navydistorteddoom--interconextol.repl.co Open in urlscan Pro
35.186.245.55 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://navydistorteddoom--interconextol.repl.co/mob/index.html
Effective URL:
https://navydistorteddoom--interconextol.repl.co/desk/index.php
Submission: On October 12 via manual (October 12th 2023, 2:34:13 pm UTC) from CH — Scanned from CH

Summary HTTP 13 Redirects Behaviour Indicators

Summary

This website contacted 2 IPs in 2 countries across 2 domains to perform 13 HTTP transactions. The main IP is 35.186.245.55, located in Kansas City, United States and belongs to GOOGLE, US. The main domain is navydistorteddoom--interconextol.repl.co.
TLS certificate: Issued by GTS CA 1P5 on August 21st 2023. Valid for: 3 months.

This is the only time navydistorteddoom--interconextol.repl.co was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Santander (Banking)

Domain & IP information

	IP Address	AS Autonomous System
1 13	35.186.245.55 35.186.245.55	15169 (GOOGLE) (GOOGLE)
1	200.61.38.87 200.61.38.87	20305 (Banco Rio...) (Banco Rio de la Plata S.A.)
13	2

13 35.186.245.55 (Kansas City, United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: 55.245.186.35.bc.googleusercontent.com

navydistorteddoom--interconextol.repl.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 200.61.38.87 (Villa Rosa, Argentina)

ASN20305 (Banco Rio de la Plata S.A., AR)
PTR: www2.personas.santanderrio.com.ar

www2.personas.santander.com.ar	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
13	repl.co 1 redirects navydistorteddoom--interconextol.repl.co	2 MB
1	santander.com.ar www2.personas.santander.com.ar — Cisco Umbrella Rank: 615697	23 KB
13	2

	Domain	Requested by
13	navydistorteddoom--interconextol.repl.co	1 redirects navydistorteddoom--interconextol.repl.co
1	www2.personas.santander.com.ar	navydistorteddoom--interconextol.repl.co
13	2

This site contains no links.

Subject Issuer	Validity	Valid
repl.co GTS CA 1P5	`2023-08-21` - `2023-11-19`	3 months	crt.sh
www.personas.santander.com.ar Entrust Certification Authority - L1M	`2023-03-24` - `2024-04-24`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://navydistorteddoom--interconextol.repl.co/desk/index.php
Frame ID: 989CD6B6AD2BEDD7423B772A5FE23195
Requests: 13 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

home

Page URL History Show full URLs

https://navydistorteddoom--interconextol.repl.co/mob/index.html Page URL
https://navydistorteddoom--interconextol.repl.co/index.php HTTP 302
https://navydistorteddoom--interconextol.repl.co/desk/index.php Page URL

Detected technologies

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

\.php(?:$|\?)

Page Statistics

13
Requests

100 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

2
IPs

2
Countries

1996 kB
Transfer

1991 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://navydistorteddoom--interconextol.repl.co/mob/index.html Page URL
https://navydistorteddoom--interconextol.repl.co/index.php HTTP 302
https://navydistorteddoom--interconextol.repl.co/desk/index.php Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

13 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK index.html Show response
navydistorteddoom--interconextol.repl.co/mob/ 5 KB
6 KB 533ms
257ms Document
text/html 35.186.245.55
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://navydistorteddoom--interconextol.repl.co/mob/index.html

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

35.186.245.55 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

55.245.186.35.bc.googleusercontent.com

Software

Resource Hash

9253b2dd8a1ba3d1850619ea70841a93ba726c54f3c516e893f7c573a259b2a1

Security Headers

Name	Value
Strict-Transport-Security	max-age=3291301; includeSubDomains

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

Content-Length: 5574
Content-Type: text/html; charset=UTF-8
Date: Thu, 12 Oct 2023 14:34:05 GMT
Expect-Ct: max-age=2592000, report-uri="https://sentry.repl.it/api/10/security/?sentry_key=615192fd532445bfbbbe966cd7131791"
Host: navydistorteddoom--interconextol.repl.co
Replit-Cluster: global
Strict-Transport-Security: max-age=3291301; includeSubDomains

