bank.infodatabofa.repl.co
Open in
urlscan Pro
34.149.204.188
Malicious Activity!
Public Scan
Effective URL: https://bank.infodatabofa.repl.co/crdet.php?entity=60865
Submission: On November 09 via manual from SG — Scanned from DE
Summary
TLS certificate: Issued by R3 on November 8th 2022. Valid for: 3 months.
This is the only time bank.infodatabofa.repl.co was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Bank of America (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 11 | 34.149.204.188 34.149.204.188 | 15169 (GOOGLE) (GOOGLE) | |
10 | 1 |
ASN15169 (GOOGLE, US)
PTR: 188.204.149.34.bc.googleusercontent.com
bank.infodatabofa.repl.co |
Apex Domain Subdomains |
Transfer | |
---|---|---|
11 |
repl.co
1 redirects
bank.infodatabofa.repl.co |
179 KB |
10 | 1 |
Domain | Requested by | |
---|---|---|
11 | bank.infodatabofa.repl.co |
1 redirects
bank.infodatabofa.repl.co
|
10 | 1 |
This site contains links to these domains. Also see Links.
Domain |
---|
sitekey.bankofamerica.com |
Subject Issuer | Validity | Valid | |
---|---|---|---|
infodatabofa.repl.co R3 |
2022-11-08 - 2023-02-06 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://bank.infodatabofa.repl.co/crdet.php?entity=60865
Frame ID: A8F6D5DF29B0C69835A3CA2904C419B6
Requests: 10 HTTP requests in this frame
Screenshot
Page Title
Bank of America | Online Banking | Sign In | Online IDPage URL History Show full URLs
-
http://bank.infodatabofa.repl.co/crdet.php?entity=60865
HTTP 308
https://bank.infodatabofa.repl.co/crdet.php?entity=60865 Page URL
Detected technologies
PHP (Programming Languages) ExpandDetected patterns
- \.php(?:$|\?)
Page Statistics
1 Outgoing links
These are links going to different origins than the main page.
Title: What is this?
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
http://bank.infodatabofa.repl.co/crdet.php?entity=60865
HTTP 308
https://bank.infodatabofa.repl.co/crdet.php?entity=60865 Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
10 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
crdet.php
bank.infodatabofa.repl.co/ Redirect Chain
|
7 KB 7 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
new.css
bank.infodatabofa.repl.co/css/ |
98 KB 98 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
pin.css
bank.infodatabofa.repl.co/css/ |
481 B 511 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
BofA_rgb.png
bank.infodatabofa.repl.co/images/ |
38 KB 39 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
safepass-widget-html-util.css
bank.infodatabofa.repl.co/css/ |
15 KB 15 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
fsd-secure-esp-sprite.png
bank.infodatabofa.repl.co/img/ |
562 B 562 B |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
safepass-skin1-sprite.png
bank.infodatabofa.repl.co/images/ |
17 KB 17 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
sp-error.png
bank.infodatabofa.repl.co/images/ |
552 B 552 B |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
gfootb-static-sprite.png
bank.infodatabofa.repl.co/img/ |
561 B 561 B |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
gfoot-home-icon.png
bank.infodatabofa.repl.co/img/ |
556 B 556 B |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Bank of America (Banking)9 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onbeforeinput object| oncontextlost object| oncontextrestored function| structuredClone object| launchQueue object| onbeforematch function| getScreenDetails function| queryLocalFonts object| navigation0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
4 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
Strict-Transport-Security | max-age=7671739; includeSubDomains |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
bank.infodatabofa.repl.co
34.149.204.188
1cb11914339df9aa86d74897970004942b08575aa08af7349e9cc917d2010dbe
30652cee5990b3b76f6cbf6f26362be9254dd62b4c6e6003c1127d1484573787
5b466a43c60f0b3f5c7afbffc68e77fd822e59da136c1835db5198db7db969b5
6ae9b4b28deaa6d2b822c15ab6a099b94d805e43c9a147a23443cfe58f4ed664
878d0c9ffbcb289a551a42842975d3f4866e0a57e1a07092780865039d76ef3c
88452f7577d9ea4b5e6ad0e59ed385915980a0a4f86cb9c4ce23971f28b163c1
9b070881d3f4509ab823200870f8f3a2a2dfedec0b144249250dd5dfc6f8c95b
9b36c8e0ef65db0d0292625565605523e3684a5ba0a1e90cf7468f329871fd70
cb403373493bfec4c15b66290d588e9e8a325d986c386044413f3226f4d71d8f
d887c0e32af7944f50f6e217e5737df9a22f6bf23d1221ddf0490f1712a9e3ad