urlscan.io logo urlscan.io
SecurityTrails logo

5be37bc0-169b-4983-a091-f65582981cb7-00-2xb4hh94jx5sp.worf.replit.dev Open in urlscan Pro
34.75.151.117  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
URL: https://5be37bc0-169b-4983-a091-f65582981cb7-00-2xb4hh94jx5sp.worf.replit.dev/
Submission: On November 21 via api from US — Scanned from JP
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 5 IPs in 3 countries across 5 domains to perform 9 HTTP transactions. The main IP is 34.75.151.117, located in North Charleston, United States and belongs to GOOGLE-CLOUD-PLATFORM, US. The main domain is 5be37bc0-169b-4983-a091-f65582981cb7-00-2xb4hh94jx5sp.worf.replit.dev.
TLS certificate: Issued by R10 on September 24th 2024. Valid for: 3 months.
This is the only time 5be37bc0-169b-4983-a091-f65582981cb7-00-2xb4hh94jx5sp.worf.replit.dev was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Banco de la Provincia de Buenos Aires (Banking)

Domain & IP information

IP Address AS Autonomous System
5 34.75.151.117 396982 (GOOGLE-CL...)
1 2404:6800:400... 15169 (GOOGLE)
1 172.217.175.99 15169 (GOOGLE)
1 181.191.186.34 265806 (BANCO DE ...)
9 5
Domain Requested by
5 5be37bc0-169b-4983-a091-f65582981cb7-00-2xb4hh94jx5sp.worf.replit.dev 5be37bc0-169b-4983-a091-f65582981cb7-00-2xb4hh94jx5sp.worf.replit.dev
1 www.bancoprovincia.bancainternet.com.ar
1 fonts.gstatic.com fonts.googleapis.com
1 fonts.googleapis.com 5be37bc0-169b-4983-a091-f65582981cb7-00-2xb4hh94jx5sp.worf.replit.dev
0 invalid Failed 5be37bc0-169b-4983-a091-f65582981cb7-00-2xb4hh94jx5sp.worf.replit.dev
9 5

This site contains no links.

Subject Issuer Validity Valid
*.worf.replit.dev
R10		 2024-09-24 -
2024-12-23		 3 months crt.sh
upload.video.google.com
WR2		 2024-10-21 -
2025-01-13		 3 months crt.sh
*.gstatic.com
WR2		 2024-10-21 -
2025-01-13		 3 months crt.sh
www.bancoprovincia.bancainternet.com.ar
GeoTrust EV RSA CA G2		 2024-11-04 -
2025-11-03		 a year crt.sh

This page contains 1 frames:

Primary Page: https://5be37bc0-169b-4983-a091-f65582981cb7-00-2xb4hh94jx5sp.worf.replit.dev/
Frame ID: FD7E923824903CDE4C70CEF58D6B74D5
Requests: 9 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Inicio sesiĆ³n

Detected technologies

Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com
Overall confidence: 100%
Detected patterns
  • jquery[.-]([\d.]*\d)[^/]*\.js
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

9
Requests

89 %
HTTPS

25 %
IPv6

5
Domains

5
Subdomains

5
IPs

3
Countries

612 kB
Transfer

654 kB
Size

0
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

9 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
5be37bc0-169b-4983-a091-f65582981cb7-00-2xb4hh94jx5sp.worf.replit.dev/ 		11 KB
12 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://5be37bc0-169b-4983-a091-f65582981cb7-00-2xb4hh94jx5sp.worf.replit.dev/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
34.75.151.117 North Charleston, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
117.151.75.34.bc.googleusercontent.com
Software
/
Resource Hash
2032c3313b5c7e9737fd233af08fbd4e3a40b431e9ef2e35e18a3d4aa2e359c8

