urlscan.io logo urlscan.io
SecurityTrails logo

fcbayern-demo.captchafox.com Open in urlscan Pro
2400:52e0:1e00::1080:1  Public Scan

Go To Rescan Add Verdict Report
URL: https://fcbayern-demo.captchafox.com/
Submission Tags: phishingrod
Submission: On November 01 via api from DE — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 4 IPs in 1 countries across 2 domains to perform 6 HTTP transactions. The main IP is 2400:52e0:1e00::1080:1, located in Germany and belongs to BUNNYCDN, SI. The main domain is fcbayern-demo.captchafox.com.
TLS certificate: Issued by R3 on November 1st 2023. Valid for: 3 months.
This is the only time fcbayern-demo.captchafox.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 2400:52e0:1e0... 200325 (BUNNYCDN)
2 2400:52e0:1e0... 200325 (BUNNYCDN)
1 2a02:26f0:170... 20940 (AKAMAI-ASN1)
2 49.12.17.213 24940 (HETZNER-AS)
6 4
Apex Domain
Subdomains		 Transfer
5 captchafox.com
fcbayern-demo.captchafox.com
cdn.captchafox.com
api.captchafox.com
178 KB
1 fcbayern.com
img.fcbayern.com — Cisco Umbrella Rank: 261897
3 KB
6 2
Domain Requested by
2 api.captchafox.com cdn.captchafox.com
2 cdn.captchafox.com fcbayern-demo.captchafox.com
cdn.captchafox.com
1 img.fcbayern.com fcbayern-demo.captchafox.com
1 fcbayern-demo.captchafox.com
6 4

This site contains no links.

Subject Issuer Validity Valid
fcbayern-demo.captchafox.com
R3		 2023-11-01 -
2024-01-30		 3 months crt.sh
cdn.captchafox.com
R3		 2023-10-28 -
2024-01-26		 3 months crt.sh
fcbayern.com
DigiCert TLS RSA SHA256 2020 CA1		 2023-08-16 -
2024-08-15		 a year crt.sh
*.captchafox.com
R3		 2023-10-26 -
2024-01-24		 3 months crt.sh

This page contains 1 frames:

Primary Page: https://fcbayern-demo.captchafox.com/
Frame ID: 236436BE6ADACF4DF803D5471B4737BF
Requests: 6 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

FC Bayern - CaptchaFox

Page Statistics

6
Requests

100 %
HTTPS

75 %
IPv6

2
Domains

4
Subdomains

4
IPs

1
Countries

181 kB
Transfer

529 kB
Size

0
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

6 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
fcbayern-demo.captchafox.com/ 		6 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://fcbayern-demo.captchafox.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2400:52e0:1e00::1080:1 , Germany, ASN200325 (BUNNYCDN, SI),
Reverse DNS
Software
BunnyCDN-DE1-1080 /
Resource Hash
d57df985a42cf2e13e8b1cb2a8a2a65f669d864cb459a9578513754bd3e1534a

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
public, max-age=2592000
cdn-cache
HIT
cdn-cachedat
09/20/2023 21:56:57
cdn-edgestorageid
1082
cdn-fileserver
641
cdn-proxyver
1.04
cdn-pullzone
1293883
cdn-requestcountrycode
DE
cdn-requestid
abfc1cb02cd898375a03b44ba5f93d63
cdn-requestpullcode
206
cdn-requestpullsuccess
True
cdn-status
200
cdn-storageserver
DE-165
cdn-uid
72f935a1-244e-42c0-8041-90421e6a12b0
content-encoding
gzip
content-type
text/html
date
Wed, 01 Nov 2023 06:09:19 GMT
last-modified
Wed, 20 Sep 2023 21:56:49 GMT
server
BunnyCDN-DE1-1080
vary
Accept-Encoding
api.js
cdn.captchafox.com/ 		234 KB
71 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.captchafox.com/api.js?onload=loadWidget
Requested by
Host: fcbayern-demo.captchafox.com
URL: https://fcbayern-demo.captchafox.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2400:52e0:1e00::1082:1 , Germany, ASN200325 (BUNNYCDN, SI),
Reverse DNS
Software
BunnyCDN-DE1-1082 /
Resource Hash
39dffd586db5dc1f6a3692cb33a6d16eebe3c07bacffa76419d1e1eb9de1a628

