tu360virtual.replit.app
Open in
urlscan Pro
34.117.33.233
Malicious Activity!
Public Scan
Effective URL: https://tu360virtual.replit.app/login/oauth/authorize
Submission Tags: @phish_report
Submission: On January 23 via api from FI — Scanned from FI
Summary
TLS certificate: Issued by GTS CA 1D4 on December 21st 2023. Valid for: 3 months.
This is the only time tu360virtual.replit.app was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Bancolombia (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 1 | 2606:4700:303... 2606:4700:3037::6815:3eab | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 1 | 2606:4700:303... 2606:4700:3033::ac43:898f | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
10 | 34.117.33.233 34.117.33.233 | 396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM) | |
2 | 2a00:1450:400... 2a00:1450:4001:82a::200a | 15169 (GOOGLE) (GOOGLE) | |
6 | 54.243.238.66 54.243.238.66 | 14618 (AMAZON-AES) (AMAZON-AES) | |
3 | 18.238.243.26 18.238.243.26 | 16509 (AMAZON-02) (AMAZON-02) | |
2 | 45.223.128.45 45.223.128.45 | 19551 (INCAPSULA) (INCAPSULA) | |
23 | 5 |
ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 233.33.117.34.bc.googleusercontent.com
tu360virtual.replit.app |
ASN14618 (AMAZON-AES, US)
PTR: ec2-54-243-238-66.compute-1.amazonaws.com
botserver-4bd705e8580b.herokuapp.com |
ASN16509 (AMAZON-02, US)
PTR: server-18-238-243-26.ams58.r.cloudfront.net
tu360compras.grupobancolombia.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
10 |
replit.app
tu360virtual.replit.app |
3 MB |
6 |
herokuapp.com
botserver-4bd705e8580b.herokuapp.com |
4 KB |
3 |
grupobancolombia.com
tu360compras.grupobancolombia.com |
237 KB |
2 |
bancolombia.com
fua-ext.apps.bancolombia.com — Cisco Umbrella Rank: 717930 |
1 KB |
2 |
googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 28 |
2 KB |
2 |
my5353.com
2 redirects
my5353.com |
1 KB |
23 | 6 |
Domain | Requested by | |
---|---|---|
10 | tu360virtual.replit.app |
tu360virtual.replit.app
|
6 | botserver-4bd705e8580b.herokuapp.com |
tu360virtual.replit.app
|
3 | tu360compras.grupobancolombia.com |
tu360virtual.replit.app
|
2 | fua-ext.apps.bancolombia.com |
tu360virtual.replit.app
|
2 | fonts.googleapis.com |
tu360virtual.replit.app
|
2 | my5353.com | 2 redirects |
23 | 6 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
replit.app GTS CA 1D4 |
2023-12-21 - 2024-03-20 |
3 months | crt.sh |
upload.video.google.com GTS CA 1C3 |
2024-01-02 - 2024-03-26 |
3 months | crt.sh |
*.herokuapp.com Amazon RSA 2048 M01 |
2023-04-02 - 2024-04-30 |
a year | crt.sh |
tu360compras.grupobancolombia.com GlobalSign Extended Validation CA - SHA256 - G3 |
2023-08-25 - 2024-09-25 |
a year | crt.sh |
imperva.com GlobalSign Atlas R3 DV TLS CA 2023 Q3 |
2023-10-09 - 2024-04-06 |
6 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://tu360virtual.replit.app/login/oauth/authorize
Frame ID: C88F124DC9207E6BCBD07E2D6A5F5104
Requests: 22 HTTP requests in this frame
Screenshot
Page Title
Autenticación BancolombiaPage URL History Show full URLs
-
http://my5353.com/g19b4
HTTP 301
https://my5353.com/g19b4 HTTP 307
https://tu360virtual.replit.app/login/oauth/authorize Page URL
Detected technologies
Ruby on Rails (Web Frameworks) ExpandDetected patterns
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
http://my5353.com/g19b4
HTTP 301
https://my5353.com/g19b4 HTTP 307
https://tu360virtual.replit.app/login/oauth/authorize Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
23 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
authorize
tu360virtual.replit.app/login/oauth/ Redirect Chain
|
681 B 913 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
main.335f8b0f.js
tu360virtual.replit.app/static/js/ |
410 KB 410 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
main.316e3540.css
tu360virtual.replit.app/static/css/ |
2 MB 2 MB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
css2
fonts.googleapis.com/ |
7 KB 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
css2
fonts.googleapis.com/ |
572 B 422 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
/
botserver-4bd705e8580b.herokuapp.com/socket.io/ |
118 B 938 B |
XHR
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
headerIconBancolombia.e9678f112a702758542f8f98283cea47.svg
tu360virtual.replit.app/static/media/ |
7 KB 7 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
trazo-desktop.83647e80020ac3e596960e363572e9d1.svg
