ScanMalware.com

Security Scan Report: 6c26d67c-c419-4a6e-810c-d73675c2a8ff-00-1nv0n2jkrw7f8.spock.replit.dev

Site favicon
Submitted: Nov 5, 2025, 5:31:35 AMCompleted: Nov 5, 2025, 5:33:28 AMpubliccompleted
Loading additional data...

Summary

This website contacted 8 IPs in 2 countries across 5 domains to perform 28 HTTP transactions. The main domain is 6c26d67c-c419-4a6e-810c-d73675c2a8ff-00-1nv0n2jkrw7f8.spock.replit.dev.

Submitted URL: https://6c26d67c-c419-4a6e-810c-d73675c2a8ff-00-1nv0n2jkrw7f8.spock.replit.dev/

AI Security Verdict

Confirmed Scam

Confidence: 95%

9
Risk Score

Phishing site impersonating Banreservas, newly created, harvests user credentials.

Risk Factors
Brand impersonation
Hidden password field
Credential harvesting form
Newly registered domain (<7 days)
UNRANKED domain with low reputation
Domain age information unavailable

Details

Page Title

TuBanco Banreservas

Scan Type

public

Language

🇺🇸

English

(80% confidence)

Category

other

(56%)

Domain Information

The domain name '6c26d67c-c419-4a6e-810c-d73675c2a8ff-00-1nv0n2jkrw7f8.spock.replit.dev' uses the developer-focused generic top-level domain (.dev) with subdomain '6c26d67c-c419-4a6e-810c-d73675c2a8ff-00-1nv0n2jkrw7f8.spock'. The core label 'replit' covers 6 characters containing two vowels alongside four consonants. Tokenizing the label suggests two words: rep, lit. The median word length lands at 3 characters. Most frequently, 'rep' shows up in Catalan. It also appears in English and Chinese (Pinyin) contexts. Taken together, it feels Catalan.

Screenshot

Security scan screenshot of https://6c26d67c-c419-4a6e-810c-d73675c2a8ff-00-1nv0n2jkrw7f8.spock.replit.dev/

Page Load Overview

41.70s
Total Load Time
28
HTTP Requests
5
Domains
2.3 MB
Total Size

Language Analysis

Primary Language

🇺🇸English
Code: en
Confidence:80%
Script:Latin
Direction:ltr

Detection Details

Language Code:en
Detection Confidence:80%
Script Type:Latin
HTML Lang Attribute:en
Text Length:2,442 chars
Detector Agreement:100%

Website Classification

Primary Category

other56% confidence
Type: webapp
Method: ml+structural

All Detected Categories

other
56%
suspicious phishing
41%
malicious
29%

Detected Features

No structural features detected

Domain & IP Information

RequestsIP AddressLocationAS Autonomous System
7142.250.181.234United States
AS15169GOOGLE
334.117.59.81Kansas City, Missouri, United States
AS396982GOOGLE-CLOUD-PLATFORM
3172.176.155.187Boydton, Virginia, United States
AS8075MICROSOFT-CORP-MSN-AS-BLOCK
3104.26.12.205United States
AS13335CLOUDFLARENET
334.82.58.13The Dalles, Oregon, United States
AS396982GOOGLE-CLOUD-PLATFORM
32a00:1450:4001:813::200aFrankfurt am Main, Hesse, Germany
AS15169GOOGLE
3104.26.13.205United States
AS13335CLOUDFLARENET
3172.67.74.152United States
AS13335CLOUDFLARENET
288--

Detected Technologies2

PasswordField
100%
Replit
40%

Content Similarity HashesFor malware variant detection

TLSH (Trend Micro Locality Sensitive Hash)

Security-focused

Specialized for malware detection and similarity analysis

T1EF15CCB72754849E26D3DA6D56DB711A2234DCA3D01B9E9C3E5C184D8FCA7B320E27C8

ssdeep (Context Triggered Piecewise Hashing)

Context-aware

Detects similar content even with modifications

12288:gTjpL/F4KNzsRfzaD4MVADlH5XpeI1MyqXoiFT:m

sdhash (Similarity Digest Hashing)

High-precision

High-precision similarity detection for forensic analysis

sdhash:3:921000:GwwkAAUOCFM1IXGAtIJ1TQLEIADWGwF0UweA5sAC5gBYgBKDJYCA7JjLRAJsS9IAAWYGASACQz4YACEYDhiGYkGiKCUB/ZiE

These hashes enable detection of similar websites and malware variants by comparing content similarity even when exact matches aren't found.

Image Hashes

Perceptual Hashes

Average Hash:0010fbf3ffffffff
Perceptual Hash:cd4f12126d6db1b2
Difference Hash:6971464676090200
Wavelet Hash:00003323f3fbf3f3
Color Hash:#87b2c5

Other Hashes

Crop Resistant:7166467609020000,0303004016696971,7e4f47c43c270230

Scan History

Scan history not available

Unable to load historical scan data