deltomed.com Open in urlscan Pro
118.98.75.75 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://profile-comerica.com/
Effective URL:
http://deltomed.com/sepeda/aspens/temp/8678e5eecd/login2.php?NESIN=1deae412bc80aec539ea20819247f36f&p=aspens&session...
Submission: On April 05 via manual (April 5th 2021, 3:19:48 pm UTC) from US

Summary HTTP 18 Redirects Behaviour Indicators

Summary

This website contacted 2 IPs in 2 countries across 3 domains to perform 18 HTTP transactions. The main IP is 118.98.75.75, located in Indonesia and belongs to TELKOMNET-AS-AP PT Telekomunikasi Indonesia, ID. The main domain is deltomed.com.

This is the only time deltomed.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Comerica (Banking)

Domain & IP information

	IP Address	AS Autonomous System
1 1	192.64.119.74 192.64.119.74	22612 (NAMECHEAP...) (NAMECHEAP-NET)
2 19	118.98.75.75 118.98.75.75	7713 (TELKOMNET...) (TELKOMNET-AS-AP PT Telekomunikasi Indonesia)
1	2606:4700::68... 2606:4700::6811:e14e	13335 (CLOUDFLAR...) (CLOUDFLARENET)
18	2

1 192.64.119.74 (United States) 1 redirects

ASN22612 (NAMECHEAP-NET, US)

profile-comerica.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

19 118.98.75.75 (Indonesia) 2 redirects

ASN7713 (TELKOMNET-AS-AP PT Telekomunikasi Indonesia, ID)

deltomed.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:e14e (United States)

ASN13335 (CLOUDFLARENET, US)

fast.fonts.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
19	deltomed.com 2 redirects deltomed.com	808 KB
1	fonts.net fast.fonts.net	765 B
1	profile-comerica.com 1 redirects profile-comerica.com	249 B
18	3

	Domain	Requested by
19	deltomed.com	2 redirects deltomed.com
1	fast.fonts.net	deltomed.com
1	profile-comerica.com	1 redirects
18	3

This site contains no links.

Subject Issuer	Validity	Valid

This page contains 1 frames:

Primary Page: http://deltomed.com/sepeda/aspens/temp/8678e5eecd/login2.php?NESIN=1deae412bc80aec539ea20819247f36f&p=aspens&session=1617636267
Frame ID: 244D7E95BC57B834D68756FAC3FD0D79
Requests: 18 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

http://profile-comerica.com/ HTTP 302
http://deltomed.com/sepeda/aspens/index.php HTTP 302
http://deltomed.com/sepeda/aspens/temp/8678e5eecd/ HTTP 302
http://deltomed.com/sepeda/aspens/temp/8678e5eecd/login2.php?NESIN=1deae412bc80aec539ea20819247f... Page URL

Detected technologies

Apache (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /(?:Apache(?:$|\/([\d.]+)|[^/-])|(?:^|\b)HTTPD)/i

Page Statistics

18
Requests

0 %
HTTPS

33 %
IPv6

3
Domains

3
Subdomains

2
IPs

2
Countries

808 kB
Transfer

805 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://profile-comerica.com/ HTTP 302
http://deltomed.com/sepeda/aspens/index.php HTTP 302
http://deltomed.com/sepeda/aspens/temp/8678e5eecd/ HTTP 302
http://deltomed.com/sepeda/aspens/temp/8678e5eecd/login2.php?NESIN=1deae412bc80aec539ea20819247f36f&p=aspens&session=1617636267 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

