www.mycapitalone.xyz Open in urlscan Pro
2a00:f940:2:2:1:1:0:198  Malicious Activity! Public Scan

URL: https://www.mycapitalone.xyz/protect_indentity.php?cmd=accout3%25au%25services.capitalone_submit&id=99f5200e2751ee7fbbae9f11a...
Submission: On April 24 via automatic, source openphish

Summary

This website contacted 1 IPs in 1 countries across 1 domains to perform 13 HTTP transactions. The main IP is 2a00:f940:2:2:1:1:0:198, located in Russian Federation and belongs to AS-REG, RU. The main domain is www.mycapitalone.xyz.
TLS certificate: Issued by GlobalSign GCC R3 DV TLS CA 2020 on April 23rd 2021. Valid for: a year.
This is the only time www.mycapitalone.xyz was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: CapitalOne (Financial)

Domain & IP information

IP Address AS Autonomous System
13 2a00:f940:2:2... 197695 (AS-REG)
13 1
Apex Domain
Subdomains
Transfer
13 mycapitalone.xyz
www.mycapitalone.xyz
257 KB
13 1
Domain Requested by
13 www.mycapitalone.xyz www.mycapitalone.xyz
13 1

This site contains no links.

Subject Issuer Validity Valid
www.mycapitalone.xyz
GlobalSign GCC R3 DV TLS CA 2020
2021-04-23 -
2022-05-25
a year crt.sh

This page contains 1 frames:

Primary Page: https://www.mycapitalone.xyz/protect_indentity.php?cmd=accout3%25au%25services.capitalone_submit&id=99f5200e2751ee7fbbae9f11a4ae799499f5200e2751ee7fbbae9f11a4ae7994&session=99f5200e2751ee7fbbae9f11a4ae799499f5200e2751ee7fbbae9f11a4ae7994
Frame ID: 9180D9426268EEE93A912817D2667F84
Requests: 13 HTTP requests in this frame

Screenshot


Detected technologies

Overall confidence: 100%
Detected patterns
  • url /\.php(?:$|\?)/i

Overall confidence: 100%
Detected patterns
  • headers server /nginx(?:\/([\d.]+))?/i

Page Statistics

13
Requests

100 %
HTTPS

100 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

257 kB
Transfer

513 kB
Size

0
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

13 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request protect_indentity.php
www.mycapitalone.xyz/
9 KB
3 KB
Document
General
Full URL
https://www.mycapitalone.xyz/protect_indentity.php?cmd=accout3%25au%25services.capitalone_submit&id=99f5200e2751ee7fbbae9f11a4ae799499f5200e2751ee7fbbae9f11a4ae7994&session=99f5200e2751ee7fbbae9f11a4ae799499f5200e2751ee7fbbae9f11a4ae7994
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a00:f940:2:2:1:1:0:198 , Russian Federation, ASN197695 (AS-REG, RU),
Reverse DNS
Software
nginx / PHP/7.3.26
Resource Hash
fa592b0eb3d8a39ab530fdbef230690dedd5c498eddf16d6237ed1684037a231
Security Headers
Name Value
Strict-Transport-Security max-age=31536000;

Request headers

:method
GET
:authority
www.mycapitalone.xyz
:scheme
https
:path
/protect_indentity.php?cmd=accout3%25au%25services.capitalone_submit&id=99f5200e2751ee7fbbae9f11a4ae799499f5200e2751ee7fbbae9f11a4ae7994&session=99f5200e2751ee7fbbae9f11a4ae799499f5200e2751ee7fbbae9f11a4ae7994
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
none
sec-fetch-mode
navigate
sec-fetch-user
?1
sec-fetch-dest
document
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

server
nginx
date
Sat, 24 Apr 2021 01:43:38 GMT
content-type
text/html; charset=UTF-8
vary
Accept-Encoding
x-powered-by
PHP/7.3.26
strict-transport-security
max-age=31536000;
content-encoding
gzip
app-3f627e3dc2.css
www.mycapitalone.xyz/images/
115 KB
24 KB
Stylesheet
General
Full URL
https://www.mycapitalone.xyz/images/app-3f627e3dc2.css
Requested by
Host: www.mycapitalone.xyz
URL: https://www.mycapitalone.xyz/protect_indentity.php?cmd=accout3%25au%25services.capitalone_submit&id=99f5200e2751ee7fbbae9f11a4ae799499f5200e2751ee7fbbae9f11a4ae7994&session=99f5200e2751ee7fbbae9f11a4ae799499f5200e2751ee7fbbae9f11a4ae7994
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a00:f940:2:2:1:1:0:198 , Russian Federation, ASN197695 (AS-REG, RU),
Reverse DNS
Software
nginx /
Resource Hash
b59f61eeaeea3400b0c27424ea1074ac4b2d9130d66e7c218fc2b8b94e7e227a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000;