Request headers

Referer
https://fcbayern-demo.captchafox.com/
Origin
https://fcbayern-demo.captchafox.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

date
Wed, 01 Nov 2023 06:09:19 GMT
content-encoding
br
cdn-edgestorageid
1080
cdn-storageserver
DE-588
cdn-cachedat
09/17/2023 16:29:47
cdn-pullzone
1289860
last-modified
Sat, 16 Sep 2023 18:02:42 GMT
server
BunnyCDN-DE1-1082
cdn-fileserver
655
cdn-requestpullcode
200
cdn-proxyver
1.04
etag
W/"6505edc2-3a793"
vary
Accept-Encoding, Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
cdn-cache
HIT
cdn-uid
72f935a1-244e-42c0-8041-90421e6a12b0
access-control-expose-headers
Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control
public, max-age=1200
cdn-requestid
fa70ea7f0d121bdf0e5da3c6c9ba07e5
cdn-requestcountrycode
DE
access-control-allow-headers
Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-status
200
cdn-requestpullsuccess
True
fcbayern.svg
img.fcbayern.com/image/upload/v1686821285/cms/public/images/fcbayern-com/logos/ 		5 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://img.fcbayern.com/image/upload/v1686821285/cms/public/images/fcbayern-com/logos/fcbayern.svg
Requested by
Host: fcbayern-demo.captchafox.com
URL: https://fcbayern-demo.captchafox.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:1700:197::1770 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
cloudinary /
Resource Hash
9d30193c2b970b745c2047539bda547b4a83b16e84f5936eafadaebcbc86d4bb

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://fcbayern-demo.captchafox.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

date
Wed, 01 Nov 2023 06:09:19 GMT
content-encoding
gzip
cache-tag
395020984582442676880649439563411481056,91fabe80d36762d3bfb4df733a5f98a3
content-disposition
attachment; filename="fcbayern.svg"
server-timing
ak_p; desc="1698818959914_1551592281_122496879_30_8583_17_39_219";dur=1
content-length
2318
x-served-by
cache-lga21966-LGA
last-modified
Tue, 12 Apr 2022 06:15:11 GMT
server
cloudinary
x-timer
S1698796061.290605,VS0,VE0
etag
W/"e4a8d2d608f1271f7bdde8db663da51b"
vary
Accept-Encoding
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
public, max-age=88
accept-ranges
bytes
timing-allow-origin
*
access-control-allow-headers
X-Requested-With
x-cache-hits
9
captchafox.js
cdn.captchafox.com/ 		284 KB
103 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.captchafox.com/captchafox.js
Requested by
Host: cdn.captchafox.com
URL: https://cdn.captchafox.com/api.js?onload=loadWidget
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2400:52e0:1e00::1082:1 , Germany, ASN200325 (BUNNYCDN, SI),
Reverse DNS
Software
BunnyCDN-DE1-1082 /
Resource Hash
8c4577786034c3f39281936373fa7783c5c32092c82f7d4e5cb7d6dbf4e8fe66

Request headers

Referer
https://fcbayern-demo.captchafox.com/
Origin
https://fcbayern-demo.captchafox.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

