unwittingquarrelsomewordprocessor.preapsoapgkpa.repl.co Open in urlscan Pro
34.149.204.188 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://tinyurl.com/w46gf5es4g6e546g4er5t
Effective URL:
https://unwittingquarrelsomewordprocessor.preapsoapgkpa.repl.co/index1.html
Submission: On August 30 via manual (August 30th 2022, 5:06:29 pm UTC) from UY — Scanned from DE

Summary HTTP 13 Redirects Behaviour Indicators

Summary

This website contacted 1 IPs in 2 countries across 3 domains to perform 13 HTTP transactions. The main IP is 34.149.204.188, located in Kansas City, United States and belongs to GOOGLE, US. The main domain is unwittingquarrelsomewordprocessor.preapsoapgkpa.repl.co.
TLS certificate: Issued by R3 on August 17th 2022. Valid for: 3 months.

This is the only time unwittingquarrelsomewordprocessor.preapsoapgkpa.repl.co was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Banco de la República Oriental del Uruguay (Banking)

Domain & IP information

	IP Address	AS Autonomous System
1 1	2606:4700:10:... 2606:4700:10::6814:8a41	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2 2	174.138.4.210 174.138.4.210	14061 (DIGITALOC...) (DIGITALOCEAN-ASN)
1 14	34.149.204.188 34.149.204.188	15169 (GOOGLE) (GOOGLE)
13	1

1 2606:4700:10::6814:8a41 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

tinyurl.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 174.138.4.210 (Amsterdam, Netherlands) 2 redirects

ASN14061 (DIGITALOCEAN-ASN, US)
PTR: cloud-ssl1.incabus.net

incab.us	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

14 34.149.204.188 (Kansas City, United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: 188.204.149.34.bc.googleusercontent.com

unwittingquarrelsomewordprocessor.preapsoapgkpa.repl.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
14	repl.co 1 redirects unwittingquarrelsomewordprocessor.preapsoapgkpa.repl.co	779 KB
2	incab.us 2 redirects incab.us	762 B
1	tinyurl.com 1 redirects tinyurl.com — Cisco Umbrella Rank: 18490	424 B
13	3

	Domain	Requested by
14	unwittingquarrelsomewordprocessor.preapsoapgkpa.repl.co	1 redirects unwittingquarrelsomewordprocessor.preapsoapgkpa.repl.co
2	incab.us	2 redirects
1	tinyurl.com	1 redirects
13	3

This site contains no links.

Subject Issuer	Validity	Valid
preapsoapgkpa.repl.co R3	`2022-08-17` - `2022-11-15`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://unwittingquarrelsomewordprocessor.preapsoapgkpa.repl.co/index1.html
Frame ID: C0BE7EE07673D9F6C9A8509C5DC02828
Requests: 13 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Inicio

Page URL History Show full URLs

https://tinyurl.com/w46gf5es4g6e546g4er5t HTTP 301
http://incab.us/s5gf5ds65f4s65df4s65f456 HTTP 301
https://incab.us/s5gf5ds65f4s65df4s65f456 HTTP 302
https://unwittingquarrelsomewordprocessor.preapsoapgkpa.repl.co/ HTTP 302
https://unwittingquarrelsomewordprocessor.preapsoapgkpa.repl.co/index1.html Page URL

Detected technologies

Ionicons (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+ionicons(?:\.min)?\.css

Page Statistics

13
Requests

100 %
HTTPS

33 %
IPv6

3
Domains

3
Subdomains

1
IPs

2
Countries

779 kB
Transfer

777 kB
Size

1
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://tinyurl.com/w46gf5es4g6e546g4er5t HTTP 301
http://incab.us/s5gf5ds65f4s65df4s65f456 HTTP 301
https://incab.us/s5gf5ds65f4s65df4s65f456 HTTP 302
https://unwittingquarrelsomewordprocessor.preapsoapgkpa.repl.co/ HTTP 302
https://unwittingquarrelsomewordprocessor.preapsoapgkpa.repl.co/index1.html Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

13 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request index1.html Show response
unwittingquarrelsomewordprocessor.preapsoapgkpa.repl.co/
Redirect Chain

https://tinyurl.com/w46gf5es4g6e546g4er5t
http://incab.us/s5gf5ds65f4s65df4s65f456
https://incab.us/s5gf5ds65f4s65df4s65f456
https://unwittingquarrelsomewordprocessor.preapsoapgkpa.repl.co/
https://unwittingquarrelsomewordprocessor.preapsoapgkpa.repl.co/index1.html

