DANGEROUS

Brand impersonation — not the real site

The page visually clones microsoft.com. This page is styled as a brand but is not the brand's real site. Go to the official site directly, and treat any download, login, or payment request here as unsafe.

Security Review

Is accion-inmediata--aviso-urgente.replit.app legit or a scam?

Our verdict:Dangerous· 1/100

Fake Microsoft login page on a brand-new Replit subdomain designed to steal credentials.

accion-inmediata--aviso-urgente.replit.appScanned 16h ago
0
Trust score
DANGEROUS
Score breakdown
Heuristics 0·MT 10
Screenshot of accion-inmediata--aviso-urgente.replit.appSee the live page ↓
Category tags
phishing#phishing#clone site95% MT confidence
Technical red flags (3)
5 of 92 engines flaggedDomain is 0 days oldVisual clone of microsoft.com
Warning signals (1)
Scam-network signals (20/100)
Positive signals (3)
Not on major blacklistsEncrypted connectionClean server reputation

These checks passed — but they don't clear the site. A clean antivirus result, valid SSL, and a calm server only mean it isn't hosting malware; they say nothing about whether the business is real. This verdict is based on the site's conduct and content, not a malware detection.

View density

Analysis Summary

Threat Intelligence
5/92
Engines flagged this URL
Domain Age
0 days old
Registration date unknown
Intelligence
Dangerous
Critical likelihood · 95% confidence

Website Preview

Screenshot of accion-inmediata--aviso-urgente.replit.app
LIVE RENDER
accion-inmediata--aviso-urgente.replit.app

Automated page render — captured in a safe sandbox. What an ordinary visitor would see when loading the site. See full visual analysis →

Visual analysis

We capture a fresh screenshot of the live page and ask a vision model to look for scam visual patterns — fake trust badges, countdown timers, overlay pop-ups, and visual clones of legitimate brands.

95
/ 100
Critical visual riskVisual clone

The page visually mimics microsoft.com

The page is a clear phishing attempt mimicking a Microsoft login portal, hosted on a non-official development platform (Replit) with inconsistent language usage.

Visual risk95/100

What our vision model saw

6 signals

Unauthorized use of the Microsoft logo and branding elements

Mismatched languages with Spanish header text and English button text

Visible 'Made with Replit' watermark indicating the site is hosted on a free development platform

Simplified login form designed to harvest email or phone number credentials

Lack of official footer links, legal disclaimers, or standard corporate navigation

Unprofessional layout that mimics a legitimate login portal but lacks authentic security features

Intelligence

Advanced threat intelligence
Analysis
Critical scam likelihoodengineMT · Guardiantrust10/100
MT AgentLive web researchVisual inspectionNetwork correlation
0%
Confidence
The page displays a Microsoft-branded login form with the logo and layout copied from the real service. Four engines from our antivirus network flagged the URL as phishing or malware, including ESET, Kaspersky, and G-Data. The domain itself is only hours old and runs on a free developer platform that has no business registration tied to it. Visual analysis confirms the site is a clone with mismatched Spanish and English text plus a visible Replit watermark. No legitimate company would launch an official Microsoft portal on a Replit subdomain created the same day. The combination of brand impersonation, fresh domain, and multiple detections makes this a clear credential-harvesting attempt.
Full dossier
Analysis complete

Page Content

The page shows a login form titled "Acción inmediata-2026" that asks for username and password. It includes Microsoft branding elements and language mixing Spanish headers with English buttons. No contact details, footer links, or legal notices appear anywhere on the page.

Infrastructure

The site runs on Replit's free hosting at IP 34.117.33.233 with a low abuse score. SSL is issued by Google Trust Services and expires in 34 days. The page loads external scripts from Microsoft, Google, and Cloudflare CDNs while displaying a "Made with Replit" watermark.

Domain History

The subdomain was registered today with zero days of history. No business registration records exist for the domain or any Replit subdomains in public databases.

Web Reputation

Three external scanners have already listed the domain or similar Replit phishing pages. Phishdestroy.io reports seven detections for this exact subdomain. Malwareurl.com has flagged other Replit.app phishing domains on the same IP range.

What this means for you

Entering any credentials on this page sends them directly to attackers. Do not use the login form or provide any personal information.

