Report - b294bcc6-b3f9-4f8b-85f1-8f25bdf832a8-00-1zwrlry7df8ij.kirk.replit.dev/

Report Overview

Visited public
2024-11-19 03:30:57
Tags
URL
b294bcc6-b3f9-4f8b-85f1-8f25bdf832a8-00-1zwrlry7df8ij.kirk.replit.dev/
Finishing URL
b294bcc6-b3f9-4f8b-85f1-8f25bdf832a8-00-1zwrlry7df8ij.kirk.replit.dev/
IP / ASN
35.247.106.28
#396982 GOOGLE-CLOUD-PLATFORM
Title
Banco de Venezuela

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
b294bcc6-b3f9-4f8b-85f1-8f25bdf832a8-00-1zwrlry7df8ij.kirk.replit.dev	unknown	2021-01-26	2024-11-18	2024-11-18	2.1 kB	155 kB	35.247.106.28
cdn.jsdelivr.net	439	2012-05-16	2012-09-30	2024-11-13	478 B	11 kB	151.101.1.229

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2024-11-19 03:30:32	medium	Client IP	35.247.106.28	ET INFO Observed replit Domain (replit .dev in TLS SNI)
2024-11-19 03:30:32	medium	Client IP	35.247.106.28	ET INFO Observed replit Domain (replit .dev in TLS SNI)
2024-11-19 03:30:33	medium	Client IP	35.247.106.28	ET INFO Observed replit Domain (replit .dev in TLS SNI)

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

Scan Date	Severity	Indicator	Alert
2024-11-17	medium	b294bcc6-b3f9-4f8b-85f1-8f25bdf832a8-00-1zwrlry7df8ij.kirk.replit.dev/	Banco de Venezuela
2024-11-17	medium	b294bcc6-b3f9-4f8b-85f1-8f25bdf832a8-00-1zwrlry7df8ij.kirk.replit.dev/	Banco de Venezuela
2024-11-17	medium	b294bcc6-b3f9-4f8b-85f1-8f25bdf832a8-00-1zwrlry7df8ij.kirk.replit.dev/	Banco de Venezuela
2024-11-17	medium	b294bcc6-b3f9-4f8b-85f1-8f25bdf832a8-00-1zwrlry7df8ij.kirk.replit.dev/	Banco de Venezuela

PhishTank

No alerts detected

Mnemonic Secure DNS

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (3)

	URL	From	Size	First Seen	Last Seen
	b294bcc6-b3f9-4f8b-85f1-8f25bdf832a8-00-1zwrlry7df8ij.kirk.replit.dev/	ScriptElement	0 B	0001-01-01	2025-05-14
Pretty URL b294bcc6-b3f9-4f8b-85f1-8f25bdf832a8-00-1zwrlry7df8ij.kirk.replit.dev/ IP 35.247.106.28 ASN #396982 GOOGLE-CLOUD-PLATFORM Introduced by scriptElement Embedded in HTML true Observations First Seen0001-01-01 00:00 Last Seen2025-05-14 05:32 Times Seen4677427 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	b294bcc6-b3f9-4f8b-85f1-8f25bdf832a8-00-1zwrlry7df8ij.kirk.replit.dev/	ScriptElement	0 B	0001-01-01	2025-05-14
Pretty URL b294bcc6-b3f9-4f8b-85f1-8f25bdf832a8-00-1zwrlry7df8ij.kirk.replit.dev/ IP 35.247.106.28 ASN #396982 GOOGLE-CLOUD-PLATFORM Introduced by scriptElement Embedded in HTML true Observations First Seen0001-01-01 00:00 Last Seen2025-05-14 05:32 Times Seen4677427 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	cdn.jsdelivr.net/npm/axios@1.1.2/dist/axios.min.js	ScriptElement	27 kB	2023-03-08	2025-05-13
Pretty URL cdn.jsdelivr.net/npm/axios@1.1.2/dist/axios.min.js IP 151.101.1.229 ASN #54113 FASTLY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 08:20 Last Seen2025-05-13 12:15 Times Seen765 Hash 68b395fd3cd02432ec6ce3a4a34332c0 69edb681673e5ad794d33f9f05b8b08ea940c13b ffb6e270a7bbb1ea1b797965ae85e35760b38b98744478a4151ddee79a31d215 Loading...

HTTP Transactions (5)

URL IP Response Size

b294bcc6-b3f9-4f8b-85f1-8f25bdf832a8-00-1zwrlry7df8ij.kirk.replit.dev/

35.247.106.28

200 OK

7.5 kB

URL User Request GET HTTP/1.1
b294bcc6-b3f9-4f8b-85f1-8f25bdf832a8-00-1zwrlry7df8ij.kirk.replit.dev/
IP
35.247.106.28:443
ASN
#396982 GOOGLE-CLOUD-PLATFORM

Certificate
IssuerLet's Encrypt
Subject*.kirk.replit.dev
Fingerprint71:C8:B0:CC:73:7A:CC:3A:E0:9F:74:52:E5:27:4A:74:2E:CC:DC:AE
ValidityTue, 24 Sep 2024 14:35:17 GMT - Mon, 23 Dec 2024 14:35:16 GMT

