ScanMalware.com

Security Scan Report: t.co

Redirected to: blob:https://tol.fifax.cf/7f8e26c9-c466-4b39-a462-d696469055f3

Site favicon
Submitted: Dec 8, 2025, 12:30:45 AMCompleted: Dec 8, 2025, 12:31:10 AMpubliccompleted
Loading additional data...

Summary

This website contacted 37 IPs in 4 countries across 7 domains to perform 10 HTTP transactions. The main domain is .

Submitted URL: https://t.co/BXMP5AnwEr

Effective URL: blob:https://tol.fifax.cf/7f8e26c9-c466-4b39-a462-d696469055f3Redirected

The Cisco Umbrella rank of the primary domain is #1,176 of the top 1 million websitesTop 10K Site

AI Security Verdict

Confirmed Scam

Confidence: 95%

10
Risk Score

Phishing page impersonating Capital One with credential harvesting – confirmed scam.

Risk Factors
Credential harvesting forms on a newly registered, low‑reputation domain
Brand impersonation of a major financial institution
Obfuscated password fields to trick users
Unicode characters used to evade detection
Redirect chain from a legitimate shortener (t.co) to a suspicious domain
Domain age information unavailable

Details

Page Title

Sign In

Scan Type

public

Language

🇺🇸

English

(80% confidence)

Category

finance banking

(27%)

Domain Information

You're looking at domain 't.co' on the Colombian country-code top-level domain (.co) while skipping any subdomain. Its registrable label 't' stretches across 1 characters split between 0 vowels and 1 consonant. Segmentation suggests 1 word: t. Median word length comes out to 1 character. No strong language cues emerged from the frequency lists.

Screenshot

Security scan screenshot of https://t.co/BXMP5AnwEr

Page Load Overview

2.10s
Total Load Time
10
HTTP Requests
7
Domains
147 KB
Total Size

Language Analysis

Primary Language

🇺🇸English
Code: en
Confidence:80%
Script:Latin
Direction:ltr

Detection Details

Language Code:en
Detection Confidence:80%
Script Type:Latin
HTML Lang Attribute:en
Text Length:1,565 chars
Detector Agreement:67%

Website Classification

Primary Category

finance banking27% confidence
Type: webapp
Method: ml+structural

All Detected Categories

finance banking
27%
phishing/scam
20%

Detected Features

Login Form

Domain & IP Information

RequestsIP AddressLocationAS Autonomous System
1063.176.8.218Frankfurt am Main, Hesse, Germany
AS16509AMAZON-02
0185.221.216.119London, England, United Kingdom
AS393960HOST4GEEKS-LLC
0172.66.0.227United States
AS13335CLOUDFLARENET
035.157.26.135Frankfurt am Main, Hesse, Germany
AS16509AMAZON-02
092.123.104.40Frankfurt am Main, Hesse, Germany
AS20940Akamai International B.V.
0185.104.29.64Netherlands
AS206281Stichting DIGI NL
0151.101.194.137San Francisco, California, United States
AS54113FASTLY
0142.250.185.74United States
AS15169GOOGLE
0142.250.186.170United States
AS15169GOOGLE
0172.217.18.10United States
AS15169GOOGLE
1037--

Content Similarity HashesFor malware variant detection

TLSH (Trend Micro Locality Sensitive Hash)

Security-focused

Specialized for malware detection and similarity analysis

T1A9436636619341BA9CB3CAC857EB2B463E849887E0C9D12477AC9AD84F838D5D47D3DC

ssdeep (Context Triggered Piecewise Hashing)

Context-aware

Detects similar content even with modifications

768:s7FSF3FuWFzF+fs8utovnh8utovWX93mXTHarCt1WtXL/plyA7qvE6mw:GQl0WxMTvCvQ+KCt1WtXLRlyA7q86mw

sdhash (Similarity Digest Hashing)

High-precision

High-precision similarity detection for forensic analysis

sdhash:3:59348:zYTguJEMTUGBAQB0APQoeDAZknHYlFUgCBtkUaSGXQAB0HxoAJGAtAgpRwsZ0CNAoFAhFGulGJIJSVEhPBqBEwBAyCjoAfNg

These hashes enable detection of similar websites and malware variants by comparing content similarity even when exact matches aren't found.

Image Hashes

Perceptual Hashes

Average Hash:7fa5bde7c3ffcfff
Perceptual Hash:b3cbcc27639c8931
Difference Hash:e968704c4d2a2c00
Wavelet Hash:7f373c2c0424df00
Color Hash:#40bf80

Other Hashes

Crop Resistant:e968704c4d2a2c00

Scan History

Scan history not available

Unable to load historical scan data