www.mycapitalone.xyz
Open in
urlscan Pro
2a00:f940:2:2:1:1:0:198
Malicious Activity!
Public Scan
Submission: On April 24 via automatic, source openphish
Summary
TLS certificate: Issued by GlobalSign GCC R3 DV TLS CA 2020 on April 23rd 2021. Valid for: a year.
This is the only time www.mycapitalone.xyz was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: CapitalOne (Financial)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
13 | 2a00:f940:2:2... 2a00:f940:2:2:1:1:0:198 | 197695 (AS-REG) (AS-REG) | |
13 | 1 |
Apex Domain Subdomains |
Transfer | |
---|---|---|
13 |
mycapitalone.xyz
www.mycapitalone.xyz |
257 KB |
13 | 1 |
Domain | Requested by | |
---|---|---|
13 | www.mycapitalone.xyz |
www.mycapitalone.xyz
|
13 | 1 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
www.mycapitalone.xyz GlobalSign GCC R3 DV TLS CA 2020 |
2021-04-23 - 2022-05-25 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://www.mycapitalone.xyz/protect_indentity.php?cmd=accout3%25au%25services.capitalone_submit&id=99f5200e2751ee7fbbae9f11a4ae799499f5200e2751ee7fbbae9f11a4ae7994&session=99f5200e2751ee7fbbae9f11a4ae799499f5200e2751ee7fbbae9f11a4ae7994
Frame ID: 9180D9426268EEE93A912817D2667F84
Requests: 13 HTTP requests in this frame
0 Outgoing links
These are links going to different origins than the main page.
Redirected requests
There were HTTP redirect chains for the following requests:
13 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
protect_indentity.php
www.mycapitalone.xyz/ |
9 KB 3 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
app-3f627e3dc2.css
www.mycapitalone.xyz/images/ |
115 KB 24 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
capitalone-logo.png
www.mycapitalone.xyz/images/ |
7 KB 7 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
9.png
www.mycapitalone.xyz/images/ |
13 KB 14 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
8.png
www.mycapitalone.xyz/images/ |
14 KB 14 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
question-icon.svg
www.mycapitalone.xyz/images/ |
2 KB 975 B |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
7.png
www.mycapitalone.xyz/images/ |
13 KB 13 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
inputmask.js
www.mycapitalone.xyz/js/ |
233 KB 73 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
drop-icon.png
www.mycapitalone.xyz/images/ |
64 KB 64 KB |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ProximaNovaRegular.woff2
www.mycapitalone.xyz/fonts/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ProximaNovaSemiBold.woff
www.mycapitalone.xyz/fonts/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ProximaNovaRegular.woff
www.mycapitalone.xyz/fonts/ |
24 KB 24 KB |
Font
application/font-woff |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ProximaNovaSemiBold.woff2
www.mycapitalone.xyz/fonts/ |
20 KB 20 KB |
Font
application/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: CapitalOne (Financial)18 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onbeforexrselect object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| cookieStore function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker boolean| originAgentCluster object| trustedTypes boolean| crossOriginIsolated string| cc_number_saved number| myVar function| myFunction function| showPage function| $ function| jQuery object| jQuery1111087190582435562570 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
Strict-Transport-Security | max-age=31536000; |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
www.mycapitalone.xyz
2a00:f940:2:2:1:1:0:198
2880d7a89357beb341f955452de0c6b4348e9206fc33e826b8cef9fb6f4b73ba
30d15e1284d2ec3fc9ce2b5fa43f9e89d9106a45677a24c0bb529cba1ae2f7a0
3db577869cbe9e2e300e6575965aa1c63ae1054fbbd66aa166c8efb04d5c706f
3fbd071b0f09677b895196a4c1e8153b404d5942a7d426e5314fed8840a2c955
54857b8b46def2e330ae53297a38c008c313aec454acaf0c9f522a685f92bf24
76680efd61dc1f00144c9af7adb317cc0642fe53282525e7e35806a12e74a084
848095827c89b180a51e2e59448ea090bca9234c58ec1bc7c56935b128723ff7
b59f61eeaeea3400b0c27424ea1074ac4b2d9130d66e7c218fc2b8b94e7e227a
ce8aa7f6a453f00f303e63b5f0d81dc9983994cc85bb8be36315f5f0a6e71751
da7c29ad433fe646e6d22a47b186fe112a7eb9b9200cd26ea917e0a6c05c1c4e
fa592b0eb3d8a39ab530fdbef230690dedd5c498eddf16d6237ed1684037a231