18 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request login2.php Show response deltomed.com/sepeda/aspens/temp/8678e5eecd/ Redirect Chain http://profile-comerica.com/ http://deltomed.com/sepeda/aspens/index.php http://deltomed.com/sepeda/aspens/temp/8678e5eecd/ http://deltomed.com/sepeda/aspens/temp/8678e5eecd/login2.php?NESIN=1deae412bc80aec539ea20819247f36f&p=aspens&session=1617636267	10 KB 10 KB	255ms 255ms	Document text/html	118.98.75.75 TELKOMNET-AS-AP P...
General Check archive.org Show headers Download Go to Full URL http://deltomed.com/sepeda/aspens/temp/8678e5eecd/login2.php?NESIN=1deae412bc80aec539ea20819247f36f&p=aspens&session=1617636267 Protocol HTTP/1.1 Server 118.98.75.75 , Indonesia, ASN7713 (TELKOMNET-AS-AP PT Telekomunikasi Indonesia, ID), Reverse DNS Software Apache / Resource Hash `e40647b613726d78081c4fa638e0ccba21dea7afffd8614620acd3b925d5d58e` Request headers Host deltomed.com Connection keep-alive Pragma no-cache Cache-Control no-cache Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9 Accept-Encoding gzip, deflate Accept-Language en-US Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers Date Mon, 05 Apr 2021 15:19:28 GMT Server Apache Keep-Alive timeout=5, max=100 Connection Keep-Alive Transfer-Encoding chunked Content-Type text/html; charset=UTF-8 Redirect headers Date Mon, 05 Apr 2021 15:19:27 GMT Server Apache location login2.php?NESIN=1deae412bc80aec539ea20819247f36f&p=aspens&session=1617636267 Keep-Alive timeout=5, max=99 Connection Keep-Alive Transfer-Encoding chunked Content-Type text/html; charset=UTF-8
GET H/1.1	200 OK	NewUIWide.css deltomed.com/sepeda/aspens/temp/8678e5eecd/conme/	22 KB 22 KB	212ms 211ms	Stylesheet text/css	118.98.75.75 TELKOMNET-AS-AP P...
General Check archive.org Show headers Download Go to Full URL http://deltomed.com/sepeda/aspens/temp/8678e5eecd/conme/NewUIWide.css?v=4.3.59058.4 Requested by Host: deltomed.com URL: http://deltomed.com/sepeda/aspens/temp/8678e5eecd/login2.php?NESIN=1deae412bc80aec539ea20819247f36f&p=aspens&session=1617636267 Protocol HTTP/1.1 Server 118.98.75.75 , Indonesia, ASN7713 (TELKOMNET-AS-AP PT Telekomunikasi Indonesia, ID), Reverse DNS Software Apache / Resource Hash `281c7dea8abb4874243bde087631674d2e92c26a37eba33889f55a767cc6697a` Request headers Referer http://deltomed.com/sepeda/aspens/temp/8678e5eecd/login2.php?NESIN=1deae412bc80aec539ea20819247f36f&p=aspens&session=1617636267 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers Date Mon, 05 Apr 2021 15:19:28 GMT Last-Modified Mon, 05 Apr 2021 15:19:27 GMT Server Apache Content-Type text/css Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=98 Content-Length 22148
GET H/1.1	200 OK	NewUIstandard.css deltomed.com/sepeda/aspens/temp/8678e5eecd/conme/	106 KB 106 KB	233ms 218ms	Stylesheet text/css	118.98.75.75 TELKOMNET-AS-AP P...
General Check archive.org Show headers Download Go to Full URL http://deltomed.com/sepeda/aspens/temp/8678e5eecd/conme/NewUIstandard.css?v=4.3.59058.4 Requested by Host: deltomed.com URL: http://deltomed.com/sepeda/aspens/temp/8678e5eecd/login2.php?NESIN=1deae412bc80aec539ea20819247f36f&p=aspens&session=1617636267 Protocol HTTP/1.1 Server 118.98.75.75 , Indonesia, ASN7713 (TELKOMNET-AS-AP PT Telekomunikasi Indonesia, ID), Reverse DNS Software Apache / Resource Hash `5cc2ef2e15b718f54bf01fe94fd8650d22c30792c1848086ee230c1a2aef88fb` Request headers Referer http://deltomed.com/sepeda/aspens/temp/8678e5eecd/login2.php?NESIN=1deae412bc80aec539ea20819247f36f&p=aspens&session=1617636267 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers Date Mon, 05 Apr 2021 15:19:28 GMT Last-Modified Mon, 05 Apr 2021 15:19:27 GMT Server Apache Content-Type text/css Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=99 Content-Length 108168
GET H/1.1	200 OK	jquery-ui.css deltomed.com/sepeda/aspens/temp/8678e5eecd/conme/	36 KB 37 KB	410ms 391ms	Stylesheet text/css	118.98.75.75 TELKOMNET-AS-AP P...
