dash.formaloo.com Open in urlscan Pro
172.67.72.249 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://dash.formaloo.com/app/8e99x9k37x3jg1d/p/HmfnZCDu
Submission: On October 13 via api (October 13th 2024, 4:19:29 am UTC) from CA — Scanned from CA

Summary HTTP 97 Redirects Links 1 Behaviour Indicators

Summary

This website contacted 13 IPs in 1 countries across 9 domains to perform 97 HTTP transactions. The main IP is 172.67.72.249, located in United States and belongs to CLOUDFLARENET, US. The main domain is dash.formaloo.com.
TLS certificate: Issued by WE1 on September 12th 2024. Valid for: 3 months.

This is the only time dash.formaloo.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Generic Cloudflare (Online)

Domain & IP information

	IP Address	AS Autonomous System
1 75	172.67.72.249 172.67.72.249	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	2607:f8b0:400... 2607:f8b0:400d:c03::61	15169 (GOOGLE) (GOOGLE)
3	2606:4700:20:... 2606:4700:20::ac43:486f	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2600:9000:250... 2600:9000:2509:9a00:1e:b6b6:9ac0:93a1	16509 (AMAZON-02) (AMAZON-02)
1	142.250.31.155 142.250.31.155	15169 (GOOGLE) (GOOGLE)
4	2607:f8b0:400... 2607:f8b0:400d:c09::9d	15169 (GOOGLE) (GOOGLE)
1 3	74.125.192.157 74.125.192.157	15169 (GOOGLE) (GOOGLE)
1 2	2607:f8b0:400... 2607:f8b0:4004:c1d::66	15169 (GOOGLE) (GOOGLE)
1	2607:f8b0:400... 2607:f8b0:400d:c0d::9d	15169 (GOOGLE) (GOOGLE)
1	2607:f8b0:400... 2607:f8b0:400d:c09::66	15169 (GOOGLE) (GOOGLE)
4	64.233.180.94 64.233.180.94	15169 (GOOGLE) (GOOGLE)
1 3	173.194.68.99 173.194.68.99	15169 (GOOGLE) (GOOGLE)
97	13

75 172.67.72.249 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

dash.formaloo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2607:f8b0:400d:c03::61 (Morganton, United States)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2606:4700:20::ac43:486f (United States)

ASN13335 (CLOUDFLARENET, US)

api.formaloo.me	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:2509:9a00:1e:b6b6:9ac0:93a1 (United States)

ASN16509 (AMAZON-02, US)

cdn.firstpromoter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.31.155 (United States)

ASN15169 (GOOGLE, US)
PTR: bj-in-f155.1e100.net

www.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2607:f8b0:400d:c09::9d (Morganton, United States)

ASN15169 (GOOGLE, US)

td.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 74.125.192.157 (United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: qn-in-f157.1e100.net

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2607:f8b0:4004:c1d::66 (Washington, United States) 1 redirects

ASN15169 (GOOGLE, US)

analytics.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2607:f8b0:400d:c0d::9d (Morganton, United States)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2607:f8b0:400d:c09::66 (Morganton, United States)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 64.233.180.94 (United States)

ASN15169 (GOOGLE, US)
PTR: on-in-f94.1e100.net

www.google.ca	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 173.194.68.99 (United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: qr-in-f99.1e100.net

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
75	formaloo.com 1 redirects dash.formaloo.com	2 MB
8	doubleclick.net 1 redirects td.doubleclick.net — Cisco Umbrella Rank: 192 googleads.g.doubleclick.net — Cisco Umbrella Rank: 42 stats.g.doubleclick.net — Cisco Umbrella Rank: 136	5 KB
5	google.com 2 redirects analytics.google.com — Cisco Umbrella Rank: 147 www.google.com — Cisco Umbrella Rank: 3	913 B
4	google.ca www.google.ca — Cisco Umbrella Rank: 12143	255 B
3	formaloo.me api.formaloo.me	1 KB
3	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 39	324 KB
1	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 34
1	googleadservices.com www.googleadservices.com — Cisco Umbrella Rank: 89	3 KB
1	firstpromoter.com cdn.firstpromoter.com — Cisco Umbrella Rank: 33192	2 KB
97	9

