www.mycapitalone.xyz Open in urlscan Pro
2a00:f940:2:2:1:1:0:198 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://www.mycapitalone.xyz/email.php
Submission: On April 24 via api (April 24th 2021, 12:05:42 am UTC) from US

Summary HTTP 14 Redirects Behaviour Indicators

Summary

This website contacted 1 IPs in 1 countries across 1 domains to perform 14 HTTP transactions. The main IP is 2a00:f940:2:2:1:1:0:198, located in Russian Federation and belongs to AS-REG, RU. The main domain is www.mycapitalone.xyz.
TLS certificate: Issued by GlobalSign GCC R3 DV TLS CA 2020 on April 23rd 2021. Valid for: a year.

This is the only time www.mycapitalone.xyz was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: CapitalOne (Financial)

Domain & IP information

	IP Address		AS Autonomous System
14	2a00:f940:2:2... 2a00:f940:2:2:1:1:0:198		197695 (AS-REG) (AS-REG)
14	1

14 2a00:f940:2:2:1:1:0:198 (Russian Federation)

ASN197695 (AS-REG, RU)

www.mycapitalone.xyz	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
14	mycapitalone.xyz www.mycapitalone.xyz	185 KB
14	1

	Domain	Requested by
14	www.mycapitalone.xyz	www.mycapitalone.xyz
14	1

This site contains no links.

Subject Issuer	Validity	Valid
www.mycapitalone.xyz GlobalSign GCC R3 DV TLS CA 2020	`2021-04-23` - `2022-05-25`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://www.mycapitalone.xyz/email.php
Frame ID: 1949767F0A3342852D7F1A74FA5B57AD
Requests: 14 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

url /\.php(?:$|\?)/i

Nginx (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /nginx(?:\/([\d.]+))?/i

Page Statistics

14
Requests

100 %
HTTPS

100 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

185 kB
Transfer

279 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

14 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request email.php Show response
www.mycapitalone.xyz/ 7 KB
3 KB 161ms
59ms Document
text/html 2a00:f940:2:2:1:1:0:198
AS-REG

General

Check archive.org

Show headers Download Go to

Full URL

https://www.mycapitalone.xyz/email.php

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a00:f940:2:2:1:1:0:198 , Russian Federation, ASN197695 (AS-REG, RU),

Reverse DNS

Software

nginx / PHP/7.3.26

Resource Hash

2c86b18c49ff0a959e6fa9c6b099d90c9a03cba55ff626af22853f458d34380e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000;

Request headers

:method: GET
:authority: www.mycapitalone.xyz
:scheme: https
:path: /email.php
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

server: nginx
date: Sat, 24 Apr 2021 00:05:17 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
x-powered-by: PHP/7.3.26
strict-transport-security: max-age=31536000;
content-encoding: gzip

GET
H2 200 app-3f627e3dc2.css
www.mycapitalone.xyz/images/ 115 KB
24 KB 98ms
98ms Stylesheet
text/css 2a00:f940:2:2:1:1:0:198
AS-REG

General

Check archive.org

Show headers Download Go to

Full URL

https://www.mycapitalone.xyz/images/app-3f627e3dc2.css

Requested by

Host: www.mycapitalone.xyz
URL: https://www.mycapitalone.xyz/email.php

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a00:f940:2:2:1:1:0:198 , Russian Federation, ASN197695 (AS-REG, RU),

Reverse DNS

Software

nginx /

Resource Hash

b59f61eeaeea3400b0c27424ea1074ac4b2d9130d66e7c218fc2b8b94e7e227a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000;

Request headers

:path: /images/app-3f627e3dc2.css
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: www.mycapitalone.xyz
referer: https://www.mycapitalone.xyz/email.php
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.mycapitalone.xyz/email.php
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 24 Apr 2021 00:05:17 GMT
content-encoding: gzip
last-modified: Sat, 23 Sep 2017 18:19:04 GMT
server: nginx
etag: W/"59c6a598-1cdbc"
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=3888000
strict-transport-security: max-age=31536000;
expires: Tue, 08 Jun 2021 00:05:17 GMT

GET
H2 200 capitalone-logo.png
www.mycapitalone.xyz/images/ 7 KB
7 KB 99ms
99ms Image
image/png 2a00:f940:2:2:1:1:0:198
AS-REG

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.mycapitalone.xyz/images/capitalone-logo.png