General Check archive.org Show headers Download Go to Full URL http://deltomed.com/sepeda/aspens/temp/8678e5eecd/conme/jquery-ui.css?v=4.3.59058.4 Requested by Host: deltomed.com URL: http://deltomed.com/sepeda/aspens/temp/8678e5eecd/login2.php?NESIN=1deae412bc80aec539ea20819247f36f&p=aspens&session=1617636267 Protocol HTTP/1.1 Server 118.98.75.75 , Indonesia, ASN7713 (TELKOMNET-AS-AP PT Telekomunikasi Indonesia, ID), Reverse DNS Software Apache / Resource Hash `6174c22c2f810937dfc9d7489ec3a259e8e219550839d49ca1a7e1cd32fab2fc` Request headers Referer http://deltomed.com/sepeda/aspens/temp/8678e5eecd/login2.php?NESIN=1deae412bc80aec539ea20819247f36f&p=aspens&session=1617636267 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers Date Mon, 05 Apr 2021 15:19:28 GMT Last-Modified Mon, 05 Apr 2021 15:19:27 GMT Server Apache Content-Type text/css Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 37252
GET H/1.1	200 OK	logo-comerica.png deltomed.com/sepeda/aspens/temp/8678e5eecd/conme/	53 KB 53 KB	406ms 387ms	Image image/png	118.98.75.75 TELKOMNET-AS-AP P...
General Check archive.org Show headers Download Go to Show image Full URL http://deltomed.com/sepeda/aspens/temp/8678e5eecd/conme/logo-comerica.png Requested by Host: deltomed.com URL: http://deltomed.com/sepeda/aspens/temp/8678e5eecd/login2.php?NESIN=1deae412bc80aec539ea20819247f36f&p=aspens&session=1617636267 Protocol HTTP/1.1 Server 118.98.75.75 , Indonesia, ASN7713 (TELKOMNET-AS-AP PT Telekomunikasi Indonesia, ID), Reverse DNS Software Apache / Resource Hash `7529ab20465900918c3b0d19073b9cd74eff86e6ffbc04728b2b3d4b17ddb257` Request headers Referer http://deltomed.com/sepeda/aspens/temp/8678e5eecd/login2.php?NESIN=1deae412bc80aec539ea20819247f36f&p=aspens&session=1617636267 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers Date Mon, 05 Apr 2021 15:19:28 GMT Last-Modified Mon, 05 Apr 2021 15:19:27 GMT Server Apache Content-Type image/png Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 53914
GET H/1.1	404 Not Found	blank.gif deltomed.com/sepeda/aspens/temp/8678e5eecd/Images/	315 B 315 B	410ms 392ms	Image text/html	118.98.75.75 TELKOMNET-AS-AP P...
General Check archive.org Show headers Download Go to Show image Full URL http://deltomed.com/sepeda/aspens/temp/8678e5eecd/Images/blank.gif Requested by Host: deltomed.com URL: http://deltomed.com/sepeda/aspens/temp/8678e5eecd/login2.php?NESIN=1deae412bc80aec539ea20819247f36f&p=aspens&session=1617636267 Protocol HTTP/1.1 Server 118.98.75.75 , Indonesia, ASN7713 (TELKOMNET-AS-AP PT Telekomunikasi Indonesia, ID), Reverse DNS Software Apache / Resource Hash `d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3` Request headers Referer http://deltomed.com/sepeda/aspens/temp/8678e5eecd/login2.php?NESIN=1deae412bc80aec539ea20819247f36f&p=aspens&session=1617636267 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers Date Mon, 05 Apr 2021 15:19:28 GMT Server Apache Connection Keep-Alive Keep-Alive timeout=5, max=100 Content-Length 315 Content-Type text/html; charset=iso-8859-1
GET H/1.1	200 OK	comerica-logout-message.png deltomed.com/sepeda/aspens/temp/8678e5eecd/conme/	148 KB 148 KB	612ms 214ms	Image image/png	118.98.75.75 TELKOMNET-AS-AP P...
General Check archive.org Show headers Download Go to Show image Full URL http://deltomed.com/sepeda/aspens/temp/8678e5eecd/conme/comerica-logout-message.png Requested by Host: deltomed.com URL: http://deltomed.com/sepeda/aspens/temp/8678e5eecd/login2.php?NESIN=1deae412bc80aec539ea20819247f36f&p=aspens&session=1617636267 Protocol HTTP/1.1 Server 118.98.75.75 , Indonesia, ASN7713 (TELKOMNET-AS-AP PT Telekomunikasi Indonesia, ID), Reverse DNS Software Apache / Resource Hash `5f274d8647268eef0852b51a5a29b3aa79455da772d205a9f2373607a8427f02` Request headers Referer http://deltomed.com/sepeda/aspens/temp/8678e5eecd/login2.php?NESIN=1deae412bc80aec539ea20819247f36f&p=aspens&session=1617636267 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers Date Mon, 05 Apr 2021 15:19:28 GMT Last-Modified Mon, 05 Apr 2021 15:19:27 GMT Server Apache Content-Type image/png Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=97 Content-Length 151767
