urlscan.io logo urlscan.io
SecurityTrails logo

7ed28150-a18c-4140-aa93-e3945c4e519d-00-11f2s2riy5os9.worf.replit.dev Open in urlscan Pro
34.75.151.117  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://regular-acceso-bdvapp.glitch.me/
Effective URL: https://7ed28150-a18c-4140-aa93-e3945c4e519d-00-11f2s2riy5os9.worf.replit.dev/
Submission: On June 11 via api from DE — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 3 IPs in 2 countries across 3 domains to perform 7 HTTP transactions. The main IP is 34.75.151.117, located in North Charleston, United States and belongs to GOOGLE-CLOUD-PLATFORM, US. The main domain is 7ed28150-a18c-4140-aa93-e3945c4e519d-00-11f2s2riy5os9.worf.replit.dev.
TLS certificate: Issued by R11 on April 29th 2025. Valid for: 3 months.
This is the only time 7ed28150-a18c-4140-aa93-e3945c4e519d-00-11f2s2riy5os9.worf.replit.dev was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Banco de Venezuela (Banking)

Domain & IP information

IP Address AS Autonomous System
2 2a04:4e42:400... 54113 (FASTLY)
4 34.75.151.117 396982 (GOOGLE-CL...)
1 2a00:1450:400... 15169 (GOOGLE)
7 3
Domain Requested by
4 7ed28150-a18c-4140-aa93-e3945c4e519d-00-11f2s2riy5os9.worf.replit.dev 7ed28150-a18c-4140-aa93-e3945c4e519d-00-11f2s2riy5os9.worf.replit.dev
2 regular-acceso-bdvapp.glitch.me
1 fonts.googleapis.com 7ed28150-a18c-4140-aa93-e3945c4e519d-00-11f2s2riy5os9.worf.replit.dev
7 3

This site contains no links.

Subject Issuer Validity Valid
*.glitch.me
Certainly Intermediate R1		 2025-06-10 -
2025-07-10		 a month crt.sh
worf.replit.dev
R11		 2025-04-29 -
2025-07-28		 3 months crt.sh
upload.video.google.com
WE2		 2025-05-19 -
2025-08-11		 3 months crt.sh

This page contains 1 frames:

Primary Page: https://7ed28150-a18c-4140-aa93-e3945c4e519d-00-11f2s2riy5os9.worf.replit.dev/
Frame ID: 499BA14D4FBD51DAF62C9365C40AC151
Requests: 7 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

BDVSOLICITUDES

Page URL History Show full URLs

  1. https://regular-acceso-bdvapp.glitch.me/ Page URL
  2. https://7ed28150-a18c-4140-aa93-e3945c4e519d-00-11f2s2riy5os9.worf.replit.dev/ Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

Page Statistics

7
Requests

100 %
HTTPS

67 %
IPv6

3
Domains

3
Subdomains

3
IPs

2
Countries

288 kB
Transfer

286 kB
Size

0
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://regular-acceso-bdvapp.glitch.me/ Page URL
  2. https://7ed28150-a18c-4140-aa93-e3945c4e519d-00-11f2s2riy5os9.worf.replit.dev/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

7 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
/
regular-acceso-bdvapp.glitch.me/ 		333 B
780 B 		Document
General
Check archive.org
Download Go to
Full URL
https://regular-acceso-bdvapp.glitch.me/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42:400::571 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
c67aa9ee3446da12190304a63c97c0bb53665b7d62187994aa4b499f0b573a81