Risk Factors
5
  • Domain created today with no business registration or history.
  • Four antivirus engines flag the page as phishing or malware.
  • Exact visual clone of Microsoft login page hosted on free Replit platform.
  • No contact information, legal footer, or corporate details present.
  • Mismatched Spanish and English text indicates hastily assembled fake.
AI Recommendation
Close the page immediately and never enter credentials. Report the URL to Replit abuse if possible.
Next-gen fraud intelligence
Evidence-backedCross-checked

Web Research Findings

Our live research agent queries scam-report databases, consumer-review sites, news coverage, and general web search for accion-inmediata--aviso-urgente.replit.app, then cross-checks business-registration records and look-alike domain patterns. Everything below is pulled from what it actually found.

Business registration
No public record found
Could not match the site to a registered company — common for small sites.
Clone check
Not a clone
No well-known site's layout or branding detected here.
Typosquat check
No look-alike match
The domain doesn't resemble any well-known brand's spelling.
Web mentions
3 scam reports
Key findings
7 headline facts from open-web research
  • Domain is a Replit.app subdomain (accion-inmediata--aviso-urgente.replit.app), created 0 days ago per input.
  • Listed with 7 detections on phishdestroy.io alongside other suspicious domains.
  • Similar Replit.app subdomains (e.g., serviciossucursal-transaccional.replit.app) flagged as phishing on malwareurl.com and VirusTotal (8/91 vendors).
  • Replit platform has documented abuse reports for phishing/malware hosted on .replit.app domains; official docs direct reports to abuse@replit.com.
  • Multiple security scanners (urlquery.net, any.run) have analyzed Replit.app-hosted pages for malware/phishing.
  • No direct mentions, reviews, or complaints specifically naming this exact subdomain in search results.
  • Page title 'Acción inmediata-2026' matches phrasing in unrelated Spanish alerts about urgent actions or fraud warnings.
Scam reports (3)
Direct quotes from public scam databases, forums, and news.
  • phishdestroy.ioopen

    "accion-inmediata--aviso-urgente.replit.app . 7 detections"

  • urlquery.netopen

    "urlquery is an online service that scans webpages for malware, suspicious elements and reputation. accion - inmediata -- aviso - urgente . replit . app /"

  • malwareurl.comopen

    "serviciossucursal-transaccional.replit.app , 34.117.33.233, Phishing, 2023-09-18"

Research summary
Narrative write-up from our AI analyst, grounded on the facts above

Phishdestroy.io lists this exact subdomain with seven detections. Urlquery.net scanned the page for malware indicators. Malwareurl.com has previously flagged other Replit.app phishing domains on the same IP range. No positive reviews or business records were found for the domain.

Threat Detection

Scam Network

Cross-site correlation

This site shares signals with a broader cluster

Moderate correlation

Many scams don't operate alone. We correlate third-party scripts, hosting infrastructure, brand-impersonation signals, and the AI evidence package to detect when a site is part of a broader scam network.

Suspicion score
0/100
ClearLowModerateHighCritical
Evidence (1)
  • Screenshot analysis found visual cloning of microsoft.com.
Linked signals (2)
cdnjs.cloudflare.comClone of microsoft.com

Antivirus Engines

Detection matrix · live
5 engines flagged this URL

We cross-check every URL against our antivirus network of 92 malware and blacklist engines. Each detection is listed below by engine name — even a single hit is a meaningful signal.

4Malicious1Suspicious54Harmless92Engines
0
of 92
ESET
Malicious· phishing
G-Data
Malicious· malware
Kaspersky
Malicious· phishing
LevelBlue
Malicious· phishing
Forcepoint ThreatSeeker
Suspicious· spam

5 antivirus engines flagged this URL. Even a single detection is a meaningful signal — treat this site with extra caution and avoid entering credentials, payment info, or downloading any files.

Security Scans

Blacklist Check
Not flagged on major threat lists

Checked against the major public blocklists used by browsers and security tools — no hits.

Reputation Sources

How this domain rates across independent threat-intelligence and blocklist providers.

Google Safe Browsing
Not listedCheck ↗
VirusTotal
ListedCheck ↗
AbuseIPDB
Not listedCheck ↗

Scam-Type Likelihood

1 scam-type patterns detected
Scam-Type Likelihood

1 of 13 categories showed signals

We check every URL against 13 distinct scam categories so the verdict tells you not just how risky the page is, but what kind of risk it carries. Each meter pulls from page signals, web reports, our AI analyst, vision, and the scam-network cluster — not from raw AV labels.

Top match: Brand Impersonation
Brand Impersonation
Moderate likelihood
55/100
  • Visual clone of microsoft.com detected in the screenshot.
  • AI analyst tagged this as a brand / clone-site impersonation.
  • Clustered with known brand-impersonation infrastructure.

Technical Details

Contact Verification

We fetched the page and looked for real-world contact details. Legitimate businesses almost always publish an email on their own domain, a phone number, and a postal address. Scam shops usually don't.