25 KB
25 KB

274ms
274ms

Document
text/html

34.149.204.188
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://unwittingquarrelsomewordprocessor.preapsoapgkpa.repl.co/index1.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

34.149.204.188 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

188.204.149.34.bc.googleusercontent.com

Software

Resource Hash

9afde12f75dafba0637d0c7894c3d2426c102ab9f4fd8f330f076c4326a1b0a5

Security Headers

Name	Value
Strict-Transport-Security	max-age=6659738; includeSubDomains

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

content-length: 25308
content-type: text/html; charset=UTF-8
date: Tue, 30 Aug 2022 17:06:23 GMT
expect-ct: max-age=2592000, report-uri="https://sentry.repl.it/api/10/security/?sentry_key=615192fd532445bfbbbe966cd7131791"
host: unwittingquarrelsomewordprocessor.preapsoapgkpa.repl.co
replit-cluster: global
strict-transport-security: max-age=6659738; includeSubDomains

Redirect headers

content-type: text/html; charset=UTF-8
date: Tue, 30 Aug 2022 17:06:23 GMT
expect-ct: max-age=2592000, report-uri="https://sentry.repl.it/api/10/security/?sentry_key=615192fd532445bfbbbe966cd7131791"
host: unwittingquarrelsomewordprocessor.preapsoapgkpa.repl.co
location: index1.html
replit-cluster: global
strict-transport-security: max-age=6659738; includeSubDomains
x-powered-by: PHP/7.4.21

GET
H2 200 fonts.css
unwittingquarrelsomewordprocessor.preapsoapgkpa.repl.co/flfs/ 2 KB
2 KB 272ms
271ms Stylesheet
text/css 34.149.204.188
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://unwittingquarrelsomewordprocessor.preapsoapgkpa.repl.co/flfs/fonts.css

Requested by

Host: unwittingquarrelsomewordprocessor.preapsoapgkpa.repl.co
URL: https://unwittingquarrelsomewordprocessor.preapsoapgkpa.repl.co/index1.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

34.149.204.188 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

188.204.149.34.bc.googleusercontent.com

Software

Resource Hash

367cba5c66dcb77e9efdefae321a5fa51b4ed0773b15ebbd7a8ee35b913e75fe

Security Headers

Name	Value
Strict-Transport-Security	max-age=6659737; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://unwittingquarrelsomewordprocessor.preapsoapgkpa.repl.co/index1.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Tue, 30 Aug 2022 17:06:24 GMT
strict-transport-security: max-age=6659737; includeSubDomains
host: unwittingquarrelsomewordprocessor.preapsoapgkpa.repl.co
replit-cluster: global
content-length: 1536
expect-ct: max-age=2592000, report-uri="https://sentry.repl.it/api/10/security/?sentry_key=615192fd532445bfbbbe966cd7131791"
content-type: text/css; charset=UTF-8

GET
H2 200 ionicons.css
unwittingquarrelsomewordprocessor.preapsoapgkpa.repl.co/flfs/ 59 KB
59 KB 314ms
313ms Stylesheet
text/css 34.149.204.188
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://unwittingquarrelsomewordprocessor.preapsoapgkpa.repl.co/flfs/ionicons.css

Requested by

Host: unwittingquarrelsomewordprocessor.preapsoapgkpa.repl.co
URL: https://unwittingquarrelsomewordprocessor.preapsoapgkpa.repl.co/index1.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

34.149.204.188 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

188.204.149.34.bc.googleusercontent.com

Software

Resource Hash

d4d41483cf38b6182b0a495196cfc55821cfd2e3d310861f32bcd2240806f187

Security Headers

Name	Value
Strict-Transport-Security	max-age=6659737; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://unwittingquarrelsomewordprocessor.preapsoapgkpa.repl.co/index1.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Tue, 30 Aug 2022 17:06:24 GMT
strict-transport-security: max-age=6659737; includeSubDomains
host: unwittingquarrelsomewordprocessor.preapsoapgkpa.repl.co
replit-cluster: global
content-length: 60205
expect-ct: max-age=2592000, report-uri="https://sentry.repl.it/api/10/security/?sentry_key=615192fd532445bfbbbe966cd7131791"
content-type: text/css; charset=UTF-8