GET H/1.1	404 Not Found	icon-error-x.png deltomed.com/sepeda/aspens/temp/8678e5eecd/conme/	315 B 315 B	217ms 216ms	Image text/html	118.98.75.75 TELKOMNET-AS-AP P...
General Check archive.org Show headers Download Go to Show image Full URL http://deltomed.com/sepeda/aspens/temp/8678e5eecd/conme/icon-error-x.png Requested by Host: deltomed.com URL: http://deltomed.com/sepeda/aspens/temp/8678e5eecd/login2.php?NESIN=1deae412bc80aec539ea20819247f36f&p=aspens&session=1617636267 Protocol HTTP/1.1 Server 118.98.75.75 , Indonesia, ASN7713 (TELKOMNET-AS-AP PT Telekomunikasi Indonesia, ID), Reverse DNS Software Apache / Resource Hash `d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3` Request headers Referer http://deltomed.com/sepeda/aspens/temp/8678e5eecd/login2.php?NESIN=1deae412bc80aec539ea20819247f36f&p=aspens&session=1617636267 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers Date Mon, 05 Apr 2021 15:19:28 GMT Server Apache Connection Keep-Alive Keep-Alive timeout=5, max=99 Content-Length 315 Content-Type text/html; charset=iso-8859-1
GET H/1.1	200 OK	Login.css deltomed.com/sepeda/aspens/temp/8678e5eecd/conme/	971 B 1 KB	395ms 392ms	Stylesheet text/css	118.98.75.75 TELKOMNET-AS-AP P...
General Check archive.org Show headers Download Go to Full URL http://deltomed.com/sepeda/aspens/temp/8678e5eecd/conme/Login.css?v=4.3.59058.4 Requested by Host: deltomed.com URL: http://deltomed.com/sepeda/aspens/temp/8678e5eecd/login2.php?NESIN=1deae412bc80aec539ea20819247f36f&p=aspens&session=1617636267 Protocol HTTP/1.1 Server 118.98.75.75 , Indonesia, ASN7713 (TELKOMNET-AS-AP PT Telekomunikasi Indonesia, ID), Reverse DNS Software Apache / Resource Hash `4cc3f4de9780c50ca7e4ae9ec35ae5a68daeec4b9b104c6254754ee3b1864622` Request headers Referer http://deltomed.com/sepeda/aspens/temp/8678e5eecd/login2.php?NESIN=1deae412bc80aec539ea20819247f36f&p=aspens&session=1617636267 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers Date Mon, 05 Apr 2021 15:19:28 GMT Last-Modified Mon, 05 Apr 2021 15:19:27 GMT Server Apache Content-Type text/css Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 971
GET H/1.1	200 OK	footerImg.png deltomed.com/sepeda/aspens/temp/8678e5eecd/conme/	56 KB 56 KB	217ms 217ms	Image image/png	118.98.75.75 TELKOMNET-AS-AP P...
General Check archive.org Show headers Download Go to Show image Full URL http://deltomed.com/sepeda/aspens/temp/8678e5eecd/conme/footerImg.png Requested by Host: deltomed.com URL: http://deltomed.com/sepeda/aspens/temp/8678e5eecd/login2.php?NESIN=1deae412bc80aec539ea20819247f36f&p=aspens&session=1617636267 Protocol HTTP/1.1 Server 118.98.75.75 , Indonesia, ASN7713 (TELKOMNET-AS-AP PT Telekomunikasi Indonesia, ID), Reverse DNS Software Apache / Resource Hash `5d2b6389f468a404d4b960bc98e2f046cd7c81413bb625b95b54eb96ecdec680` Request headers Referer http://deltomed.com/sepeda/aspens/temp/8678e5eecd/login2.php?NESIN=1deae412bc80aec539ea20819247f36f&p=aspens&session=1617636267 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers Date Mon, 05 Apr 2021 15:19:28 GMT Last-Modified Mon, 05 Apr 2021 15:19:27 GMT Server Apache Content-Type image/png Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=99 Content-Length 57225