GET
H/1.1 200
OK 101.2021-12-9_20-39-3.053500ab0dff1bc02f8e.css
navydistorteddoom--interconextol.repl.co/mob/files/ 321 KB
321 KB 218ms
217ms Stylesheet
text/css 35.186.245.55
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://navydistorteddoom--interconextol.repl.co/mob/files/101.2021-12-9_20-39-3.053500ab0dff1bc02f8e.css

Requested by

Host: navydistorteddoom--interconextol.repl.co
URL: https://navydistorteddoom--interconextol.repl.co/mob/index.html

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

35.186.245.55 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

55.245.186.35.bc.googleusercontent.com

Software

Resource Hash

2fce55ed59cb32e6ffbb89c86d1c7706d86f022a3fc5c14dabdf2df9f477f93b

Security Headers

Name	Value
Strict-Transport-Security	max-age=3291301; includeSubDomains

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://navydistorteddoom--interconextol.repl.co/mob/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

Date: Thu, 12 Oct 2023 14:34:05 GMT
Strict-Transport-Security: max-age=3291301; includeSubDomains
Host: navydistorteddoom--interconextol.repl.co
Replit-Cluster: global
Content-Length: 328620
Expect-Ct: max-age=2592000, report-uri="https://sentry.repl.it/api/10/security/?sentry_key=615192fd532445bfbbbe966cd7131791"
Content-Type: text/css; charset=UTF-8

GET
H/1.1 200
OK app.2021-12-9_20-39-3.972c2e4ea48b77a3a26d.css
navydistorteddoom--interconextol.repl.co/mob/files/ 629 KB
629 KB 459ms
288ms Stylesheet
text/css 35.186.245.55
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://navydistorteddoom--interconextol.repl.co/mob/files/app.2021-12-9_20-39-3.972c2e4ea48b77a3a26d.css

Requested by

Host: navydistorteddoom--interconextol.repl.co
URL: https://navydistorteddoom--interconextol.repl.co/mob/index.html

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

35.186.245.55 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

55.245.186.35.bc.googleusercontent.com

Software

Resource Hash

aa25d891fe377e745d0f1215f817447311692568cdac742ede88fc59c5f677c7

Security Headers

Name	Value
Strict-Transport-Security	max-age=3291301; includeSubDomains

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://navydistorteddoom--interconextol.repl.co/mob/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

Date: Thu, 12 Oct 2023 14:34:05 GMT
Strict-Transport-Security: max-age=3291301; includeSubDomains
Host: navydistorteddoom--interconextol.repl.co
Replit-Cluster: global
Content-Length: 643645
Expect-Ct: max-age=2592000, report-uri="https://sentry.repl.it/api/10/security/?sentry_key=615192fd532445bfbbbe966cd7131791"
Content-Type: text/css; charset=UTF-8

GET
H/1.1 200
OK 3.2021-12-9_20-39-3.fc6105fbb91203c9d9b7.css
navydistorteddoom--interconextol.repl.co/mob/files/ 35 KB
35 KB 400ms
226ms Stylesheet
text/css 35.186.245.55
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://navydistorteddoom--interconextol.repl.co/mob/files/3.2021-12-9_20-39-3.fc6105fbb91203c9d9b7.css

Requested by

Host: navydistorteddoom--interconextol.repl.co
URL: https://navydistorteddoom--interconextol.repl.co/mob/index.html

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

35.186.245.55 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

55.245.186.35.bc.googleusercontent.com

Software

Resource Hash

2f889ba462b74d78767f864c3f04ef0827c084793a2000891d78c228dfad0ed0

Security Headers

Name	Value
Strict-Transport-Security	max-age=3291301; includeSubDomains

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://navydistorteddoom--interconextol.repl.co/mob/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