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

Content-Length
11645
Content-Type
text/html; charset=UTF-8
Date
Thu, 21 Nov 2024 19:02:36 GMT
Host
5be37bc0-169b-4983-a091-f65582981cb7-00-2xb4hh94jx5sp.worf.replit.dev
Replit-Cluster
worf
X-Robots-Tag
none, noindex, noarchive, nofollow, nositelinkssearchbox, noimageindex none, noindex, noarchive, nofollow, nositelinkssearchbox, noimageindex
css2
fonts.googleapis.com/ 		47 KB
3 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css2?family=Encode+Sans:wght@100..900&family=Montserrat:ital,wght@0,100..900;1,100..900&family=Open+Sans:ital,wght@0,300..800;1,300..800&family=Roboto:ital,wght@0,100;0,300;0,400;0,500;0,700;0,900;1,100;1,300;1,400;1,500;1,700;1,900&family=Varela+Round&display=swap
Requested by
Host: 5be37bc0-169b-4983-a091-f65582981cb7-00-2xb4hh94jx5sp.worf.replit.dev
URL: https://5be37bc0-169b-4983-a091-f65582981cb7-00-2xb4hh94jx5sp.worf.replit.dev/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2404:6800:4004:824::200a , Australia, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
2f95313499de70ebd9d58c2a3b1861b18132997780c739088fde4b28dd5650e9
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1
Referer
https://5be37bc0-169b-4983-a091-f65582981cb7-00-2xb4hh94jx5sp.worf.replit.dev/

Response headers

strict-transport-security
max-age=31536000
cache-control
private, max-age=86400
timing-allow-origin
*
content-encoding
gzip
cross-origin-resource-policy
cross-origin
x-content-type-options
nosniff
expires
Thu, 21 Nov 2024 19:02:36 GMT
access-control-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Thu, 21 Nov 2024 19:02:36 GMT
x-xss-protection
0
content-type
text/css; charset=utf-8
vary
Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
server
ESF
x-frame-options
SAMEORIGIN
sty.css
5be37bc0-169b-4983-a091-f65582981cb7-00-2xb4hh94jx5sp.worf.replit.dev/index_files/ 		397 KB
398 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://5be37bc0-169b-4983-a091-f65582981cb7-00-2xb4hh94jx5sp.worf.replit.dev/index_files/sty.css
Requested by
Host: 5be37bc0-169b-4983-a091-f65582981cb7-00-2xb4hh94jx5sp.worf.replit.dev
URL: https://5be37bc0-169b-4983-a091-f65582981cb7-00-2xb4hh94jx5sp.worf.replit.dev/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
34.75.151.117 North Charleston, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
117.151.75.34.bc.googleusercontent.com
Software
/
Resource Hash
a3abccb3b186bf8502e18a977a9ab46821a934ceda5bc9bb70c68822ec054108

Request headers

User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1
Referer
https://5be37bc0-169b-4983-a091-f65582981cb7-00-2xb4hh94jx5sp.worf.replit.dev/

Response headers

X-Robots-Tag
none, noindex, noarchive, nofollow, nositelinkssearchbox, noimageindex, none, noindex, noarchive, nofollow, nositelinkssearchbox, noimageindex
Content-Length
407021
Replit-Cluster
worf
Date
Thu, 21 Nov 2024 19:02:36 GMT
Content-Type
text/css; charset=UTF-8
Host
5be37bc0-169b-4983-a091-f65582981cb7-00-2xb4hh94jx5sp.worf.replit.dev
jquery-3.7.1.min.js.download
5be37bc0-169b-4983-a091-f65582981cb7-00-2xb4hh94jx5sp.worf.replit.dev/index_files/ 		85 KB
86 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://5be37bc0-169b-4983-a091-f65582981cb7-00-2xb4hh94jx5sp.worf.replit.dev/index_files/jquery-3.7.1.min.js.download
Requested by
Host: 5be37bc0-169b-4983-a091-f65582981cb7-00-2xb4hh94jx5sp.worf.replit.dev
URL: https://5be37bc0-169b-4983-a091-f65582981cb7-00-2xb4hh94jx5sp.worf.replit.dev/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
34.75.151.117 North Charleston, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
117.151.75.34.bc.googleusercontent.com
Software
/
Resource Hash
fc9a93dd241f6b045cbff0481cf4e1901becd0e12fb45166a8f17f95823f0b1a