GET H/1.1	200 OK	1.css fast.fonts.net/lt/	0 765 B	30ms 23ms	Stylesheet text/css	2606:4700::6811:e14e CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL http://fast.fonts.net/lt/1.css?apiType=css&c=e98374a9-8b08-43a3-bd05-1b62d9c40f2b&fontids=675355,675364,675361,675331,675349,675334 Requested by Host: deltomed.com URL: http://deltomed.com/sepeda/aspens/temp/8678e5eecd/conme/NewUIstandard.css?v=4.3.59058.4 Protocol HTTP/1.1 Server 2606:4700::6811:e14e , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855` Request headers Referer http://deltomed.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers Date Mon, 05 Apr 2021 15:19:30 GMT CF-Cache-Status HIT Age 54792 CF-RAY 63b3c151c8bb1f51-FRA Connection keep-alive Content-Length 0 x-amz-id-2 CiXQwnbGiIzBLz8AChjkH6cKROI4n8Ijy6YYRXouxfDn8uskPOxkZRJtKGkxuagj0o2gG1JdEUM= Last-Modified Tue, 23 Mar 2021 12:59:56 GMT Server cloudflare ETag "d41d8cd98f00b204e9800998ecf8427e" Vary Accept-Encoding x-amz-request-id 34RN7BK8TJS3SZXD Cache-Control public, max-age=0, s-maxage=604800 cf-request-id 094437271900001f51eb208000000001 Accept-Ranges bytes Content-Type text/css; charset=utf-8 x-amz-meta-mtime 1361983047
GET H/1.1	200 OK	background-login.png deltomed.com/sepeda/aspens/temp/8678e5eecd/conme/	357 KB 357 KB	215ms 214ms	Image image/png	118.98.75.75 TELKOMNET-AS-AP P...
General Check archive.org Show headers Download Go to Show image Full URL http://deltomed.com/sepeda/aspens/temp/8678e5eecd/conme/background-login.png Requested by Host: deltomed.com URL: http://deltomed.com/sepeda/aspens/temp/8678e5eecd/conme/NewUIstandard.css?v=4.3.59058.4 Protocol HTTP/1.1 Server 118.98.75.75 , Indonesia, ASN7713 (TELKOMNET-AS-AP PT Telekomunikasi Indonesia, ID), Reverse DNS Software Apache / Resource Hash `4047d5e8f8ec6210771f960d17939225d01fae2f003b5b727d761a9c8b5beb81` Request headers Referer http://deltomed.com/sepeda/aspens/temp/8678e5eecd/conme/NewUIstandard.css?v=4.3.59058.4 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers Date Mon, 05 Apr 2021 15:19:28 GMT Last-Modified Mon, 05 Apr 2021 15:19:27 GMT Server Apache Content-Type image/png Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=98 Content-Length 365710
GET H/1.1	200 OK	icon-sprite.png deltomed.com/sepeda/aspens/temp/8678e5eecd/conme/	16 KB 16 KB	217ms 217ms	Image image/png	118.98.75.75 TELKOMNET-AS-AP P...
General Check archive.org Show headers Download Go to Show image Full URL http://deltomed.com/sepeda/aspens/temp/8678e5eecd/conme/icon-sprite.png Requested by Host: deltomed.com URL: http://deltomed.com/sepeda/aspens/temp/8678e5eecd/conme/NewUIstandard.css?v=4.3.59058.4 Protocol HTTP/1.1 Server 118.98.75.75 , Indonesia, ASN7713 (TELKOMNET-AS-AP PT Telekomunikasi Indonesia, ID), Reverse DNS Software Apache / Resource Hash `c886bbaacfaa7c75a4e1079c4fbaea532b5f03d69c5664fea5b077f37b230999` Request headers Referer http://deltomed.com/sepeda/aspens/temp/8678e5eecd/conme/NewUIstandard.css?v=4.3.59058.4 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers Date Mon, 05 Apr 2021 15:19:28 GMT Last-Modified Mon, 05 Apr 2021 15:19:27 GMT Server Apache Content-Type image/png Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=98 Content-Length 16283
GET H/1.1	404 Not Found	ehl.png deltomed.com/sepeda/aspens/temp/NewUI/images/	315 B 315 B	427ms 210ms	Image text/html	118.98.75.75 TELKOMNET-AS-AP P...
General Check archive.org Show headers Download Go to Show image Full URL http://deltomed.com/sepeda/aspens/temp/NewUI/images/ehl.png Requested by Host: deltomed.com URL: http://deltomed.com/sepeda/aspens/temp/8678e5eecd/conme/NewUIstandard.css?v=4.3.59058.4 Protocol HTTP/1.1 Server 118.98.75.75 , Indonesia, ASN7713 (TELKOMNET-AS-AP PT Telekomunikasi Indonesia, ID), Reverse DNS Software Apache / Resource Hash `d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3` Request headers Referer http://deltomed.com/sepeda/aspens/temp/8678e5eecd/conme/NewUIstandard.css?v=4.3.59058.4 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers Date Mon, 05 Apr 2021 15:19:29 GMT Server Apache Connection Keep-Alive Keep-Alive timeout=5, max=98 Content-Length 315 Content-Type text/html; charset=iso-8859-1