GET
H2 200 2.d18bb301.chunk.css
unwittingquarrelsomewordprocessor.preapsoapgkpa.repl.co/flfs/ 34 KB
34 KB 275ms
274ms Stylesheet
text/css 34.149.204.188
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://unwittingquarrelsomewordprocessor.preapsoapgkpa.repl.co/flfs/2.d18bb301.chunk.css

Requested by

Host: unwittingquarrelsomewordprocessor.preapsoapgkpa.repl.co
URL: https://unwittingquarrelsomewordprocessor.preapsoapgkpa.repl.co/index1.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

34.149.204.188 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

188.204.149.34.bc.googleusercontent.com

Software

Resource Hash

24a91b11b5f18ffcc8d6d6f3707bb263261de6eb7b4867cda0fdb116ced45efa

Security Headers

Name	Value
Strict-Transport-Security	max-age=6659737; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://unwittingquarrelsomewordprocessor.preapsoapgkpa.repl.co/index1.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Tue, 30 Aug 2022 17:06:24 GMT
strict-transport-security: max-age=6659737; includeSubDomains
host: unwittingquarrelsomewordprocessor.preapsoapgkpa.repl.co
replit-cluster: global
content-length: 34938
expect-ct: max-age=2592000, report-uri="https://sentry.repl.it/api/10/security/?sentry_key=615192fd532445bfbbbe966cd7131791"
content-type: text/css; charset=UTF-8

GET
H2 200 main.8d29879f.chunk.css
unwittingquarrelsomewordprocessor.preapsoapgkpa.repl.co/flfs/ 528 KB
528 KB 276ms
275ms Stylesheet
text/css 34.149.204.188
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://unwittingquarrelsomewordprocessor.preapsoapgkpa.repl.co/flfs/main.8d29879f.chunk.css

Requested by

Host: unwittingquarrelsomewordprocessor.preapsoapgkpa.repl.co
URL: https://unwittingquarrelsomewordprocessor.preapsoapgkpa.repl.co/index1.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

34.149.204.188 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

188.204.149.34.bc.googleusercontent.com

Software

Resource Hash

970a245e193b5fcb6fb9e0fa1ecc9a8ee55f3775aa766fcea860ea2d9af9741f

Security Headers

Name	Value
Strict-Transport-Security	max-age=6659737; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://unwittingquarrelsomewordprocessor.preapsoapgkpa.repl.co/index1.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Tue, 30 Aug 2022 17:06:24 GMT
strict-transport-security: max-age=6659737; includeSubDomains
host: unwittingquarrelsomewordprocessor.preapsoapgkpa.repl.co
replit-cluster: global
content-length: 540263
expect-ct: max-age=2592000, report-uri="https://sentry.repl.it/api/10/security/?sentry_key=615192fd532445bfbbbe966cd7131791"
content-type: text/css; charset=UTF-8

GET
H2 200 slider-01.jpg
unwittingquarrelsomewordprocessor.preapsoapgkpa.repl.co/flfs/ 130 KB
130 KB 273ms
273ms Image
image/jpeg 34.149.204.188
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://unwittingquarrelsomewordprocessor.preapsoapgkpa.repl.co/flfs/slider-01.jpg

Requested by

Host: unwittingquarrelsomewordprocessor.preapsoapgkpa.repl.co
URL: https://unwittingquarrelsomewordprocessor.preapsoapgkpa.repl.co/index1.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

34.149.204.188 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

188.204.149.34.bc.googleusercontent.com

Software

Resource Hash

62ebac9119c82db12553de55773d265db5cc81db125dda0e84443a59f7f9c369

Security Headers

Name	Value
Strict-Transport-Security	max-age=6659737; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://unwittingquarrelsomewordprocessor.preapsoapgkpa.repl.co/index1.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Tue, 30 Aug 2022 17:06:24 GMT
strict-transport-security: max-age=6659737; includeSubDomains
host: unwittingquarrelsomewordprocessor.preapsoapgkpa.repl.co
replit-cluster: global
content-length: 132994
expect-ct: max-age=2592000, report-uri="https://sentry.repl.it/api/10/security/?sentry_key=615192fd532445bfbbbe966cd7131791"
content-type: image/jpeg