Request headers

:path
/images/app-3f627e3dc2.css
pragma
no-cache
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
text/css,*/*;q=0.1
cache-control
no-cache
sec-fetch-dest
style
:authority
www.mycapitalone.xyz
referer
https://www.mycapitalone.xyz/protect_indentity.php?cmd=accout3%25au%25services.capitalone_submit&id=99f5200e2751ee7fbbae9f11a4ae799499f5200e2751ee7fbbae9f11a4ae7994&session=99f5200e2751ee7fbbae9f11a4ae799499f5200e2751ee7fbbae9f11a4ae7994
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://www.mycapitalone.xyz/protect_indentity.php?cmd=accout3%25au%25services.capitalone_submit&id=99f5200e2751ee7fbbae9f11a4ae799499f5200e2751ee7fbbae9f11a4ae7994&session=99f5200e2751ee7fbbae9f11a4ae799499f5200e2751ee7fbbae9f11a4ae7994
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sat, 24 Apr 2021 01:43:38 GMT
content-encoding
gzip
last-modified
Sat, 23 Sep 2017 18:19:04 GMT
server
nginx
etag
W/"59c6a598-1cdbc"
vary
Accept-Encoding
content-type
text/css
cache-control
max-age=3888000
strict-transport-security
max-age=31536000;
expires
Tue, 08 Jun 2021 01:43:38 GMT
capitalone-logo.png
www.mycapitalone.xyz/images/
7 KB
7 KB
Image
General
Full URL
https://www.mycapitalone.xyz/images/capitalone-logo.png
Requested by
Host: www.mycapitalone.xyz
URL: https://www.mycapitalone.xyz/protect_indentity.php?cmd=accout3%25au%25services.capitalone_submit&id=99f5200e2751ee7fbbae9f11a4ae799499f5200e2751ee7fbbae9f11a4ae7994&session=99f5200e2751ee7fbbae9f11a4ae799499f5200e2751ee7fbbae9f11a4ae7994
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a00:f940:2:2:1:1:0:198 , Russian Federation, ASN197695 (AS-REG, RU),
Reverse DNS
Software
nginx /
Resource Hash
da7c29ad433fe646e6d22a47b186fe112a7eb9b9200cd26ea917e0a6c05c1c4e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000;

Request headers

:path
/images/capitalone-logo.png
pragma
no-cache
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control
no-cache
sec-fetch-dest
image
:authority
www.mycapitalone.xyz
referer
https://www.mycapitalone.xyz/protect_indentity.php?cmd=accout3%25au%25services.capitalone_submit&id=99f5200e2751ee7fbbae9f11a4ae799499f5200e2751ee7fbbae9f11a4ae7994&session=99f5200e2751ee7fbbae9f11a4ae799499f5200e2751ee7fbbae9f11a4ae7994
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://www.mycapitalone.xyz/protect_indentity.php?cmd=accout3%25au%25services.capitalone_submit&id=99f5200e2751ee7fbbae9f11a4ae799499f5200e2751ee7fbbae9f11a4ae7994&session=99f5200e2751ee7fbbae9f11a4ae799499f5200e2751ee7fbbae9f11a4ae7994
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sat, 24 Apr 2021 01:43:38 GMT
last-modified
Sat, 23 Sep 2017 16:44:54 GMT
server
nginx
etag
"59c68f86-1bdc"
strict-transport-security
max-age=31536000;
content-type
image/png
cache-control
max-age=3888000
accept-ranges
bytes
content-length
7132
expires
Tue, 08 Jun 2021 01:43:38 GMT
9.png
www.mycapitalone.xyz/images/
13 KB
14 KB
Image
General
Full URL
https://www.mycapitalone.xyz/images/9.png
Requested by
Host: www.mycapitalone.xyz
URL: https://www.mycapitalone.xyz/protect_indentity.php?cmd=accout3%25au%25services.capitalone_submit&id=99f5200e2751ee7fbbae9f11a4ae799499f5200e2751ee7fbbae9f11a4ae7994&session=99f5200e2751ee7fbbae9f11a4ae799499f5200e2751ee7fbbae9f11a4ae7994
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a00:f940:2:2:1:1:0:198 , Russian Federation, ASN197695 (AS-REG, RU),
Reverse DNS
Software
nginx /
Resource Hash
ce8aa7f6a453f00f303e63b5f0d81dc9983994cc85bb8be36315f5f0a6e71751
Security Headers
Name Value
Strict-Transport-Security max-age=31536000;