GET H/1.1	404 Not Found	f51d24dd-8256-43c6-ba1a-6aeae9d3f262.woff deltomed.com/sepeda/aspens/temp/8678e5eecd/Fonts/675331/	0 0	216ms 216ms	Font text/html	118.98.75.75 TELKOMNET-AS-AP P...
General Check archive.org Show headers Download Go to Full URL http://deltomed.com/sepeda/aspens/temp/8678e5eecd/Fonts/675331/f51d24dd-8256-43c6-ba1a-6aeae9d3f262.woff Requested by Host: deltomed.com URL: http://deltomed.com/sepeda/aspens/temp/8678e5eecd/conme/NewUIstandard.css?v=4.3.59058.4 Protocol HTTP/1.1 Server 118.98.75.75 , Indonesia, ASN7713 (TELKOMNET-AS-AP PT Telekomunikasi Indonesia, ID), Reverse DNS Software Apache / Resource Hash Request headers Origin http://deltomed.com Referer http://deltomed.com/sepeda/aspens/temp/8678e5eecd/conme/NewUIstandard.css?v=4.3.59058.4 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers Date Mon, 05 Apr 2021 15:19:28 GMT Server Apache Connection Keep-Alive Keep-Alive timeout=5, max=99 Content-Length 315 Content-Type text/html; charset=iso-8859-1
GET H/1.1	404 Not Found	c4aef0d4-bfcf-4790-acf5-909881f411e8.woff deltomed.com/sepeda/aspens/temp/8678e5eecd/Fonts/675364/	0 0	329ms 208ms	Font text/html	118.98.75.75 TELKOMNET-AS-AP P...
General Check archive.org Show headers Download Go to Full URL http://deltomed.com/sepeda/aspens/temp/8678e5eecd/Fonts/675364/c4aef0d4-bfcf-4790-acf5-909881f411e8.woff Requested by Host: deltomed.com URL: http://deltomed.com/sepeda/aspens/temp/8678e5eecd/conme/NewUIstandard.css?v=4.3.59058.4 Protocol HTTP/1.1 Server 118.98.75.75 , Indonesia, ASN7713 (TELKOMNET-AS-AP PT Telekomunikasi Indonesia, ID), Reverse DNS Software Apache / Resource Hash Request headers Origin http://deltomed.com Referer http://deltomed.com/sepeda/aspens/temp/8678e5eecd/conme/NewUIstandard.css?v=4.3.59058.4 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers Date Mon, 05 Apr 2021 15:19:29 GMT Server Apache Connection Keep-Alive Keep-Alive timeout=5, max=99 Content-Length 315 Content-Type text/html; charset=iso-8859-1
GET H/1.1	404 Not Found	955ee494-66b2-4eb2-8f19-bc3a088df16d.ttf deltomed.com/sepeda/aspens/temp/8678e5eecd/Fonts/675331/	0 0	211ms 210ms	Font text/html	118.98.75.75 TELKOMNET-AS-AP P...
General Check archive.org Show headers Download Go to Full URL http://deltomed.com/sepeda/aspens/temp/8678e5eecd/Fonts/675331/955ee494-66b2-4eb2-8f19-bc3a088df16d.ttf Requested by Host: deltomed.com URL: http://deltomed.com/sepeda/aspens/temp/8678e5eecd/conme/NewUIstandard.css?v=4.3.59058.4 Protocol HTTP/1.1 Server 118.98.75.75 , Indonesia, ASN7713 (TELKOMNET-AS-AP PT Telekomunikasi Indonesia, ID), Reverse DNS Software Apache / Resource Hash Request headers Origin http://deltomed.com Referer http://deltomed.com/sepeda/aspens/temp/8678e5eecd/conme/NewUIstandard.css?v=4.3.59058.4 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers Date Mon, 05 Apr 2021 15:19:29 GMT Server Apache Connection Keep-Alive Keep-Alive timeout=5, max=97 Content-Length 315 Content-Type text/html; charset=iso-8859-1
GET H/1.1	404 Not Found	e741f29c-bc18-4343-bff3-db2465a0be3e.ttf deltomed.com/sepeda/aspens/temp/8678e5eecd/Fonts/675364/	0 0	207ms 207ms	Font text/html	118.98.75.75 TELKOMNET-AS-AP P...
General Check archive.org Show headers Download Go to Full URL http://deltomed.com/sepeda/aspens/temp/8678e5eecd/Fonts/675364/e741f29c-bc18-4343-bff3-db2465a0be3e.ttf Requested by Host: deltomed.com URL: http://deltomed.com/sepeda/aspens/temp/8678e5eecd/conme/NewUIstandard.css?v=4.3.59058.4 Protocol HTTP/1.1 Server 118.98.75.75 , Indonesia, ASN7713 (TELKOMNET-AS-AP PT Telekomunikasi Indonesia, ID), Reverse DNS Software Apache / Resource Hash Request headers Origin http://deltomed.com Referer http://deltomed.com/sepeda/aspens/temp/8678e5eecd/conme/NewUIstandard.css?v=4.3.59058.4 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers Date Mon, 05 Apr 2021 15:19:29 GMT Server Apache Connection Keep-Alive Keep-Alive timeout=5, max=98 Content-Length 315 Content-Type text/html; charset=iso-8859-1