Date: Thu, 12 Oct 2023 14:34:05 GMT
Strict-Transport-Security: max-age=3291301; includeSubDomains
Host: navydistorteddoom--interconextol.repl.co
Replit-Cluster: global
Content-Length: 35688
Expect-Ct: max-age=2592000, report-uri="https://sentry.repl.it/api/10/security/?sentry_key=615192fd532445bfbbbe966cd7131791"
Content-Type: text/css; charset=UTF-8

GET
H/1.1 200
OK not_view.svg
navydistorteddoom--interconextol.repl.co/mob/files/ 2 KB
2 KB 232ms
231ms Image
image/svg+xml 35.186.245.55
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://navydistorteddoom--interconextol.repl.co/mob/files/not_view.svg

Requested by

Host: navydistorteddoom--interconextol.repl.co
URL: https://navydistorteddoom--interconextol.repl.co/mob/index.html

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

35.186.245.55 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

55.245.186.35.bc.googleusercontent.com

Software

Resource Hash

04f8687baa3c16d9acd0c3d5e42cefcffad2b51b8383b2819aba7034e130b098

Security Headers

Name	Value
Strict-Transport-Security	max-age=3291300; includeSubDomains

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://navydistorteddoom--interconextol.repl.co/mob/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

Date: Thu, 12 Oct 2023 14:34:06 GMT
Strict-Transport-Security: max-age=3291300; includeSubDomains
Host: navydistorteddoom--interconextol.repl.co
Replit-Cluster: global
Content-Length: 1818
Expect-Ct: max-age=2592000, report-uri="https://sentry.repl.it/api/10/security/?sentry_key=615192fd532445bfbbbe966cd7131791"
Content-Type: image/svg+xml

GET
H/1.1

200
OK

Primary Request index.php Show response
navydistorteddoom--interconextol.repl.co/desk/
Redirect Chain

https://navydistorteddoom--interconextol.repl.co/index.php
https://navydistorteddoom--interconextol.repl.co/desk/index.php

17 KB
17 KB

205ms
205ms

Document
text/html

35.186.245.55
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://navydistorteddoom--interconextol.repl.co/desk/index.php

Requested by

Host: navydistorteddoom--interconextol.repl.co
URL: https://navydistorteddoom--interconextol.repl.co/mob/index.html

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

35.186.245.55 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

55.245.186.35.bc.googleusercontent.com

Software

/ PHP/7.4.21

Resource Hash

2281ef24193c1b0d0dd9b0fb7ff26b4d5e676dcd8be2c544c3a31cf34d604845

Security Headers

Name	Value
Strict-Transport-Security	max-age=3291299; includeSubDomains

Request headers

Referer: https://navydistorteddoom--interconextol.repl.co/mob/index.html
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

Content-Type: text/html; charset=UTF-8
Date: Thu, 12 Oct 2023 14:34:07 GMT
Expect-Ct: max-age=2592000, report-uri="https://sentry.repl.it/api/10/security/?sentry_key=615192fd532445bfbbbe966cd7131791"
Host: navydistorteddoom--interconextol.repl.co
Replit-Cluster: global
Strict-Transport-Security: max-age=3291299; includeSubDomains
Transfer-Encoding: chunked
X-Powered-By: PHP/7.4.21

Redirect headers

Content-Type: text/html; charset=UTF-8
Date: Thu, 12 Oct 2023 14:34:07 GMT
Expect-Ct: max-age=2592000, report-uri="https://sentry.repl.it/api/10/security/?sentry_key=615192fd532445bfbbbe966cd7131791"
Host: navydistorteddoom--interconextol.repl.co
Location: desk/index.php
Replit-Cluster: global
Strict-Transport-Security: max-age=3291300; includeSubDomains
Transfer-Encoding: chunked
X-Powered-By: PHP/7.4.21