	Domain	Requested by
75	dash.formaloo.com	1 redirects dash.formaloo.com
4	www.google.ca
4	td.doubleclick.net	www.googletagmanager.com
3	www.google.com	1 redirects
3	googleads.g.doubleclick.net	1 redirects www.googletagmanager.com
3	api.formaloo.me	dash.formaloo.com
3	www.googletagmanager.com	dash.formaloo.com www.googletagmanager.com
2	analytics.google.com	1 redirects www.googletagmanager.com
1	www.google-analytics.com
1	stats.g.doubleclick.net	www.googletagmanager.com
1	www.googleadservices.com	www.googletagmanager.com
1	cdn.firstpromoter.com	www.googletagmanager.com
97	12

This site contains links to these domains. Also see Links.

Domain
formaloo.com

Subject Issuer	Validity	Valid
formaloo.com WE1	`2024-09-12` - `2024-12-11`	3 months	crt.sh
*.google-analytics.com WR2	`2024-09-24` - `2024-12-17`	3 months	crt.sh
formaloo.me WE1	`2024-09-21` - `2024-12-20`	3 months	crt.sh
*.firstpromoter.com Amazon RSA 2048 M03	`2023-11-21` - `2024-12-18`	a year	crt.sh
*.googleadservices.com WR2	`2024-09-24` - `2024-12-17`	3 months	crt.sh
*.doubleclick.net WR2	`2024-09-24` - `2024-12-17`	3 months	crt.sh
*.g.doubleclick.net WR2	`2024-09-24` - `2024-12-17`	3 months	crt.sh
*.google.com WR2	`2024-09-24` - `2024-12-17`	3 months	crt.sh
*.google.ca WR2	`2024-09-24` - `2024-12-17`	3 months	crt.sh

This page contains 5 frames:

Primary Page: https://dash.formaloo.com/app/8e99x9k37x3jg1d/p/HmfnZCDu
Frame ID: 36DE1614FDF25BC5DA62907E175FE408
Requests: 93 HTTP requests in this frame

Frame: https://td.doubleclick.net/td/rul/11171739726?random=1728793164335&cv=11&fst=1728793164335&fmt=3&bg=ffffff&guid=ON&async=1&gtm=45be4a90v872673008z89103865151za201zb9103865151&gcd=13l3l3l3l1l1&dma=0&tag_exp=101533422~101671035~101686685&u_w=1600&u_h=1200&url=https%3A%2F%2Fdash.formaloo.com%2Fapp%2F8e99x9k37x3jg1d%2Fp%2FHmfnZCDu&ref=https%3A%2F%2Fdash.formaloo.com%2Fapp%2F8e99x9k37x3jg1d%2Fp%2FHmfnZCDu&label=k0wOCO_zlaIYEM7wjM8p&hn=www.googleadservices.com&frm=0&tiba=Dashboard%20-%20Formaloo&value=0&bttype=purchase&npa=0&pscdl=noapi&auid=699660011.1728793164&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fledge=1&capi=1&ct_cookie_present=0
Frame ID: 584C767E0424DD3D63C39603459F7E78
Requests: 1 HTTP requests in this frame

Frame: https://td.doubleclick.net/td/rul/11171739726?random=1728793164378&cv=11&fst=1728793164378&fmt=3&bg=ffffff&guid=ON&async=1&gtm=45be4a90v872673008z89103865151za201zb9103865151&gcd=13l3l3l3l1l1&dma=0&tag_exp=101533422~101671035~101686685&u_w=1600&u_h=1200&url=https%3A%2F%2Fdash.formaloo.com%2Fapp%2F8e99x9k37x3jg1d%2Fp%2FHmfnZCDu&ref=https%3A%2F%2Fdash.formaloo.com%2Fapp%2F8e99x9k37x3jg1d%2Fp%2FHmfnZCDu&hn=www.googleadservices.com&frm=0&tiba=Dashboard%20-%20Formaloo&npa=0&pscdl=noapi&auid=699660011.1728793164&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fledge=1
Frame ID: D273F06DCDCE09A33864E5EF5B31E2B5
Requests: 1 HTTP requests in this frame