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/137.0.0.0 Safari/537.36

Response headers

accept-ranges
bytes
cache-control
no-cache
content-length
333
content-type
text/html; charset=utf-8
date
Wed, 11 Jun 2025 11:47:54 GMT
etag
"d62ae5d825c1b4bf2f9735cb18f1ae46"
last-modified
Tue, 10 Jun 2025 14:07:45 GMT
server
AmazonS3
via
1.1 varnish
x-amz-id-2
73qVEYDUHfLRFB8TKwKypmKBvaJ+dTPq4Cxek3SXxMCVKKSQuoCu/baxklWg8suXkSWukmVwWs7EXjROFeFjbQ==
x-amz-request-id
H6SH0DVTSNZ5B5F1
x-amz-server-side-encryption
AES256
x-amz-version-id
Yb9hAOzXtDryRXv_OnPkvdZ009Z5mxdU
x-cache
MISS, MISS
x-cache-hits
0, 0
x-served-by
cache-fra-eddf8230020-FRA, cache-fra-eddf8230020-FRA
x-timer
S1749642475.705432,VS0,VE221
Primary Request /
7ed28150-a18c-4140-aa93-e3945c4e519d-00-11f2s2riy5os9.worf.replit.dev/ 		2 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://7ed28150-a18c-4140-aa93-e3945c4e519d-00-11f2s2riy5os9.worf.replit.dev/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
34.75.151.117 North Charleston, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
117.151.75.34.bc.googleusercontent.com
Software
/ PHP/8.2.0RC7
Resource Hash
27719af2bc235d4db5b0941a5951c777a20804ebc9b6ab7c5fb5c99d7069b599

Request headers

Referer
https://regular-acceso-bdvapp.glitch.me/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/137.0.0.0 Safari/537.36

Response headers

Content-Type
text/html; charset=UTF-8
Date
Wed, 11 Jun 2025 11:47:55 GMT
Host
7ed28150-a18c-4140-aa93-e3945c4e519d-00-11f2s2riy5os9.worf.replit.dev
Replit-Cluster
worf
Transfer-Encoding
chunked
X-Powered-By
PHP/8.2.0RC7
X-Robots-Tag
none, noindex, noarchive, nofollow, nositelinkssearchbox, noimageindex none, noindex, noarchive, nofollow, nositelinkssearchbox, noimageindex
favicon.ico
regular-acceso-bdvapp.glitch.me/ 		4 KB
4 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://regular-acceso-bdvapp.glitch.me/favicon.ico
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42:400::571 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/137.0.0.0 Safari/537.36
Referer
https://regular-acceso-bdvapp.glitch.me/

Response headers

cache-control
max-age=0
x-timer
S1749642475.969390,VS0,VE162
via
1.1 varnish
accept-ranges
bytes
x-cache
MISS, MISS
content-length
3674
date
Wed, 11 Jun 2025 11:47:55 GMT
x-served-by
cache-fra-eddf8230170-FRA, cache-fra-eddf8230020-FRA
x-cache-hits
0, 0
icon
fonts.googleapis.com/ 		569 B
811 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/icon?family=Material+Icons
Requested by
Host: 7ed28150-a18c-4140-aa93-e3945c4e519d-00-11f2s2riy5os9.worf.replit.dev
URL: https://7ed28150-a18c-4140-aa93-e3945c4e519d-00-11f2s2riy5os9.worf.replit.dev/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82a::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
cc0bc2cbaca383e1600d349e580513f188e4d745bf269b63ffaff46a091fd196
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/137.0.0.0 Safari/537.36
Referer
https://7ed28150-a18c-4140-aa93-e3945c4e519d-00-11f2s2riy5os9.worf.replit.dev/

Response headers

content-encoding
gzip
x-content-type-options
nosniff
expires
Wed, 11 Jun 2025 11:47:55 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Wed, 11 Jun 2025 11:47:55 GMT
content-type
text/css; charset=utf-8
vary
Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
last-modified
Wed, 11 Jun 2025 11:47:55 GMT
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=31536000
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
cross-origin-opener-policy
same-origin-allow-popups
cross-origin-resource-policy
cross-origin
access-control-allow-origin
*
x-xss-protection
0
server
ESF
logo.png
7ed28150-a18c-4140-aa93-e3945c4e519d-00-11f2s2riy5os9.worf.replit.dev/ 		31 KB
32 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://7ed28150-a18c-4140-aa93-e3945c4e519d-00-11f2s2riy5os9.worf.replit.dev/logo.png
Requested by
Host: 7ed28150-a18c-4140-aa93-e3945c4e519d-00-11f2s2riy5os9.worf.replit.dev
URL: https://7ed28150-a18c-4140-aa93-e3945c4e519d-00-11f2s2riy5os9.worf.replit.dev/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
34.75.151.117 North Charleston, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
117.151.75.34.bc.googleusercontent.com
Software
/
Resource Hash
2db48f3bb76be4f40a324525d4e872882f59208122f0ea552759eb76beb97d3a

