staidbetterworkplace.homebancolombia.repl.co Open in urlscan Pro
34.149.204.188 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://staidbetterworkplace.homebancolombia.repl.co/
Effective URL:
https://staidbetterworkplace.homebancolombia.repl.co/
Submission: On August 22 via manual (August 22nd 2022, 4:38:42 pm UTC) from CZ — Scanned from DE

Summary HTTP 10 Redirects Links 4 Behaviour Indicators

Summary

This website contacted 2 IPs in 1 countries across 2 domains to perform 10 HTTP transactions. The main IP is 34.149.204.188, located in Kansas City, United States and belongs to GOOGLE, US. The main domain is staidbetterworkplace.homebancolombia.repl.co.
TLS certificate: Issued by R3 on August 22nd 2022. Valid for: 3 months.

This is the only time staidbetterworkplace.homebancolombia.repl.co was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Microsoft (Consumer)

Domain & IP information

	IP Address		AS Autonomous System
1 8	34.149.204.188 34.149.204.188		15169 (GOOGLE) (GOOGLE)
10	2

8 34.149.204.188 (Kansas City, United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: 188.204.149.34.bc.googleusercontent.com

staidbetterworkplace.homebancolombia.repl.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
8	repl.co 1 redirects staidbetterworkplace.homebancolombia.repl.co	126 KB
0	Failed function sub() { [native code] }. Failed
10	2

	Domain	Requested by
8	staidbetterworkplace.homebancolombia.repl.co	1 redirects staidbetterworkplace.homebancolombia.repl.co
0	blank Failed	staidbetterworkplace.homebancolombia.repl.co
10	2

This site contains links to these domains. Also see Links.

Domain
signup.live.com
login.live.com

Subject Issuer	Validity	Valid
homebancolombia.repl.co R3	`2022-08-22` - `2022-11-20`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://staidbetterworkplace.homebancolombia.repl.co/
Frame ID: 947AE6C16FE505B92376E1144D27DD07
Requests: 10 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Iniciar sesión en tu cuenta Microsoft

Page URL History Show full URLs

http://staidbetterworkplace.homebancolombia.repl.co/ HTTP 308
https://staidbetterworkplace.homebancolombia.repl.co/ Page URL

Page Statistics

10
Requests

70 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

2
IPs

1
Countries

126 kB
Transfer

125 kB
Size

0
Cookies

4 Outgoing links

These are links going to different origins than the main page.

URL: https://signup.live.com/signup?wa=wsignin1.0&rpsnv=13&ct=1585627963&rver=7.0.6730.0&wp=LBI&wreply=https:%2f%2fwww.msn.com%2fes-es%2fhomepage%2fSecure%2fPassport%3fru%3dhttps%253a%252f%252fwww.msn.com%252fes-es%253fpfr%253d1&id=1184&pcexp=True&contextid=C354DCAE75FF72B1&bk=1585628021&uiflavor=web&lic=1&mkt=ES-ES&lc=3082&uaid=df9cef49f8e44095a77afe4745d6420f
Title: Cree una.

Search URL Search Domain Scan URL

URL: https://login.live.com/pp1600/
Title: Opciones de inicio de sesión

Search URL Search Domain Scan URL

URL: https://login.live.com/gls.srf?urlID=WinLiveTermsOfUse&mkt=ES-ES&vv=1600&uaid=df9cef49f8e44095a77afe4745d6420f
Title: Términos de uso

Search URL Search Domain Scan URL

URL: https://login.live.com/gls.srf?urlID=MSNPrivacyStatement&mkt=ES-ES&vv=1600&uaid=df9cef49f8e44095a77afe4745d6420f
Title: Privacidad y cookies

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://staidbetterworkplace.homebancolombia.repl.co/ HTTP 308
https://staidbetterworkplace.homebancolombia.repl.co/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

10 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request / Show response
staidbetterworkplace.homebancolombia.repl.co/
Redirect Chain

http://staidbetterworkplace.homebancolombia.repl.co/
https://staidbetterworkplace.homebancolombia.repl.co/

24 KB
24 KB

375ms
218ms

Document
text/html

34.149.204.188
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://staidbetterworkplace.homebancolombia.repl.co/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