File type
HTML document, Unicode text, UTF-8 text, with CRLF, LF line terminators
Size
7.5 kB (7535 bytes)
Hash
6365374c71de7860289d1b0b8a0860d8
c07f7a9cb45ec6efe435a17e8648c6157fe49969
68546bcd978d659113ebf84ecb0467bd172c5a6527dbb8e7b81fef25e76d2034

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Banco de Venezuela

HTTP Headers

GET / HTTP/1.1
Host: b294bcc6-b3f9-4f8b-85f1-8f25bdf832a8-00-1zwrlry7df8ij.kirk.replit.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Length: 7535
Content-Type: text/html; charset=UTF-8
Date: Tue, 19 Nov 2024 03:30:32 GMT
Host: b294bcc6-b3f9-4f8b-85f1-8f25bdf832a8-00-1zwrlry7df8ij.kirk.replit.dev
Replit-Cluster: kirk
X-Robots-Tag: none, noindex, noarchive, nofollow, nositelinkssearchbox, noimageindex, none, noindex, noarchive, nofollow, nositelinkssearchbox, noimageindex

cdn.jsdelivr.net/npm/axios@1.1.2/dist/axios.min.js

151.101.1.229

200 OK

10 kB

URL GET HTTP/2
cdn.jsdelivr.net/npm/axios@1.1.2/dist/axios.min.js
IP
151.101.1.229:443
ASN
#54113 FASTLY

Requested by
https://b294bcc6-b3f9-4f8b-85f1-8f25bdf832a8-00-1zwrlry7df8ij.kirk.replit.dev/
Certificate
IssuerGlobalSign nv-sa
Subjectjsdelivr.net
Fingerprint6C:45:F5:9E:D3:37:60:0B:9C:A8:28:29:A4:E6:41:33:BB:2E:76:5C
ValidityTue, 30 Jul 2024 15:36:05 GMT - Sun, 31 Aug 2025 15:36:04 GMT

File type
JavaScript source, ASCII text, with very long lines (26541)
Size
10 kB (10349 bytes)
Hash
68b395fd3cd02432ec6ce3a4a34332c0
69edb681673e5ad794d33f9f05b8b08ea940c13b
ffb6e270a7bbb1ea1b797965ae85e35760b38b98744478a4151ddee79a31d215

HTTP Headers

GET /npm/axios@1.1.2/dist/axios.min.js HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://b294bcc6-b3f9-4f8b-85f1-8f25bdf832a8-00-1zwrlry7df8ij.kirk.replit.dev/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
x-jsd-version: 1.1.2
x-jsd-version-type: version
etag: W/"67d4-ae22gWc+WteU0z+fBbiwjqlAwTs"
content-encoding: br
accept-ranges: bytes
date: Tue, 19 Nov 2024 03:30:32 GMT
age: 2386831
x-served-by: cache-fra-eddf8230112-FRA, cache-hel1410033-HEL
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 10349
X-Firefox-Spdy: h2

b294bcc6-b3f9-4f8b-85f1-8f25bdf832a8-00-1zwrlry7df8ij.kirk.replit.dev/unnamed%20(1).png

35.247.106.28

200 OK

32 kB

URL GET HTTP/1.1
b294bcc6-b3f9-4f8b-85f1-8f25bdf832a8-00-1zwrlry7df8ij.kirk.replit.dev/unnamed%20(1).png
IP
35.247.106.28:443
ASN
#396982 GOOGLE-CLOUD-PLATFORM

Requested by
https://b294bcc6-b3f9-4f8b-85f1-8f25bdf832a8-00-1zwrlry7df8ij.kirk.replit.dev/
Certificate
IssuerLet's Encrypt
Subject*.kirk.replit.dev
Fingerprint71:C8:B0:CC:73:7A:CC:3A:E0:9F:74:52:E5:27:4A:74:2E:CC:DC:AE
ValidityTue, 24 Sep 2024 14:35:17 GMT - Mon, 23 Dec 2024 14:35:16 GMT

File type
PNG image data, 1832 x 298, 8-bit/color RGBA, non-interlaced
Size
32 kB (32162 bytes)
Hash
1a067e3ee6cb53c424e25e21b4c72dbb
1252efb2a74fae14ebe337603174e4e3262c32ca
2db48f3bb76be4f40a324525d4e872882f59208122f0ea552759eb76beb97d3a

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Banco de Venezuela

HTTP Headers

GET /unnamed%20(1).png HTTP/1.1
Host: b294bcc6-b3f9-4f8b-85f1-8f25bdf832a8-00-1zwrlry7df8ij.kirk.replit.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://b294bcc6-b3f9-4f8b-85f1-8f25bdf832a8-00-1zwrlry7df8ij.kirk.replit.dev/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Length: 32162
Content-Type: image/png
Date: Tue, 19 Nov 2024 03:30:32 GMT
Host: b294bcc6-b3f9-4f8b-85f1-8f25bdf832a8-00-1zwrlry7df8ij.kirk.replit.dev
Replit-Cluster: kirk
X-Robots-Tag: none, noindex, noarchive, nofollow, nositelinkssearchbox, noimageindex, none, noindex, noarchive, nofollow, nositelinkssearchbox, noimageindex

b294bcc6-b3f9-4f8b-85f1-8f25bdf832a8-00-1zwrlry7df8ij.kirk.replit.dev/favicon.ico