GET
H/1.1 404
Not Found css
navydistorteddoom--interconextol.repl.co/desk/index_files/ 0
0 206ms
205ms Stylesheet
text/html 35.186.245.55
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://navydistorteddoom--interconextol.repl.co/desk/index_files/css

Requested by

Host: navydistorteddoom--interconextol.repl.co
URL: https://navydistorteddoom--interconextol.repl.co/desk/index.php

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

35.186.245.55 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

55.245.186.35.bc.googleusercontent.com

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=3291299; includeSubDomains

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://navydistorteddoom--interconextol.repl.co/desk/index.php
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

Date: Thu, 12 Oct 2023 14:34:07 GMT
Strict-Transport-Security: max-age=3291299; includeSubDomains
Host: navydistorteddoom--interconextol.repl.co
Replit-Cluster: global
Content-Length: 553
Expect-Ct: max-age=2592000, report-uri="https://sentry.repl.it/api/10/security/?sentry_key=615192fd532445bfbbbe966cd7131791"
Content-Type: text/html; charset=UTF-8

GET
H/1.1 200
OK 98.2021-4-9_18-25-49.9755484966e151cb9769.css
navydistorteddoom--interconextol.repl.co/desk/index_files/ 365 KB
366 KB 208ms
207ms Stylesheet
text/css 35.186.245.55
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://navydistorteddoom--interconextol.repl.co/desk/index_files/98.2021-4-9_18-25-49.9755484966e151cb9769.css

Requested by

Host: navydistorteddoom--interconextol.repl.co
URL: https://navydistorteddoom--interconextol.repl.co/desk/index.php

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

35.186.245.55 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

55.245.186.35.bc.googleusercontent.com

Software

Resource Hash

57a9e75d945445a704a564989d07eba05eebd1813963ddc726ace9a013973482

Security Headers

Name	Value
Strict-Transport-Security	max-age=3291299; includeSubDomains

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://navydistorteddoom--interconextol.repl.co/desk/index.php
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

Date: Thu, 12 Oct 2023 14:34:07 GMT
Strict-Transport-Security: max-age=3291299; includeSubDomains
Host: navydistorteddoom--interconextol.repl.co
Replit-Cluster: global
Content-Length: 373933
Expect-Ct: max-age=2592000, report-uri="https://sentry.repl.it/api/10/security/?sentry_key=615192fd532445bfbbbe966cd7131791"
Content-Type: text/css; charset=UTF-8

GET
H/1.1 200
OK app.2021-4-9_18-25-49.06fa654bfbd6e978d9ee.css
navydistorteddoom--interconextol.repl.co/desk/index_files/ 559 KB
559 KB 379ms
378ms Stylesheet
text/css 35.186.245.55
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://navydistorteddoom--interconextol.repl.co/desk/index_files/app.2021-4-9_18-25-49.06fa654bfbd6e978d9ee.css

Requested by

Host: navydistorteddoom--interconextol.repl.co
URL: https://navydistorteddoom--interconextol.repl.co/desk/index.php

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

35.186.245.55 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

55.245.186.35.bc.googleusercontent.com

Software

Resource Hash

bace63d91e16990831c847e37244a9ebc62054402a2472feea92b6f31f3f083a

Security Headers

Name	Value
Strict-Transport-Security	max-age=3291299; includeSubDomains

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://navydistorteddoom--interconextol.repl.co/desk/index.php
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

Date: Thu, 12 Oct 2023 14:34:07 GMT
Strict-Transport-Security: max-age=3291299; includeSubDomains
Host: navydistorteddoom--interconextol.repl.co
Replit-Cluster: global
Content-Length: 572018
Expect-Ct: max-age=2592000, report-uri="https://sentry.repl.it/api/10/security/?sentry_key=615192fd532445bfbbbe966cd7131791"
Content-Type: text/css; charset=UTF-8