Requested by

Host: www.mycapitalone.xyz
URL: https://www.mycapitalone.xyz/email.php

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a00:f940:2:2:1:1:0:198 , Russian Federation, ASN197695 (AS-REG, RU),

Reverse DNS

Software

nginx /

Resource Hash

da7c29ad433fe646e6d22a47b186fe112a7eb9b9200cd26ea917e0a6c05c1c4e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000;

Request headers

:path: /images/capitalone-logo.png
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: www.mycapitalone.xyz
referer: https://www.mycapitalone.xyz/email.php
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.mycapitalone.xyz/email.php
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 24 Apr 2021 00:05:17 GMT
last-modified: Sat, 23 Sep 2017 16:44:54 GMT
server: nginx
etag: "59c68f86-1bdc"
strict-transport-security: max-age=31536000;
content-type: image/png
cache-control: max-age=3888000
accept-ranges: bytes
content-length: 7132
expires: Tue, 08 Jun 2021 00:05:17 GMT

GET
H2 200 9.png
www.mycapitalone.xyz/images/ 13 KB
14 KB 142ms
141ms Image
image/png 2a00:f940:2:2:1:1:0:198
AS-REG

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.mycapitalone.xyz/images/9.png

Requested by

Host: www.mycapitalone.xyz
URL: https://www.mycapitalone.xyz/email.php

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a00:f940:2:2:1:1:0:198 , Russian Federation, ASN197695 (AS-REG, RU),

Reverse DNS

Software

nginx /

Resource Hash

ce8aa7f6a453f00f303e63b5f0d81dc9983994cc85bb8be36315f5f0a6e71751

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000;

Request headers

:path: /images/9.png
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: www.mycapitalone.xyz
referer: https://www.mycapitalone.xyz/email.php
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.mycapitalone.xyz/email.php
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 24 Apr 2021 00:05:17 GMT
last-modified: Sat, 23 Sep 2017 18:27:52 GMT
server: nginx
etag: "59c6a7a8-35e3"
strict-transport-security: max-age=31536000;
content-type: image/png
cache-control: max-age=3888000
accept-ranges: bytes
content-length: 13795
expires: Tue, 08 Jun 2021 00:05:17 GMT

GET
H2 200 8.png
www.mycapitalone.xyz/images/ 14 KB
14 KB 143ms
142ms Image
image/png 2a00:f940:2:2:1:1:0:198
AS-REG

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.mycapitalone.xyz/images/8.png

Requested by

Host: www.mycapitalone.xyz
URL: https://www.mycapitalone.xyz/email.php

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a00:f940:2:2:1:1:0:198 , Russian Federation, ASN197695 (AS-REG, RU),

Reverse DNS

Software

nginx /

Resource Hash

30d15e1284d2ec3fc9ce2b5fa43f9e89d9106a45677a24c0bb529cba1ae2f7a0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000;

Request headers

:path: /images/8.png
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: www.mycapitalone.xyz
referer: https://www.mycapitalone.xyz/email.php
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.mycapitalone.xyz/email.php
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 24 Apr 2021 00:05:17 GMT
last-modified: Sat, 23 Sep 2017 18:26:07 GMT
server: nginx
etag: "59c6a73f-3605"
strict-transport-security: max-age=31536000;
content-type: image/png
cache-control: max-age=3888000
accept-ranges: bytes
content-length: 13829
expires: Tue, 08 Jun 2021 00:05:17 GMT

GET
H2 200 question-icon.svg
www.mycapitalone.xyz/images/ 2 KB
975 B 143ms
142ms Image
image/svg+xml 2a00:f940:2:2:1:1:0:198
AS-REG

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.mycapitalone.xyz/images/question-icon.svg

Requested by

Host: www.mycapitalone.xyz
URL: https://www.mycapitalone.xyz/email.php

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a00:f940:2:2:1:1:0:198 , Russian Federation, ASN197695 (AS-REG, RU),

Reverse DNS

Software

nginx /

Resource Hash

54857b8b46def2e330ae53297a38c008c313aec454acaf0c9f522a685f92bf24

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000;

Request headers

:path: /images/question-icon.svg
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: www.mycapitalone.xyz
referer: https://www.mycapitalone.xyz/email.php
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.mycapitalone.xyz/email.php
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 24 Apr 2021 00:05:17 GMT
content-encoding: gzip
last-modified: Sat, 17 Feb 2018 23:54:49 GMT
server: nginx
etag: W/"5a88c0c9-718"
vary: Accept-Encoding
content-type: image/svg+xml
cache-control: max-age=3888000
strict-transport-security: max-age=31536000;
expires: Tue, 08 Jun 2021 00:05:17 GMT

