annora.co.id
Open in
urlscan Pro
202.67.10.173
Malicious Activity!
Public Scan
Submitted URL: https://annora.co.id/https:/banking.postbank.de/login/secure/s/
Effective URL: https://annora.co.id/https:/banking.postbank.de/login/secure/s/a1b2c3/962f69ad09a2c5db2a69bd3c1947a534/login/
Submission: On July 26 via manual from SG — Scanned from SG
Effective URL: https://annora.co.id/https:/banking.postbank.de/login/secure/s/a1b2c3/962f69ad09a2c5db2a69bd3c1947a534/login/
Submission: On July 26 via manual from SG — Scanned from SG
Summary
This website contacted 3 IPs
in 1 countries
across 2 domains to perform 25 HTTP transactions.
The main IP is 202.67.10.173, located in
Jakarta, Indonesia and
belongs to DHECYBER-AS-ID PT. Dhecyber Flow Indonesia, ID.
The main domain is annora.co.id.
TLS certificate: Issued by cPanel, Inc. Certification Authority on July 25th 2023. Valid for: 3 months.
This is the only time annora.co.id was scanned on urlscan.io!
TLS certificate: Issued by cPanel, Inc. Certification Authority on July 25th 2023. Valid for: 3 months.
This is the only time annora.co.id was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Postbank (Banking)Domain & IP information
| IP Address | AS Autonomous System | ||
|---|---|---|---|
| 2 24 | 202.67.10.173 202.67.10.173 | 24195 (DHECYBER-...) (DHECYBER-AS-ID PT. Dhecyber Flow Indonesia) | |
| 1 | 151.101.24.193 151.101.24.193 | () () | |
| 25 | 3 |
24
202.67.10.173
(Jakarta, Indonesia)
ASN24195 (DHECYBER-AS-ID PT. Dhecyber Flow Indonesia, ID)
PTR: jak107.gppnetwork.com
ASN24195 (DHECYBER-AS-ID PT. Dhecyber Flow Indonesia, ID)
PTR: jak107.gppnetwork.com
| annora.co.id |
| Apex Domain Subdomains |
Transfer | |
|---|---|---|
| 24 |
annora.co.id
2 redirects
annora.co.id |
551 KB |
| 1 |
imgur.com
i.imgur.com |
11 KB |
| 25 | 2 |
| Domain | Requested by | |
|---|---|---|
| 24 | annora.co.id |
2 redirects
annora.co.id
|
| 1 | i.imgur.com |
annora.co.id
|
| 25 | 2 |
This site contains no links.
| Subject Issuer | Validity | Valid | |
|---|---|---|---|
| annora.co.id cPanel, Inc. Certification Authority |
2023-07-25 - 2023-10-23 |
3 months | crt.sh |
| *.imgur.com Sectigo RSA Domain Validation Secure Server CA |
2023-03-13 - 2024-03-12 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://annora.co.id/https:/banking.postbank.de/login/secure/s/a1b2c3/962f69ad09a2c5db2a69bd3c1947a534/login/
Frame ID: D05D8364588886432E68331CD239C1D1
Requests: 25 HTTP requests in this frame
Screenshot
Page Title
Ihr Lоgin zum Оnline-Bаnking | PоstbаnkPage URL History Show full URLs
- https://annora.co.id/https:/banking.postbank.de/login/secure/s/ Page URL
-
https://annora.co.id/https:/banking.postbank.de/login/secure/s/a1b2c3/962f69ad09a2c5db2a69bd3c194...
