revolute-service.site Open in urlscan Pro
37.9.175.165  Malicious Activity! Public Scan

Submitted URL: https://revolute-service.site/a.htm
Effective URL: https://revolute-service.site/Rvlt/home/Rvlt-tel.php?token=TW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NCkgQXBwbGVXZWJ...
Submission: On June 14 via manual from FR — Scanned from FR

Summary

This website contacted 2 IPs in 1 countries across 1 domains to perform 4 HTTP transactions. The main IP is 37.9.175.165, located in Slovakia and belongs to WEBSUPPORT-SRO-SK-AS, SK. The main domain is revolute-service.site.
TLS certificate: Issued by R3 on June 13th 2022. Valid for: 3 months.
This is the only time revolute-service.site was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Revolut (Financial)

Domain & IP information

IP Address AS Autonomous System
2 6 37.9.175.165 51013 (WEBSUPPOR...)
4 2
Apex Domain
Subdomains
Transfer
6 revolute-service.site
revolute-service.site
212 KB
4 1
Domain Requested by
6 revolute-service.site 2 redirects revolute-service.site
4 1

This site contains no links.

Subject Issuer Validity Valid
revolute-service.site
R3
2022-06-13 -
2022-09-11
3 months crt.sh

This page contains 1 frames:

Primary Page: https://revolute-service.site/Rvlt/home/Rvlt-tel.php?token=TW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NCkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzEwMi4wLjUwMDUuMTE1IFNhZmFyaS81MzcuMzYzNy41OS4xNjQuMTAyMjAyMjpKdW46VHVl
Frame ID: 713416348130A60DE05EFDEE0283875A
Requests: 9 HTTP requests in this frame

Screenshot

Page Title

Tel

Page URL History Show full URLs

  1. https://revolute-service.site/a.htm Page URL
  2. https://revolute-service.site/Rvlt HTTP 301
    https://revolute-service.site/Rvlt/ Page URL
  3. https://revolute-service.site/Rvlt/home/ HTTP 302
    https://revolute-service.site/Rvlt/home/Rvlt-tel.php?token=TW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ... Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • \.php(?:$|\?)

Overall confidence: 100%
Detected patterns
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

4
Requests

100 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

2
IPs

1
Countries

258 kB
Transfer

639 kB
Size

1
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://revolute-service.site/a.htm Page URL
  2. https://revolute-service.site/Rvlt HTTP 301
    https://revolute-service.site/Rvlt/ Page URL
  3. https://revolute-service.site/Rvlt/home/ HTTP 302
    https://revolute-service.site/Rvlt/home/Rvlt-tel.php?token=TW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NCkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzEwMi4wLjUwMDUuMTE1IFNhZmFyaS81MzcuMzYzNy41OS4xNjQuMTAyMjAyMjpKdW46VHVl Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 1
  • https://revolute-service.site/Rvlt HTTP 301
  • https://revolute-service.site/Rvlt/

4 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
a.htm
revolute-service.site/
78 B
208 B
Document
General
Full URL
https://revolute-service.site/a.htm
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
37.9.175.165 , Slovakia, ASN51013 (WEBSUPPORT-SRO-SK-AS, SK),
Reverse DNS
ing.r3.websupport.sk
Software
openresty /
Resource Hash
f906502722cb6ab7872e2f655708ce5048eca82b2bbb4d4a91bb79fd6e110ec7

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36
accept-language
fr-FR,fr;q=0.9

Response headers

content-encoding
br
content-type
text/html
date
Tue, 14 Jun 2022 15:04:25 GMT
etag
W/"4e-5e165077ec0c1"
last-modified
Tue, 14 Jun 2022 09:28:37 GMT
server
openresty
vary
Accept-Encoding
/
revolute-service.site/Rvlt/
Redirect Chain
  • https://revolute-service.site/Rvlt
  • https://revolute-service.site/Rvlt/
104 B
307 B
Document
General
Full URL
https://revolute-service.site/Rvlt/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
37.9.175.165 , Slovakia, ASN51013 (WEBSUPPORT-SRO-SK-AS, SK),
Reverse DNS
ing.r3.websupport.sk
Software
openresty /
Resource Hash

Request headers

Referer
https://revolute-service.site/a.htm
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36
accept-language
fr-FR,fr;q=0.9

Response headers

cache-control
no-store, no-cache, must-revalidate
content-encoding
br
content-type
text/html; charset=UTF-8
date
Tue, 14 Jun 2022 15:04:25 GMT
expires
Thu, 19 Nov 1981 08:52:00 GMT
pragma
no-cache
server
openresty
vary
Accept-Encoding

