joiac.org
Open in
urlscan Pro
157.7.144.5
Malicious Activity!
Public Scan
Effective URL: https://joiac.org/_module/sk/details.php
Submission: On September 11 via manual from SA — Scanned from DE
Summary
TLS certificate: Issued by R3 on July 27th 2023. Valid for: 3 months.
This is the only time joiac.org was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: DHL (Transportation)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 1 | 2600:9000:214... 2600:9000:214f:9000:19:1477:f380:93a1 | 16509 (AMAZON-02) (AMAZON-02) | |
1 | 2800:6c0:2::258 2800:6c0:2::258 | 27823 (Dattatec.com) (Dattatec.com) | |
11 | 157.7.144.5 157.7.144.5 | 7506 (INTERQ GM...) (INTERQ GMO Internet) | |
12 | 2 |
ASN16509 (AMAZON-02, US)
arabic-f20fa00fd92e.intercom-mail.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
11 |
joiac.org
joiac.org |
74 KB |
1 |
ferozo.com
cz000426.ferozo.com |
465 B |
1 |
intercom-mail.com
1 redirects
arabic-f20fa00fd92e.intercom-mail.com |
3 KB |
12 | 3 |
Domain | Requested by | |
---|---|---|
11 | joiac.org |
joiac.org
|
1 | cz000426.ferozo.com | |
1 | arabic-f20fa00fd92e.intercom-mail.com | 1 redirects |
12 | 3 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
joiac.org R3 |
2023-07-27 - 2023-10-25 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://joiac.org/_module/sk/details.php
Frame ID: 7D81733FB12E37A996EF31C94FDBDAA8
Requests: 12 HTTP requests in this frame
Screenshot
Page Title
Global Logistics | International Shipping | DHL | PolandPage URL History Show full URLs
-
https://arabic-f20fa00fd92e.intercom-mail.com/via/e?ob=0w6wDmvNnKE1JWL%2BTqVNgFhiHaVEOmJLZcJLTgEdWbpBno26NYDedlF3bj6Azsut&...
HTTP 302
http://cz000426.ferozo.com/index2.html Page URL
- https://joiac.org/_module/sk/details.php Page URL
Detected technologies
PHP (Programming Languages) ExpandDetected patterns
- \.php(?:$|\?)
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://arabic-f20fa00fd92e.intercom-mail.com/via/e?ob=0w6wDmvNnKE1JWL%2BTqVNgFhiHaVEOmJLZcJLTgEdWbpBno26NYDedlF3bj6Azsut&h=c2c67232baf93a856dc68b15da158ebbf5825912-e80t2m6d_180551600267701&l=4cb5e3ad021f643154710417931c55dd7f2c75f7-81690529
HTTP 302
http://cz000426.ferozo.com/index2.html Page URL
- https://joiac.org/_module/sk/details.php Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 0- https://arabic-f20fa00fd92e.intercom-mail.com/via/e?ob=0w6wDmvNnKE1JWL%2BTqVNgFhiHaVEOmJLZcJLTgEdWbpBno26NYDedlF3bj6Azsut&h=c2c67232baf93a856dc68b15da158ebbf5825912-e80t2m6d_180551600267701&l=4cb5e3ad021f643154710417931c55dd7f2c75f7-81690529 HTTP 302
- http://cz000426.ferozo.com/index2.html
12 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
index2.html
cz000426.ferozo.com/ Redirect Chain
|
99 B 465 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Primary Request
details.php
joiac.org/_module/sk/ |
6 KB 7 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
header.css
joiac.org/_module/sk/css/ |
6 KB 6 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
dhl-logo.svg
joiac.org/_module/sk/images/ |
2 KB 2 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
searchloupe.svg
joiac.org/_module/sk/images/ |
329 B 574 B |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
headermobile.JPG
joiac.org/_module/sk/images/ |
9 KB 9 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
saba9m.JPG
joiac.org/_module/sk/images/ |
8 KB 8 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
customer.svg
joiac.org/_module/sk/images/ |
2 KB 2 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
ssdsd.JPG
joiac.org/_module/sk/images/ |
8 KB 8 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
feedback.png
joiac.org/_module/sk/images/ |
2 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
socials.JPG
joiac.org/_module/sk/images/ |
9 KB 9 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jf.js
joiac.org/_module/sk/js/ |
21 KB 21 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: DHL (Transportation)2 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| documentPictureInPicture function| Cleave0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
arabic-f20fa00fd92e.intercom-mail.com
cz000426.ferozo.com
joiac.org
157.7.144.5
2600:9000:214f:9000:19:1477:f380:93a1
2800:6c0:2::258
0c3950f8653400246636960456db609af841feb691e53911e763ee282616a390
1ace605596027318737abeca712c7a0d6d76f753cf82affba37c3d2f44862ae4
3221db8f898b88e467ebbb8ae155a37bd02087b3df197ad5c4ecead06db08cdf
362bcaa42090e36611031bec6bdaa0600375ef847092cca195c58d3bae9b4419
4eddbc6b9a1194b7c26b7289cd5187ac1ae81887ee176ff265706fc7a002c961
562bf8f4d7adc4299fc6f80fecf3ea7115c89087d0898f4700c221615d7b7c1f
7dcdd04db64c3edd7e9868c6238b622d33caee1e7bdadbf2623d801109eefef1
c600aea2fa4dad3a13560e01bedf9e6c45db0571c3257d9e53e51c4f8fbbc41f
d1b64fb7749d0d3c905c5244660a21f3d8e29699457f2889274c8a717742b6c5
e0cd60b4b91620fc5ea59d9a28c2509efca95e3981ea8f52733e5ec0c6123375
e3ebf5c18aad177f152722df5feba1c664f2fa5c9d83a4846d4a8655efa641e3
fd85293d457b5dc514838dd7d5c7c1509a7eed60e23cb32ab9303666833eb98a