GET
H/1.1 200
OK 3.2021-4-9_18-25-49.730818495e47d5ab0499.css
navydistorteddoom--interconextol.repl.co/desk/index_files/ 32 KB
33 KB 225ms
204ms Stylesheet
text/css 35.186.245.55
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://navydistorteddoom--interconextol.repl.co/desk/index_files/3.2021-4-9_18-25-49.730818495e47d5ab0499.css

Requested by

Host: navydistorteddoom--interconextol.repl.co
URL: https://navydistorteddoom--interconextol.repl.co/desk/index.php

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

35.186.245.55 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

55.245.186.35.bc.googleusercontent.com

Software

Resource Hash

98775d97b8cf770477388341bf9673a75db77114f3ae7489b0c8745da5705c5f

Security Headers

Name	Value
Strict-Transport-Security	max-age=3291299; includeSubDomains

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://navydistorteddoom--interconextol.repl.co/desk/index.php
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

Date: Thu, 12 Oct 2023 14:34:07 GMT
Strict-Transport-Security: max-age=3291299; includeSubDomains
Host: navydistorteddoom--interconextol.repl.co
Replit-Cluster: global
Content-Length: 33114
Expect-Ct: max-age=2592000, report-uri="https://sentry.repl.it/api/10/security/?sentry_key=615192fd532445bfbbbe966cd7131791"
Content-Type: text/css; charset=UTF-8

GET
H/1.1 200
OK desktop-sr.svg
navydistorteddoom--interconextol.repl.co/desk/index_files/ 3 KB
3 KB 238ms
237ms Image
image/svg+xml 35.186.245.55
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://navydistorteddoom--interconextol.repl.co/desk/index_files/desktop-sr.svg

Requested by

Host: navydistorteddoom--interconextol.repl.co
URL: https://navydistorteddoom--interconextol.repl.co/desk/index.php

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

35.186.245.55 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

55.245.186.35.bc.googleusercontent.com

Software

Resource Hash

c9795c8390b656c79384cbf530bc39ca1929789a26e1b3a34ea206b1f3f5f65b

Security Headers

Name	Value
Strict-Transport-Security	max-age=3291298; includeSubDomains

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://navydistorteddoom--interconextol.repl.co/desk/index.php
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

Date: Thu, 12 Oct 2023 14:34:08 GMT
Strict-Transport-Security: max-age=3291298; includeSubDomains
Host: navydistorteddoom--interconextol.repl.co
Replit-Cluster: global
Content-Length: 3123
Expect-Ct: max-age=2592000, report-uri="https://sentry.repl.it/api/10/security/?sentry_key=615192fd532445bfbbbe966cd7131791"
Content-Type: image/svg+xml

GET
H/1.1 200
OK not_view.svg
navydistorteddoom--interconextol.repl.co/desk/index_files/ 2 KB
2 KB 211ms
210ms Image
image/svg+xml 35.186.245.55
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://navydistorteddoom--interconextol.repl.co/desk/index_files/not_view.svg

Requested by

Host: navydistorteddoom--interconextol.repl.co
URL: https://navydistorteddoom--interconextol.repl.co/desk/index.php

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

35.186.245.55 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

55.245.186.35.bc.googleusercontent.com

Software

Resource Hash

04f8687baa3c16d9acd0c3d5e42cefcffad2b51b8383b2819aba7034e130b098

Security Headers

Name	Value
Strict-Transport-Security	max-age=3291298; includeSubDomains

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://navydistorteddoom--interconextol.repl.co/desk/index.php
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

Date: Thu, 12 Oct 2023 14:34:08 GMT
Strict-Transport-Security: max-age=3291298; includeSubDomains
Host: navydistorteddoom--interconextol.repl.co
Replit-Cluster: global
Content-Length: 1818
Expect-Ct: max-age=2592000, report-uri="https://sentry.repl.it/api/10/security/?sentry_key=615192fd532445bfbbbe966cd7131791"
Content-Type: image/svg+xml