GET
H2 200 7.png
www.mycapitalone.xyz/images/ 13 KB
13 KB 143ms
142ms Image
image/png 2a00:f940:2:2:1:1:0:198
AS-REG

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.mycapitalone.xyz/images/7.png

Requested by

Host: www.mycapitalone.xyz
URL: https://www.mycapitalone.xyz/email.php

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a00:f940:2:2:1:1:0:198 , Russian Federation, ASN197695 (AS-REG, RU),

Reverse DNS

Software

nginx /

Resource Hash

2880d7a89357beb341f955452de0c6b4348e9206fc33e826b8cef9fb6f4b73ba

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000;

Request headers

:path: /images/7.png
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: www.mycapitalone.xyz
referer: https://www.mycapitalone.xyz/email.php
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.mycapitalone.xyz/email.php
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 24 Apr 2021 00:05:17 GMT
last-modified: Thu, 08 Feb 2018 00:20:05 GMT
server: nginx
etag: "5a7b97b5-337a"
strict-transport-security: max-age=31536000;
content-type: image/png
cache-control: max-age=3888000
accept-ranges: bytes
content-length: 13178
expires: Tue, 08 Jun 2021 00:05:17 GMT

GET
H2 404 drop-icon.png
www.mycapitalone.xyz/images/ 64 KB
64 KB 93ms
90ms Image
text/html 2a00:f940:2:2:1:1:0:198
AS-REG

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.mycapitalone.xyz/images/drop-icon.png
Requested by: Host: www.mycapitalone.xyz
URL: https://www.mycapitalone.xyz/images/app-3f627e3dc2.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a00:f940:2:2:1:1:0:198 , Russian Federation, ASN197695 (AS-REG, RU),
Reverse DNS
Software: nginx /
Resource Hash: 848095827c89b180a51e2e59448ea090bca9234c58ec1bc7c56935b128723ff7

Request headers

:path: /images/drop-icon.png
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: www.mycapitalone.xyz
referer: https://www.mycapitalone.xyz/images/app-3f627e3dc2.css
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.mycapitalone.xyz/images/app-3f627e3dc2.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 24 Apr 2021 00:05:19 GMT
content-encoding: gzip
server: nginx
vary: Accept-Encoding
content-type: text/html; charset=utf-8

GET
H2 200 avatar_un.png
www.mycapitalone.xyz/images/ 613 B
820 B 48ms
46ms Image
image/png 2a00:f940:2:2:1:1:0:198
AS-REG

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.mycapitalone.xyz/images/avatar_un.png

Requested by

Host: www.mycapitalone.xyz
URL: https://www.mycapitalone.xyz/images/app-3f627e3dc2.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a00:f940:2:2:1:1:0:198 , Russian Federation, ASN197695 (AS-REG, RU),

Reverse DNS

Software

nginx /

Resource Hash

3042964d0750350ca5f195599b3e7fb717e146fc68635b6c993fc4da82099319

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000;

Request headers

:path: /images/avatar_un.png
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: www.mycapitalone.xyz
referer: https://www.mycapitalone.xyz/images/app-3f627e3dc2.css
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.mycapitalone.xyz/images/app-3f627e3dc2.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 24 Apr 2021 00:05:19 GMT
last-modified: Sat, 23 Sep 2017 18:23:49 GMT
server: nginx
etag: "59c6a6b5-265"
strict-transport-security: max-age=31536000;
content-type: image/png
cache-control: max-age=3888000
accept-ranges: bytes
content-length: 613
expires: Tue, 08 Jun 2021 00:05:19 GMT

GET
H2 200 locked_pwd.png
www.mycapitalone.xyz/images/ 415 B
621 B 50ms
48ms Image
image/png 2a00:f940:2:2:1:1:0:198
AS-REG

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.mycapitalone.xyz/images/locked_pwd.png

Requested by

Host: www.mycapitalone.xyz
URL: https://www.mycapitalone.xyz/images/app-3f627e3dc2.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a00:f940:2:2:1:1:0:198 , Russian Federation, ASN197695 (AS-REG, RU),

Reverse DNS

Software

nginx /

Resource Hash

eac85a216528cff457d93a139c93667b1d9fa5fc5bbf4991d4b358b97fd55acd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000;

