bank.infodatabofa.repl.co Open in urlscan Pro
34.149.204.188 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://bank.infodatabofa.repl.co/crdet.php?entity=60865
Effective URL:
https://bank.infodatabofa.repl.co/crdet.php?entity=60865
Submission: On November 09 via manual (November 9th 2022, 4:12:06 pm UTC) from SG — Scanned from DE

Summary HTTP 10 Redirects Links 1 Behaviour Indicators

Summary

This website contacted 1 IPs in 1 countries across 1 domains to perform 10 HTTP transactions. The main IP is 34.149.204.188, located in Kansas City, United States and belongs to GOOGLE, US. The main domain is bank.infodatabofa.repl.co.
TLS certificate: Issued by R3 on November 8th 2022. Valid for: 3 months.

This is the only time bank.infodatabofa.repl.co was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Bank of America (Banking)

Domain & IP information

	IP Address		AS Autonomous System
1 11	34.149.204.188 34.149.204.188		15169 (GOOGLE) (GOOGLE)
10	1

11 34.149.204.188 (Kansas City, United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: 188.204.149.34.bc.googleusercontent.com

bank.infodatabofa.repl.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
11	repl.co 1 redirects bank.infodatabofa.repl.co	179 KB
10	1

	Domain	Requested by
11	bank.infodatabofa.repl.co	1 redirects bank.infodatabofa.repl.co
10	1

This site contains links to these domains. Also see Links.

Domain
sitekey.bankofamerica.com

Subject Issuer	Validity	Valid
infodatabofa.repl.co R3	`2022-11-08` - `2023-02-06`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://bank.infodatabofa.repl.co/crdet.php?entity=60865
Frame ID: A8F6D5DF29B0C69835A3CA2904C419B6
Requests: 10 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Bank of America | Online Banking | Sign In | Online ID

Page URL History Show full URLs

http://bank.infodatabofa.repl.co/crdet.php?entity=60865 HTTP 308
https://bank.infodatabofa.repl.co/crdet.php?entity=60865 Page URL

Detected technologies

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

\.php(?:$|\?)

Page Statistics

10
Requests

100 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

179 kB
Transfer

178 kB
Size

0
Cookies

1 Outgoing links

These are links going to different origins than the main page.

URL: https://sitekey.bankofamerica.com/cmsContent/en_US/TransferFunds/Model/WhyDoWeAskForThisInfoPopUp.html
Title: What is this?

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://bank.infodatabofa.repl.co/crdet.php?entity=60865 HTTP 308
https://bank.infodatabofa.repl.co/crdet.php?entity=60865 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

10 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request crdet.php Show response
bank.infodatabofa.repl.co/
Redirect Chain

http://bank.infodatabofa.repl.co/crdet.php?entity=60865
https://bank.infodatabofa.repl.co/crdet.php?entity=60865

7 KB
7 KB

337ms
180ms

Document
text/html

34.149.204.188
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://bank.infodatabofa.repl.co/crdet.php?entity=60865

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

34.149.204.188 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

188.204.149.34.bc.googleusercontent.com

Software

/ PHP/7.4.21

Resource Hash

878d0c9ffbcb289a551a42842975d3f4866e0a57e1a07092780865039d76ef3c

Security Headers

Name	Value
Strict-Transport-Security	max-age=7671739; includeSubDomains

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

content-type: text/html; charset=UTF-8
date: Wed, 09 Nov 2022 16:12:01 GMT
expect-ct: max-age=2592000, report-uri="https://sentry.repl.it/api/10/security/?sentry_key=615192fd532445bfbbbe966cd7131791"
host: bank.infodatabofa.repl.co
replit-cluster: global
strict-transport-security: max-age=7671739; includeSubDomains
x-powered-by: PHP/7.4.21

Redirect headers

Content-Length: 92
Content-Type: text/html; charset=utf-8
Date: Wed, 09 Nov 2022 16:12:01 GMT
Location: https://bank.infodatabofa.repl.co/crdet.php?entity=60865
Replit-Cluster: global
Via: 1.1 google