Request headers

:path
/images/9.png
pragma
no-cache
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control
no-cache
sec-fetch-dest
image
:authority
www.mycapitalone.xyz
referer
https://www.mycapitalone.xyz/protect_indentity.php?cmd=accout3%25au%25services.capitalone_submit&id=99f5200e2751ee7fbbae9f11a4ae799499f5200e2751ee7fbbae9f11a4ae7994&session=99f5200e2751ee7fbbae9f11a4ae799499f5200e2751ee7fbbae9f11a4ae7994
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://www.mycapitalone.xyz/protect_indentity.php?cmd=accout3%25au%25services.capitalone_submit&id=99f5200e2751ee7fbbae9f11a4ae799499f5200e2751ee7fbbae9f11a4ae7994&session=99f5200e2751ee7fbbae9f11a4ae799499f5200e2751ee7fbbae9f11a4ae7994
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sat, 24 Apr 2021 01:43:38 GMT
last-modified
Sat, 23 Sep 2017 18:27:52 GMT
server
nginx
etag
"59c6a7a8-35e3"
strict-transport-security
max-age=31536000;
content-type
image/png
cache-control
max-age=3888000
accept-ranges
bytes
content-length
13795
expires
Tue, 08 Jun 2021 01:43:38 GMT
8.png
www.mycapitalone.xyz/images/
14 KB
14 KB
Image
General
Full URL
https://www.mycapitalone.xyz/images/8.png
Requested by
Host: www.mycapitalone.xyz
URL: https://www.mycapitalone.xyz/protect_indentity.php?cmd=accout3%25au%25services.capitalone_submit&id=99f5200e2751ee7fbbae9f11a4ae799499f5200e2751ee7fbbae9f11a4ae7994&session=99f5200e2751ee7fbbae9f11a4ae799499f5200e2751ee7fbbae9f11a4ae7994
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a00:f940:2:2:1:1:0:198 , Russian Federation, ASN197695 (AS-REG, RU),
Reverse DNS
Software
nginx /
Resource Hash
30d15e1284d2ec3fc9ce2b5fa43f9e89d9106a45677a24c0bb529cba1ae2f7a0
Security Headers
Name Value
Strict-Transport-Security max-age=31536000;

Request headers

:path
/images/8.png
pragma
no-cache
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control
no-cache
sec-fetch-dest
image
:authority
www.mycapitalone.xyz
referer
https://www.mycapitalone.xyz/protect_indentity.php?cmd=accout3%25au%25services.capitalone_submit&id=99f5200e2751ee7fbbae9f11a4ae799499f5200e2751ee7fbbae9f11a4ae7994&session=99f5200e2751ee7fbbae9f11a4ae799499f5200e2751ee7fbbae9f11a4ae7994
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://www.mycapitalone.xyz/protect_indentity.php?cmd=accout3%25au%25services.capitalone_submit&id=99f5200e2751ee7fbbae9f11a4ae799499f5200e2751ee7fbbae9f11a4ae7994&session=99f5200e2751ee7fbbae9f11a4ae799499f5200e2751ee7fbbae9f11a4ae7994
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sat, 24 Apr 2021 01:43:38 GMT
last-modified
Sat, 23 Sep 2017 18:26:07 GMT
server
nginx
etag
"59c6a73f-3605"
strict-transport-security
max-age=31536000;
content-type
image/png
cache-control
max-age=3888000
accept-ranges
bytes
content-length
13829
expires
Tue, 08 Jun 2021 01:43:38 GMT
question-icon.svg
www.mycapitalone.xyz/images/
2 KB
975 B
Image
General
Full URL
https://www.mycapitalone.xyz/images/question-icon.svg
Requested by
Host: www.mycapitalone.xyz
URL: https://www.mycapitalone.xyz/protect_indentity.php?cmd=accout3%25au%25services.capitalone_submit&id=99f5200e2751ee7fbbae9f11a4ae799499f5200e2751ee7fbbae9f11a4ae7994&session=99f5200e2751ee7fbbae9f11a4ae799499f5200e2751ee7fbbae9f11a4ae7994
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a00:f940:2:2:1:1:0:198 , Russian Federation, ASN197695 (AS-REG, RU),
Reverse DNS
Software
nginx /
Resource Hash
54857b8b46def2e330ae53297a38c008c313aec454acaf0c9f522a685f92bf24
Security Headers
Name Value
Strict-Transport-Security max-age=31536000;

