pruebagali.josede91.repl.co
Open in
urlscan Pro
34.149.204.188
Malicious Activity!
Public Scan
Submitted URL: https://pruebagali.josede91.repl.co/
Effective URL: https://pruebagali.josede91.repl.co/public/index.php
Submission Tags: replit-anti-abuse a487cf Search All
Submission: On July 10 via api from US — Scanned from DE
Effective URL: https://pruebagali.josede91.repl.co/public/index.php
Submission Tags: replit-anti-abuse a487cf Search All
Submission: On July 10 via api from US — Scanned from DE
Summary
This website contacted 3 IPs
in 2 countries
across 3 domains to perform 11 HTTP transactions.
The main IP is 34.149.204.188, located in
Kansas City, United States and
belongs to GOOGLE-CLOUD-PLATFORM, US.
The main domain is pruebagali.josede91.repl.co.
TLS certificate: Issued by R3 on April 30th 2023. Valid for: 3 months.
This is the only time pruebagali.josede91.repl.co was scanned on urlscan.io!
TLS certificate: Issued by R3 on April 30th 2023. Valid for: 3 months.
This is the only time pruebagali.josede91.repl.co was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Banco Galicia (Banking)Domain & IP information
| IP Address | AS Autonomous System | ||
|---|---|---|---|
| 1 9 | 34.149.204.188 34.149.204.188 | 396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM) | |
| 2 | 2606:4700::68... 2606:4700::6811:190e | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
| 1 | 161.190.1.33 161.190.1.33 | 13474 (Banco de ...) (Banco de Galicia y Buenos Aires) | |
| 11 | 3 |
9
34.149.204.188
(Kansas City, United States)
ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 188.204.149.34.bc.googleusercontent.com
ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 188.204.149.34.bc.googleusercontent.com
| pruebagali.josede91.repl.co |
1
161.190.1.33
(Buenos Aires, Argentina)
ASN13474 (Banco de Galicia y Buenos Aires, AR)
PTR: wsec06.bancogalicia.com.ar
ASN13474 (Banco de Galicia y Buenos Aires, AR)
PTR: wsec06.bancogalicia.com.ar
| wsec06.bancogalicia.com.ar |
| Apex Domain Subdomains |
Transfer | |
|---|---|---|
| 9 |
repl.co
1 redirects
pruebagali.josede91.repl.co |
240 KB |
| 2 |
cloudflare.com
cdnjs.cloudflare.com — Cisco Umbrella Rank: 274 |
166 KB |
| 1 |
bancogalicia.com.ar
wsec06.bancogalicia.com.ar |
3 KB |
| 11 | 3 |
| Domain | Requested by | |
|---|---|---|
| 9 | pruebagali.josede91.repl.co |
1 redirects
pruebagali.josede91.repl.co
|
| 2 | cdnjs.cloudflare.com |
pruebagali.josede91.repl.co
cdnjs.cloudflare.com |
| 1 | wsec06.bancogalicia.com.ar |
pruebagali.josede91.repl.co
|
| 11 | 3 |
This site contains no links.
| Subject Issuer | Validity | Valid | |
|---|---|---|---|
| josede91.repl.co R3 |
2023-04-30 - 2023-07-29 |
3 months | crt.sh |
| sni.cloudflaressl.com Cloudflare Inc ECC CA-3 |
2023-07-03 - 2024-07-02 |
a year | crt.sh |
| wsec06.bancogalicia.com.ar DigiCert EV RSA CA G2 |
2023-03-10 - 2024-03-12 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://pruebagali.josede91.repl.co/public/index.php
Frame ID: AF01340CD6F6D5DE90005A387296CA2E
Requests: 11 HTTP requests in this frame
Screenshot
Page Title
Gaicia | loginPage URL History Show full URLs
-
https://pruebagali.josede91.repl.co/
HTTP 302
https://pruebagali.josede91.repl.co/public/index.php Page URL
Detected technologies
PHP
(Programming Languages)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- \.php(?:$|\?)
Font Awesome
(Font Scripts)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- <link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
- (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
jQuery
(JavaScript Libraries)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- jquery[.-]([\d.]*\d)[^/]*\.js
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://pruebagali.josede91.repl.co/
HTTP 302
https://pruebagali.josede91.repl.co/public/index.php Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
11 HTTP transactions
| Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
GET H2 |
Primary Request
index.php
pruebagali.josede91.repl.co/public/ Redirect Chain
|
2 KB 2 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
style.css
pruebagali.josede91.repl.co/public/ |
2 KB 2 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
all.min.css
cdnjs.cloudflare.com/ajax/libs/font-awesome/6.3.0/css/ |
100 KB 19 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
jquery-3.6.1.min.js
pruebagali.josede91.repl.co/public/content/ |
88 KB 88 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
new.png
pruebagali.josede91.repl.co/public/content/ |
4 KB 4 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
ob.png
pruebagali.josede91.repl.co/public/content/ |
40 KB 40 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
07.jpg
pruebagali.josede91.repl.co/public/content/ |
101 KB 102 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
login.js
pruebagali.josede91.repl.co/public/content/ |
2 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
script.js
pruebagali.josede91.repl.co/public/content/ |
584 B 663 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
l-accesos.png
wsec06.bancogalicia.com.ar/images/commons/ |
3 KB 3 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
fa-solid-900.woff2
cdnjs.cloudflare.com/ajax/libs/font-awesome/6.3.0/webfonts/ |
146 KB 147 KB |
Font
application/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Banco Galicia (Banking)9 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
boolean| credentialless object| onbeforetoggle object| onscrollend function| $ function| jQuery function| validarlogin function| validaremail function| cargarxdxd function| demon1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
| Domain/Path | Expires | Name / Value |
|---|---|---|
| pruebagali.josede91.repl.co/ | Name: PHPSESSID Value: 9310b02b33df3058cb6fbbed653ac22a |
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
| Header | Value |
|---|---|
| Strict-Transport-Security | max-age=1621263; includeSubDomains |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
cdnjs.cloudflare.com
pruebagali.josede91.repl.co
wsec06.bancogalicia.com.ar
161.190.1.33
2606:4700::6811:190e
34.149.204.188
246053956dce94f01e5bcf0e4bdd4410a3ad05329b76e897cb0537bbbdcc8787
284627306a3d1ac25a21fd5fa4ef02476311552117570c23ea2437535173c01c
31afa957108f620ee57fedf4b247b461f88e30f921b6a6216576b9f42d72fbad
5c76cbc04f1da7035f1076fb0bd9f3ead6fb44ff0a95a3e65d67fae1657be77a
63bb3d6974264d27f19f57c109399a5ded883a2ec12c40f1e9447a079041d16a
8ba5487a3441be54f0d77878bdde04863c7918e7551eae45e7d4d039d701d313
a3cf00c109d907e543bc4f6dbc85eb31068f94515251347e9e57509b52ee3d74
ab3d214995068d115de34d805db3fc1debf419b49fc2cc533a513d0966a7c8cb
afdb3e2f2c9d67d6376caca07519c082d36f33194b5d03cd134099f8506a1e72
c1ac115788f922e9bb68fc1e4710ed077bcae6e5014bc163c434b598e1e17ec9
ff8510712984ac3ccf08c022b8e8963d556c34ddacdd963f36c99735c8f42057