e2986fab-e6b0-4af0-ba62-9597b5452993-00-yd479v4g1znm.riker.replit.dev
Open in
urlscan Pro
34.173.153.191
Malicious Activity!
Public Scan
Effective URL: https://e2986fab-e6b0-4af0-ba62-9597b5452993-00-yd479v4g1znm.riker.replit.dev/
Submission: On April 24 via api from US — Scanned from DE
Summary
TLS certificate: Issued by R3 on March 28th 2024. Valid for: 3 months.
This is the only time e2986fab-e6b0-4af0-ba62-9597b5452993-00-yd479v4g1znm.riker.replit.dev was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Bancolombia (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
2 | 2620:0:890::100 2620:0:890::100 | 54113 (FASTLY) (FASTLY) | |
1 | 199.36.158.100 199.36.158.100 | 54113 (FASTLY) (FASTLY) | |
10 | 34.173.153.191 34.173.153.191 | () () | |
1 | 34.199.195.55 34.199.195.55 | () () | |
14 | 4 |
ASN- ()
e2986fab-e6b0-4af0-ba62-9597b5452993-00-yd479v4g1znm.riker.replit.dev |
Apex Domain Subdomains |
Transfer | |
---|---|---|
10 |
replit.dev
e2986fab-e6b0-4af0-ba62-9597b5452993-00-yd479v4g1znm.riker.replit.dev |
176 KB |
3 |
web.app
bancolombia-ds.web.app |
204 KB |
1 |
images-cdn.info
images-cdn.info |
183 B |
14 | 3 |
Domain | Requested by | |
---|---|---|
10 | e2986fab-e6b0-4af0-ba62-9597b5452993-00-yd479v4g1znm.riker.replit.dev |
bancolombia-ds.web.app
e2986fab-e6b0-4af0-ba62-9597b5452993-00-yd479v4g1znm.riker.replit.dev |
3 | bancolombia-ds.web.app |
bancolombia-ds.web.app
|
1 | images-cdn.info |
e2986fab-e6b0-4af0-ba62-9597b5452993-00-yd479v4g1znm.riker.replit.dev
|
14 | 3 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
web.app GTS CA 1D4 |
2024-03-21 - 2024-06-19 |
3 months | crt.sh |
*.riker.replit.dev R3 |
2024-03-28 - 2024-06-26 |
3 months | crt.sh |
images-cdn.info R3 |
2024-03-16 - 2024-06-14 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://e2986fab-e6b0-4af0-ba62-9597b5452993-00-yd479v4g1znm.riker.replit.dev/
Frame ID: 5374627FB6EC297A754326ABF17EE5F9
Requests: 14 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
- https://bancolombia-ds.web.app/ Page URL
- https://e2986fab-e6b0-4af0-ba62-9597b5452993-00-yd479v4g1znm.riker.replit.dev/ Page URL
Detected technologies
jQuery (JavaScript Libraries) ExpandDetected patterns
- jquery[.-]([\d.]*\d)[^/]*\.js
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
- https://bancolombia-ds.web.app/ Page URL
- https://e2986fab-e6b0-4af0-ba62-9597b5452993-00-yd479v4g1znm.riker.replit.dev/ Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
14 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
/
bancolombia-ds.web.app/ |
535 B 617 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
pantalla.gif
bancolombia-ds.web.app/img/ |
242 KB 202 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
favicon.ico
bancolombia-ds.web.app/ |
2 KB 1 KB |
Other
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Primary Request
/
e2986fab-e6b0-4af0-ba62-9597b5452993-00-yd479v4g1znm.riker.replit.dev/ |
5 KB 5 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
layout.css
e2986fab-e6b0-4af0-ba62-9597b5452993-00-yd479v4g1znm.riker.replit.dev/Panel/src/css/ |
1 KB 2 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
fonts.css
e2986fab-e6b0-4af0-ba62-9597b5452993-00-yd479v4g1znm.riker.replit.dev/Panel/src/css/ |
0 0 |
Stylesheet
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery-3.6.0.min.js
e2986fab-e6b0-4af0-ba62-9597b5452993-00-yd479v4g1znm.riker.replit.dev/Panel/src/js/ |
87 KB 88 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery.jclock-min.js
e2986fab-e6b0-4af0-ba62-9597b5452993-00-yd479v4g1znm.riker.replit.dev/Panel/src/js/ |
3 KB 4 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
run.js
e2986fab-e6b0-4af0-ba62-9597b5452993-00-yd479v4g1znm.riker.replit.dev/Panel/src/js/ |
2 KB 3 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
logo.svg
e2986fab-e6b0-4af0-ba62-9597b5452993-00-yd479v4g1znm.riker.replit.dev/Panel/src/img/ |
7 KB 7 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
user.png
e2986fab-e6b0-4af0-ba62-9597b5452993-00-yd479v4g1znm.riker.replit.dev/Panel/src/img/icons/ |
1 KB 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
fondo1-1024x459.png
e2986fab-e6b0-4af0-ba62-9597b5452993-00-yd479v4g1znm.riker.replit.dev/Panel/src/img/icons/ |
35 KB 35 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
image.gif
images-cdn.info/444/ |
42 B 183 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
logo.png
e2986fab-e6b0-4af0-ba62-9597b5452993-00-yd479v4g1znm.riker.replit.dev/Panel/src/img/ |
31 KB 31 KB |
Other
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Bancolombia (Banking)0 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
2 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
Strict-Transport-Security | max-age=31556926; includeSubDomains; preload |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
bancolombia-ds.web.app
e2986fab-e6b0-4af0-ba62-9597b5452993-00-yd479v4g1znm.riker.replit.dev
images-cdn.info
199.36.158.100
2620:0:890::100
34.173.153.191
34.199.195.55
2c7a6ea74a49a6adc3fad622078895e9b2589448214913d8c035764148aca7d0
441329b3b5fee4704dd94ff95dea0f70396b1313c7c5f2c91d8f6ba59a26c8bd
63daa0e06b4421e5c42bcc0b1505de6b5fc3f54eba794a30522c80705540198f
77599863d8d14738f8b1efb489db4ff3a6a231f97090cd99fb810e06b252b016
93bf1714fd8d4cad23861f0017d5b3335f8b009f59d2bd654dcf0c29b7f36031
b496c92cdecbef982ef0c50fd9de5cb3bd20fc480aeb3b3050df92d37b1f5d6a
b77b97fe780d35d18248abd1d2f42f444afbabe43f6abcd8fa8ebb3d47825eee
cde98a977dbd01bbb82fe1248317fdff0de8bcf61d97369217f74d319e6f9d56
d99b07572071b5f07205b21a17ef228ba8177fd59c043af45dcb190ba9730998
e7062c7c1cc68e768a27b13057a1ae74032f2b7252ceea72ae65b23f647e2f67
e976f6097bb27a63891d693018c2cb6b0fe734b6c537f410b7f431b7dcc9f517
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e