GET
H2 200 new.css
bank.infodatabofa.repl.co/css/ 98 KB
98 KB 135ms
135ms Stylesheet
text/css 34.149.204.188
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://bank.infodatabofa.repl.co/css/new.css

Requested by

Host: bank.infodatabofa.repl.co
URL: https://bank.infodatabofa.repl.co/crdet.php?entity=60865

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

34.149.204.188 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

188.204.149.34.bc.googleusercontent.com

Software

Resource Hash

d887c0e32af7944f50f6e217e5737df9a22f6bf23d1221ddf0490f1712a9e3ad

Security Headers

Name	Value
Strict-Transport-Security	max-age=7671739; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://bank.infodatabofa.repl.co/crdet.php?entity=60865
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Wed, 09 Nov 2022 16:12:01 GMT
strict-transport-security: max-age=7671739; includeSubDomains
host: bank.infodatabofa.repl.co
replit-cluster: global
expect-ct: max-age=2592000, report-uri="https://sentry.repl.it/api/10/security/?sentry_key=615192fd532445bfbbbe966cd7131791"
content-length: 100301
content-type: text/css; charset=UTF-8

GET
H2 200 pin.css
bank.infodatabofa.repl.co/css/ 481 B
511 B 140ms
140ms Stylesheet
text/css 34.149.204.188
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://bank.infodatabofa.repl.co/css/pin.css

Requested by

Host: bank.infodatabofa.repl.co
URL: https://bank.infodatabofa.repl.co/crdet.php?entity=60865

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

34.149.204.188 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

188.204.149.34.bc.googleusercontent.com

Software

Resource Hash

88452f7577d9ea4b5e6ad0e59ed385915980a0a4f86cb9c4ce23971f28b163c1

Security Headers

Name	Value
Strict-Transport-Security	max-age=7671739; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://bank.infodatabofa.repl.co/crdet.php?entity=60865
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Wed, 09 Nov 2022 16:12:01 GMT
strict-transport-security: max-age=7671739; includeSubDomains
host: bank.infodatabofa.repl.co
replit-cluster: global
expect-ct: max-age=2592000, report-uri="https://sentry.repl.it/api/10/security/?sentry_key=615192fd532445bfbbbe966cd7131791"
content-length: 481
content-type: text/css; charset=UTF-8

GET
H2 200 BofA_rgb.png
bank.infodatabofa.repl.co/images/ 38 KB
39 KB 237ms
236ms Image
image/png 34.149.204.188
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bank.infodatabofa.repl.co/images/BofA_rgb.png

Requested by

Host: bank.infodatabofa.repl.co
URL: https://bank.infodatabofa.repl.co/crdet.php?entity=60865

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

34.149.204.188 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

188.204.149.34.bc.googleusercontent.com

Software

Resource Hash

30652cee5990b3b76f6cbf6f26362be9254dd62b4c6e6003c1127d1484573787

Security Headers

Name	Value
Strict-Transport-Security	max-age=7671739; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://bank.infodatabofa.repl.co/crdet.php?entity=60865
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Wed, 09 Nov 2022 16:12:01 GMT
strict-transport-security: max-age=7671739; includeSubDomains
host: bank.infodatabofa.repl.co
replit-cluster: global
expect-ct: max-age=2592000, report-uri="https://sentry.repl.it/api/10/security/?sentry_key=615192fd532445bfbbbe966cd7131791"
content-length: 39422
content-type: image/png

GET
H2 200 safepass-widget-html-util.css
bank.infodatabofa.repl.co/css/ 15 KB
15 KB 243ms
243ms Stylesheet
text/css 34.149.204.188
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://bank.infodatabofa.repl.co/css/safepass-widget-html-util.css

Requested by

Host: bank.infodatabofa.repl.co
URL: https://bank.infodatabofa.repl.co/crdet.php?entity=60865

