ways-app.joomla.com Open in urlscan Pro
2607:1b00:93b2:e42c::823d  Malicious Activity! Public Scan

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

5 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request id.html Show response ways-app.joomla.com/mobile/	3 KB 1 KB	490ms 120ms	Document text/html	2607:1b00:93b2:e42c::823d CloudAccess.net
General Check archive.org Show headers Download Go to Full URL https://ways-app.joomla.com/mobile/id.html Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 2607:1b00:93b2:e42c::823d , United States, ASN54456 (CLOUDACCESS-NETWORK - CloudAccess.net, LLC, US), Reverse DNS Software Apache / Resource Hash aac197b60fc18b0153e9710c05ee701b09de5811be61777b2122117e949875ec Request headers Host ways-app.joomla.com Connection keep-alive Pragma no-cache Cache-Control no-cache Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3 Accept-Encoding gzip, deflate, br Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Date Fri, 28 Jun 2019 16:24:12 GMT Server Apache Last-Modified Tue, 04 Jun 2019 18:33:47 GMT Accept-Ranges bytes Vary Accept-Encoding Content-Encoding gzip Content-Length 1009 Keep-Alive timeout=60 Connection Keep-Alive Content-Type text/html; charset=UTF-8
GET H/1.1	200 OK	css.css ways-app.joomla.com/mobile/	4 KB 2 KB	121ms 120ms	Stylesheet text/css	2607:1b00:93b2:e42c::823d CloudAccess.net
General Check archive.org Show headers Download Go to Full URL https://ways-app.joomla.com/mobile/css.css Requested by Host: ways-app.joomla.com URL: https://ways-app.joomla.com/mobile/id.html Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 2607:1b00:93b2:e42c::823d , United States, ASN54456 (CLOUDACCESS-NETWORK - CloudAccess.net, LLC, US), Reverse DNS Software Apache / Resource Hash 6d41629dc98b3005f34b8a07c8d05a347e2494bc435b9ac27878a462c266160d Request headers Referer https://ways-app.joomla.com/mobile/id.html User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Date Fri, 28 Jun 2019 16:24:12 GMT Content-Encoding gzip Last-Modified Tue, 04 Jun 2019 18:33:47 GMT Server Apache Vary Accept-Encoding Content-Type text/css Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=60 Content-Length 1447
GET H/1.1	200 OK	home.js Show response ways-app.joomla.com/mobile/	10 KB 2 KB	253ms 130ms	Script text/javascript	2607:1b00:93b2:e42c::823d CloudAccess.net
General Check archive.org Show headers Download Go to Full URL https://ways-app.joomla.com/mobile/home.js Requested by Host: ways-app.joomla.com URL: https://ways-app.joomla.com/mobile/id.html Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 2607:1b00:93b2:e42c::823d , United States, ASN54456 (CLOUDACCESS-NETWORK - CloudAccess.net, LLC, US), Reverse DNS Software Apache / Resource Hash 73c343ce7f00e06b1b40974cbdd96389f0f074ecbaa72735c643ea59e95eeaf8 Request headers Referer https://ways-app.joomla.com/mobile/id.html User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Date Fri, 28 Jun 2019 16:24:12 GMT Content-Encoding gzip Last-Modified Tue, 04 Jun 2019 18:33:47 GMT Server Apache Vary Accept-Encoding Content-Type text/javascript Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=60 Content-Length 1911
GET H/1.1	200 OK	logo.png ways-app.joomla.com/mobile/	11 KB 11 KB	375ms 120ms	Image image/png	2607:1b00:93b2:e42c::823d CloudAccess.net
General Check archive.org Show headers Download Go to Show image Full URL https://ways-app.joomla.com/mobile/logo.png Requested by Host: ways-app.joomla.com URL: https://ways-app.joomla.com/mobile/id.html Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 2607:1b00:93b2:e42c::823d , United States, ASN54456 (CLOUDACCESS-NETWORK - CloudAccess.net, LLC, US), Reverse DNS Software Apache / Resource Hash 0ee3912c24e2447483e0d8c248ef3ae0d144dc180a7fc2bdcdd56f35bd96671f Request headers Referer https://ways-app.joomla.com/mobile/id.html User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Date Fri, 28 Jun 2019 16:24:12 GMT Last-Modified Tue, 04 Jun 2019 18:33:47 GMT Server Apache Content-Type image/png Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=60 Content-Length 11233
GET H/1.1	200 OK	destaque2.jpg ways-app.joomla.com/mobile/	50 KB 50 KB	377ms 121ms	Image image/jpeg	2607:1b00:93b2:e42c::823d CloudAccess.net
General Check archive.org Show headers Download Go to Show image Full URL https://ways-app.joomla.com/mobile/destaque2.jpg Requested by Host: ways-app.joomla.com URL: https://ways-app.joomla.com/mobile/id.html Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 2607:1b00:93b2:e42c::823d , United States, ASN54456 (CLOUDACCESS-NETWORK - CloudAccess.net, LLC, US), Reverse DNS Software Apache / Resource Hash a40d30c768b91abb94c8ffdcbf0df99f122a2f26116e06320cac3d6a21250ada Request headers Referer https://ways-app.joomla.com/mobile/id.html User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Date Fri, 28 Jun 2019 16:24:12 GMT Last-Modified Tue, 04 Jun 2019 18:33:47 GMT Server Apache Content-Type image/jpeg Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=60 Content-Length 51308

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Santander (Banking)

24 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onselectstart object| onselectionchange function| queueMicrotask function| posiok function| next_tbl10 function| next_tbl20 function| next_tbl30 function| next_tbl40 function| next_tbl50 function| proximoCampo function| check_total function| check_total_ref function| SomenteNumero function| check_tbl_complete function| validarCPF function| remove function| mascara function| execmascara function| cpf_mask function| check_cpf function| check_pswnet function| check_tbl function| check_psw4 function| check_ass_ele

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ways-app.joomla.com
2607:1b00:93b2:e42c::823d
0ee3912c24e2447483e0d8c248ef3ae0d144dc180a7fc2bdcdd56f35bd96671f
6d41629dc98b3005f34b8a07c8d05a347e2494bc435b9ac27878a462c266160d
73c343ce7f00e06b1b40974cbdd96389f0f074ecbaa72735c643ea59e95eeaf8
a40d30c768b91abb94c8ffdcbf0df99f122a2f26116e06320cac3d6a21250ada
aac197b60fc18b0153e9710c05ee701b09de5811be61777b2122117e949875ec