Request headers

:path
/images/question-icon.svg
pragma
no-cache
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control
no-cache
sec-fetch-dest
image
:authority
www.mycapitalone.xyz
referer
https://www.mycapitalone.xyz/protect_indentity.php?cmd=accout3%25au%25services.capitalone_submit&id=99f5200e2751ee7fbbae9f11a4ae799499f5200e2751ee7fbbae9f11a4ae7994&session=99f5200e2751ee7fbbae9f11a4ae799499f5200e2751ee7fbbae9f11a4ae7994
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://www.mycapitalone.xyz/protect_indentity.php?cmd=accout3%25au%25services.capitalone_submit&id=99f5200e2751ee7fbbae9f11a4ae799499f5200e2751ee7fbbae9f11a4ae7994&session=99f5200e2751ee7fbbae9f11a4ae799499f5200e2751ee7fbbae9f11a4ae7994
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sat, 24 Apr 2021 01:43:38 GMT
content-encoding
gzip
last-modified
Sat, 17 Feb 2018 23:54:49 GMT
server
nginx
etag
W/"5a88c0c9-718"
vary
Accept-Encoding
content-type
image/svg+xml
cache-control
max-age=3888000
strict-transport-security
max-age=31536000;
expires
Tue, 08 Jun 2021 01:43:38 GMT
7.png
www.mycapitalone.xyz/images/
13 KB
13 KB
Image
General
Full URL
https://www.mycapitalone.xyz/images/7.png
Requested by
Host: www.mycapitalone.xyz
URL: https://www.mycapitalone.xyz/protect_indentity.php?cmd=accout3%25au%25services.capitalone_submit&id=99f5200e2751ee7fbbae9f11a4ae799499f5200e2751ee7fbbae9f11a4ae7994&session=99f5200e2751ee7fbbae9f11a4ae799499f5200e2751ee7fbbae9f11a4ae7994
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a00:f940:2:2:1:1:0:198 , Russian Federation, ASN197695 (AS-REG, RU),
Reverse DNS
Software
nginx /
Resource Hash
2880d7a89357beb341f955452de0c6b4348e9206fc33e826b8cef9fb6f4b73ba
Security Headers
Name Value
Strict-Transport-Security max-age=31536000;

Request headers

:path
/images/7.png
pragma
no-cache
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control
no-cache
sec-fetch-dest
image
:authority
www.mycapitalone.xyz
referer
https://www.mycapitalone.xyz/protect_indentity.php?cmd=accout3%25au%25services.capitalone_submit&id=99f5200e2751ee7fbbae9f11a4ae799499f5200e2751ee7fbbae9f11a4ae7994&session=99f5200e2751ee7fbbae9f11a4ae799499f5200e2751ee7fbbae9f11a4ae7994
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://www.mycapitalone.xyz/protect_indentity.php?cmd=accout3%25au%25services.capitalone_submit&id=99f5200e2751ee7fbbae9f11a4ae799499f5200e2751ee7fbbae9f11a4ae7994&session=99f5200e2751ee7fbbae9f11a4ae799499f5200e2751ee7fbbae9f11a4ae7994
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sat, 24 Apr 2021 01:43:38 GMT
last-modified
Thu, 08 Feb 2018 00:20:05 GMT
server
nginx
etag
"5a7b97b5-337a"
strict-transport-security
max-age=31536000;
content-type
image/png
cache-control
max-age=3888000
accept-ranges
bytes
content-length
13178
expires
Tue, 08 Jun 2021 01:43:38 GMT
inputmask.js
www.mycapitalone.xyz/js/
233 KB
73 KB
Script
General
Full URL
https://www.mycapitalone.xyz/js/inputmask.js
Requested by
Host: www.mycapitalone.xyz
URL: https://www.mycapitalone.xyz/protect_indentity.php?cmd=accout3%25au%25services.capitalone_submit&id=99f5200e2751ee7fbbae9f11a4ae799499f5200e2751ee7fbbae9f11a4ae7994&session=99f5200e2751ee7fbbae9f11a4ae799499f5200e2751ee7fbbae9f11a4ae7994
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a00:f940:2:2:1:1:0:198 , Russian Federation, ASN197695 (AS-REG, RU),
Reverse DNS
Software
nginx /
Resource Hash
3fbd071b0f09677b895196a4c1e8153b404d5942a7d426e5314fed8840a2c955
Security Headers
Name Value
Strict-Transport-Security max-age=31536000;

