urlscan.io logo urlscan.io
SecurityTrails logo

fix--violations.replit.app Open in urlscan Pro
34.117.33.233  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://zpr.io/XS4j39vKYCTQ
Effective URL: https://fix--violations.replit.app/index.html
Submission: On April 06 via automatic, source phishtank — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 3 IPs in 1 countries across 4 domains to perform 7 HTTP transactions. The main IP is 34.117.33.233, located in Kansas City, United States and belongs to GOOGLE-CLOUD-PLATFORM, US. The main domain is fix--violations.replit.app.
TLS certificate: Issued by GTS CA 1D4 on February 19th 2024. Valid for: 3 months.
This is the only time fix--violations.replit.app was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Facebook (Social Network)

Domain & IP information

IP Address AS Autonomous System
1 1 52.205.138.75 14618 (AMAZON-AES)
4 34.117.33.233 396982 (GOOGLE-CL...)
2 151.101.66.132 54113 (FASTLY)
1 2a02:ec80:300... 14907 (WIKIMEDIA)
7 3
Apex Domain
Subdomains		 Transfer
4 replit.app
fix--violations.replit.app
29 KB
2 glitch.global
cdn.glitch.global — Cisco Umbrella Rank: 229225
17 KB
1 wikimedia.org
upload.wikimedia.org — Cisco Umbrella Rank: 3183
54 KB
1 zpr.io
zpr.io — Cisco Umbrella Rank: 954420
90 B
7 4
Domain Requested by
4 fix--violations.replit.app fix--violations.replit.app
2 cdn.glitch.global fix--violations.replit.app
1 upload.wikimedia.org
1 zpr.io 1 redirects
7 4

This site contains links to these domains. Also see Links.

Domain
detailed-video-29b30.web.app
Subject Issuer Validity Valid
replit.app
GTS CA 1D4		 2024-02-19 -
2024-05-19		 3 months crt.sh
cdn.glitch.global
R3		 2024-03-31 -
2024-06-29		 3 months crt.sh
*.wikipedia.org
DigiCert TLS Hybrid ECC SHA384 2020 CA1		 2023-10-18 -
2024-10-16		 a year crt.sh

This page contains 1 frames:

Primary Page: https://fix--violations.replit.app/index.html
Frame ID: 729BD2B78EA47A8D32A7D33500D727A9
Requests: 7 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Request Form

Page URL History Show full URLs

  1. https://zpr.io/XS4j39vKYCTQ HTTP 302
    https://fix--violations.replit.app/ Page URL
  2. https://fix--violations.replit.app/index.html Page URL

Page Statistics

7
Requests

100 %
HTTPS

25 %
IPv6

4
Domains

4
Subdomains

3
IPs

1
Countries

101 kB
Transfer

99 kB
Size

0
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://zpr.io/XS4j39vKYCTQ HTTP 302
    https://fix--violations.replit.app/ Page URL
  2. https://fix--violations.replit.app/index.html Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0
  • https://zpr.io/XS4j39vKYCTQ HTTP 302
  • https://fix--violations.replit.app/

7 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
/
fix--violations.replit.app/
Redirect Chain
  • https://zpr.io/XS4j39vKYCTQ
  • https://fix--violations.replit.app/
1 KB
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://fix--violations.replit.app/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.117.33.233 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
233.33.117.34.bc.googleusercontent.com
Software
Google Frontend / PHP/8.2.0RC7
Resource Hash
80d1c58c7c421b9c8e380d20d3ee8e28df0884683010c833582d6100f7ce9c21
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
accept-language
de-DE,de;q=0.9
sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile
?0
sec-ch-ua-platform
"Win32"

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-type
text/html; charset=UTF-8
date
Sat, 06 Apr 2024 00:51:30 GMT
server
Google Frontend
strict-transport-security
max-age=63072000; includeSubDomains
via
1.1 google
x-powered-by
PHP/8.2.0RC7