Request headers

:path: /images/locked_pwd.png
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: www.mycapitalone.xyz
referer: https://www.mycapitalone.xyz/images/app-3f627e3dc2.css
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.mycapitalone.xyz/images/app-3f627e3dc2.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 24 Apr 2021 00:05:19 GMT
last-modified: Sat, 23 Sep 2017 18:24:09 GMT
server: nginx
etag: "59c6a6c9-19f"
strict-transport-security: max-age=31536000;
content-type: image/png
cache-control: max-age=3888000
accept-ranges: bytes
content-length: 415
expires: Tue, 08 Jun 2021 00:05:19 GMT

GET
H2 404 ProximaNovaRegular.woff2
www.mycapitalone.xyz/fonts/ 0
0 151ms
149ms Font
text/html 2a00:f940:2:2:1:1:0:198
AS-REG

General

Check archive.org

Show headers Download Go to

Full URL: https://www.mycapitalone.xyz/fonts/ProximaNovaRegular.woff2
Requested by: Host: www.mycapitalone.xyz
URL: https://www.mycapitalone.xyz/images/app-3f627e3dc2.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a00:f940:2:2:1:1:0:198 , Russian Federation, ASN197695 (AS-REG, RU),
Reverse DNS
Software: nginx /
Resource Hash

Request headers

:path: /fonts/ProximaNovaRegular.woff2
pragma: no-cache
origin: https://www.mycapitalone.xyz
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: cors
accept: */*
cache-control: no-cache
sec-fetch-dest: font
:authority: www.mycapitalone.xyz
referer: https://www.mycapitalone.xyz/images/app-3f627e3dc2.css
:scheme: https
sec-fetch-site: same-origin
:method: GET
Origin: https://www.mycapitalone.xyz
Referer: https://www.mycapitalone.xyz/images/app-3f627e3dc2.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 24 Apr 2021 00:05:19 GMT
content-encoding: gzip
server: nginx
vary: Accept-Encoding
content-type: text/html; charset=utf-8

GET
H2 404 ProximaNovaSemiBold.woff
www.mycapitalone.xyz/fonts/ 0
0 197ms
196ms Font
text/html 2a00:f940:2:2:1:1:0:198
AS-REG

General

Check archive.org

Show headers Download Go to

Full URL: https://www.mycapitalone.xyz/fonts/ProximaNovaSemiBold.woff
Requested by: Host: www.mycapitalone.xyz
URL: https://www.mycapitalone.xyz/images/app-3f627e3dc2.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a00:f940:2:2:1:1:0:198 , Russian Federation, ASN197695 (AS-REG, RU),
Reverse DNS
Software: nginx /
Resource Hash

Request headers

:path: /fonts/ProximaNovaSemiBold.woff
pragma: no-cache
origin: https://www.mycapitalone.xyz
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: cors
accept: */*
cache-control: no-cache
sec-fetch-dest: font
:authority: www.mycapitalone.xyz
referer: https://www.mycapitalone.xyz/images/app-3f627e3dc2.css
:scheme: https
sec-fetch-site: same-origin
:method: GET
Origin: https://www.mycapitalone.xyz
Referer: https://www.mycapitalone.xyz/images/app-3f627e3dc2.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 24 Apr 2021 00:05:19 GMT
content-encoding: gzip
server: nginx
vary: Accept-Encoding
content-type: text/html; charset=utf-8

GET
H2 200 ProximaNovaRegular.woff
www.mycapitalone.xyz/fonts/ 24 KB
24 KB 64ms
63ms Font
application/font-woff 2a00:f940:2:2:1:1:0:198
AS-REG

General

Check archive.org

Show headers Download Go to

Full URL

https://www.mycapitalone.xyz/fonts/ProximaNovaRegular.woff

Requested by

Host: www.mycapitalone.xyz
URL: https://www.mycapitalone.xyz/images/app-3f627e3dc2.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a00:f940:2:2:1:1:0:198 , Russian Federation, ASN197695 (AS-REG, RU),

Reverse DNS

Software

nginx /

Resource Hash

3db577869cbe9e2e300e6575965aa1c63ae1054fbbd66aa166c8efb04d5c706f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000;