Request headers

:path
/js/inputmask.js
pragma
no-cache
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
script
:authority
www.mycapitalone.xyz
referer
https://www.mycapitalone.xyz/protect_indentity.php?cmd=accout3%25au%25services.capitalone_submit&id=99f5200e2751ee7fbbae9f11a4ae799499f5200e2751ee7fbbae9f11a4ae7994&session=99f5200e2751ee7fbbae9f11a4ae799499f5200e2751ee7fbbae9f11a4ae7994
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://www.mycapitalone.xyz/protect_indentity.php?cmd=accout3%25au%25services.capitalone_submit&id=99f5200e2751ee7fbbae9f11a4ae799499f5200e2751ee7fbbae9f11a4ae7994&session=99f5200e2751ee7fbbae9f11a4ae799499f5200e2751ee7fbbae9f11a4ae7994
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sat, 24 Apr 2021 01:43:38 GMT
content-encoding
gzip
last-modified
Sat, 17 Feb 2018 15:54:58 GMT
server
nginx
etag
W/"5a885052-3a22f"
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
cache-control
max-age=3888000
strict-transport-security
max-age=31536000;
expires
Tue, 08 Jun 2021 01:43:38 GMT
drop-icon.png
www.mycapitalone.xyz/images/
64 KB
64 KB
Image
General
Full URL
https://www.mycapitalone.xyz/images/drop-icon.png
Requested by
Host: www.mycapitalone.xyz
URL: https://www.mycapitalone.xyz/images/app-3f627e3dc2.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a00:f940:2:2:1:1:0:198 , Russian Federation, ASN197695 (AS-REG, RU),
Reverse DNS
Software
nginx /
Resource Hash
848095827c89b180a51e2e59448ea090bca9234c58ec1bc7c56935b128723ff7

Request headers

:path
/images/drop-icon.png
pragma
no-cache
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control
no-cache
sec-fetch-dest
image
:authority
www.mycapitalone.xyz
referer
https://www.mycapitalone.xyz/images/app-3f627e3dc2.css
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://www.mycapitalone.xyz/images/app-3f627e3dc2.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sat, 24 Apr 2021 01:43:42 GMT
content-encoding
gzip
server
nginx
vary
Accept-Encoding
content-type
text/html; charset=utf-8
ProximaNovaRegular.woff2
www.mycapitalone.xyz/fonts/
0
0
Font
General
Full URL
https://www.mycapitalone.xyz/fonts/ProximaNovaRegular.woff2
Requested by
Host: www.mycapitalone.xyz
URL: https://www.mycapitalone.xyz/images/app-3f627e3dc2.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a00:f940:2:2:1:1:0:198 , Russian Federation, ASN197695 (AS-REG, RU),
Reverse DNS
Software
nginx /
Resource Hash

Request headers

:path
/fonts/ProximaNovaRegular.woff2
pragma
no-cache
origin
https://www.mycapitalone.xyz
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
font
:authority
www.mycapitalone.xyz
referer
https://www.mycapitalone.xyz/images/app-3f627e3dc2.css
:scheme
https
sec-fetch-site
same-origin
:method
GET
Origin
https://www.mycapitalone.xyz
Referer
https://www.mycapitalone.xyz/images/app-3f627e3dc2.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sat, 24 Apr 2021 01:43:42 GMT
content-encoding
gzip
server
nginx
vary
Accept-Encoding
content-type
text/html; charset=utf-8
ProximaNovaSemiBold.woff
www.mycapitalone.xyz/fonts/
0
0
Font
General
Full URL
https://www.mycapitalone.xyz/fonts/ProximaNovaSemiBold.woff
Requested by
Host: www.mycapitalone.xyz
URL: https://www.mycapitalone.xyz/images/app-3f627e3dc2.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a00:f940:2:2:1:1:0:198 , Russian Federation, ASN197695 (AS-REG, RU),
Reverse DNS
Software
nginx /
Resource Hash