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

34.149.204.188 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

188.204.149.34.bc.googleusercontent.com

Software

Resource Hash

cb403373493bfec4c15b66290d588e9e8a325d986c386044413f3226f4d71d8f

Security Headers

Name	Value
Strict-Transport-Security	max-age=7671739; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://bank.infodatabofa.repl.co/crdet.php?entity=60865
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Wed, 09 Nov 2022 16:12:01 GMT
strict-transport-security: max-age=7671739; includeSubDomains
host: bank.infodatabofa.repl.co
replit-cluster: global
expect-ct: max-age=2592000, report-uri="https://sentry.repl.it/api/10/security/?sentry_key=615192fd532445bfbbbe966cd7131791"
content-length: 14918
content-type: text/css; charset=UTF-8

GET
H2 404 fsd-secure-esp-sprite.png
bank.infodatabofa.repl.co/img/ 562 B
562 B 134ms
134ms Image
text/html 34.149.204.188
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bank.infodatabofa.repl.co/img/fsd-secure-esp-sprite.png

Requested by

Host: bank.infodatabofa.repl.co
URL: https://bank.infodatabofa.repl.co/css/new.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

34.149.204.188 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

188.204.149.34.bc.googleusercontent.com

Software

Resource Hash

1cb11914339df9aa86d74897970004942b08575aa08af7349e9cc917d2010dbe

Security Headers

Name	Value
Strict-Transport-Security	max-age=7671738; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://bank.infodatabofa.repl.co/css/new.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Wed, 09 Nov 2022 16:12:02 GMT
strict-transport-security: max-age=7671738; includeSubDomains
host: bank.infodatabofa.repl.co
replit-cluster: global
expect-ct: max-age=2592000, report-uri="https://sentry.repl.it/api/10/security/?sentry_key=615192fd532445bfbbbe966cd7131791"
content-length: 562
content-type: text/html; charset=UTF-8

GET
H2 200 safepass-skin1-sprite.png
bank.infodatabofa.repl.co/images/ 17 KB
17 KB 135ms
134ms Image
image/png 34.149.204.188
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bank.infodatabofa.repl.co/images/safepass-skin1-sprite.png

Requested by

Host: bank.infodatabofa.repl.co
URL: https://bank.infodatabofa.repl.co/css/safepass-widget-html-util.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

34.149.204.188 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

188.204.149.34.bc.googleusercontent.com

Software

Resource Hash

5b466a43c60f0b3f5c7afbffc68e77fd822e59da136c1835db5198db7db969b5

Security Headers

Name	Value
Strict-Transport-Security	max-age=7671738; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://bank.infodatabofa.repl.co/css/safepass-widget-html-util.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Wed, 09 Nov 2022 16:12:02 GMT
strict-transport-security: max-age=7671738; includeSubDomains
host: bank.infodatabofa.repl.co
replit-cluster: global
expect-ct: max-age=2592000, report-uri="https://sentry.repl.it/api/10/security/?sentry_key=615192fd532445bfbbbe966cd7131791"
content-length: 17745
content-type: image/png

GET
H2 404 sp-error.png
bank.infodatabofa.repl.co/images/ 552 B
552 B 136ms
135ms Image
text/html 34.149.204.188
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bank.infodatabofa.repl.co/images/sp-error.png

Requested by

Host: bank.infodatabofa.repl.co
URL: https://bank.infodatabofa.repl.co/css/safepass-widget-html-util.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

34.149.204.188 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

188.204.149.34.bc.googleusercontent.com

Software

Resource Hash

9b36c8e0ef65db0d0292625565605523e3684a5ba0a1e90cf7468f329871fd70

Security Headers

Name	Value
Strict-Transport-Security	max-age=7671738; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://bank.infodatabofa.repl.co/css/safepass-widget-html-util.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Wed, 09 Nov 2022 16:12:02 GMT
strict-transport-security: max-age=7671738; includeSubDomains
host: bank.infodatabofa.repl.co
replit-cluster: global
expect-ct: max-age=2592000, report-uri="https://sentry.repl.it/api/10/security/?sentry_key=615192fd532445bfbbbe966cd7131791"
content-length: 552
content-type: text/html; charset=UTF-8

GET
H2 404 gfootb-static-sprite.png
bank.infodatabofa.repl.co/img/ 561 B
561 B 136ms
136ms Image
text/html 34.149.204.188
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bank.infodatabofa.repl.co/img/gfootb-static-sprite.png

Requested by

Host: bank.infodatabofa.repl.co
URL: https://bank.infodatabofa.repl.co/css/new.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