Frame: https://td.doubleclick.net/td/ga/rul?tid=G-N24XQYZ3E9&gacid=314921009.1728793164&gtm=45je4a90v872673008z89103865151za200zb9103865151&dma=0&gcd=13l3l3l3l1l1&npa=0&pscdl=noapi&aip=1&fledge=1&frm=0&tag_exp=101671035~101686685&z=883274338
Frame ID: E5A61A357F6B09A9FC3AEE02AC4B9A05
Requests: 1 HTTP requests in this frame

Frame: https://td.doubleclick.net/td/rul/11171739726?random=1728793164467&cv=11&fst=1728793164467&fmt=3&bg=ffffff&guid=ON&async=1&gtm=45je4a90v872673008z89103865151za200zb9103865151&gcd=13l3l3l3l1l1&dma=0&tag_exp=101671035~101686685&u_w=1600&u_h=1200&url=https%3A%2F%2Fdash.formaloo.com%2Fapp%2F8e99x9k37x3jg1d%2Fp%2FHmfnZCDu&ref=https%3A%2F%2Fdash.formaloo.com%2Fapp%2F8e99x9k37x3jg1d%2Fp%2FHmfnZCDu&hn=www.googleadservices.com&frm=0&tiba=Dashboard%20-%20Formaloo&npa=0&pscdl=noapi&auid=699660011.1728793164&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fledge=1&data=event%3Dgtag.config
Frame ID: 2ABAD6365AB452951BFD41275E6F3F99
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Dashboard - Formaloo

Page URL History Show full URLs

https://dash.formaloo.com/app/8e99x9k37x3jg1d/p/HmfnZCDu Page URL
https://dash.formaloo.com/cdn-cgi/phish-bypass?atok=yCt4sFzeuer56rbWP3xmrcj0FHE2N2D2igu1aKgg2q0-172879... HTTP 301
https://dash.formaloo.com/app/8e99x9k37x3jg1d/p/HmfnZCDu Page URL

Detected technologies

React (JavaScript Frameworks) Expand

Overall confidence: 100%
Detected patterns

<[^>]+data-react

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js
googletagmanager\.com/gtag/js

Page Statistics

97
Requests

98 %
HTTPS

58 %
IPv6

9
Domains

12
Subdomains

13
IPs

1
Countries

2138 kB
Transfer

7065 kB
Size

6
Cookies

1 Outgoing links

These are links going to different origins than the main page.

URL: https://formaloo.com/
Title: Go back to homepage

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://dash.formaloo.com/app/8e99x9k37x3jg1d/p/HmfnZCDu Page URL
https://dash.formaloo.com/cdn-cgi/phish-bypass?atok=yCt4sFzeuer56rbWP3xmrcj0FHE2N2D2igu1aKgg2q0-1728793157-0.0.1.1-%2Fapp%2F8e99x9k37x3jg1d%2Fp%2FHmfnZCDu HTTP 301
https://dash.formaloo.com/app/8e99x9k37x3jg1d/p/HmfnZCDu Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 87

https://analytics.google.com/g/collect?v=2&tid=G-N24XQYZ3E9&gtm=45je4a90v872673008za200zb9103865151&_p=1728793163923&gcd=13l3l3l3l1l1&npa=0&dma=0&tag_exp=101671035~101686685&cid=314921009.1728793164&ul=en-ca&sr=1600x1200&are=1&frm=0&pscdl=noapi&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&pae=1&_eu=AAg&_s=2&sid=1728793164&sct=1&seg=0&dl=https%3A%2F%2Fdash.formaloo.com%2Fapp%2F8e99x9k37x3jg1d%2Fp%2FHmfnZCDu&dr=https%3A%2F%2Fdash.formaloo.com%2Fapp%2F8e99x9k37x3jg1d%2Fp%2FHmfnZCDu&dt=Dashboard%20-%20Formaloo&en=dashboard_page_view&_c=1&_et=43&tfd=1803 HTTP 302
https://www.google-analytics.com/privacy-sandbox/register-conversion?_c=1&cid=314921009.1728793164&dbk=6841918454459978677&dma=0&en=dashboard_page_view&gtm=45je4a90v872673008za200zb9103865151&npa=0&tid=G-N24XQYZ3E9&dl=https%3A%2F%2Fdash.formaloo.com%3F