tu360virtual.replit.app/static/media/ |
11 KB 11 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
user.39a37ef47269f6d65906fbb23186e4b6.svg
tu360virtual.replit.app/static/media/ |
947 B 966 B |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
Bancolombia.ae56ff7f0e9a3fd0046b5f264dc42c79.svg
tu360virtual.replit.app/static/media/ |
7 KB 7 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
vigilado.691ba87177cfc7656937fafcb0c6925a.svg
tu360virtual.replit.app/static/media/ |
19 KB 19 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
Nunito-Bold.5b67d635abb53cc261c5.ttf
tu360virtual.replit.app/static/media/ |
167 KB 167 KB |
Font
font/ttf |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
OpenSans-Regular.9ccd5e1b1dbea150336d.ttf
tu360virtual.replit.app/static/media/ |
212 KB 212 KB |
Font
font/ttf |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
OpenSans-SemiBold.woff
tu360compras.grupobancolombia.com/themes/child/assets/css/ |
68 KB 69 KB |
Font
application/font-woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
OpenSans-Regular.woff
tu360compras.grupobancolombia.com/themes/child/assets/css/ |
66 KB 66 KB |
Font
application/font-woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
OpenSans-Bold.ttf
tu360compras.grupobancolombia.com/themes/child/assets/css/ |
102 KB 102 KB |
Font
application/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
get-ip
fua-ext.apps.bancolombia.com/fua/front_services/ |
22 B 545 B |
Fetch
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
get-ip
fua-ext.apps.bancolombia.com/fua/front_services/ |
22 B 836 B |
Fetch
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H/1.1 |
/
botserver-4bd705e8580b.herokuapp.com/socket.io/ |
2 B 804 B |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
/
botserver-4bd705e8580b.herokuapp.com/socket.io/ |
32 B 851 B |
XHR
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H/1.1 |
secure
botserver-4bd705e8580b.herokuapp.com/api/v1/ |
30 B 1021 B |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
OPTIONS H/1.1 |
secure
botserver-4bd705e8580b.herokuapp.com/api/v1/ |
0 0 |
Preflight
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
/
botserver-4bd705e8580b.herokuapp.com/socket.io/ |
1 B 819 B |
XHR
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Bancolombia (Banking)0 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
2 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
my5353.com/ | Name: _session_id Value: 3V6uvCDRi8nkdC3rFmSnP9FRitSZocWKkyOK2p12rDr0QLR8e2wEPZdKR1SdI5Hw |
|
my5353.com/ | Name: last_visit_time Value: 1706051015 |
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
Strict-Transport-Security | max-age=63072000; includeSubDomains |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
botserver-4bd705e8580b.herokuapp.com
fonts.googleapis.com
fua-ext.apps.bancolombia.com
my5353.com
tu360compras.grupobancolombia.com
tu360virtual.replit.app
18.238.243.26
2606:4700:3033::ac43:898f
2606:4700:3037::6815:3eab
2a00:1450:4001:82a::200a
34.117.33.233
45.223.128.45
54.243.238.66
031d534219625707f79bf22816788202a8ea4af69fc4bd06d0acfff5ba0dee76
13c03e22a633919beb2847c58c8285fb8a735ee97097d7c48fd403f8294b05f8
2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df
30904787c82dfec6330702ac2e1df74b657963af94bc23fdd6e19f6e86ae2681
36610de4b1371056e6d98bbe027a28b530ad5f0f8ceb8000179e3a55353c1d67
582a821fd667ac3c5b76d0f5554b4350ce381c2837ee573a3786248bd801959d
70632a3a4f6f6c67362813d47f677566ee376d51e0f7f9183acb1d6e1c89979a
8ada18f4d98efe8a79afada2bab1bda64c57c167946e6ed93974fe66b57b956f
956006994b1c6d9e3edee60605d1e64953f8ba4c2265076ebeeaee3190db57ce
9ec71930b337629000df5e78068edced1ad969c1f1d35cf4977d88d06660c313
bae04241433922b6e3a7c2ca047f2544df0e6b604fd47ec5839f1cefe28cbb4d
c0cfbf946549a96264827d16865ab5b8c1661777c2928b0fc7553b05283bd7e2
c31d2ed772733b9ab67919d41c668d8d454e046412943b0803b8da711c5ef9f6
e514079b81868df333bfc3714669e43934d4a3d97140d3a913ea76b43c9b6367
e689ebb2bbbcab66060a035597da22e77e2eb3d69436941ee0b8d832dbbec8cf
e7f6c011776e8db7cd330b54174fd76f7d0216b612387a5ffcfb81e6f0919683
eb3e750c6fab3976f69f16b4f398de3d44e8fb7d596235c25a28df5ddacf48f7
f1a6822159e84d2e14217cfd77a20ebd873a142c9846df855145f3b1a7b1d4c1
f3cab28bb9cf0b3926f89d4fd38a39d7cc2a39da1a793aa7b24494796cb88415
f7916a37377e38527d4306303cfe89b653b49b0a6b0b05c6b7593f7ab0248da8
ff3f4433a66a672e937b40aeedc29f8c0bb0dd51d1745fa3647c63774c5dc065