67.165.78
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://capitaloneonlinesecure.com/favicon.ico

Protocol

Security

QUIC, , AES_128_GCM

Server

172.67.165.78 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b91ed4d75fe853982ead47eb116311f3e1ce6cb64401a7538ee206956843af7b

Security Headers

Name	Value
X-Content-Type-Options	nosniff, nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block, 1; mode=block

Request headers

Referer: https://capitaloneonlinesecure.com/
User-Agent: Mozilla/5.0 (Linux; Android 14) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.64 Mobile Safari/537.36

Response headers

pragma: no-cache
date: Mon, 15 Jul 2024 14:13:40 GMT
x-content-type-options: nosniff, nosniff
cf-cache-status: BYPASS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
x-frame-options: SAMEORIGIN
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=SpEpiUyX0Gwkx0zyZUeNrHB0dsL5%2Bx8Pt6VzRq20iJF5wQp1PJXdkycRlcFhgEFRsQy4fotMn5i2b2Lpa%2FaN7sxw30BwdJw8ZbRM5JVfdl6obnaP3Jivq1GKsWAQeAOcAhSUYCY8NUyNKe01Nw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/html; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=0 no-store, no-cache, must-revalidate, post-check=0, pre-check=0
cf-ray: 8a3a5aba7f2e63e1-LHR
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block, 1; mode=block
expires: 0

GET
H3

503

/ Show response
capitaloneonlinesecure.com/
Redirect Chain

https://capitaloneonlinesecure.com/cdn-cgi/phish-bypass?atok=XlkqPREohEKiKdW0qF3j19mFJEI43VU99b1Tk52aGaA-1721052819-0.0.1.1-%2F
https://capitaloneonlinesecure.com/

7 KB
8 KB

609ms
606ms

Document
text/html

172.67.165.78
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://capitaloneonlinesecure.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

172.67.165.78 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1249ec2553e523b513e0998552d66305de3b3ec8df873cdbfc1d5067442006bb

Security Headers

Name	Value
X-Content-Type-Options	nosniff nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block 1; mode=block

Request headers

Referer: https://capitaloneonlinesecure.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Linux; Android 14) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.64 Mobile Safari/537.36

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: public, max-age=0 no-store, no-cache, must-revalidate, post-check=0, pre-check=0
cf-cache-status: DYNAMIC
cf-ray: 8a3a5ad17f1b63e1-LHR
content-type: text/html; charset=utf-8
date: Mon, 15 Jul 2024 14:13:43 GMT
expires: 0
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
pragma: no-cache
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=XxNSq51yWP6mH3dpRELWUZuzIOcg25NSdFkjHxpuIy4Bu%2BkDfsAluncAJ3ywi%2FVA1apFGeoEChMKe3iFVESQDLEFK69ctTjM9VYdTUli5ialQE1oU2NsEhtwwm%2FphhIMXRrtnUCGiurwweNh1w%3D%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
x-content-type-options: nosniff nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block 1; mode=block

Redirect headers

cache-control: private, no-cache
cf-ray: 8a3a5ad14ee163e1-LHR
content-length: 167
content-type: text/html
date: Mon, 15 Jul 2024 14:13:43 GMT
location: https://capitaloneonlinesecure.com/
server: cloudflare
x-content-type-options: nosniff
x-frame-options: DENY

POST
H3 204 /
capitaloneonlinesecure.com/ 0
947 B 324ms
322ms XHR
text/plain 172.67.165.78
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://capitaloneonlinesecure.com/

Requested by

Host: capitaloneonlinesecure.com
URL: https://capitaloneonlinesecure.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

172.67.165.78 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff, nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block, 1; mode=block

Request headers

X-Requested-TimeStamp-Expire
X-Requested-TimeStamp-Combination
X-Requested-Type-Combination: GET
Content-type: application/x-www-form-urlencoded
2StRrBdc5RI6ay6iP95zLle9EN0: 34312738
X-Requested-Type: GET
User-Agent: Mozilla/5.0 (Linux; Android 14) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.64 Mobile Safari/537.36
Referer: https://capitaloneonlinesecure.com/
X-Requested-with: XMLHttpRequest
X-Requested-TimeStamp
wj2feXQ2PYGZBQwu7dQSFYGIw-A: 8pSJlvpq0kp-T5G5cI4bpN2o0