What We Found
No clear contact details on the page
Emails on site's domainNone
Phone numbersNone
Postal addressNot listed
Linked social profiles0
Signal Summary
Several contact red flags
  • No contact email found anywhere on the page.
  • No phone number listed on the page.
  • No postal address visible on the page.

Domain & Encryption

Domain History
Age0 days old
RegistrarHidden
RegisteredUnknown
ExpiresUnknown
Owner privacyVisible
Encryption Certificate
StatusValid
ProtocolTLSv1.3
IssuerGoogle Trust Services · WR3
ExpiresAug 11, 2026 (34d)
Self-signedNo
Hosting & Technology
HostingGoogle LLC
Server locationUS
Web serverGoogle Frontend

Redirect Chain

Hops
1
Cross-domain
No
Lookalike
No
Punycode
No
  • 1301http://accion-inmediata--aviso-urgente.replit.app/
  • 2200https://accion-inmediata--aviso-urgente.replit.app/

Server Reputation

Abuse Intelligence
Confidence score2%
Reports on file1
ISPGoogle LLC
Usage typeContent Delivery Network

Referenced Domains

Outbound domains this page links to or loads resources from. Each links to its own security scan.

What to do

Brand impersonation detected

This page is styled as a known brand but is not the brand's real site.

  • Do not interact with accion-inmediata--aviso-urgente.replit.app

    Do not enter credentials, deposit money, download files, or install browser extensions from this site.

  • Go to the brand's real site directly

    Type the brand name into a search engine or open it from your bookmarks — don't use links from emails, SMS, ads, or social posts, which are the delivery vectors for impersonation.

  • Never download or sign in here

    Even if the page "just" offers a download or a giveaway, impersonation pages frequently deliver malware or set up follow-up phishing. Assume anything accepted from this site is hostile.

  • Report the impersonation to the brand

    Most major brands have a dedicated abuse or anti-phishing reporting channel — reporting helps them take the site down and protects other users.

    Open

Final Verdict

0
Trust / 100
Final Verdict·accion-inmediata--aviso-urgente.replit.app
DANGEROUS

This is a fake Microsoft login page hosted on Replit. The domain was created today and four antivirus engines already flag it as phishing.

Close the page immediately and never enter credentials. Report the URL to Replit abuse if possible.

AV engines
92
MT passes
2
Net signals
2
Scan another URL
Security review completemalwaretips.com/url-scan

Safety FAQ

Common questions about this site, answered directly from the scan data above — so the answers always reflect the latest verdict on this page.

  • Our automated security review flags accion-inmediata--aviso-urgente.replit.app as dangerous. Multiple threat indicators were detected — treat the site as a scam until proven otherwise.
  • No — accion-inmediata--aviso-urgente.replit.app scored 1/100 on our trust scale. We detected active threat indicators, so we recommend avoiding the site entirely.
  • Yes. accion-inmediata--aviso-urgente.replit.app presents a valid TLSv1.3 certificate issued by Google Trust Services · WR3, expiring in 34 days. Note that SSL only encrypts the connection — it does not guarantee that the site itself is trustworthy.
  • accion-inmediata--aviso-urgente.replit.app is 0 days old. Scam domains are often freshly registered — a site under 6 months old warrants extra caution.
  • 5 out of 92 antivirus engines in our malware network flagged accion-inmediata--aviso-urgente.replit.app as malicious or suspicious (4 outright malicious). Even one detection is a meaningful signal.
  • No. accion-inmediata--aviso-urgente.replit.app is not currently listed on the major browser blocklist feeds that modern browsers use.
  • accion-inmediata--aviso-urgente.replit.app resolves to an IP operated by Google LLC in US (usage type: Content Delivery Network). Hosting location alone doesn't make a site good or bad, but unusual geography for a brand's claimed country is one of many signals we weigh.
  • This is a permanent record of the scan run on July 7, 2026. The verdict and evidence above reflect that scan and do not change on their own. If circumstances around accion-inmediata--aviso-urgente.replit.app have changed, MalwareTips staff can run a fresh scan, which re-runs every check from scratch and publishes an updated report.
Recently scanned

Other Dangerous reports

Browse all reports
Community review

User reviews & comments(0)

Share your experience — "Lost $200 on a fake checkout" is more useful than "Scam". Your review helps others avoid traps.

Loading…
Loading comments…
This report is generated automatically by combining threat intelligence, domain signals, and an AI security analyst. It is informational, not legal advice. Always use your own judgement before sharing personal information or money online.