GET
H2 404 selectArrowDown.b3a49a7d.svg
unwittingquarrelsomewordprocessor.preapsoapgkpa.repl.co/frontend/static/media/ 583 B
583 B 273ms
272ms Image
text/html 34.149.204.188
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://unwittingquarrelsomewordprocessor.preapsoapgkpa.repl.co/frontend/static/media/selectArrowDown.b3a49a7d.svg

Requested by

Host: unwittingquarrelsomewordprocessor.preapsoapgkpa.repl.co
URL: https://unwittingquarrelsomewordprocessor.preapsoapgkpa.repl.co/flfs/main.8d29879f.chunk.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

34.149.204.188 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

188.204.149.34.bc.googleusercontent.com

Software

Resource Hash

0d10a0bbf6ed1bff242da6db52a5d7cf3776a3585c11fe0390aa30641ac6065c

Security Headers

Name	Value
Strict-Transport-Security	max-age=6659737; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://unwittingquarrelsomewordprocessor.preapsoapgkpa.repl.co/flfs/main.8d29879f.chunk.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Tue, 30 Aug 2022 17:06:24 GMT
strict-transport-security: max-age=6659737; includeSubDomains
host: unwittingquarrelsomewordprocessor.preapsoapgkpa.repl.co
replit-cluster: global
content-length: 583
expect-ct: max-age=2592000, report-uri="https://sentry.repl.it/api/10/security/?sentry_key=615192fd532445bfbbbe966cd7131791"
content-type: text/html; charset=UTF-8

GET
H2 404 GothamBook.woff2
unwittingquarrelsomewordprocessor.preapsoapgkpa.repl.co/flfs/gotham/ 0
0 276ms
276ms Font
text/html 34.149.204.188
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://unwittingquarrelsomewordprocessor.preapsoapgkpa.repl.co/flfs/gotham/GothamBook.woff2

Requested by

Host: unwittingquarrelsomewordprocessor.preapsoapgkpa.repl.co
URL: https://unwittingquarrelsomewordprocessor.preapsoapgkpa.repl.co/flfs/fonts.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

34.149.204.188 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

188.204.149.34.bc.googleusercontent.com

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=6659737; includeSubDomains

Request headers

Referer: https://unwittingquarrelsomewordprocessor.preapsoapgkpa.repl.co/flfs/fonts.css
Origin: https://unwittingquarrelsomewordprocessor.preapsoapgkpa.repl.co
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Tue, 30 Aug 2022 17:06:24 GMT
strict-transport-security: max-age=6659737; includeSubDomains
host: unwittingquarrelsomewordprocessor.preapsoapgkpa.repl.co
replit-cluster: global
content-length: 561
expect-ct: max-age=2592000, report-uri="https://sentry.repl.it/api/10/security/?sentry_key=615192fd532445bfbbbe966cd7131791"
content-type: text/html; charset=UTF-8

GET
H2 404 Gotham-Medium.woff2
unwittingquarrelsomewordprocessor.preapsoapgkpa.repl.co/flfs/gotham/ 0
0 276ms
276ms Font
text/html 34.149.204.188
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://unwittingquarrelsomewordprocessor.preapsoapgkpa.repl.co/flfs/gotham/Gotham-Medium.woff2

Requested by

Host: unwittingquarrelsomewordprocessor.preapsoapgkpa.repl.co
URL: https://unwittingquarrelsomewordprocessor.preapsoapgkpa.repl.co/flfs/fonts.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

34.149.204.188 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

188.204.149.34.bc.googleusercontent.com

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=6659737; includeSubDomains

Request headers

Referer: https://unwittingquarrelsomewordprocessor.preapsoapgkpa.repl.co/flfs/fonts.css
Origin: https://unwittingquarrelsomewordprocessor.preapsoapgkpa.repl.co
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Tue, 30 Aug 2022 17:06:24 GMT
strict-transport-security: max-age=6659737; includeSubDomains
host: unwittingquarrelsomewordprocessor.preapsoapgkpa.repl.co
replit-cluster: global
content-length: 564
expect-ct: max-age=2592000, report-uri="https://sentry.repl.it/api/10/security/?sentry_key=615192fd532445bfbbbe966cd7131791"
content-type: text/html; charset=UTF-8