Response headers

pragma: no-cache
date: Mon, 15 Jul 2024 14:13:44 GMT
x-server-powered-by: Engintron
x-content-type-options: nosniff, nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
x-frame-options: SAMEORIGIN
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ra2%2FOkH4kSM%2FpjdkiUvHyIEBtn8N5gWqalPV6gKdDCTBqSB55gdNTjj0qYkDccnt4i9lsTAyR%2FPMdzx68jgwc%2FZpQpVtt2b81M98TMsKh8pFUWBUP4eeVpe60%2BhyXiaqcHbfeCVrThvtKw152g%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control: public, max-age=0 no-store, no-cache, must-revalidate, post-check=0, pre-check=0
cf-ray: 8a3a5ad58c6263e1-LHR
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block, 1; mode=block
expires: 0

GET
H3

200

main.js Show response
capitaloneonlinesecure.com/cdn-cgi/challenge-platform/h/g/scripts/jsd/7a55c9ccbaaa/ Frame E70E
Redirect Chain

https://capitaloneonlinesecure.com/cdn-cgi/challenge-platform/scripts/jsd/main.js
https://capitaloneonlinesecure.com/cdn-cgi/challenge-platform/h/g/scripts/jsd/7a55c9ccbaaa/main.js?

8 KB
4 KB

34ms
33ms

Script
application/javascript

172.67.165.78
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://capitaloneonlinesecure.com/cdn-cgi/challenge-platform/h/g/scripts/jsd/7a55c9ccbaaa/main.js?

Protocol

Server

172.67.165.78 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3216d9dd0f1b87612b6984dc07e0fa561a9e4f239dff0a1260e6d3ee9d4b520a

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer
User-Agent: Mozilla/5.0 (Linux; Android 14) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.64 Mobile Safari/537.36

Response headers

date: Mon, 15 Jul 2024 14:13:43 GMT
content-encoding: br
x-content-type-options: nosniff
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6RxGbe1JAd3aIbXalKWrwE9fFnSNssfkGqUNr5jsYQv%2BSKOYNlxcJUU0zFZQDvAuhqNKpY8%2BbjCtLdSL2a8ek4SHjSI7wHVj8uew4aWgtN4OV%2BmzkHtL%2FS3EjiAjGdL5uY5nFrKqunriRDHNnA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=UTF-8
cache-control: max-age=14400, public
cf-ray: 8a3a5ad5ccdf63e1-LHR
alt-svc: h3=":443"; ma=86400

Redirect headers

date: Mon, 15 Jul 2024 14:13:43 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=qKP6jcmz3Vp2dneUiv8j%2FHof%2FZ1MgYHh8zIuLiKfnpV13ko5hyd9bXJdrDWrgfKQy2PDpo6i4EELlkcUdu%2FlbU3rkd%2FKJlQa6VGNYVZnF9N2EU8cedvtr3iXTT4uLtQSgWMR73bQeWlH1Bt8aQ%3D%3D"}],"group":"cf-nel","max_age":604800}
location: /cdn-cgi/challenge-platform/h/g/scripts/jsd/7a55c9ccbaaa/main.js?
access-control-allow-origin: *
cache-control: max-age: 300, public
cf-ray: 8a3a5ad58c6c63e1-LHR
alt-svc: h3=":443"; ma=86400
content-length: 0

GET
H3 503 favicon.ico
capitaloneonlinesecure.com/ 6 KB
7 KB 321ms
319ms Other
text/html 172.67.165.78
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://capitaloneonlinesecure.com/favicon.ico

Protocol

Security

QUIC, , AES_128_GCM

Server

172.67.165.78 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff, nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block, 1; mode=block

Request headers

Referer: https://capitaloneonlinesecure.com/
User-Agent: Mozilla/5.0 (Linux; Android 14) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.64 Mobile Safari/537.36

Response headers

pragma: no-cache
date: Mon, 15 Jul 2024 14:13:44 GMT
x-content-type-options: nosniff, nosniff
cf-cache-status: BYPASS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
x-frame-options: SAMEORIGIN
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=9ZCWkJ0UvJABrPTXNRjeicvNjgl%2FUilj%2FcFfT%2Bp8EQTer5%2FF%2F556N9oEvHCs7JsnNbOZPabqikPqaEUjQM0SBuT4cMAwOEW9h096BW8TF6xk1%2F6FYCCDG7%2B2Ux02MieH%2F7p8pHOtCS8kaZH%2FJg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/html; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=0 no-store, no-cache, must-revalidate, post-check=0, pre-check=0
cf-ray: 8a3a5ad5ac8763e1-LHR
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block, 1; mode=block
expires: 0