Request Chain 89

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/11171739726/?random=192959748&cv=11&fst=1728793164335&bg=ffffff&guid=ON&async=1&gtm=45be4a90v872673008z89103865151za201zb9103865151&gcd=13l3l3l3l1l1&dma=0&tag_exp=101533422~101671035~101686685&u_w=1600&u_h=1200&url=https%3A%2F%2Fdash.formaloo.com%2Fapp%2F8e99x9k37x3jg1d%2Fp%2FHmfnZCDu&ref=https%3A%2F%2Fdash.formaloo.com%2Fapp%2F8e99x9k37x3jg1d%2Fp%2FHmfnZCDu&label=k0wOCO_zlaIYEM7wjM8p&hn=www.googleadservices.com&frm=0&tiba=Dashboard%20-%20Formaloo&value=0&npa=0&pscdl=noapi&auid=699660011.1728793164&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fledge=1&capi=1&fmt=3&ct_cookie_present=false&crd=CLHBsQIIsMGxAgi5wbECCLHDsQIIisWxAgjCybECCMPJsQJKFWV2ZW50LXNvdXJjZSwgdHJpZ2dlcloDCgEBYgQKAgID&eitems=ChEI8LyouAYQpN755IifioDjARIdAHlpSNYhqQ8euBiCVtGulWB_UggKAC3kTtfqUms&pscrd=IhMIgY7Ts8CKiQMVzRBoCB1XdBg5MgIIAzICCAQyAggHMgIICDICCAkyAggKMgIIAjICCAsyAggVMgIIHzICCBMyAggSOhpodHRwczovL2Rhc2guZm9ybWFsb28uY29tL0JYQ2hFSThMeW91QVlRMklHYjdlLUQwYnFLQVJJdEFPalRwdTZ3TDNnMEI1dFRrU2pLbTJTRkl6b1VmN3c3NE1VMGNWTW5vNUx3TmlabUdvOVZHQ1FNVy1kbg HTTP 302
https://www.google.com/pagead/1p-conversion/11171739726/?random=192959748&cv=11&fst=1728793164335&bg=ffffff&guid=ON&async=1&gtm=45be4a90v872673008z89103865151za201zb9103865151&gcd=13l3l3l3l1l1&dma=0&tag_exp=101533422~101671035~101686685&u_w=1600&u_h=1200&url=https%3A%2F%2Fdash.formaloo.com%2Fapp%2F8e99x9k37x3jg1d%2Fp%2FHmfnZCDu&ref=https%3A%2F%2Fdash.formaloo.com%2Fapp%2F8e99x9k37x3jg1d%2Fp%2FHmfnZCDu&label=k0wOCO_zlaIYEM7wjM8p&hn=www.googleadservices.com&frm=0&tiba=Dashboard%20-%20Formaloo&value=0&npa=0&pscdl=noapi&auid=699660011.1728793164&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fledge=1&capi=1&fmt=3&ct_cookie_present=false&crd=CLHBsQIIsMGxAgi5wbECCLHDsQIIisWxAgjCybECCMPJsQJKFWV2ZW50LXNvdXJjZSwgdHJpZ2dlcloDCgEBYgQKAgID&pscrd=IhMIgY7Ts8CKiQMVzRBoCB1XdBg5MgIIAzICCAQyAggHMgIICDICCAkyAggKMgIIAjICCAsyAggVMgIIHzICCBMyAggSOhpodHRwczovL2Rhc2guZm9ybWFsb28uY29tL0JYQ2hFSThMeW91QVlRMklHYjdlLUQwYnFLQVJJdEFPalRwdTZ3TDNnMEI1dFRrU2pLbTJTRkl6b1VmN3c3NE1VMGNWTW5vNUx3TmlabUdvOVZHQ1FNVy1kbg&is_vtc=1&cid=CAQSGwDpaXnfNoZQXxslGYM7rimro1Rx5eQUxarekg&eitems=ChEI8LyouAYQpN755IifioDjARIdAHlpSNaCCBe6rc0wOhIFqMVxhJ6-IOfVqnXzi3M&random=2243619530 HTTP 302
https://www.google.ca/pagead/1p-conversion/11171739726/?random=192959748&cv=11&fst=1728793164335&bg=ffffff&guid=ON&async=1&gtm=45be4a90v872673008z89103865151za201zb9103865151&gcd=13l3l3l3l1l1&dma=0&tag_exp=101533422~101671035~101686685&u_w=1600&u_h=1200&url=https%3A%2F%2Fdash.formaloo.com%2Fapp%2F8e99x9k37x3jg1d%2Fp%2FHmfnZCDu&ref=https%3A%2F%2Fdash.formaloo.com%2Fapp%2F8e99x9k37x3jg1d%2Fp%2FHmfnZCDu&label=k0wOCO_zlaIYEM7wjM8p&hn=www.googleadservices.com&frm=0&tiba=Dashboard%20-%20Formaloo&value=0&npa=0&pscdl=noapi&auid=699660011.1728793164&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fledge=1&capi=1&fmt=3&ct_cookie_present=false&crd=CLHBsQIIsMGxAgi5wbECCLHDsQIIisWxAgjCybECCMPJsQJKFWV2ZW50LXNvdXJjZSwgdHJpZ2dlcloDCgEBYgQKAgID&pscrd=IhMIgY7Ts8CKiQMVzRBoCB1XdBg5MgIIAzICCAQyAggHMgIICDICCAkyAggKMgIIAjICCAsyAggVMgIIHzICCBMyAggSOhpodHRwczovL2Rhc2guZm9ybWFsb28uY29tL0JYQ2hFSThMeW91QVlRMklHYjdlLUQwYnFLQVJJdEFPalRwdTZ3TDNnMEI1dFRrU2pLbTJTRkl6b1VmN3c3NE1VMGNWTW5vNUx3TmlabUdvOVZHQ1FNVy1kbg&is_vtc=1&cid=CAQSGwDpaXnfNoZQXxslGYM7rimro1Rx5eQUxarekg&eitems=ChEI8LyouAYQpN755IifioDjARIdAHlpSNaCCBe6rc0wOhIFqMVxhJ6-IOfVqnXzi3M&random=2243619530&ipr=y