Redirect headers

content-length
243
content-type
text/html; charset=iso-8859-1
date
Tue, 14 Jun 2022 15:04:25 GMT
location
https://revolute-service.site/Rvlt/
server
openresty
Primary Request Rvlt-tel.php
revolute-service.site/Rvlt/home/
Redirect Chain
  • https://revolute-service.site/Rvlt/home/
  • https://revolute-service.site/Rvlt/home/Rvlt-tel.php?token=TW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NCkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzEwMi4wLjUwMDUuMTE1IF...
378 KB
182 KB
Document
General
Full URL
https://revolute-service.site/Rvlt/home/Rvlt-tel.php?token=TW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NCkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzEwMi4wLjUwMDUuMTE1IFNhZmFyaS81MzcuMzYzNy41OS4xNjQuMTAyMjAyMjpKdW46VHVl
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
37.9.175.165 , Slovakia, ASN51013 (WEBSUPPORT-SRO-SK-AS, SK),
Reverse DNS
ing.r3.websupport.sk
Software
openresty /
Resource Hash
7f977f604ce9b93910337a4815513f226f94b5796498c2bef9dc99908cab7b76

Request headers

Referer
https://revolute-service.site/Rvlt/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36
accept-language
fr-FR,fr;q=0.9

Response headers

cache-control
no-store, no-cache, must-revalidate
content-encoding
br
content-type
text/html; charset=UTF-8
date
Tue, 14 Jun 2022 15:04:26 GMT
expires
Thu, 19 Nov 1981 08:52:00 GMT
pragma
no-cache
server
openresty
vary
Accept-Encoding

Redirect headers

content-length
4
content-type
text/html; charset=UTF-8
date
Tue, 14 Jun 2022 15:04:26 GMT
location
Rvlt-tel.php?token=TW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NCkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzEwMi4wLjUwMDUuMTE1IFNhZmFyaS81MzcuMzYzNy41OS4xNjQuMTAyMjAyMjpKdW46VHVl
server
openresty
truncated
/
15 KB
15 KB
Font
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
c23b48bb63c57ddc9662f01e2d439ca9bab78ea9fb611b92a3b44cc0fb3981d6

Request headers

Referer
Origin
https://revolute-service.site
accept-language
fr-FR,fr;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

Content-Type
font/woff2
truncated
/
15 KB
15 KB
Font
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
a858e829b2f1ef3a0346efb973efa7c021905c23483292d5319d29ae316e4ce9

Request headers

Referer
Origin
https://revolute-service.site
accept-language
fr-FR,fr;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

Content-Type
font/woff2
truncated
/
124 KB
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
eb8c67ef4f7efd43d9ebbdcafdcbda5be9e2c5cebcd28c65b96d4abe1e33d7d0

Request headers

accept-language
fr-FR,fr;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

Content-Type
image/png
truncated
/
4 KB
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
c70ba1cb67cc649da2b1f5dc4a26891437d8bba2cc098c88461e6bfc23949d9e

Request headers

accept-language
fr-FR,fr;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/
15 KB
15 KB
Font
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
7162676d3741eea3ba1c42e87a80c8f9be8f893f580b7862b12a3fa75eacd828

Request headers

Referer
Origin
https://revolute-service.site
accept-language
fr-FR,fr;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

Content-Type
font/woff2
jquery.min.js
revolute-service.site/Rvlt/home/Rvlt_files/
86 KB
29 KB
Script
General
Full URL
https://revolute-service.site/Rvlt/home/Rvlt_files/jquery.min.js
Requested by
Host: revolute-service.site
URL: https://revolute-service.site/Rvlt/home/Rvlt-tel.php?token=TW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NCkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzEwMi4wLjUwMDUuMTE1IFNhZmFyaS81MzcuMzYzNy41OS4xNjQuMTAyMjAyMjpKdW46VHVl
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
37.9.175.165 , Slovakia, ASN51013 (WEBSUPPORT-SRO-SK-AS, SK),
Reverse DNS
ing.r3.websupport.sk
Software
openresty /
Resource Hash
2b381363dda049f2d49a59037b228bc865d51ffb977c8f5c3547d5c28de48e3a

Request headers

accept-language
fr-FR,fr;q=0.9
Referer
https://revolute-service.site/Rvlt/home/Rvlt-tel.php?token=TW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NCkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzEwMi4wLjUwMDUuMTE1IFNhZmFyaS81MzcuMzYzNy41OS4xNjQuMTAyMjAyMjpKdW46VHVl
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date
Tue, 14 Jun 2022 15:04:26 GMT
content-encoding
br
last-modified
Tue, 14 Jun 2022 09:15:34 GMT
server
openresty
etag
W/"15851-5e164d8d44190"
vary
Accept-Encoding
content-type
application/javascript

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Revolut (Financial)

10 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| oncontextlost object| oncontextrestored function| structuredClone object| launchQueue object| onbeforematch function| getScreenDetails object| navigation function| $ function| jQuery function| toggleselect

1 Cookies

Domain/Path Name / Value
revolute-service.site/ Name: PHPSESSID
Value: 54a87fd24c72ac6b7038e9ba5cf8b1d2