35.247.106.28

404 Not Found

544 B

URL GET HTTP/1.1
b294bcc6-b3f9-4f8b-85f1-8f25bdf832a8-00-1zwrlry7df8ij.kirk.replit.dev/favicon.ico
IP
35.247.106.28:443
ASN
#396982 GOOGLE-CLOUD-PLATFORM

Requested by
https://b294bcc6-b3f9-4f8b-85f1-8f25bdf832a8-00-1zwrlry7df8ij.kirk.replit.dev/
Certificate
IssuerLet's Encrypt
Subject*.kirk.replit.dev
Fingerprint71:C8:B0:CC:73:7A:CC:3A:E0:9F:74:52:E5:27:4A:74:2E:CC:DC:AE
ValidityTue, 24 Sep 2024 14:35:17 GMT - Mon, 23 Dec 2024 14:35:16 GMT

File type
HTML document, ASCII text
Size
544 B (544 bytes)
Hash
d8efa34e9202163b90489eb1eead4d76
2aadca84ce919da37e845f792a328f9b920028f0
28e8d6ca16281b61453fc074393a70dd88728734fd6546313f5197b9ab243b44

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Banco de Venezuela

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: b294bcc6-b3f9-4f8b-85f1-8f25bdf832a8-00-1zwrlry7df8ij.kirk.replit.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://b294bcc6-b3f9-4f8b-85f1-8f25bdf832a8-00-1zwrlry7df8ij.kirk.replit.dev/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 404 Not Found
Content-Length: 544
Content-Type: text/html; charset=UTF-8
Date: Tue, 19 Nov 2024 03:30:33 GMT
Host: b294bcc6-b3f9-4f8b-85f1-8f25bdf832a8-00-1zwrlry7df8ij.kirk.replit.dev
Replit-Cluster: kirk
X-Robots-Tag: none, noindex, noarchive, nofollow, nositelinkssearchbox, noimageindex, none, noindex, noarchive, nofollow, nositelinkssearchbox, noimageindex

b294bcc6-b3f9-4f8b-85f1-8f25bdf832a8-00-1zwrlry7df8ij.kirk.replit.dev/background.jpg

35.247.106.28

200 OK

114 kB

URL GET HTTP/1.1
b294bcc6-b3f9-4f8b-85f1-8f25bdf832a8-00-1zwrlry7df8ij.kirk.replit.dev/background.jpg
IP
35.247.106.28:443
ASN
#396982 GOOGLE-CLOUD-PLATFORM

Requested by
https://b294bcc6-b3f9-4f8b-85f1-8f25bdf832a8-00-1zwrlry7df8ij.kirk.replit.dev/
Certificate
IssuerLet's Encrypt
Subject*.kirk.replit.dev
Fingerprint71:C8:B0:CC:73:7A:CC:3A:E0:9F:74:52:E5:27:4A:74:2E:CC:DC:AE
ValidityTue, 24 Sep 2024 14:35:17 GMT - Mon, 23 Dec 2024 14:35:16 GMT

File type
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=3, software=Adobe Photoshop CC (Macintosh), datetime=2022-07-03T21:14:18-04:00], baseline, precision 8, 1920x1080, components 3
Size
114 kB (113584 bytes)
Hash
34e80700f27db57b54a6eef2993ba0a6
6487be4b2a01118f6423e35666d775c70ac30206
f9bcc55b790b84873ed399aa0fa604cf9b9bec3b5a94b6869e6d00bb29ff72c3

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Banco de Venezuela

HTTP Headers

GET /background.jpg HTTP/1.1
Host: b294bcc6-b3f9-4f8b-85f1-8f25bdf832a8-00-1zwrlry7df8ij.kirk.replit.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://b294bcc6-b3f9-4f8b-85f1-8f25bdf832a8-00-1zwrlry7df8ij.kirk.replit.dev/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Length: 113584
Content-Type: image/jpeg
Date: Tue, 19 Nov 2024 03:30:33 GMT
Host: b294bcc6-b3f9-4f8b-85f1-8f25bdf832a8-00-1zwrlry7df8ij.kirk.replit.dev
Replit-Cluster: kirk
X-Robots-Tag: none, noindex, noarchive, nofollow, nositelinkssearchbox, noimageindex, none, noindex, noarchive, nofollow, nositelinkssearchbox, noimageindex

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

Mnemonic Secure DNS

Quad9 DNS

ThreatFox

JavaScript (3)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (5)

URL User Request GET HTTP/1.1

IP

ASN

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/2

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL GET HTTP/1.1

IP

ASN

Requested by

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/1.1

IP

ASN

Requested by

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/1.1

IP

ASN

Requested by

Certificate

File type

Size