nelienaei-7837--lineasnejj2.replit.app
Category: Phishing
To use full-featured product, you have to purchase a license for Combo Cleaner. Limited seven days free trial available. Combo Cleaner is owned and operated by RCS LT, the parent company of PCRisk.com.
Description of nelienaei-7837--lineasnejj2.replit.app
This domain appears to host a web page presented in Spanish as "Evaluación de Crédito | Banco Pichincha," with a form requesting identity, name, surname, mobile number, and monthly income. Based on the page title, screenshot, and referenced logo asset, the site appears to imitate a credit application or pre-qualification workflow associated with Banco Pichincha rather than functioning as a general-purpose personal page.
The domain itself is a subdomain on replit.app, which is commonly used for hosted app prototypes and lightweight web deployments. That hosting context, combined with the branded banking presentation and credential-style data collection form, suggests the page may be intended to solicit sensitive personal and financial information while appearing to represent a legitimate financial institution.
No clear evidence in the scan data identifies the actual operator of this page. Based on the available content and branding cues, it appears to be a finance-themed site that may be impersonating a bank brand rather than an official banking domain.
Safety Assessment for nelienaei-7837--lineasnejj2.replit.app
Multiple security signals indicate elevated risk at the time of this scan. The domain was flagged by 18 out of 91 security engines, and several independent threat databases classified it as phishing or social-engineering related. In addition, a major browser-protection blacklist listed the page for social engineering, which is a strong content-risk signal. Although the malware scan did not detect malicious files, phishing pages often rely on deceptive forms and branding rather than downloadable malware.
The page content itself raises further concern. The screenshot shows Banco Pichincha branding on a replit.app subdomain rather than what would typically be expected for an official banking property, and it asks visitors to submit personal identity and financial details. That mismatch between the displayed brand and the hosted domain closely resembles a look-alike or impersonation setup and may be intended to capture sensitive information from users who believe they are interacting with the real institution.
The domain is several years old, which can sometimes reduce uncertainty, but in this case the age is outweighed by the multi-engine phishing detections, blacklist listing, and the apparent brand impersonation pattern visible on the page. Based on these findings, this website may pose potential risks to visitors.
Technical Description
The site was reachable over HTTPS with a valid TLS certificate issued by a mainstream certificate authority, and it appears to be served through Google Frontend infrastructure on Google Cloud from an IP located in the United States. The domain uses Google-hosted nameservers, and DNSSEC appears to be unsigned at the time of this scan.
From a technical perspective, the page is lightweight and references common third-party assets such as Tailwind CSS, Font Awesome, and a Wikimedia-hosted image. No malicious files or flagged external links were identified by the page-level malware scan, but that does not offset the stronger phishing indicators from reputation systems and the apparent misuse of banking branding on a third-party hosting subdomain.
Share your experience with this website. Was it safe? Did you encounter any issues?