ways-app.joomla.com
Open in
urlscan Pro
2607:1b00:93b2:e42c::823d
Malicious Activity!
Public Scan
Submission: On June 28 via automatic, source phishtank
Summary
TLS certificate: Issued by RapidSSL RSA CA 2018 on March 21st 2019. Valid for: a year.
This is the only time ways-app.joomla.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Santander (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
5 | 2607:1b00:93b... 2607:1b00:93b2:e42c::823d | 54456 (CLOUDACCE...) (CLOUDACCESS-NETWORK - CloudAccess.net) | |
5 | 1 |
ASN54456 (CLOUDACCESS-NETWORK - CloudAccess.net, LLC, US)
ways-app.joomla.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
5 |
joomla.com
ways-app.joomla.com |
67 KB |
5 | 1 |
Domain | Requested by | |
---|---|---|
5 | ways-app.joomla.com |
ways-app.joomla.com
|
5 | 1 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
*.joomla.com RapidSSL RSA CA 2018 |
2019-03-21 - 2020-03-20 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://ways-app.joomla.com/mobile/id.html
Frame ID: 54C79C7A3305CB2191004C97C8630D94
Requests: 5 HTTP requests in this frame
0 Outgoing links
These are links going to different origins than the main page.
Redirected requests
There were HTTP redirect chains for the following requests:
5 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
id.html
ways-app.joomla.com/mobile/ |
3 KB 1 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
css.css
ways-app.joomla.com/mobile/ |
4 KB 2 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
home.js
ways-app.joomla.com/mobile/ |
10 KB 2 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
logo.png
ways-app.joomla.com/mobile/ |
11 KB 11 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
destaque2.jpg
ways-app.joomla.com/mobile/ |
50 KB 50 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Santander (Banking)24 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onselectstart object| onselectionchange function| queueMicrotask function| posiok function| next_tbl10 function| next_tbl20 function| next_tbl30 function| next_tbl40 function| next_tbl50 function| proximoCampo function| check_total function| check_total_ref function| SomenteNumero function| check_tbl_complete function| validarCPF function| remove function| mascara function| execmascara function| cpf_mask function| check_cpf function| check_pswnet function| check_tbl function| check_psw4 function| check_ass_ele0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
ways-app.joomla.com
2607:1b00:93b2:e42c::823d
0ee3912c24e2447483e0d8c248ef3ae0d144dc180a7fc2bdcdd56f35bd96671f
6d41629dc98b3005f34b8a07c8d05a347e2494bc435b9ac27878a462c266160d
73c343ce7f00e06b1b40974cbdd96389f0f074ecbaa72735c643ea59e95eeaf8
a40d30c768b91abb94c8ffdcbf0df99f122a2f26116e06320cac3d6a21250ada
aac197b60fc18b0153e9710c05ee701b09de5811be61777b2122117e949875ec