revolute-service.site
Open in
urlscan Pro
37.9.175.165
Malicious Activity!
Public Scan
Effective URL: https://revolute-service.site/Rvlt/home/Rvlt-tel.php?token=TW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NCkgQXBwbGVXZWJ...
Submission: On June 14 via manual from FR — Scanned from FR
Summary
TLS certificate: Issued by R3 on June 13th 2022. Valid for: 3 months.
This is the only time revolute-service.site was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Revolut (Financial)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
2 6 | 37.9.175.165 37.9.175.165 | 51013 (WEBSUPPOR...) (WEBSUPPORT-SRO-SK-AS) | |
4 | 2 |
ASN51013 (WEBSUPPORT-SRO-SK-AS, SK)
PTR: ing.r3.websupport.sk
revolute-service.site |
Apex Domain Subdomains |
Transfer | |
---|---|---|
6 |
revolute-service.site
2 redirects
revolute-service.site |
212 KB |
4 | 1 |
Domain | Requested by | |
---|---|---|
6 | revolute-service.site |
2 redirects
revolute-service.site
|
4 | 1 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
revolute-service.site R3 |
2022-06-13 - 2022-09-11 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://revolute-service.site/Rvlt/home/Rvlt-tel.php?token=TW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NCkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzEwMi4wLjUwMDUuMTE1IFNhZmFyaS81MzcuMzYzNy41OS4xNjQuMTAyMjAyMjpKdW46VHVl
Frame ID: 713416348130A60DE05EFDEE0283875A
Requests: 9 HTTP requests in this frame
Screenshot
Page Title
TelPage URL History Show full URLs
- https://revolute-service.site/a.htm Page URL
-
https://revolute-service.site/Rvlt
HTTP 301
https://revolute-service.site/Rvlt/ Page URL
-
https://revolute-service.site/Rvlt/home/
HTTP 302
https://revolute-service.site/Rvlt/home/Rvlt-tel.php?token=TW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ... Page URL
Detected technologies
PHP (Programming Languages) ExpandDetected patterns
- \.php(?:$|\?)
jQuery (JavaScript Libraries) Expand
Detected patterns
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
- https://revolute-service.site/a.htm Page URL
-
https://revolute-service.site/Rvlt
HTTP 301
https://revolute-service.site/Rvlt/ Page URL
-
https://revolute-service.site/Rvlt/home/
HTTP 302
https://revolute-service.site/Rvlt/home/Rvlt-tel.php?token=TW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NCkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzEwMi4wLjUwMDUuMTE1IFNhZmFyaS81MzcuMzYzNy41OS4xNjQuMTAyMjAyMjpKdW46VHVl Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 1- https://revolute-service.site/Rvlt HTTP 301
- https://revolute-service.site/Rvlt/
4 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
a.htm
revolute-service.site/ |
78 B 208 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
/
revolute-service.site/Rvlt/ Redirect Chain
|
104 B 307 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Primary Request
Rvlt-tel.php
revolute-service.site/Rvlt/home/ Redirect Chain
|
378 KB 182 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
15 KB 15 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
15 KB 15 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
124 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
4 KB 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
15 KB 15 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.min.js
revolute-service.site/Rvlt/home/Rvlt_files/ |
86 KB 29 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Revolut (Financial)10 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| oncontextlost object| oncontextrestored function| structuredClone object| launchQueue object| onbeforematch function| getScreenDetails object| navigation function| $ function| jQuery function| toggleselect1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
revolute-service.site/ | Name: PHPSESSID Value: 54a87fd24c72ac6b7038e9ba5cf8b1d2 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
revolute-service.site
37.9.175.165
2b381363dda049f2d49a59037b228bc865d51ffb977c8f5c3547d5c28de48e3a
7162676d3741eea3ba1c42e87a80c8f9be8f893f580b7862b12a3fa75eacd828
7f977f604ce9b93910337a4815513f226f94b5796498c2bef9dc99908cab7b76
a858e829b2f1ef3a0346efb973efa7c021905c23483292d5319d29ae316e4ce9
c23b48bb63c57ddc9662f01e2d439ca9bab78ea9fb611b92a3b44cc0fb3981d6
c70ba1cb67cc649da2b1f5dc4a26891437d8bba2cc098c88461e6bfc23949d9e
eb8c67ef4f7efd43d9ebbdcafdcbda5be9e2c5cebcd28c65b96d4abe1e33d7d0
f906502722cb6ab7872e2f655708ce5048eca82b2bbb4d4a91bb79fd6e110ec7