Request headers

:path
/fonts/ProximaNovaSemiBold.woff
pragma
no-cache
origin
https://www.mycapitalone.xyz
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
font
:authority
www.mycapitalone.xyz
referer
https://www.mycapitalone.xyz/images/app-3f627e3dc2.css
:scheme
https
sec-fetch-site
same-origin
:method
GET
Origin
https://www.mycapitalone.xyz
Referer
https://www.mycapitalone.xyz/images/app-3f627e3dc2.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sat, 24 Apr 2021 01:43:42 GMT
content-encoding
gzip
server
nginx
vary
Accept-Encoding
content-type
text/html; charset=utf-8
ProximaNovaRegular.woff
www.mycapitalone.xyz/fonts/
24 KB
24 KB
Font
General
Full URL
https://www.mycapitalone.xyz/fonts/ProximaNovaRegular.woff
Requested by
Host: www.mycapitalone.xyz
URL: https://www.mycapitalone.xyz/images/app-3f627e3dc2.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a00:f940:2:2:1:1:0:198 , Russian Federation, ASN197695 (AS-REG, RU),
Reverse DNS
Software
nginx /
Resource Hash
3db577869cbe9e2e300e6575965aa1c63ae1054fbbd66aa166c8efb04d5c706f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000;

Request headers

:path
/fonts/ProximaNovaRegular.woff
pragma
no-cache
origin
https://www.mycapitalone.xyz
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
font
:authority
www.mycapitalone.xyz
referer
https://www.mycapitalone.xyz/images/app-3f627e3dc2.css
:scheme
https
sec-fetch-site
same-origin
:method
GET
Origin
https://www.mycapitalone.xyz
Referer
https://www.mycapitalone.xyz/images/app-3f627e3dc2.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sat, 24 Apr 2021 01:43:42 GMT
last-modified
Sat, 04 Apr 2015 15:20:06 GMT
server
nginx
etag
"5e6c-512e799861580"
strict-transport-security
max-age=31536000;
content-type
application/font-woff
accept-ranges
bytes
content-length
24172
ProximaNovaSemiBold.woff2
www.mycapitalone.xyz/fonts/
20 KB
20 KB
Font
General
Full URL
https://www.mycapitalone.xyz/fonts/ProximaNovaSemiBold.woff2
Requested by
Host: www.mycapitalone.xyz
URL: https://www.mycapitalone.xyz/images/app-3f627e3dc2.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a00:f940:2:2:1:1:0:198 , Russian Federation, ASN197695 (AS-REG, RU),
Reverse DNS
Software
nginx /
Resource Hash
76680efd61dc1f00144c9af7adb317cc0642fe53282525e7e35806a12e74a084
Security Headers
Name Value
Strict-Transport-Security max-age=31536000;

Request headers

:path
/fonts/ProximaNovaSemiBold.woff2
pragma
no-cache
origin
https://www.mycapitalone.xyz
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
font
:authority
www.mycapitalone.xyz
referer
https://www.mycapitalone.xyz/images/app-3f627e3dc2.css
:scheme
https
sec-fetch-site
same-origin
:method
GET
Origin
https://www.mycapitalone.xyz
Referer
https://www.mycapitalone.xyz/images/app-3f627e3dc2.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sat, 24 Apr 2021 01:43:42 GMT
last-modified
Sat, 04 Apr 2015 15:20:06 GMT
server
nginx
accept-ranges
bytes
etag
"4fb0-512e799861580"
content-length
20400
strict-transport-security
max-age=31536000;

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: CapitalOne (Financial)

18 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onbeforexrselect object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| cookieStore function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker boolean| originAgentCluster object| trustedTypes boolean| crossOriginIsolated string| cc_number_saved number| myVar function| myFunction function| showPage function| $ function| jQuery object| jQuery111108719058243556257

0 Cookies

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=31536000;