www.myjcb-jp.com Open in urlscan Pro
172.81.116.99 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://www.myjcb-jp.com/
Effective URL:
https://www.myjcb-jp.com/ap/index.php
Submission Tags: tweet @kesagatame0 #phishing #jcb #myjcb Search All
Submission: On April 07 via api (April 7th 2023, 9:33:12 am UTC) from FI — Scanned from JP

Summary HTTP 12 Redirects Links 7 Behaviour Indicators

Summary

This website contacted 3 IPs in 2 countries across 3 domains to perform 12 HTTP transactions. The main IP is 172.81.116.99, located in United States and belongs to IMH-IAD, US. The main domain is www.myjcb-jp.com.
TLS certificate: Issued by cPanel, Inc. Certification Authority on April 6th 2023. Valid for: 3 months.

This is the only time www.myjcb-jp.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: JCB (Financial)

Domain & IP information

	IP Address	AS Autonomous System
1 5	172.81.116.99 172.81.116.99	54641 (IMH-IAD) (IMH-IAD)
7	153.254.132.136 153.254.132.136	2914 (NTT-LTD-2914) (NTT-LTD-2914)
1	52.198.118.161 52.198.118.161	16509 (AMAZON-02) (AMAZON-02)
12	3

5 172.81.116.99 (United States) 1 redirects

ASN54641 (IMH-IAD, US)
PTR: vps91948.inmotionhosting.com

www.myjcb-jp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 153.254.132.136 (Japan)

ASN2914 (NTT-LTD-2914, US)
PTR: my.jcb.co.jp

my.jcb.co.jp	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.198.118.161 (Tokyo, Japan)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-198-118-161.ap-northeast-1.compute.amazonaws.com

jcb.demdex.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
7	jcb.co.jp my.jcb.co.jp	52 KB
5	myjcb-jp.com 1 redirects www.myjcb-jp.com	155 KB
1	demdex.net jcb.demdex.net	3 KB
12	3

	Domain	Requested by
7	my.jcb.co.jp	www.myjcb-jp.com
5	www.myjcb-jp.com	1 redirects www.myjcb-jp.com
1	jcb.demdex.net	www.myjcb-jp.com
12	3

This site contains links to these domains. Also see Links.

Domain
www.jcb.co.jp

Subject Issuer	Validity	Valid
myjcb-jp.com cPanel, Inc. Certification Authority	`2023-04-06` - `2023-07-05`	3 months	crt.sh
my.jcb.co.jp DigiCert SHA2 Extended Validation Server CA	`2022-10-25` - `2023-11-25`	a year	crt.sh
*.demdex.com DigiCert TLS RSA SHA256 2020 CA1	`2022-09-26` - `2023-10-27`	a year	crt.sh

This page contains 3 frames:

Primary Page: https://www.myjcb-jp.com/ap/index.php
Frame ID: 56F871C89CCA5DF93EEC7C0DFA3526AF
Requests: 10 HTTP requests in this frame

Frame: https://my.jcb.co.jp/apl/common/images/spacer.gif
Frame ID: 39A6B24C8B69BD3C46CFFA3392D2D7E3
Requests: 1 HTTP requests in this frame

Frame: https://jcb.demdex.net/dest5.html?d_nsid=0
Frame ID: 442CFCC9DA4B3375733F589E13AA0A37
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

JCBの会員専用WEBサービス「MyJCB（マイジェーシービー）」

Page URL History Show full URLs

https://www.myjcb-jp.com/ HTTP 302
https://www.myjcb-jp.com/ap/index.php Page URL

Detected technologies

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

\.php(?:$|\?)

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

12
Requests

100 %
HTTPS

0 %
IPv6

3
Domains

3
Subdomains

3
IPs

2
Countries

211 kB
Transfer

212 kB
Size

1
Cookies

7 Outgoing links

These are links going to different origins than the main page.

URL: https://www.jcb.co.jp/jcb_mente/mente_service.html
Title: サービス停止のご案内

Search URL Search Domain Scan URL

URL: https://www.jcb.co.jp/qa/index.html
Title: よくあるご質問

Search URL Search Domain Scan URL

URL: https://www.jcb.co.jp/myjcb/myjcb.html
Title: お問い合わせ

Search URL Search Domain Scan URL

URL: https://www.jcb.co.jp/
Title: JCBカードサイト

Search URL Search Domain Scan URL

URL: https://www.jcb.co.jp/privacy/
Title: プライバシーポリシー

Search URL Search Domain Scan URL

URL: https://www.jcb.co.jp/myjcb/kitei.html
Title: MyJCB利用者規定

Search URL Search Domain Scan URL

URL: https://www.jcb.co.jp/security/
Title: JCBのセキュリティについて

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://www.myjcb-jp.com/ HTTP 302
https://www.myjcb-jp.com/ap/index.php Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