97 HTTP transactions
1 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H3 200 HmfnZCDu Show response
dash.formaloo.com/app/8e99x9k37x3jg1d/p/ 4 KB
2 KB 128ms
32ms Document
text/html 172.67.72.249
CLOUDFLARENET

General

Domain/Path	Expires	Name / Value
.dash.formaloo.com/	1970-01-21 00:14:39	Name: __cf_mw_byp Value: yCt4sFzeuer56rbWP3xmrcj0FHE2N2D2igu1aKgg2q0-1728793157-0.0.1.1-/app/8e99x9k37x3jg1d/p/HmfnZCDu
.formaloo.com/	1970-01-21 02:22:49	Name: _gcl_au Value: 1.1.699660011.1728793164
.formaloo.com/	1970-01-21 09:49:13	Name: _ga Value: GA1.1.314921009.1728793164
.formaloo.com/	1970-01-21 09:49:13	Name: _ga_N24XQYZ3E9 Value: GS1.1.1728793164.1.0.1728793164.60.0.0
.doubleclick.net/	1970-01-21 00:13:14	Name: test_cookie Value: CheckForPermission
.www.google-analytics.com/	1970-01-21 02:22:49	Name: ar_debug Value: 1

Source	Level	URL Text
network	error	URL: https://api.formaloo.me/v3.0/shared-boards/8e99x9k37x3jg1d/ Message: Failed to load resource: the server responded with a status of 401 ()
network	error	URL: https://api.formaloo.me/v3.0/shared-boards/8e99x9k37x3jg1d/ Message: Failed to load resource: the server responded with a status of 401 ()

dash.formaloo.com Open in urlscan Pro 172.67.72.249 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

97 Requests

98 %HTTPS

58 %IPv6

9 Domains

12 Subdomains

13 IPs

1 Countries

2138 kBTransfer

7065 kBSize

6 Cookies

1 Outgoing links

Page URL History

Redirected requests

97 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

dash.formaloo.com Open in urlscan Pro
172.67.72.249 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

97
Requests

98 %
HTTPS

58 %
IPv6

9
Domains

12
Subdomains

13
IPs

1
Countries

2138 kB
Transfer

7065 kB
Size

6
Cookies

97 HTTP transactions
1 data transactions