Request headers

User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1
Referer
https://5be37bc0-169b-4983-a091-f65582981cb7-00-2xb4hh94jx5sp.worf.replit.dev/

Response headers

X-Robots-Tag
none, noindex, noarchive, nofollow, nositelinkssearchbox, noimageindex, none, noindex, noarchive, nofollow, nositelinkssearchbox, noimageindex
Content-Length
87533
Replit-Cluster
worf
Date
Thu, 21 Nov 2024 19:02:37 GMT
Content-Type
text/plain; charset=utf-8
Host
5be37bc0-169b-4983-a091-f65582981cb7-00-2xb4hh94jx5sp.worf.replit.dev
/
invalid/ 		0
0
bg.png
5be37bc0-169b-4983-a091-f65582981cb7-00-2xb4hh94jx5sp.worf.replit.dev/ 		70 KB
71 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://5be37bc0-169b-4983-a091-f65582981cb7-00-2xb4hh94jx5sp.worf.replit.dev/bg.png
Requested by
Host: 5be37bc0-169b-4983-a091-f65582981cb7-00-2xb4hh94jx5sp.worf.replit.dev
URL: https://5be37bc0-169b-4983-a091-f65582981cb7-00-2xb4hh94jx5sp.worf.replit.dev/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
34.75.151.117 North Charleston, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
117.151.75.34.bc.googleusercontent.com
Software
/
Resource Hash
ef23bd4df94bc553e61e5ec91431691a0d342bfa73864765ca1d98eda71b24de

Request headers

User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1
Referer
https://5be37bc0-169b-4983-a091-f65582981cb7-00-2xb4hh94jx5sp.worf.replit.dev/

Response headers

X-Robots-Tag
none, noindex, noarchive, nofollow, nositelinkssearchbox, noimageindex, none, noindex, noarchive, nofollow, nositelinkssearchbox, noimageindex
Content-Length
72066
Replit-Cluster
worf
Date
Thu, 21 Nov 2024 19:02:38 GMT
Content-Type
image/png
Host
5be37bc0-169b-4983-a091-f65582981cb7-00-2xb4hh94jx5sp.worf.replit.dev
gttyh.png
5be37bc0-169b-4983-a091-f65582981cb7-00-2xb4hh94jx5sp.worf.replit.dev/albaca/imagen/ 		556 B
556 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://5be37bc0-169b-4983-a091-f65582981cb7-00-2xb4hh94jx5sp.worf.replit.dev/albaca/imagen/gttyh.png
Requested by
Host: 5be37bc0-169b-4983-a091-f65582981cb7-00-2xb4hh94jx5sp.worf.replit.dev
URL: https://5be37bc0-169b-4983-a091-f65582981cb7-00-2xb4hh94jx5sp.worf.replit.dev/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
34.75.151.117 North Charleston, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
117.151.75.34.bc.googleusercontent.com
Software
/
Resource Hash
140c0cc33e10b06dc07b632c92e83a80947b9ad125b520db6be87497775fb18f

Request headers

User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1
Referer
https://5be37bc0-169b-4983-a091-f65582981cb7-00-2xb4hh94jx5sp.worf.replit.dev/

