customerdana24hours.formcell.biz.id
Open in
urlscan Pro
20.25.136.2
Malicious Activity!
Public Scan
URL:
https://customerdana24hours.formcell.biz.id/
Submission: On June 29 via automatic, source certstream-suspicious — Scanned from DE
Submission: On June 29 via automatic, source certstream-suspicious — Scanned from DE
Summary
This website contacted 6 IPs
in 2 countries
across 6 domains to perform 18 HTTP transactions.
The main IP is 20.25.136.2, located in
Phoenix, United States and
belongs to MICROSOFT-CORP-MSN-AS-BLOCK, US.
The main domain is customerdana24hours.formcell.biz.id.
TLS certificate: Issued by R3 on June 29th 2023. Valid for: 3 months.
This is the only time customerdana24hours.formcell.biz.id was scanned on urlscan.io!
TLS certificate: Issued by R3 on June 29th 2023. Valid for: 3 months.
This is the only time customerdana24hours.formcell.biz.id was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: DANA (Financial)Domain & IP information
| IP Address | AS Autonomous System | ||
|---|---|---|---|
| 11 | 20.25.136.2 20.25.136.2 | 8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK) | |
| 1 | 2606:4700:20:... 2606:4700:20::ac43:451d | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
| 1 | 2606:4700::68... 2606:4700::6812:bcf | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
| 3 | 2a04:4e42::485 2a04:4e42::485 | 54113 (FASTLY) (FASTLY) | |
| 1 | 2a00:1450:400... 2a00:1450:4001:831::200a | 15169 (GOOGLE) (GOOGLE) | |
| 1 | 2a00:1450:400... 2a00:1450:4001:82f::2003 | 15169 (GOOGLE) (GOOGLE) | |
| 18 | 6 |
11
20.25.136.2
(Phoenix, United States)
ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
| customerdana24hours.formcell.biz.id |
| Apex Domain Subdomains |
Transfer | |
|---|---|---|
| 11 |
formcell.biz.id
customerdana24hours.formcell.biz.id |
136 KB |
| 3 |
jsdelivr.net
cdn.jsdelivr.net — Cisco Umbrella Rank: 368 |
35 KB |
| 1 |
gstatic.com
fonts.gstatic.com |
48 KB |
| 1 |
googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 88 |
1 KB |
| 1 |
bootstrapcdn.com
maxcdn.bootstrapcdn.com — Cisco Umbrella Rank: 1032 |
20 KB |
| 1 |
ionicframework.com
code.ionicframework.com — Cisco Umbrella Rank: 16803 |
9 KB |
| 18 | 6 |
| Domain | Requested by | |
|---|---|---|
| 11 | customerdana24hours.formcell.biz.id |
customerdana24hours.formcell.biz.id
|
| 3 | cdn.jsdelivr.net |
customerdana24hours.formcell.biz.id
|
| 1 | fonts.gstatic.com |
fonts.googleapis.com
|
| 1 | fonts.googleapis.com |
customerdana24hours.formcell.biz.id
|
| 1 | maxcdn.bootstrapcdn.com |
customerdana24hours.formcell.biz.id
|
| 1 | code.ionicframework.com |
customerdana24hours.formcell.biz.id
|
| 18 | 6 |
This site contains no links.
| Subject Issuer | Validity | Valid | |
|---|---|---|---|
| customerdana24hours.formcell.biz.id R3 |
2023-06-29 - 2023-09-27 |
3 months | crt.sh |
| ionicframework.com Cloudflare Inc ECC CA-3 |
2023-04-01 - 2024-03-31 |
a year | crt.sh |
| sni.cloudflaressl.com Cloudflare Inc ECC CA-3 |
2022-12-30 - 2023-12-30 |
a year | crt.sh |
| jsdelivr.net GlobalSign Atlas R3 DV TLS CA 2022 Q4 |
2022-12-23 - 2024-01-24 |
a year | crt.sh |
| upload.video.google.com GTS CA 1C3 |
2023-05-29 - 2023-08-21 |
3 months | crt.sh |
| *.gstatic.com GTS CA 1C3 |
2023-05-29 - 2023-08-21 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://customerdana24hours.formcell.biz.id/
Frame ID: 9BB67168FF5822C9265FF1AD7CB563AF
Requests: 18 HTTP requests in this frame
Screenshot
Page Title
DANA - Apa pun transaksinya selalu ada DANADetected technologies
Bootstrap
(Web Frameworks)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- <link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
- bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js
Ionicons
(Font Scripts)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- <link[^>]* href=[^>]+ionicons(?:\.min)?\.css
Slick (JavaScript Libraries) Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- <link [^>]+(?:/([\d.]+)/)?slick-theme\.css
jQuery
(JavaScript Libraries)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
jsDelivr
(CDN)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- <link [^>]*?href="?[a-zA-Z]*?:?//cdn\.jsdelivr\.net/
