SafeMode - Analysis: d26hpdecvhwn5s.cloudfront.net

EN ES PT

Back to Stats

Captura Visual

Screenshot of d26hpdecvhwn5s.cloudfront.net

Informações de Detecção

https://d26hpdecvhwn5s.cloudfront.net/?v=1772291184133

Detected Brand

Capital One

Country

USA

Confiança

100%

HTTP Status

200

Report ID

ca4abcc3-1bd…

Analyzed

2026-03-01 17:08

Final URL (after redirects)

https://d26hpdecvhwn5s.cloudfront.net/?v=1772388428346

Hashes de Conteúdo (Similaridade HTML)

Used to detect similar phishing pages based on HTML content

Algorithm	Hash Value
CONTENT TLSH	T144E30E72B5012D7F6787BE96E9267F01F2A18235F40B1794FBA5090A4FC2FF59226324
CONTENT ssdeep	3072:r7FvGzGVBFuzasIEC6IX75RcOGDIdzkkLpMY9lKkNdjc58ktu4hw/2cj+hd2jEZ1:r7FvGzGVBFuzasIEC6IX75RcOGDIdzkD

Hashes Visuais (Similaridade de Captura)

Used to detect visually similar phishing pages based on screenshots

Algorithm	Hash Value
VISUAL pHash	cd56b34b2caa5325
VISUAL aHash	fff8f8f0f0f8ffff
VISUAL dHash	2c50e02322d12a2b
VISUAL wHash	fff830101080dbdf
VISUAL colorHash	060010100c0
VISUAL cropResistant	2c50e02322d12a2b,f1c77d5f7d477f7c,030d719f9f4e777f,010d619585614f7e,0109d52d65456561,e1071dc919599992

Análise de Código

Risk Score 100/100

Nível de Ameaça ALTO

⚠️ Phishing Confirmed

🎣 Credential Harvester 🎣 OTP Stealer 🎣 Card Stealer 🎣 Banking 🎣 Personal Info

🔬 Threat Analysis Report

• Ameaça: Phishing
• Alvo: Clientes da Capital One
• Método: Impersonação através de um site semelhante em hospedagem gratuita.
• Exfil: Desconhecido, provavelmente coleta de credenciais
• Indicadores: Hospedagem Cloudfront, logotipo da Capital One
• Risco: ALTO

🔒 Obfuscation Detected

atob
eval
fromCharCode
unescape
document.write
hex_escape
unicode_escape
base64_strings

🎯 Kit Endpoints

https://autorefi.capitalone.com/login
https://autorefi.capitalone.com/login/
/privacy/online-privacy-policy#collecting-using-sharing-information-accordion-button-5

📡 API Calls Detected

POST
get

📊 Detalhamento da Pontuação de Risco

Total Risk Score

90/100

Contributing Factors

Free Hosting

The domain uses free hosting, which is a common indicator of phishing.

Brand Impersonation

The site mimics the look and feel of Capital One.

Obfuscated Javascript

Obfuscated Javascript detected

🔬 Análise Integral de Ameaças

Tipo de Ameaça

Banking Credential Harvester

Alvo

Capital One users (USA)

Método de Ataque

Brand impersonation + credential harvesting forms + obfuscated JavaScript

Canal de Exfiltração

Form submission (backend endpoint not detected - likely JavaScript-based)

Avaliação de Risco

CRITICAL - Automated credential harvesting with Form submission (backend endpoint not detected - likely JavaScript-based)

⚠️ Indicators of Compromise

Kit types: Credential Harvester, OTP Stealer, Card Stealer, Banking, Personal Info
217 obfuscation techniques

🏢 Análise de Falsificação de Marca

Impersonated Brand

Capital One

Official Website

https://www.capitalone.com

Fake Service

Credit card services

Fraudulent Claims

⚔️ Metodologia de Ataque

Primary Method: Credential Harvesting

The attackers are trying to steal Capital One login credentials. The page likely redirects to a form to collect this information.

Secondary Method: Social Engineering

The website uses the Capital One brand to trick users into believing it is legitimate.

🌐 Indicadores de Compromisso de Infraestrutura

Domain Information

Domínio

d26hpdecvhwn5s.cloudfront.net

Registered

None

Registrar

None

Estado

None

🤖 AI-Extracted Threat Intelligence

Similar Websites

Pages with identical visual appearance (based on perceptual hash)

Screenshot

https://d26hpdecvhwn5s.cloudfront.net/?v=1758945037633

Screenshot

https://d26hpdecvhwn5s.cloudfront.net/

http://d26hpdecvhwn5s.cloudfront.net

Scan History for d26hpdecvhwn5s.cloudfront.net

Found 10 other scans for this domain

https://d26hpdecvhwn5s.cloudfront.net/about/divers... ?

http://d26hpdecvhwn5s.cloudfront.net/bank/checking... Capital One Jun 16, 2026 22:13

https://d26hpdecvhwn5s.cloudfront.net/small-busine... Capital One Mar 24, 2026 11:26

https://d26hpdecvhwn5s.cloudfront.net/digital/tool... Capital One Mar 24, 2026 11:26

https://d26hpdecvhwn5s.cloudfront.net/digital/iden... Capital One Mar 24, 2026 11:26

http://d26hpdecvhwn5s.cloudfront.net/?v=1771370317... Capital One Mar 20, 2026 21:43

http://d26hpdecvhwn5s.cloudfront.net/about/ Capital One Mar 06, 2026 08:16

http://d26hpdecvhwn5s.cloudfront.net/commercial/in... Capital One Mar 06, 2026 01:46

http://d26hpdecvhwn5s.cloudfront.net/about/corpora... ? Mar 05, 2026 17:22

http://d26hpdecvhwn5s.cloudfront.net/learn-grow/?e... ? Mar 05, 2026 17:21

😰

"Nunca pensei que aconteceria comigo"

Isso dizem os 2,3 milhões de vítimas a cada ano. Não espere para ser uma estatística.