34.149.204.188 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

188.204.149.34.bc.googleusercontent.com

Software

Resource Hash

9b070881d3f4509ab823200870f8f3a2a2dfedec0b144249250dd5dfc6f8c95b

Security Headers

Name	Value
Strict-Transport-Security	max-age=7671738; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://bank.infodatabofa.repl.co/css/new.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Wed, 09 Nov 2022 16:12:02 GMT
strict-transport-security: max-age=7671738; includeSubDomains
host: bank.infodatabofa.repl.co
replit-cluster: global
expect-ct: max-age=2592000, report-uri="https://sentry.repl.it/api/10/security/?sentry_key=615192fd532445bfbbbe966cd7131791"
content-length: 561
content-type: text/html; charset=UTF-8

GET
H2 404 gfoot-home-icon.png
bank.infodatabofa.repl.co/img/ 556 B
556 B 134ms
134ms Image
text/html 34.149.204.188
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bank.infodatabofa.repl.co/img/gfoot-home-icon.png

Requested by

Host: bank.infodatabofa.repl.co
URL: https://bank.infodatabofa.repl.co/css/new.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

34.149.204.188 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

188.204.149.34.bc.googleusercontent.com

Software

Resource Hash

6ae9b4b28deaa6d2b822c15ab6a099b94d805e43c9a147a23443cfe58f4ed664

Security Headers

Name	Value
Strict-Transport-Security	max-age=7671738; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://bank.infodatabofa.repl.co/css/new.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Wed, 09 Nov 2022 16:12:02 GMT
strict-transport-security: max-age=7671738; includeSubDomains
host: bank.infodatabofa.repl.co
replit-cluster: global
expect-ct: max-age=2592000, report-uri="https://sentry.repl.it/api/10/security/?sentry_key=615192fd532445bfbbbe966cd7131791"
content-length: 556
content-type: text/html; charset=UTF-8

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Bank of America (Banking)

9 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

4 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://bank.infodatabofa.repl.co/img/fsd-secure-esp-sprite.png Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://bank.infodatabofa.repl.co/img/gfoot-home-icon.png Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://bank.infodatabofa.repl.co/images/sp-error.png Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://bank.infodatabofa.repl.co/img/gfootb-static-sprite.png Message: Failed to load resource: the server responded with a status of 404 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=7671739; includeSubDomains

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

bank.infodatabofa.repl.co
34.149.204.188
1cb11914339df9aa86d74897970004942b08575aa08af7349e9cc917d2010dbe
30652cee5990b3b76f6cbf6f26362be9254dd62b4c6e6003c1127d1484573787
5b466a43c60f0b3f5c7afbffc68e77fd822e59da136c1835db5198db7db969b5
6ae9b4b28deaa6d2b822c15ab6a099b94d805e43c9a147a23443cfe58f4ed664
878d0c9ffbcb289a551a42842975d3f4866e0a57e1a07092780865039d76ef3c
88452f7577d9ea4b5e6ad0e59ed385915980a0a4f86cb9c4ce23971f28b163c1
9b070881d3f4509ab823200870f8f3a2a2dfedec0b144249250dd5dfc6f8c95b
9b36c8e0ef65db0d0292625565605523e3684a5ba0a1e90cf7468f329871fd70
cb403373493bfec4c15b66290d588e9e8a325d986c386044413f3226f4d71d8f
d887c0e32af7944f50f6e217e5737df9a22f6bf23d1221ddf0490f1712a9e3ad

bank.infodatabofa.repl.co Open in urlscan Pro 34.149.204.188 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

10 Requests

100 %HTTPS

0 %IPv6

1 Domains

1 Subdomains

1 IPs

1 Countries

179 kBTransfer

178 kBSize

0 Cookies

1 Outgoing links

Page URL History

Redirected requests

10 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

9 JavaScript Global Variables

0 Cookies

4 Console Messages

Security Headers

Indicators

bank.infodatabofa.repl.co Open in urlscan Pro
34.149.204.188 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

10
Requests

100 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

179 kB
Transfer

178 kB
Size

0
Cookies

10 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!