HTTP 301
https://annora.co.id/https:/banking.postbank.de/login/secure/s/a1b2c3/962f69ad09a2c5db2a69bd3c194... HTTP 302
https://annora.co.id/https:/banking.postbank.de/login/secure/s/a1b2c3/962f69ad09a2c5db2a69bd3c194... Page URL
Detected technologies
AngularJS
(JavaScript Frameworks)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- \bangular.{0,32}\.js
Font Awesome
(Font Scripts)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- <link[^>]* href=[^>]+(?:([\d.]+)/)?(?:css/)?font-awesome(?:\.min)?\.css
- <link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
- (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
jQuery
(JavaScript Libraries)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
- https://annora.co.id/https:/banking.postbank.de/login/secure/s/ Page URL
-
https://annora.co.id/https:/banking.postbank.de/login/secure/s/a1b2c3/962f69ad09a2c5db2a69bd3c1947a534
HTTP 301
https://annora.co.id/https:/banking.postbank.de/login/secure/s/a1b2c3/962f69ad09a2c5db2a69bd3c1947a534/ HTTP 302
https://annora.co.id/https:/banking.postbank.de/login/secure/s/a1b2c3/962f69ad09a2c5db2a69bd3c1947a534/login/ Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
25 HTTP transactions
| Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
GET H2 |
/
annora.co.id/https:/banking.postbank.de/login/secure/s/ |
694 B 630 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
Primary Request
/
annora.co.id/https:/banking.postbank.de/login/secure/s/a1b2c3/962f69ad09a2c5db2a69bd3c1947a534/login/ Redirect Chain
|
20 KB 6 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
jquery.min.js
annora.co.id/https:/banking.postbank.de/login/secure/s/bower_components/jquery/dist/ |
85 KB 29 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
ua-parser.min.js
annora.co.id/https:/banking.postbank.de/login/secure/s/bower_components/ua-parser-js/dist/ |
17 KB 6 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
font-awesome.min.css
annora.co.id/https:/banking.postbank.de/login/secure/s/bower_components/font-awesome/css/ |
30 KB 7 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
core_form.js
annora.co.id/https:/banking.postbank.de/login/secure/s/core/form/ |
15 KB 4 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
core_form.css
annora.co.id/https:/banking.postbank.de/login/secure/s/core/form/ |
2 KB 535 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
core_token.js
annora.co.id/https:/banking.postbank.de/login/secure/s/core/token/ |
14 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
angular.min.js
annora.co.id/https:/banking.postbank.de/login/secure/s/bower_components/angular/ |
165 KB 56 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
css.css
annora.co.id/https:/banking.postbank.de/login/secure/s/login/form/ |
1 KB 604 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
index.css
annora.co.id/https:/banking.postbank.de/login/secure/s/login/ |
214 KB 22 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
form.js
annora.co.id/https:/banking.postbank.de/login/secure/s/login/form/ |
4 KB 1 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
logo.svg
annora.co.id/https:/banking.postbank.de/login/secure/s/login/ |
3 KB 2 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
logo-claim.svg
annora.co.id/https:/banking.postbank.de/login/secure/s/login/ |
6 KB 3 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
iob5_login_alte_anmeldung.jpg
annora.co.id/https:/banking.postbank.de/login/secure/s/login/ |
15 KB 16 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
iob_5_login_psd2.jpg
annora.co.id/https:/banking.postbank.de/login/secure/s/login/ |
207 KB 207 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
iob_5_sicherheitshinweis.jpg
annora.co.id/https:/banking.postbank.de/login/secure/s/login/ |
186 KB 187 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
ng.js
annora.co.id/https:/banking.postbank.de/login/secure/s/login/ng/ |
5 KB 1 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
token.js
annora.co.id/https:/banking.postbank.de/login/secure/s/login/token/ |
1 KB 684 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
newloader.gif
annora.co.id/https:/banking.postbank.de/login/secure/s/ |
