df1a814a-4c71-4237-aad8-d912fc1d6b83.id.repl.co
Open in
urlscan Pro
34.149.204.188
Malicious Activity!
Public Scan
URL:
https://df1a814a-4c71-4237-aad8-d912fc1d6b83.id.repl.co/
Submission: On April 08 via automatic, source phishtank — Scanned from DE
Submission: On April 08 via automatic, source phishtank — Scanned from DE
Summary
This website contacted 1 IPs
in 1 countries
across 1 domains to perform 5 HTTP transactions.
The main IP is 34.149.204.188, located in
Kansas City, United States and
belongs to GOOGLE-CLOUD-PLATFORM, US.
The main domain is df1a814a-4c71-4237-aad8-d912fc1d6b83.id.repl.co.
TLS certificate: Issued by R3 on February 22nd 2023. Valid for: 3 months.
This is the only time df1a814a-4c71-4237-aad8-d912fc1d6b83.id.repl.co was scanned on urlscan.io!
TLS certificate: Issued by R3 on February 22nd 2023. Valid for: 3 months.
This is the only time df1a814a-4c71-4237-aad8-d912fc1d6b83.id.repl.co was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Banco Galicia (Banking)Domain & IP information
| IP Address | AS Autonomous System | ||
|---|---|---|---|
| 5 | 34.149.204.188 34.149.204.188 | 396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM) | |
| 5 | 1 |
5
34.149.204.188
(Kansas City, United States)
ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 188.204.149.34.bc.googleusercontent.com
ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 188.204.149.34.bc.googleusercontent.com
| df1a814a-4c71-4237-aad8-d912fc1d6b83.id.repl.co |
| Apex Domain Subdomains |
Transfer | |
|---|---|---|
| 5 |
repl.co
df1a814a-4c71-4237-aad8-d912fc1d6b83.id.repl.co |
314 KB |
| 5 | 1 |
| Domain | Requested by | |
|---|---|---|
| 5 | df1a814a-4c71-4237-aad8-d912fc1d6b83.id.repl.co |
df1a814a-4c71-4237-aad8-d912fc1d6b83.id.repl.co
|
| 5 | 1 |
This site contains no links.
| Subject Issuer | Validity | Valid | |
|---|---|---|---|
| id.repl.co R3 |
2023-02-22 - 2023-05-23 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://df1a814a-4c71-4237-aad8-d912fc1d6b83.id.repl.co/
Frame ID: 7FA5C0850870C040AAD962D3C61F23C9
Requests: 5 HTTP requests in this frame
0 Outgoing links
These are links going to different origins than the main page.
Redirected requests
There were HTTP redirect chains for the following requests:
5 HTTP transactions
| Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
GET H2 |
Primary Request
/
df1a814a-4c71-4237-aad8-d912fc1d6b83.id.repl.co/ |
8 KB 8 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
style.css
df1a814a-4c71-4237-aad8-d912fc1d6b83.id.repl.co/ |
6 KB 6 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
log.svg
df1a814a-4c71-4237-aad8-d912fc1d6b83.id.repl.co/ |
5 KB 5 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
tecl.jpg
df1a814a-4c71-4237-aad8-d912fc1d6b83.id.repl.co/ |
2 KB 2 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
login-2.jpg
df1a814a-4c71-4237-aad8-d912fc1d6b83.id.repl.co/ |
293 KB 293 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Banco Galicia (Banking)3 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
boolean| credentialless function| handleInputChange function| cambiarImagen0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
| Header | Value |
|---|---|
| Strict-Transport-Security | max-age=3909360; includeSubDomains |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
df1a814a-4c71-4237-aad8-d912fc1d6b83.id.repl.co
34.149.204.188
74da71fabee17fcfcd3f983da921d21cd5994d3e8e27c372e0487912af9224fe
a881cc7fb3a515cc20a3a1defaa39f3967e29420f5c63efb720a03d9e836e027
ac75efeeb30cd835d11d85a659c19d9b30b76af888720621ac5cbd9a61e9dca4
b4ff0e55e735bcecbe65b3d851306ed458d3ef865d108b74dbc107ead609a17a
f30666726e477b3ccaeb8a66592b60562db9485ef0c5cd8fdb22a90e99fba9c0