Request headers

:path: /fonts/ProximaNovaRegular.woff
pragma: no-cache
origin: https://www.mycapitalone.xyz
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: cors
accept: */*
cache-control: no-cache
sec-fetch-dest: font
:authority: www.mycapitalone.xyz
referer: https://www.mycapitalone.xyz/images/app-3f627e3dc2.css
:scheme: https
sec-fetch-site: same-origin
:method: GET
Origin: https://www.mycapitalone.xyz
Referer: https://www.mycapitalone.xyz/images/app-3f627e3dc2.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 24 Apr 2021 00:05:19 GMT
last-modified: Sat, 04 Apr 2015 15:20:06 GMT
server: nginx
etag: "5e6c-512e799861580"
strict-transport-security: max-age=31536000;
content-type: application/font-woff
accept-ranges: bytes
content-length: 24172

GET
H2 200 ProximaNovaSemiBold.woff2
www.mycapitalone.xyz/fonts/ 20 KB
20 KB 67ms
66ms Font
application/octet-stream 2a00:f940:2:2:1:1:0:198
AS-REG

General

Check archive.org

Show headers Download Go to

Full URL

https://www.mycapitalone.xyz/fonts/ProximaNovaSemiBold.woff2

Requested by

Host: www.mycapitalone.xyz
URL: https://www.mycapitalone.xyz/images/app-3f627e3dc2.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a00:f940:2:2:1:1:0:198 , Russian Federation, ASN197695 (AS-REG, RU),

Reverse DNS

Software

nginx /

Resource Hash

76680efd61dc1f00144c9af7adb317cc0642fe53282525e7e35806a12e74a084

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000;

Request headers

:path: /fonts/ProximaNovaSemiBold.woff2
pragma: no-cache
origin: https://www.mycapitalone.xyz
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: cors
accept: */*
cache-control: no-cache
sec-fetch-dest: font
:authority: www.mycapitalone.xyz
referer: https://www.mycapitalone.xyz/images/app-3f627e3dc2.css
:scheme: https
sec-fetch-site: same-origin
:method: GET
Origin: https://www.mycapitalone.xyz
Referer: https://www.mycapitalone.xyz/images/app-3f627e3dc2.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 24 Apr 2021 00:05:19 GMT
last-modified: Sat, 04 Apr 2015 15:20:06 GMT
server: nginx
accept-ranges: bytes
etag: "4fb0-512e799861580"
content-length: 20400
strict-transport-security: max-age=31536000;

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: CapitalOne (Financial)

14 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=31536000;

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

www.mycapitalone.xyz
2a00:f940:2:2:1:1:0:198
2880d7a89357beb341f955452de0c6b4348e9206fc33e826b8cef9fb6f4b73ba
2c86b18c49ff0a959e6fa9c6b099d90c9a03cba55ff626af22853f458d34380e
3042964d0750350ca5f195599b3e7fb717e146fc68635b6c993fc4da82099319
30d15e1284d2ec3fc9ce2b5fa43f9e89d9106a45677a24c0bb529cba1ae2f7a0
3db577869cbe9e2e300e6575965aa1c63ae1054fbbd66aa166c8efb04d5c706f
54857b8b46def2e330ae53297a38c008c313aec454acaf0c9f522a685f92bf24
76680efd61dc1f00144c9af7adb317cc0642fe53282525e7e35806a12e74a084
848095827c89b180a51e2e59448ea090bca9234c58ec1bc7c56935b128723ff7
b59f61eeaeea3400b0c27424ea1074ac4b2d9130d66e7c218fc2b8b94e7e227a
ce8aa7f6a453f00f303e63b5f0d81dc9983994cc85bb8be36315f5f0a6e71751
da7c29ad433fe646e6d22a47b186fe112a7eb9b9200cd26ea917e0a6c05c1c4e
eac85a216528cff457d93a139c93667b1d9fa5fc5bbf4991d4b358b97fd55acd

www.mycapitalone.xyz Open in urlscan Pro 2a00:f940:2:2:1:1:0:198 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

14 Requests

100 %HTTPS

100 %IPv6

1 Domains

1 Subdomains

1 IPs

1 Countries

185 kBTransfer

279 kBSize

0 Cookies

0 Outgoing links

Redirected requests

14 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

14 JavaScript Global Variables

0 Cookies

Security Headers

Indicators

www.mycapitalone.xyz Open in urlscan Pro
2a00:f940:2:2:1:1:0:198 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

14
Requests

100 %
HTTPS

100 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

185 kB
Transfer

279 kB
Size

0
Cookies

14 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!