POST
H3 200 8a3a5ad17f1b63e1
capitaloneonlinesecure.com/cdn-cgi/challenge-platform/h/g/jsd/r/ Frame E70E 0
709 B 73ms
67ms XHR
text/plain 172.67.165.78
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://capitaloneonlinesecure.com/cdn-cgi/challenge-platform/h/g/jsd/r/8a3a5ad17f1b63e1
Requested by: Host: capitaloneonlinesecure.com
URL: https://capitaloneonlinesecure.com/cdn-cgi/challenge-platform/scripts/jsd/main.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.165.78 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Referer
User-Agent: Mozilla/5.0 (Linux; Android 14) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.64 Mobile Safari/537.36
Content-Type: application/json

Response headers

date: Mon, 15 Jul 2024 14:13:44 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2os2VMV%2Fj5cMfVsIcY5xmA7pPVNathRfEGIjN7ZvN10UzZ49p%2F8pPvx3tKGMKrMGc0rbNbUkk9q7UrxigSzRw6OQHVryAYHo7EtHdDH3IqKrB29lbr3%2B3eO%2BHdAwJKG7vCfjDPU8gQ4QceOLLw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/plain; charset=UTF-8
cf-ray: 8a3a5ad7d82c63e1-LHR
alt-svc: h3=":443"; ma=86400
content-length: 0

GET
H3 403 Primary Request / Show response
capitaloneonlinesecure.com/ 1 KB
951 B 339ms
338ms Document
text/html 172.67.165.78
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://capitaloneonlinesecure.com/

Requested by

Host: capitaloneonlinesecure.com
URL: https://capitaloneonlinesecure.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

172.67.165.78 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9afebb4364b26f0474f03aac2a19e298ba6fe3d8024caa0c04dbe3caeb2949d0

Security Headers

Name	Value
X-Content-Type-Options	nosniff nosniff
X-Xss-Protection	1; mode=block 1; mode=block

Request headers

Referer: https://capitaloneonlinesecure.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Linux; Android 14) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.64 Mobile Safari/537.36

Response headers

alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 8a3a5ad7e83d63e1-LHR
content-encoding: br
content-type: text/html
date: Mon, 15 Jul 2024 14:13:44 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=4%2BlJymhUvz2H7jCFRgp41kjIYY2oElGeEVqpZT9EiSLf7swDXcwN6o8%2Fy26XhuOKuASGIb5bY7r%2Fne0wCaQwp8efBdMBjLsePQ%2B4ogNdrqzcINaeRteVNbIC7lUpNat0Qkx3HEmoZYU3a63L4g%3D%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
x-content-type-options: nosniff nosniff
x-xss-protection: 1; mode=block 1; mode=block

GET
H3

200

main.js Show response
capitaloneonlinesecure.com/cdn-cgi/challenge-platform/h/g/scripts/jsd/7a55c9ccbaaa/ Frame AEF6
Redirect Chain

https://capitaloneonlinesecure.com/cdn-cgi/challenge-platform/scripts/jsd/main.js
https://capitaloneonlinesecure.com/cdn-cgi/challenge-platform/h/g/scripts/jsd/7a55c9ccbaaa/main.js?

8 KB
0

0ms
0ms

Script
application/javascript

172.67.165.78
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://capitaloneonlinesecure.com/cdn-cgi/challenge-platform/h/g/scripts/jsd/7a55c9ccbaaa/main.js?

Protocol

Server

172.67.165.78 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3216d9dd0f1b87612b6984dc07e0fa561a9e4f239dff0a1260e6d3ee9d4b520a

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer
User-Agent: Mozilla/5.0 (Linux; Android 14) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.64 Mobile Safari/537.36

Response headers

date: Mon, 15 Jul 2024 14:13:43 GMT
content-encoding: br
x-content-type-options: nosniff
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6RxGbe1JAd3aIbXalKWrwE9fFnSNssfkGqUNr5jsYQv%2BSKOYNlxcJUU0zFZQDvAuhqNKpY8%2BbjCtLdSL2a8ek4SHjSI7wHVj8uew4aWgtN4OV%2BmzkHtL%2FS3EjiAjGdL5uY5nFrKqunriRDHNnA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=UTF-8
cache-control: max-age=14400, public
cf-ray: 8a3a5ad5ccdf63e1-LHR
alt-svc: h3=":443"; ma=86400