34.149.204.188 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

188.204.149.34.bc.googleusercontent.com

Software

/ PHP/7.4.21

Resource Hash

5c1975841e811a653b215a73f274a314c64a15c5fb72c4db28ab5d3832ad5068

Security Headers

Name	Value
Strict-Transport-Security	max-age=7766946; includeSubDomains

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

content-type: text/html; charset=UTF-8
date: Mon, 22 Aug 2022 16:38:38 GMT
expect-ct: max-age=2592000, report-uri="https://sentry.repl.it/api/10/security/?sentry_key=615192fd532445bfbbbe966cd7131791"
host: staidbetterworkplace.homebancolombia.repl.co
replit-cluster: global
strict-transport-security: max-age=7766946; includeSubDomains
x-powered-by: PHP/7.4.21

Redirect headers

Content-Length: 89
Content-Type: text/html; charset=utf-8
Date: Mon, 22 Aug 2022 16:38:37 GMT
Location: https://staidbetterworkplace.homebancolombia.repl.co/
Replit-Cluster: global
Via: 1.1 google

GET
H2 200 Converged_v23082_AZXChPIB5jI3ijrmoNll5w2.css
staidbetterworkplace.homebancolombia.repl.co/ 99 KB
99 KB 150ms
149ms Stylesheet
text/css 34.149.204.188
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://staidbetterworkplace.homebancolombia.repl.co/Converged_v23082_AZXChPIB5jI3ijrmoNll5w2.css

Requested by

Host: staidbetterworkplace.homebancolombia.repl.co
URL: https://staidbetterworkplace.homebancolombia.repl.co/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

34.149.204.188 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

188.204.149.34.bc.googleusercontent.com

Software

Resource Hash

97eb235cafa5525cef7437b24548fb7936968778333db62c0c661ffa8310090d

Security Headers

Name	Value
Strict-Transport-Security	max-age=7766946; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://staidbetterworkplace.homebancolombia.repl.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Mon, 22 Aug 2022 16:38:38 GMT
strict-transport-security: max-age=7766946; includeSubDomains
host: staidbetterworkplace.homebancolombia.repl.co
replit-cluster: global
content-length: 100970
expect-ct: max-age=2592000, report-uri="https://sentry.repl.it/api/10/security/?sentry_key=615192fd532445bfbbbe966cd7131791"
content-type: text/css; charset=UTF-8

GET blank
/ 0
0

GET
H2 404 microsoft_logo_ee5c8d9fb6248c938fd0dc19370e90bd.svg
staidbetterworkplace.homebancolombia.repl.co/ 584 B
584 B 263ms
263ms Image
text/html 34.149.204.188
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://staidbetterworkplace.homebancolombia.repl.co/microsoft_logo_ee5c8d9fb6248c938fd0dc19370e90bd.svg

Requested by

Host: staidbetterworkplace.homebancolombia.repl.co
URL: https://staidbetterworkplace.homebancolombia.repl.co/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

34.149.204.188 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

188.204.149.34.bc.googleusercontent.com

Software

Resource Hash

ef5ad3a0765511779c7378ddbcf850a7fbb0698a0c0ab8739110b48ed1883077

Security Headers

Name	Value
Strict-Transport-Security	max-age=7766946; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://staidbetterworkplace.homebancolombia.repl.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Mon, 22 Aug 2022 16:38:38 GMT
strict-transport-security: max-age=7766946; includeSubDomains
host: staidbetterworkplace.homebancolombia.repl.co
replit-cluster: global
content-length: 584
expect-ct: max-age=2592000, report-uri="https://sentry.repl.it/api/10/security/?sentry_key=615192fd532445bfbbbe966cd7131791"
content-type: text/html; charset=UTF-8

GET
H2 404 ellipsis_white_5ac590ee72bfe06a7cecfd75b588ad73.svg
staidbetterworkplace.homebancolombia.repl.co/ 584 B
584 B 148ms
148ms Image
text/html 34.149.204.188
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://staidbetterworkplace.homebancolombia.repl.co/ellipsis_white_5ac590ee72bfe06a7cecfd75b588ad73.svg

Requested by

Host: staidbetterworkplace.homebancolombia.repl.co
URL: https://staidbetterworkplace.homebancolombia.repl.co/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