- //cdn\.jsdelivr\.net/
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Redirected requests
There were HTTP redirect chains for the following requests:
18 HTTP transactions
| Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
GET H/1.1 |
Primary Request
/
customerdana24hours.formcell.biz.id/ |
9 KB 9 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
ionicons.min.css
code.ionicframework.com/ionicons/2.0.1/css/ |
50 KB 9 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
bootstrap.min.css
maxcdn.bootstrapcdn.com/bootstrap/3.3.5/css/ |
120 KB 20 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
slick.css
cdn.jsdelivr.net/npm/slick-carousel@1.8.1/slick/ |
2 KB 2 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
slick-theme.css
cdn.jsdelivr.net/npm/slick-carousel@1.8.1/slick/ |
3 KB 4 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
bootstrap.min.css
cdn.jsdelivr.net/npm/bootstrap@5.2.0-beta1/dist/css/ |
189 KB 30 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
main.css
customerdana24hours.formcell.biz.id/lib/style/ |
2 KB 3 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
spinner.css
customerdana24hours.formcell.biz.id/lib/style/ |
1 KB 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
css2
fonts.googleapis.com/ |
9 KB 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
back.png
customerdana24hours.formcell.biz.id/assets/img/ |
1 KB 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
dana_logo.png
customerdana24hours.formcell.biz.id/assets/img/ |
12 KB 13 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
indo.png
customerdana24hours.formcell.biz.id/assets/img/ |
741 B 982 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
load_bg.png
customerdana24hours.formcell.biz.id/assets/img/ |
8 KB 8 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
load_spin.png
customerdana24hours.formcell.biz.id/assets/img/ |
5 KB 5 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
jquery.min.js
customerdana24hours.formcell.biz.id/lib/functions/ |
85 KB 85 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
jquery.mask.min.js
customerdana24hours.formcell.biz.id/lib/functions/ |
8 KB 8 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
function.js
customerdana24hours.formcell.biz.id/lib/functions/ |
751 B 1005 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
fonts.gstatic.com/s/opensans/v35/ |
47 KB 48 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: DANA (Financial)7 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
boolean| credentialless object| onbeforetoggle object| onscrollend function| $ function| jQuery object| $jscomp function| showLoad0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
cdn.jsdelivr.net
code.ionicframework.com
customerdana24hours.formcell.biz.id
fonts.googleapis.com
fonts.gstatic.com
maxcdn.bootstrapcdn.com
20.25.136.2
2606:4700:20::ac43:451d
2606:4700::6812:bcf
2a00:1450:4001:82f::2003
2a00:1450:4001:831::200a
2a04:4e42::485
31fbd99641c212a6ad3681a2397bde13c148c0ccd98385bce6a7eb7c81417d87
455c4535421c8edcb979005b312ddb5b7ff2135083093c8a1cf8817168722c55
46518758f002d85cff9220609163f23b7e9f8f2721561d1e0ba79c4f17425c58
50b4bad00572d07c6158459a5cb93b1b3f9bdea95d393aa56970afded2f58913
56a3d46407a0b9246a8daf55b136656b08b23a07948e524df10bba09d94b41f5
7adaf08052c6a6a0f8a0d0055b4f191fd07389fe41c972b69573472b2ecb406a
7c7818c25a18e8a38553fcbcbc2ad0b5e964103a7d2e494f82815e3f70bf3fc5
822ef09afb75295a7e0be229069b971e893b81a4df6996328f434cc8670a3b8c
92ac508220f5bb60ec94e07650528eb66625f82a4740ada068cde05365781286
a28ccf8a7b50522bdeea0cd83cdeca221c18fc1f9df3ee6b3d3c48d599206855
a63284d0b07236a49f89dd197f9aa2ea595e314e750b5d42834fbda2f7cba411
af52bfb0ab7606d185db1457ddc3edceb61c7fe9675e099cae3e3be1eccf152c
ba311fcee8109c988cd072dbbbea6e7b0145eb603b2854b650c66050cf75280e
c060047d6673449c542a702c928e5ee571ef49d4f1b3f691e3ae0f7b5920c873
c67e5431f9c00bb690ea8b8add63d5ca9250bf2925f2c2a691eeee498ac75853
d0ee3b624c75591bb550d49f508a38d0bdff62b8d8a30c59ffaf0c97a4ce494d
de1e399b07289f3b0a8d35142e363e128124a1185770e214e25e58030dad48e5
fb1763b59f9f5764294b5af9fa5250835ae608282fe6f2f2213a5952aacf1fbf