Response headers

X-Robots-Tag
none, noindex, noarchive, nofollow, nositelinkssearchbox, noimageindex, none, noindex, noarchive, nofollow, nositelinkssearchbox, noimageindex
Content-Length
556
Replit-Cluster
worf
Date
Thu, 21 Nov 2024 19:02:38 GMT
Content-Type
text/html; charset=UTF-8
Host
5be37bc0-169b-4983-a091-f65582981cb7-00-2xb4hh94jx5sp.worf.replit.dev
LDIhapOFNxEwR-Bd1O9uYNmnUQomAgE25imKSbHLSMA6Sw_lSg.woff2
fonts.gstatic.com/s/encodesans/v19/ 		27 KB
27 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/encodesans/v19/LDIhapOFNxEwR-Bd1O9uYNmnUQomAgE25imKSbHLSMA6Sw_lSg.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Encode+Sans:wght@100..900&family=Montserrat:ital,wght@0,100..900;1,100..900&family=Open+Sans:ital,wght@0,300..800;1,300..800&family=Roboto:ital,wght@0,100;0,300;0,400;0,500;0,700;0,900;1,100;1,300;1,400;1,500;1,700;1,900&family=Varela+Round&display=swap
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.217.175.99 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
nrt20s21-in-f3.1e100.net
Software
sffe /
Resource Hash
d2668bae0b60cf1b9d78ae3ced557408328bfa8c3e38ef6a2ef430995538d748
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1
Origin
https://5be37bc0-169b-4983-a091-f65582981cb7-00-2xb4hh94jx5sp.worf.replit.dev
Referer
https://fonts.googleapis.com/

Response headers

age
470605
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
x-content-type-options
nosniff
expires
Sun, 16 Nov 2025 08:19:13 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Sat, 16 Nov 2024 08:19:13 GMT
last-modified
Mon, 20 Mar 2023 20:58:19 GMT
content-type
font/woff2
cache-control
public, max-age=31536000
timing-allow-origin
*
cross-origin-opener-policy
same-origin; report-to="apps-themes"
cross-origin-resource-policy
cross-origin
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
accept-ranges
bytes
access-control-allow-origin
*
content-length
27240
x-xss-protection
0
server
sffe
favicon.ico
www.bancoprovincia.bancainternet.com.ar/spa/ 		15 KB
15 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://www.bancoprovincia.bancainternet.com.ar/spa/favicon.ico
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
181.191.186.34 Buenos Aires, Argentina, ASN265806 (BANCO DE LA PROVINCIA DE BUENOS AIRES, AR),
Reverse DNS
Software
/
Resource Hash
db55140fe8ae9e6f2159b740321b153e0f65cbf4a895364c6cd4da6a109c029d
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' http://localhost https://localhost https://*.bancoprovincia.bancainternet.com.ar bipmovil://*.bancoprovincia.bancainternet.com.ar
Strict-Transport-Security max-age=63072000; includeSubdomains; preload

Request headers

User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1
Referer
https://5be37bc0-169b-4983-a091-f65582981cb7-00-2xb4hh94jx5sp.worf.replit.dev/

Response headers

Strict-Transport-Security
max-age=63072000; includeSubdomains; preload
Content-Security-Policy
frame-ancestors 'self' http://localhost https://localhost https://*.bancoprovincia.bancainternet.com.ar bipmovil://*.bancoprovincia.bancainternet.com.ar
Cache-Control
max-age=0
Connection
Keep-Alive
Expires
Thu, 21 Nov 2024 19:02:40 GMT
Accept-Ranges
bytes
Content-Length
15086
Keep-Alive
timeout=15, max=10000
Date
Thu, 21 Nov 2024 19:02:40 GMT
Last-Modified
Thu, 21 Nov 2024 16:06:36 GMT
Content-Type
image/vnd.microsoft.icon

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
invalid
URL
chrome-extension://invalid/

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Banco de la Provincia de Buenos Aires (Banking)

2 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| $ function| jQuery

0 Cookies

3 Console Messages

Source Level URL
Text
network error URL: chrome-extension://invalid/
Message:
Failed to load resource: net::ERR_BLOCKED_BY_CLIENT
recommendation verbose URL: https://5be37bc0-169b-4983-a091-f65582981cb7-00-2xb4hh94jx5sp.worf.replit.dev/
Message:
[DOM] Input elements should have autocomplete attributes (suggested: "current-password"): (More info: https://goo.gl/9p2vKq) %o
network error URL: https://5be37bc0-169b-4983-a091-f65582981cb7-00-2xb4hh94jx5sp.worf.replit.dev/albaca/imagen/gttyh.png
Message:
Failed to load resource: the server responded with a status of 404 (Not Found)