34.149.204.188 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

188.204.149.34.bc.googleusercontent.com

Software

Resource Hash

b4bfd55628d6b3f93309c2d5eaaf14c057d706efe7f1b7aa028649941c3eef19

Security Headers

Name	Value
Strict-Transport-Security	max-age=7766946; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://staidbetterworkplace.homebancolombia.repl.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Mon, 22 Aug 2022 16:38:38 GMT
strict-transport-security: max-age=7766946; includeSubDomains
host: staidbetterworkplace.homebancolombia.repl.co
replit-cluster: global
content-length: 584
expect-ct: max-age=2592000, report-uri="https://sentry.repl.it/api/10/security/?sentry_key=615192fd532445bfbbbe966cd7131791"
content-type: text/html; charset=UTF-8

GET
H2 404 ellipsis_grey_2b5d393db04a5e6e1f739cb266e65b4c.svg
staidbetterworkplace.homebancolombia.repl.co/ 583 B
583 B 154ms
154ms Image
text/html 34.149.204.188
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://staidbetterworkplace.homebancolombia.repl.co/ellipsis_grey_2b5d393db04a5e6e1f739cb266e65b4c.svg

Requested by

Host: staidbetterworkplace.homebancolombia.repl.co
URL: https://staidbetterworkplace.homebancolombia.repl.co/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

34.149.204.188 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

188.204.149.34.bc.googleusercontent.com

Software

Resource Hash

f2877e4f627ed2be8acb4978abfdf85bfd5afa98e0adc8e619c452cf31d6cff9

Security Headers

Name	Value
Strict-Transport-Security	max-age=7766946; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://staidbetterworkplace.homebancolombia.repl.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Mon, 22 Aug 2022 16:38:38 GMT
strict-transport-security: max-age=7766946; includeSubDomains
host: staidbetterworkplace.homebancolombia.repl.co
replit-cluster: global
content-length: 583
expect-ct: max-age=2592000, report-uri="https://sentry.repl.it/api/10/security/?sentry_key=615192fd532445bfbbbe966cd7131791"
content-type: text/html; charset=UTF-8

GET blank
/ 0
0

GET
H2 404 0-small_138bcee624fa04ef9b75e86211a9fe0d.jpg
staidbetterworkplace.homebancolombia.repl.co/ 577 B
577 B 151ms
150ms Image
text/html 34.149.204.188
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://staidbetterworkplace.homebancolombia.repl.co/0-small_138bcee624fa04ef9b75e86211a9fe0d.jpg

Requested by

Host: staidbetterworkplace.homebancolombia.repl.co
URL: https://staidbetterworkplace.homebancolombia.repl.co/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

34.149.204.188 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

188.204.149.34.bc.googleusercontent.com

Software

Resource Hash

2e0082c85cda1f79274f1cce64c9b00d7c152a902c88d7e34fbf16aa807a8443

Security Headers

Name	Value
Strict-Transport-Security	max-age=7766946; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://staidbetterworkplace.homebancolombia.repl.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Mon, 22 Aug 2022 16:38:38 GMT
strict-transport-security: max-age=7766946; includeSubDomains
host: staidbetterworkplace.homebancolombia.repl.co
replit-cluster: global
content-length: 577
expect-ct: max-age=2592000, report-uri="https://sentry.repl.it/api/10/security/?sentry_key=615192fd532445bfbbbe966cd7131791"
content-type: text/html; charset=UTF-8

GET
H2 404 0_a5dbd4393ff6a725c7e62b61df7e72f0.jpg
staidbetterworkplace.homebancolombia.repl.co/ 571 B
571 B 153ms
153ms Image
text/html 34.149.204.188
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://staidbetterworkplace.homebancolombia.repl.co/0_a5dbd4393ff6a725c7e62b61df7e72f0.jpg

Requested by

Host: staidbetterworkplace.homebancolombia.repl.co
URL: https://staidbetterworkplace.homebancolombia.repl.co/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