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Comerica (Banking)

5 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

deltomed.com
fast.fonts.net
profile-comerica.com
118.98.75.75
192.64.119.74
2606:4700::6811:e14e
281c7dea8abb4874243bde087631674d2e92c26a37eba33889f55a767cc6697a
4047d5e8f8ec6210771f960d17939225d01fae2f003b5b727d761a9c8b5beb81
4cc3f4de9780c50ca7e4ae9ec35ae5a68daeec4b9b104c6254754ee3b1864622
5cc2ef2e15b718f54bf01fe94fd8650d22c30792c1848086ee230c1a2aef88fb
5d2b6389f468a404d4b960bc98e2f046cd7c81413bb625b95b54eb96ecdec680
5f274d8647268eef0852b51a5a29b3aa79455da772d205a9f2373607a8427f02
6174c22c2f810937dfc9d7489ec3a259e8e219550839d49ca1a7e1cd32fab2fc
7529ab20465900918c3b0d19073b9cd74eff86e6ffbc04728b2b3d4b17ddb257
c886bbaacfaa7c75a4e1079c4fbaea532b5f03d69c5664fea5b077f37b230999
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e40647b613726d78081c4fa638e0ccba21dea7afffd8614620acd3b925d5d58e

deltomed.com Open in urlscan Pro 118.98.75.75 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

18 Requests

0 %HTTPS

33 %IPv6

3 Domains

3 Subdomains

2 IPs

2 Countries

808 kBTransfer

805 kBSize

0 Cookies

0 Outgoing links

Page URL History

Redirected requests

18 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

5 JavaScript Global Variables

0 Cookies

Indicators

deltomed.com Open in urlscan Pro
118.98.75.75 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

18
Requests

0 %
HTTPS

33 %
IPv6

3
Domains

3
Subdomains

2
IPs

2
Countries

808 kB
Transfer

805 kB
Size

0
Cookies

18 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!