144 KB 0 |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
Uy8gvIY.png
i.imgur.com/ |
10 KB 11 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
frutigerltw02-55roman.woff2
annora.co.id/https:/banking.postbank.de/login/secure/s/login/ |
15 KB 0 |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
frutigerltw02-65bold.woff2
annora.co.id/https:/banking.postbank.de/login/secure/s/login/ |
973 B 0 |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET |
home.php
annora.co.id/https:/banking.postbank.de/login/secure/s/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET |
home.php
annora.co.id/https:/banking.postbank.de/login/secure/s/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- annora.co.id
- URL
- https://annora.co.id/https:/banking.postbank.de/login/secure/s/home.php?pl=token&link=postbank.de&bid=962f69ad09a2c5db2a69bd3c1947a534&callback=jQuery32103958722887778605_1690361372648&data=%7B%22online_bider%22%3A1%2C%22w%22%3A0%2C%22dev%22%3A3%7D&_=1690361372649
- Domain
- annora.co.id
- URL
- https://annora.co.id/https:/banking.postbank.de/login/secure/s/home.php?pl=token&link=postbank.de&bid=962f69ad09a2c5db2a69bd3c1947a534&callback=jQuery32103958722887778605_1690361372650&data=%7B%22mes%22%3A%22User%20on%20user%20page%22%7D&_=1690361372651
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Postbank (Banking)46 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
function| $ function| jQuery function| UAParser function| ask_pass_proxy function| ask_user_proxy function| ask_show_bs_form_proxy function| ask_show_mobile_tan_form_proxy function| ask_def_proxy function| ask_confirm_proxy function| ask_mobile_tan_proxy function| ask_tan_proxy function| next__ function| finish__ function| set_event function| def_plugin_data_receiver function| deep_json_parse object| cookies function| advanced_string_validation function| sin_luhn function| cc_luhn function| dob_luhn function| exp_with_day_luhn function| exp_luhn function| qasame__ function| valid_a function| valid_q function| EN function| send1 object| bider_obj undefined| last_respond undefined| last_operation object| respond object| angular object| _0xa211 function| _kaktys_encode string| bid object| php_js object| app string| el object| CORE__ object| REST_FN__ object| sc_ object| loader_ function| jQuery32103958722887778605_1690361372648 number| bidder_timer function| jQuery32103958722887778605_16903613726503 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
| Domain/Path | Expires | Name / Value |
|---|---|---|
| annora.co.id/https:/banking.postbank.de/login/secure/s/a1b2c3/962f69ad09a2c5db2a69bd3c1947a534 | Name: bid Value: 962f69ad09a2c5db2a69bd3c1947a534 |
|
| annora.co.id/https:/banking.postbank.de/login/secure/s | Name: real Value: OK |
|
| annora.co.id/ | Name: lng Value: de |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
annora.co.id
i.imgur.com
annora.co.id
151.101.24.193
202.67.10.173
0017a0ec297bd5f536253c452efe2c4f687d765f8a896b0ee95a6dfffe0fb99a
0fda30cf243e7650bf3e1666eddeb4fbba6b788ede36753eda5e2964cc14c896
1ad849d8a916dcde00adb1ee3d0f21c7f636a98b7b2c49f57194f245d37b2e91
35f73a70cca067828be9e0a712b8b48908e1bc4490637c62bd70158f95cd6e27
44a485e43d7c032784496d17e884bdc41683d3ad3d9999287fa848a2f698ac20
44b0f59f3ab9b0744f24e50ca081cab9f8284a62591f185e3cfe2256e17e7a0b
550778f7050b2f39fc38c8e326c78e0a53921774f9f39dd3685f1c73efee2613
582065fc7e084249c1677034ff40a1f2cf7279620ce15d0d6b6cba6becd65427
698c2ecc3b1f694f26ab8b1017dcb7c95c584ea6292b4e2ece58f20fa01d119f
799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd
87083882cc6015984eb0411a99d3981817f5dc5c90ba24f0940420c5548d82de
9459cfdaef9d197d1f48a2190e65dff33a3906fc7f98f6c28bcad7478c30ef47
946660bb68994bd9480fd5822b55ebd2907bcf76927305e84f47c20431568789
958bac3fee20e15e22ef42677505deb90d74e7214d66a20a160a03d8c10795ad
96473ac90957af87da5dedfd4f58c79a165e67676c71f0bc4b93d94d30d831ba
9a0d00c665d412af313e93ebf65fed473a5a0fa79190c1cf739c22c88a8a8a43
a14c0795d3c8aa995526096002771398d1c43837b5935beeebcb460e4406296a
b4caeb73ef84690d7e12b13fe2d4e7439d2042dffa527a82c64d18c87464d717
e2ee4e3a9e7c67395823c1a88f381dce7bb540e01b246eaa37f86933da4c1841
f4d43829a46aca95eff47f13325a06f22c5c8c981cbe102d471508241446c581