34.149.204.188 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

188.204.149.34.bc.googleusercontent.com

Software

Resource Hash

950ac46cb2bc2d278ef4727216a5e449afa910c13fc9461d40577d72511e2086

Security Headers

Name	Value
Strict-Transport-Security	max-age=7766946; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://staidbetterworkplace.homebancolombia.repl.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Mon, 22 Aug 2022 16:38:38 GMT
strict-transport-security: max-age=7766946; includeSubDomains
host: staidbetterworkplace.homebancolombia.repl.co
replit-cluster: global
content-length: 571
expect-ct: max-age=2592000, report-uri="https://sentry.repl.it/api/10/security/?sentry_key=615192fd532445bfbbbe966cd7131791"
content-type: text/html; charset=UTF-8

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: blank
URL: about:blank

Domain: blank
URL: about:blank

Domain: blank
URL: about:blank

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Microsoft (Consumer)

8 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

11 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
javascript	error	URL: https://staidbetterworkplace.homebancolombia.repl.co/ Message: Access to script at 'about:blank' from origin 'https://staidbetterworkplace.homebancolombia.repl.co' has been blocked by CORS policy: Cross origin requests are only supported for protocol schemes: http, data, chrome, chrome-untrusted, https.
network	error	URL: about:blank Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: https://staidbetterworkplace.homebancolombia.repl.co/ Message: Access to script at 'about:blank' from origin 'https://staidbetterworkplace.homebancolombia.repl.co' has been blocked by CORS policy: Cross origin requests are only supported for protocol schemes: http, data, chrome, chrome-untrusted, https.
network	error	URL: about:blank Message: Failed to load resource: net::ERR_FAILED
network	error	URL: https://staidbetterworkplace.homebancolombia.repl.co/microsoft_logo_ee5c8d9fb6248c938fd0dc19370e90bd.svg Message: Failed to load resource: the server responded with a status of 404 ()
javascript	error	URL: https://staidbetterworkplace.homebancolombia.repl.co/ Message: Access to script at 'about:blank' from origin 'https://staidbetterworkplace.homebancolombia.repl.co' has been blocked by CORS policy: Cross origin requests are only supported for protocol schemes: http, data, chrome, chrome-untrusted, https.
network	error	URL: about:blank Message: Failed to load resource: net::ERR_FAILED
network	error	URL: https://staidbetterworkplace.homebancolombia.repl.co/ellipsis_white_5ac590ee72bfe06a7cecfd75b588ad73.svg Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://staidbetterworkplace.homebancolombia.repl.co/0-small_138bcee624fa04ef9b75e86211a9fe0d.jpg Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://staidbetterworkplace.homebancolombia.repl.co/ellipsis_grey_2b5d393db04a5e6e1f739cb266e65b4c.svg Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://staidbetterworkplace.homebancolombia.repl.co/0_a5dbd4393ff6a725c7e62b61df7e72f0.jpg Message: Failed to load resource: the server responded with a status of 404 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=7766946; includeSubDomains

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

blank
staidbetterworkplace.homebancolombia.repl.co
blank
34.149.204.188
2e0082c85cda1f79274f1cce64c9b00d7c152a902c88d7e34fbf16aa807a8443
5c1975841e811a653b215a73f274a314c64a15c5fb72c4db28ab5d3832ad5068
950ac46cb2bc2d278ef4727216a5e449afa910c13fc9461d40577d72511e2086
97eb235cafa5525cef7437b24548fb7936968778333db62c0c661ffa8310090d
b4bfd55628d6b3f93309c2d5eaaf14c057d706efe7f1b7aa028649941c3eef19
ef5ad3a0765511779c7378ddbcf850a7fbb0698a0c0ab8739110b48ed1883077
f2877e4f627ed2be8acb4978abfdf85bfd5afa98e0adc8e619c452cf31d6cff9

staidbetterworkplace.homebancolombia.repl.co Open in urlscan Pro 34.149.204.188 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Page Statistics

10 Requests

70 %HTTPS

0 %IPv6

2 Domains

2 Subdomains

2 IPs

1 Countries

126 kBTransfer

125 kBSize

0 Cookies

4 Outgoing links

Page URL History

Redirected requests

10 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

8 JavaScript Global Variables

0 Cookies

11 Console Messages

Security Headers

Indicators

staidbetterworkplace.homebancolombia.repl.co Open in urlscan Pro
34.149.204.188 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

10
Requests

70 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

2
IPs

1
Countries

126 kB
Transfer

125 kB
Size

0
Cookies

10 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!