GET
H2 404 GothamBook.woff
unwittingquarrelsomewordprocessor.preapsoapgkpa.repl.co/flfs/gotham/ 0
0 275ms
275ms Font
text/html 34.149.204.188
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://unwittingquarrelsomewordprocessor.preapsoapgkpa.repl.co/flfs/gotham/GothamBook.woff

Requested by

Host: unwittingquarrelsomewordprocessor.preapsoapgkpa.repl.co
URL: https://unwittingquarrelsomewordprocessor.preapsoapgkpa.repl.co/flfs/fonts.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

34.149.204.188 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

188.204.149.34.bc.googleusercontent.com

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=6659737; includeSubDomains

Request headers

Referer: https://unwittingquarrelsomewordprocessor.preapsoapgkpa.repl.co/flfs/fonts.css
Origin: https://unwittingquarrelsomewordprocessor.preapsoapgkpa.repl.co
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Tue, 30 Aug 2022 17:06:24 GMT
strict-transport-security: max-age=6659737; includeSubDomains
host: unwittingquarrelsomewordprocessor.preapsoapgkpa.repl.co
replit-cluster: global
content-length: 560
expect-ct: max-age=2592000, report-uri="https://sentry.repl.it/api/10/security/?sentry_key=615192fd532445bfbbbe966cd7131791"
content-type: text/html; charset=UTF-8

GET
H2 404 Gotham-Medium.woff
unwittingquarrelsomewordprocessor.preapsoapgkpa.repl.co/flfs/gotham/ 0
0 278ms
278ms Font
text/html 34.149.204.188
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://unwittingquarrelsomewordprocessor.preapsoapgkpa.repl.co/flfs/gotham/Gotham-Medium.woff

Requested by

Host: unwittingquarrelsomewordprocessor.preapsoapgkpa.repl.co
URL: https://unwittingquarrelsomewordprocessor.preapsoapgkpa.repl.co/flfs/fonts.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

34.149.204.188 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

188.204.149.34.bc.googleusercontent.com

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=6659737; includeSubDomains

Request headers

Referer: https://unwittingquarrelsomewordprocessor.preapsoapgkpa.repl.co/flfs/fonts.css
Origin: https://unwittingquarrelsomewordprocessor.preapsoapgkpa.repl.co
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Tue, 30 Aug 2022 17:06:24 GMT
strict-transport-security: max-age=6659737; includeSubDomains
host: unwittingquarrelsomewordprocessor.preapsoapgkpa.repl.co
replit-cluster: global
content-length: 563
expect-ct: max-age=2592000, report-uri="https://sentry.repl.it/api/10/security/?sentry_key=615192fd532445bfbbbe966cd7131791"
content-type: text/html; charset=UTF-8

GET
H2 404 GothamBook.ttf
unwittingquarrelsomewordprocessor.preapsoapgkpa.repl.co/flfs/gotham/ 0
0 271ms
270ms Font
text/html 34.149.204.188
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://unwittingquarrelsomewordprocessor.preapsoapgkpa.repl.co/flfs/gotham/GothamBook.ttf

Requested by

Host: unwittingquarrelsomewordprocessor.preapsoapgkpa.repl.co
URL: https://unwittingquarrelsomewordprocessor.preapsoapgkpa.repl.co/flfs/fonts.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

34.149.204.188 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

188.204.149.34.bc.googleusercontent.com

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=6659736; includeSubDomains

Request headers

Referer: https://unwittingquarrelsomewordprocessor.preapsoapgkpa.repl.co/flfs/fonts.css
Origin: https://unwittingquarrelsomewordprocessor.preapsoapgkpa.repl.co
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Tue, 30 Aug 2022 17:06:25 GMT
strict-transport-security: max-age=6659736; includeSubDomains
host: unwittingquarrelsomewordprocessor.preapsoapgkpa.repl.co
replit-cluster: global
content-length: 559
expect-ct: max-age=2592000, report-uri="https://sentry.repl.it/api/10/security/?sentry_key=615192fd532445bfbbbe966cd7131791"
content-type: text/html; charset=UTF-8