Redirect headers

content-length
275
content-type
text/html; charset=utf-8
date
Sat, 06 Apr 2024 00:51:29 GMT
location
https://fix--violations.replit.app
favicon.ico
fix--violations.replit.app/ 		544 B
639 B 		Other
General
Check archive.org
Download Go to
Full URL
https://fix--violations.replit.app/favicon.ico
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.117.33.233 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
233.33.117.34.bc.googleusercontent.com
Software
Google Frontend /
Resource Hash
28e8d6ca16281b61453fc074393a70dd88728734fd6546313f5197b9ab243b44
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://fix--violations.replit.app/
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sat, 06 Apr 2024 00:51:30 GMT
strict-transport-security
max-age=63072000; includeSubDomains
via
1.1 google
server
Google Frontend
content-type
text/html; charset=UTF-8
x-cloud-trace-context
c3c4b4ca689ed4b07813124dd62c7a14
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
544
Primary Request index.html
fix--violations.replit.app/ 		3 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://fix--violations.replit.app/index.html
Requested by
Host: fix--violations.replit.app
URL: https://fix--violations.replit.app/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.117.33.233 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
233.33.117.34.bc.googleusercontent.com
Software
Google Frontend /
Resource Hash
9343c016875df812d01de2fcd9abf53186755ce0d7f5da2a0d814fc5fe4ea073
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains

Request headers

Referer
https://fix--violations.replit.app/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
accept-language
de-DE,de;q=0.9
sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile
?0
sec-ch-ua-platform
"Win32"

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
2884
content-type
text/html; charset=UTF-8
date
Sat, 06 Apr 2024 00:51:31 GMT
server
Google Frontend
strict-transport-security
max-age=63072000; includeSubDomains
via
1.1 google
x-cloud-trace-context
e986b7c8718674a1d9d17886214c0c33
style.css
fix--violations.replit.app/ 		24 KB
24 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fix--violations.replit.app/style.css
Requested by
Host: fix--violations.replit.app
URL: https://fix--violations.replit.app/index.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.117.33.233 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
233.33.117.34.bc.googleusercontent.com
Software
Google Frontend /
Resource Hash
2ea26483bd7f9d0dd3624b29e6b36b499cd8414ae9e5cd2c3165523866129701
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://fix--violations.replit.app/index.html
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sat, 06 Apr 2024 00:51:31 GMT
strict-transport-security
max-age=63072000; includeSubDomains
via
1.1 google
server
Google Frontend
content-type
text/css; charset=UTF-8
x-cloud-trace-context
4d474c07fceaf0bd958c137d68edf5f2
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
24479
IMG_20240316_125232.jpg
cdn.glitch.global/0c92fe91-f6a5-4eb7-85f9-57f29912d3f4/ 		12 KB
13 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.glitch.global/0c92fe91-f6a5-4eb7-85f9-57f29912d3f4/IMG_20240316_125232.jpg?v=1710575596406
Requested by
Host: fix--violations.replit.app
URL: https://fix--violations.replit.app/index.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.66.132 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
83cdef6fb443c85a249211df67b2ac4c7a1f90ccdd81b5c38117798f58132063
Security Headers
Name Value
Content-Security-Policy script-src 'none'

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://fix--violations.replit.app/
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

content-security-policy
script-src 'none'
via
1.1 varnish, 1.1 varnish
date
Sat, 06 Apr 2024 00:51:31 GMT
x-amz-request-id
T7FAMW26DN046PBX
age
1789093
x-amz-server-side-encryption
AES256
x-cache
HIT, HIT
content-length
12724
x-amz-id-2
4s7FF4+fye1VQce09EbI1ZvA1NdEVDYbOlzmmNcJffBAWW1Ey+RPJsqwcwLtawqiakLnwJtm6r71VA2cp/ScE70KkRY5TtrTV9rfFdVZpqI=
x-served-by
cache-iad-kjyo7100145-IAD, cache-fra-etou8220114-FRA
last-modified
Sat, 16 Mar 2024 07:53:17 GMT
server
AmazonS3
x-timer
S1712364692.686726,VS0,VE1
etag
"d1064fbad13f0250dc186edf6d5017c8"
access-control-allow-methods
GET, HEAD, POST
content-type
image/jpeg
access-control-allow-origin
*
cache-control
max-age=31536000
accept-ranges
bytes
x-cache-hits
5, 1
video-logo.jpg
cdn.glitch.global/3b9c0936-6e58-4ace-bab9-026d99a84875/ 		4 KB
5 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.glitch.global/3b9c0936-6e58-4ace-bab9-026d99a84875/video-logo.jpg?v=1710497688611
Requested by
Host: fix--violations.replit.app
URL: https://fix--violations.replit.app/index.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.66.132 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
fc59f3622770b4b99411b55860b6631dd3b75cb3c7ce090a014b4486ef1c13de
Security Headers
Name Value
Content-Security-Policy script-src 'none'