GET
H/1.1 200
OK Ilustracion.svg
www2.personas.santander.com.ar/obp-webapp/angular/client/app/common/images/ 22 KB
23 KB 1801ms
261ms Image
image/svg+xml 200.61.38.87
Banco Rio de la P...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www2.personas.santander.com.ar/obp-webapp/angular/client/app/common/images/Ilustracion.svg

Requested by

Host: navydistorteddoom--interconextol.repl.co
URL: https://navydistorteddoom--interconextol.repl.co/desk/index_files/3.2021-4-9_18-25-49.730818495e47d5ab0499.css

Protocol

HTTP/1.1

Security

TLS 1.2, RSA, AES_256_CBC

Server

200.61.38.87 Villa Rosa, Argentina, ASN20305 (Banco Rio de la Plata S.A., AR),

Reverse DNS

www2.personas.santanderrio.com.ar

Software

Resource Hash

405f3392198ce4a77c2c729b4666731fa79641190d69cd9c742c3a9f3d9fe02e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://navydistorteddoom--interconextol.repl.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

Date: Thu, 12 Oct 2023 14:34:10 GMT
Strict-Transport-Security: max-age=31536000
Last-Modified: Tue, 10 Oct 2023 23:56:23 GMT
ETag: "1ed1-5897-60765743e8b1d"
Vary: Accept-Encoding
X-FRAME-OPTIONS: SAMEORIGIN
Content-Type: image/svg+xml
Server-Timing: dtSInfo;desc="1"
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=237
Content-Length: 22679
Connection: Keep-Alive

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Santander (Banking)

3 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| mostrarPassword function| mostrarUsuario function| soloNumeros

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://navydistorteddoom--interconextol.repl.co/desk/index_files/css Message: Failed to load resource: the server responded with a status of 404 (Not Found)

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=3291301; includeSubDomains

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

navydistorteddoom--interconextol.repl.co
www2.personas.santander.com.ar
200.61.38.87
35.186.245.55
04f8687baa3c16d9acd0c3d5e42cefcffad2b51b8383b2819aba7034e130b098
2281ef24193c1b0d0dd9b0fb7ff26b4d5e676dcd8be2c544c3a31cf34d604845
2f889ba462b74d78767f864c3f04ef0827c084793a2000891d78c228dfad0ed0
2fce55ed59cb32e6ffbb89c86d1c7706d86f022a3fc5c14dabdf2df9f477f93b
405f3392198ce4a77c2c729b4666731fa79641190d69cd9c742c3a9f3d9fe02e
57a9e75d945445a704a564989d07eba05eebd1813963ddc726ace9a013973482
9253b2dd8a1ba3d1850619ea70841a93ba726c54f3c516e893f7c573a259b2a1
98775d97b8cf770477388341bf9673a75db77114f3ae7489b0c8745da5705c5f
aa25d891fe377e745d0f1215f817447311692568cdac742ede88fc59c5f677c7
bace63d91e16990831c847e37244a9ebc62054402a2472feea92b6f31f3f083a
c9795c8390b656c79384cbf530bc39ca1929789a26e1b3a34ea206b1f3f5f65b

navydistorteddoom--interconextol.repl.co Open in urlscan Pro 35.186.245.55 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

13 Requests

100 %HTTPS

0 %IPv6

2 Domains

2 Subdomains

2 IPs

2 Countries

1996 kBTransfer

1991 kBSize

0 Cookies

0 Outgoing links

Page URL History

Redirected requests

13 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

3 JavaScript Global Variables

0 Cookies

1 Console Messages

Security Headers

Indicators

navydistorteddoom--interconextol.repl.co Open in urlscan Pro
35.186.245.55 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

13
Requests

100 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

2
IPs

2
Countries

1996 kB
Transfer

1991 kB
Size

0
Cookies

13 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!