GET
H2 404 Gotham-Medium.ttf
unwittingquarrelsomewordprocessor.preapsoapgkpa.repl.co/flfs/gotham/ 0
0 276ms
275ms Font
text/html 34.149.204.188
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://unwittingquarrelsomewordprocessor.preapsoapgkpa.repl.co/flfs/gotham/Gotham-Medium.ttf

Requested by

Host: unwittingquarrelsomewordprocessor.preapsoapgkpa.repl.co
URL: https://unwittingquarrelsomewordprocessor.preapsoapgkpa.repl.co/flfs/fonts.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

34.149.204.188 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

188.204.149.34.bc.googleusercontent.com

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=6659736; includeSubDomains

Request headers

Referer: https://unwittingquarrelsomewordprocessor.preapsoapgkpa.repl.co/flfs/fonts.css
Origin: https://unwittingquarrelsomewordprocessor.preapsoapgkpa.repl.co
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Tue, 30 Aug 2022 17:06:25 GMT
strict-transport-security: max-age=6659736; includeSubDomains
host: unwittingquarrelsomewordprocessor.preapsoapgkpa.repl.co
replit-cluster: global
content-length: 562
expect-ct: max-age=2592000, report-uri="https://sentry.repl.it/api/10/security/?sentry_key=615192fd532445bfbbbe966cd7131791"
content-type: text/html; charset=UTF-8

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Banco de la República Oriental del Uruguay (Banking)

8 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			incab.us/	1969-12-31 23:59:59	Name: 0b0fe3036159a025adf92bd9a2833841 Value: gt30lpufbb1helpq2g3h3t3884

7 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://unwittingquarrelsomewordprocessor.preapsoapgkpa.repl.co/frontend/static/media/selectArrowDown.b3a49a7d.svg Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://unwittingquarrelsomewordprocessor.preapsoapgkpa.repl.co/flfs/gotham/GothamBook.woff2 Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://unwittingquarrelsomewordprocessor.preapsoapgkpa.repl.co/flfs/gotham/Gotham-Medium.woff2 Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://unwittingquarrelsomewordprocessor.preapsoapgkpa.repl.co/flfs/gotham/GothamBook.woff Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://unwittingquarrelsomewordprocessor.preapsoapgkpa.repl.co/flfs/gotham/Gotham-Medium.woff Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://unwittingquarrelsomewordprocessor.preapsoapgkpa.repl.co/flfs/gotham/GothamBook.ttf Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://unwittingquarrelsomewordprocessor.preapsoapgkpa.repl.co/flfs/gotham/Gotham-Medium.ttf Message: Failed to load resource: the server responded with a status of 404 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=6659738; includeSubDomains

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

incab.us
tinyurl.com
unwittingquarrelsomewordprocessor.preapsoapgkpa.repl.co
174.138.4.210
2606:4700:10::6814:8a41
34.149.204.188
0d10a0bbf6ed1bff242da6db52a5d7cf3776a3585c11fe0390aa30641ac6065c
24a91b11b5f18ffcc8d6d6f3707bb263261de6eb7b4867cda0fdb116ced45efa
367cba5c66dcb77e9efdefae321a5fa51b4ed0773b15ebbd7a8ee35b913e75fe
62ebac9119c82db12553de55773d265db5cc81db125dda0e84443a59f7f9c369
970a245e193b5fcb6fb9e0fa1ecc9a8ee55f3775aa766fcea860ea2d9af9741f
9afde12f75dafba0637d0c7894c3d2426c102ab9f4fd8f330f076c4326a1b0a5
d4d41483cf38b6182b0a495196cfc55821cfd2e3d310861f32bcd2240806f187

unwittingquarrelsomewordprocessor.preapsoapgkpa.repl.co Open in urlscan Pro 34.149.204.188 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

13 Requests

100 %HTTPS

33 %IPv6

3 Domains

3 Subdomains

1 IPs

2 Countries

779 kBTransfer

777 kBSize

1 Cookies

0 Outgoing links

Page URL History

Redirected requests

13 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

8 JavaScript Global Variables

1 Cookies

7 Console Messages

Security Headers

Indicators

unwittingquarrelsomewordprocessor.preapsoapgkpa.repl.co Open in urlscan Pro
34.149.204.188 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

13
Requests

100 %
HTTPS

33 %
IPv6

3
Domains

3
Subdomains

1
IPs

2
Countries

779 kB
Transfer

777 kB
Size

1
Cookies

13 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!