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://fix--violations.replit.app/
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

content-security-policy
script-src 'none'
via
1.1 varnish, 1.1 varnish
date
Sat, 06 Apr 2024 00:51:31 GMT
x-amz-request-id
N4YQTQ90SQTK6Y9R
age
762161
x-amz-server-side-encryption
AES256
x-cache
HIT, HIT
content-length
4294
x-amz-id-2
MN+91tJAg7z5Ze3LcXpRQ8g6O5B0WVQt7ZeMbjGiGJeJhZuIvDgiV/esYpw3/5hNkGx+82gHgOzUAQi9eO/9NA==
x-served-by
cache-iad-kcgs7200036-IAD, cache-fra-etou8220114-FRA
last-modified
Fri, 15 Mar 2024 10:14:49 GMT
server
AmazonS3
x-timer
S1712364692.686628,VS0,VE1
etag
"11866df30cf7d0b1b4fd22c64bd29efd"
access-control-allow-methods
GET, HEAD, POST
content-type
image/jpeg
access-control-allow-origin
*
cache-control
max-age=31536000
accept-ranges
bytes
x-cache-hits
32, 1
Facebook_Logo_2023.png
upload.wikimedia.org/wikipedia/commons/6/6c/ 		53 KB
54 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://upload.wikimedia.org/wikipedia/commons/6/6c/Facebook_Logo_2023.png
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:ec80:300:ed1a::2:b , United States, ASN14907 (WIKIMEDIA, US),
Reverse DNS
Software
ATS/9.1.4 /
Resource Hash
2adfd474d91fd20c51084309ed000c1ae6cc7f5f70af14d375930f5a71301308
Security Headers
Name Value
Strict-Transport-Security max-age=106384710; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://fix--violations.replit.app/
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Fri, 05 Apr 2024 03:43:15 GMT
strict-transport-security
max-age=106384710; includeSubDomains; preload
x-content-type-options
nosniff
nel
{ "report_to": "wm_nel", "max_age": 604800, "failure_fraction": 0.05, "success_fraction": 0.0}
age
76096
x-cache-status
hit-front
x-cache
cp3080 hit, cp3080 hit/300
server-timing
cache;desc="hit-front", host;desc="cp3080"
content-length
54771
x-client-ip
2a01:4a0:1338:92::6
x-object-meta-sha1base36
khqfbdm55vq0s0y0eqr5onb4hjn6qc9
last-modified
Wed, 11 Oct 2023 12:15:27 GMT
server
ATS/9.1.4
etag
e4da23704f27c9df07e6c21a13e28bfd
report-to
{ "group": "wm_nel", "max_age": 604800, "endpoints": [{ "url": "https://intake-logging.wikimedia.org/v1/events?stream=w3c.reportingapi.network_error&schema_uri=/w3c/reportingapi/network_error/1.0.0" }] }
content-type
image/png
access-control-allow-origin
*
access-control-expose-headers
Age, Date, Content-Length, Content-Range, X-Content-Duration, X-Cache
accept-ranges
bytes
timing-allow-origin
*

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Facebook (Social Network)

0 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

1 Console Messages

Source Level URL
Text
network error URL: https://fix--violations.replit.app/favicon.ico
Message:
Failed to load resource: the server responded with a status of 404 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=63072000; includeSubDomains