Redirect headers

date: Mon, 15 Jul 2024 14:13:44 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=def%2BDWgSMECmLv3UOMN4jhWaENLpJzuq7Vd1RW56bXUq8PbzCPX61ktHN81Yn2jd2m4bKdttryOxiG0AFeFOfW%2BPP9DiI7UokDcxEk0vNyAmVjbTjM8AgtNWQqEFihKtOvQa4oI7PlgZu8eFng%3D%3D"}],"group":"cf-nel","max_age":604800}
location: /cdn-cgi/challenge-platform/h/g/scripts/jsd/7a55c9ccbaaa/main.js?
access-control-allow-origin: *
cache-control: max-age: 300, public
cf-ray: 8a3a5ada5b2563e1-LHR
alt-svc: h3=":443"; ma=86400
content-length: 0

POST
H3 200 8a3a5ad7e83d63e1 Show response
capitaloneonlinesecure.com/cdn-cgi/challenge-platform/h/g/jsd/r/ Frame AEF6 0
715 B 51ms
44ms XHR
text/plain 172.67.165.78
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://capitaloneonlinesecure.com/cdn-cgi/challenge-platform/h/g/jsd/r/8a3a5ad7e83d63e1
Requested by: Host: capitaloneonlinesecure.com
URL: https://capitaloneonlinesecure.com/cdn-cgi/challenge-platform/scripts/jsd/main.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.165.78 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
User-Agent: Mozilla/5.0 (Linux; Android 14) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.64 Mobile Safari/537.36
Content-Type: application/json

Response headers

date: Mon, 15 Jul 2024 14:13:45 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=WX%2F2j2oG4G1l%2FRJuWsRsTCd2Mr%2BQwZGBYO43vAgQ4H3hEE5sCv%2FGwzswOFCTllzsRNV%2FTBAzBNtCzLWmNF%2Bki%2F6%2Fg9AHdciSwhrjtJloQWrBDd5LamTsXXnogVumswimgr0hQNFFYj6k48u%2F9g%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/plain; charset=UTF-8
cf-ray: 8a3a5adc2d9b63e1-LHR
alt-svc: h3=":443"; ma=86400
content-length: 0

GET
H3 403 favicon.ico
capitaloneonlinesecure.com/ 548 B
640 B 334ms
334ms Other
text/html 172.67.165.78
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://capitaloneonlinesecure.com/favicon.ico

Protocol

Security

QUIC, , AES_128_GCM

Server

172.67.165.78 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

25fb23868ebf48348f9e438e00cb9b9d9b3a054f32482a781c762cc4f9cc6393

Security Headers

Name	Value
X-Content-Type-Options	nosniff, nosniff
X-Xss-Protection	1; mode=block, 1; mode=block

Request headers

Referer: https://capitaloneonlinesecure.com/
User-Agent: Mozilla/5.0 (Linux; Android 14) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.64 Mobile Safari/537.36

Response headers

pragma: public
date: Mon, 15 Jul 2024 14:13:45 GMT
content-encoding: br
x-content-type-options: nosniff, nosniff
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=G6ZS0D%2FvMJfQjy7R18N825h15VsIXUTQxGYBgIMyp9y5UrYAlqPa2%2Bb13DcpN4xkYX40bgkn7AtoEzWaQTZf99uwRcOyp87ZIgUUheOt6grylVmxzlzxGcrgvLg3yvr7QzJqYlxt4pDEmnJABQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/html
cache-control: public, max-age=315360000, stale-while-revalidate=315360000, stale-if-error=315360000, immutable
cf-ray: 8a3a5adc2da563e1-LHR
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block, 1; mode=block

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Generic Cloudflare (Online)