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/137.0.0.0 Safari/537.36
Referer
https://7ed28150-a18c-4140-aa93-e3945c4e519d-00-11f2s2riy5os9.worf.replit.dev/

Response headers

X-Robots-Tag
none, noindex, noarchive, nofollow, nositelinkssearchbox, noimageindex, none, noindex, noarchive, nofollow, nositelinkssearchbox, noimageindex
Content-Length
32162
Replit-Cluster
worf
Date
Wed, 11 Jun 2025 11:47:55 GMT
Content-Type
image/png
Host
7ed28150-a18c-4140-aa93-e3945c4e519d-00-11f2s2riy5os9.worf.replit.dev
background.webp
7ed28150-a18c-4140-aa93-e3945c4e519d-00-11f2s2riy5os9.worf.replit.dev/ 		221 KB
222 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://7ed28150-a18c-4140-aa93-e3945c4e519d-00-11f2s2riy5os9.worf.replit.dev/background.webp
Requested by
Host: 7ed28150-a18c-4140-aa93-e3945c4e519d-00-11f2s2riy5os9.worf.replit.dev
URL: https://7ed28150-a18c-4140-aa93-e3945c4e519d-00-11f2s2riy5os9.worf.replit.dev/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
34.75.151.117 North Charleston, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
117.151.75.34.bc.googleusercontent.com
Software
/
Resource Hash
6536b70bd8cef1f8b21796002724f7d723c8288f90371264753df8290629aad2

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/137.0.0.0 Safari/537.36
Referer
https://7ed28150-a18c-4140-aa93-e3945c4e519d-00-11f2s2riy5os9.worf.replit.dev/

Response headers

X-Robots-Tag
none, noindex, noarchive, nofollow, nositelinkssearchbox, noimageindex, none, noindex, noarchive, nofollow, nositelinkssearchbox, noimageindex
Content-Length
226795
Replit-Cluster
worf
Date
Wed, 11 Jun 2025 11:47:55 GMT
Content-Type
image/webp
Host
7ed28150-a18c-4140-aa93-e3945c4e519d-00-11f2s2riy5os9.worf.replit.dev
favicon.png
7ed28150-a18c-4140-aa93-e3945c4e519d-00-11f2s2riy5os9.worf.replit.dev/ 		26 KB
27 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://7ed28150-a18c-4140-aa93-e3945c4e519d-00-11f2s2riy5os9.worf.replit.dev/favicon.png
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
34.75.151.117 North Charleston, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
117.151.75.34.bc.googleusercontent.com
Software
/
Resource Hash
ec345e26267bf6524c5b01d37f8aa53c0a666be094d64f34d87d5adf7e77adc6

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/137.0.0.0 Safari/537.36
Referer
https://7ed28150-a18c-4140-aa93-e3945c4e519d-00-11f2s2riy5os9.worf.replit.dev/

Response headers

X-Robots-Tag
none, noindex, noarchive, nofollow, nositelinkssearchbox, noimageindex, none, noindex, noarchive, nofollow, nositelinkssearchbox, noimageindex
Content-Length
26773
Replit-Cluster
worf
Date
Wed, 11 Jun 2025 11:47:56 GMT
Content-Type
image/png
Host
7ed28150-a18c-4140-aa93-e3945c4e519d-00-11f2s2riy5os9.worf.replit.dev

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Banco de Venezuela (Banking)

0 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

1 Console Messages

Source Level URL
Text
network error URL: https://regular-acceso-bdvapp.glitch.me/favicon.ico
Message:
Failed to load resource: the server responded with a status of 404 ()