date
Wed, 01 Nov 2023 06:09:19 GMT
content-encoding
br
cdn-edgestorageid
1082
cdn-storageserver
DE-165
cdn-cachedat
09/17/2023 16:29:47
cdn-pullzone
1289860
last-modified
Sat, 16 Sep 2023 18:02:45 GMT
server
BunnyCDN-DE1-1082
cdn-fileserver
644
cdn-requestpullcode
200
cdn-proxyver
1.04
etag
W/"6505edc5-46ea4"
vary
Accept-Encoding, Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
cdn-cache
HIT
cdn-uid
72f935a1-244e-42c0-8041-90421e6a12b0
access-control-expose-headers
Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control
public, max-age=1200
cdn-requestid
813acfb74bbf8f53b7db60d1304d522e
cdn-requestcountrycode
DE
access-control-allow-headers
Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-status
200
cdn-requestpullsuccess
True
config
api.captchafox.com/captcha/sk_2Ab3DErZXe_fRCUz2c4nnJdANEB0bPG_/ 		269 B
1 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://api.captchafox.com/captcha/sk_2Ab3DErZXe_fRCUz2c4nnJdANEB0bPG_/config
Requested by
Host: cdn.captchafox.com
URL: https://cdn.captchafox.com/api.js?onload=loadWidget
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
49.12.17.213 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.213.17.12.49.clients.your-server.de
Software
nginx /
Resource Hash
3e10c051c0fc4cbbec505d168fbd6ef3aef1be8e842ff9ded8e526857a2d5274
Security Headers
Name Value
Content-Security-Policy default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://fcbayern-demo.captchafox.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

date
Wed, 01 Nov 2023 06:09:20 GMT
content-security-policy
default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
x-content-type-options
nosniff
strict-transport-security
max-age=15552000; includeSubDomains
x-permitted-cross-domain-policies
none
cross-origin-embedder-policy
require-corp
x-dns-prefetch-control
off
cross-origin-resource-policy
same-origin
content-length
269
x-xss-protection
0
referrer-policy
no-referrer
server
nginx
cross-origin-opener-policy
same-origin
etag
W/"10d-6nRzt8JqmDkfA8hDqgumGRbnsys"
x-download-options
noopen
x-frame-options
SAMEORIGIN
access-control-allow-methods
GET, POST, PUT, DELETE, PATCH
content-type
application/json; charset=utf-8
access-control-allow-origin
*
origin-agent-cluster
?1
access-control-allow-headers
Content-Type, Access-Control-Allow-Headers, X-Requested-With, Accept
config
api.captchafox.com/captcha/sk_o8m8C0xIzjezjD3XTMYZrdmYf1j4OeLC/ 		271 B
1 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://api.captchafox.com/captcha/sk_o8m8C0xIzjezjD3XTMYZrdmYf1j4OeLC/config
Requested by
Host: cdn.captchafox.com
URL: https://cdn.captchafox.com/api.js?onload=loadWidget
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
49.12.17.213 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.213.17.12.49.clients.your-server.de
Software
nginx /
Resource Hash
b82b5c58313be046256c43d9aeeb29deb6f5896ed5fa759fa9db2dd97ffc83d3
Security Headers
Name Value
Content-Security-Policy default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://fcbayern-demo.captchafox.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

date
Wed, 01 Nov 2023 06:09:20 GMT
content-security-policy
default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
x-content-type-options
nosniff
strict-transport-security
max-age=15552000; includeSubDomains
x-permitted-cross-domain-policies
none
cross-origin-embedder-policy
require-corp
x-dns-prefetch-control
off
cross-origin-resource-policy
same-origin
content-length
271
x-xss-protection
0
referrer-policy
no-referrer
server
nginx
cross-origin-opener-policy
same-origin
etag
W/"10f-Pq/ZsDxc/CcZ58cV2yEIUjTuDqg"
x-download-options
noopen
x-frame-options
SAMEORIGIN
access-control-allow-methods
GET, POST, PUT, DELETE, PATCH
content-type
application/json; charset=utf-8
access-control-allow-origin
*
origin-agent-cluster
?1
access-control-allow-headers
Content-Type, Access-Control-Allow-Headers, X-Requested-With, Accept

Verdicts & Comments Add Verdict or Comment

10 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| documentPictureInPicture function| showSuccess function| hideSuccess function| submitForm function| loadWidget object| regeneratorRuntime object| captchafox function| _0xe655 function| _0x4bff function| __cf_wapi

0 Cookies