1 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0

16 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
capitaloneonlinesecure.com/	1970-01-20 22:05:39	Name: NEl14WgVrGgqvlbgI-2lkV9QMIE Value: litF1-vWosD7Glk4-GBZ-FhwgJo
capitaloneonlinesecure.com/	1970-01-20 22:05:39	Name: qgEN1w4K_I6jPlQxGEY6cxJbgqs Value: 1721052816
capitaloneonlinesecure.com/	1970-01-20 22:05:39	Name: g13p0VxHTQZJ0iqx-nz-KYpm-pU Value: 1721139216
capitaloneonlinesecure.com/	1970-01-20 22:05:39	Name: mrx2-t5RXq73P9YOgb9qhdKHeb8 Value: 2IV0PHpNv_dsAV6VdG-xHTBWJ_s
.capitaloneonlinesecure.com/	1970-01-20 22:05:39	Name: __cf_mw_byp Value: XlkqPREohEKiKdW0qF3j19mFJEI43VU99b1Tk52aGaA-1721052819-0.0.1.1-/
capitaloneonlinesecure.com/	1970-01-20 22:05:39	Name: -MPbSK6hWmEupKlIjSzJv3KBJxk Value: TevV481bHg__TyID4Bzy-lFkP3s
capitaloneonlinesecure.com/	1970-01-20 22:05:39	Name: B0IajGNvwVhfEFucxY0KY2lWxOI Value: 1721052823
capitaloneonlinesecure.com/	1970-01-20 22:05:39	Name: l4OxJq0XuA92Tnz5jMt3YgopXjc Value: 1721139223
capitaloneonlinesecure.com/	1970-01-20 22:05:39	Name: uXMXb9xK7piWyzv4Ad98bK2LHNM Value: Bv_M9T-5BUEah6ERUcPFeZQMdFU
capitaloneonlinesecure.com/	1970-01-20 22:05:39	Name: 5PtWjTkBAlctVi6lrBB-EzZHslU Value: tm3J-ojR7l0kq6VC55sADffTUwE
capitaloneonlinesecure.com/	1970-01-20 22:05:39	Name: 9uJzE-inkDTa4_tgS1Q_RHuOuMI Value: efxQ1Y21mVhIlr8jFXBUoUm4xt8
capitaloneonlinesecure.com/	1970-01-20 22:05:39	Name: TxYtloSYXCcIPNLE3CUjnFUy6Mo Value: 1721052824
capitaloneonlinesecure.com/	1970-01-20 22:05:39	Name: N-yZyNY1wxDcns8NjkWMuv5TXDs Value: 1721139224
capitaloneonlinesecure.com/	1970-01-20 22:05:39	Name: 4XUkeuGTI7Zee6qBtlmEzLFWxLQ Value: HPAl71aLBCt55mgbuOs4diMVnOQ
capitaloneonlinesecure.com/	1970-01-20 22:05:39	Name: 4lOn14Us54_sBBjLvOiCvXuuHBs Value: n6lZTB1zxcQ7QqmY68ZRDSiGvHE
.capitaloneonlinesecure.com/	1970-01-21 06:49:48	Name: cf_clearance Value: diWUSEkQ8bfFGLC7z3qFHycqwSgmZ06mavzIhHS53jA-1721052825-1.0.1.1-vMRhe5K0xg1Leqbqvh_wT7QJYo5PwdA9dhnQT3pQPP6gtq.e5mE3LoM0JlKmF9ba.jttnX7uhyfoeFt12mMhjg

5 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://capitaloneonlinesecure.com/favicon.ico Message: Failed to load resource: the server responded with a status of 503 ()
network	error	URL: https://capitaloneonlinesecure.com/ Message: Failed to load resource: the server responded with a status of 503 ()
network	error	URL: https://capitaloneonlinesecure.com/favicon.ico Message: Failed to load resource: the server responded with a status of 503 ()
network	error	URL: https://capitaloneonlinesecure.com/ Message: Failed to load resource: the server responded with a status of 403 ()
network	error	URL: https://capitaloneonlinesecure.com/favicon.ico Message: Failed to load resource: the server responded with a status of 403 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
X-Frame-Options	SAMEORIGIN

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

capitaloneonlinesecure.com
172.67.165.78
1249ec2553e523b513e0998552d66305de3b3ec8df873cdbfc1d5067442006bb
25fb23868ebf48348f9e438e00cb9b9d9b3a054f32482a781c762cc4f9cc6393
3216d9dd0f1b87612b6984dc07e0fa561a9e4f239dff0a1260e6d3ee9d4b520a
84e3c77025ace5af143972b4a40fc834dcdfd4e449d4b36a57e62326f16b3091
9afebb4364b26f0474f03aac2a19e298ba6fe3d8024caa0c04dbe3caeb2949d0
b91ed4d75fe853982ead47eb116311f3e1ce6cb64401a7538ee206956843af7b
c989bd71abc97167f1bc96b4b9e180283910ece067dc61ee52c772d3299fbdb6
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
f1591a5221136c49438642155691ae6c68e25b7241f3d7ebe975b09a77662016

capitaloneonlinesecure.com Open in urlscan Pro 172.67.165.78 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Page Statistics

13 Requests

85 %HTTPS

0 %IPv6

1 Domains

1 Subdomains

1 IPs

1 Countries

38 kBTransfer

65 kBSize

16 Cookies

0 Outgoing links

Page URL History

Redirected requests

13 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

1 JavaScript Global Variables

16 Cookies

5 Console Messages

Security Headers

Indicators

capitaloneonlinesecure.com Open in urlscan Pro
172.67.165.78 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

13
Requests

85 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

38 kB
Transfer

65 kB
Size

16
Cookies

13 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!