12 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request index.php Show response
www.myjcb-jp.com/ap/
Redirect Chain

https://www.myjcb-jp.com/
https://www.myjcb-jp.com/ap/index.php

14 KB
14 KB

283ms
283ms

Document
text/html

172.81.116.99
IMH-IAD

General

Check archive.org

Show headers Download Go to

Full URL: https://www.myjcb-jp.com/ap/index.php
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.81.116.99 , United States, ASN54641 (IMH-IAD, US),
Reverse DNS: vps91948.inmotionhosting.com
Software: Apache /
Resource Hash: 4f950400f3f738a96841075ea1c28f468c34da5b8462ee282bc12329cf190983

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36
accept-language: jp-JP,jp;q=0.9

Response headers

cache-control: no-store, no-cache, must-revalidate
content-type: text/html; charset=UTF-8
date: Fri, 07 Apr 2023 09:33:06 GMT
expires: Thu, 19 Nov 1981 08:52:00 GMT
pragma: no-cache
server: Apache

Redirect headers

cache-control: no-store, no-cache, must-revalidate
content-type: text/html; charset=UTF-8
date: Fri, 07 Apr 2023 09:33:06 GMT
expires: Thu, 19 Nov 1981 08:52:00 GMT
location: ./ap/index.php
pragma: no-cache
server: Apache

GET
H/1.1 200
OK login.css
my.jcb.co.jp/apl/renew/login/css/ 11 KB
12 KB 15ms
7ms Stylesheet
text/css 153.254.132.136
NTT-LTD-2914

General

Check archive.org

Show headers Download Go to

Full URL

https://my.jcb.co.jp/apl/renew/login/css/login.css

Requested by

Host: www.myjcb-jp.com
URL: https://www.myjcb-jp.com/ap/index.php

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

153.254.132.136 , Japan, ASN2914 (NTT-LTD-2914, US),

Reverse DNS

my.jcb.co.jp

Software

nginx /

Resource Hash

c9201d468dddf3a23a57bb912500032ee22b6bdc69c5d59eb8cee9ff46083c6b

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://www.myjcb-jp.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

Date: Fri, 07 Apr 2023 09:33:07 GMT
Content-Security-Policy: frame-ancestors 'self'
Strict-Transport-Security: max-age=31536000; includeSubDomains
Last-Modified: Mon, 15 Apr 2019 00:28:02 GMT
Server: nginx
ETag: "5cb3d012-2d24"
X-Frame-Options: SAMEORIGIN
Content-Type: text/css
Content-Language: ja
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 11556

GET
H/1.1 200
OK frame.css
my.jcb.co.jp/apl/renew/common/css/ 33 KB
33 KB 16ms
6ms Stylesheet
text/css 153.254.132.136
NTT-LTD-2914

General

Check archive.org

Show headers Download Go to

Full URL

https://my.jcb.co.jp/apl/renew/common/css/frame.css?ver=20220322

Requested by

Host: www.myjcb-jp.com
URL: https://www.myjcb-jp.com/ap/index.php

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

153.254.132.136 , Japan, ASN2914 (NTT-LTD-2914, US),

Reverse DNS

my.jcb.co.jp

Software

nginx /

Resource Hash

c83cd93e3355eb5ed9889c41585612ddf25a1eb8d98aaddb177298dfa9d81365

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://www.myjcb-jp.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

Date: Fri, 07 Apr 2023 09:33:07 GMT
Content-Security-Policy: frame-ancestors 'self'
Strict-Transport-Security: max-age=31536000; includeSubDomains
Last-Modified: Tue, 22 Mar 2022 01:30:05 GMT
Server: nginx
ETag: "6239269d-8233"
X-Frame-Options: SAMEORIGIN
Content-Type: text/css
Content-Language: ja
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 33331

GET
H2 200 jquery.min.js Show response
www.myjcb-jp.com/ap/js/ 86 KB
86 KB 425ms
423ms Script
application/javascript 172.81.116.99
IMH-IAD

General

Check archive.org

Show headers Download Go to

Full URL: https://www.myjcb-jp.com/ap/js/jquery.min.js
Requested by: Host: www.myjcb-jp.com
URL: https://www.myjcb-jp.com/ap/index.php
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.81.116.99 , United States, ASN54641 (IMH-IAD, US),
Reverse DNS: vps91948.inmotionhosting.com
Software: Apache /
Resource Hash: 412b8ff9c5ab32b9019fcd84bcd4a54c0e265a14528474f4ee45b27a20abeaeb

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://www.myjcb-jp.com/ap/index.php
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Fri, 07 Apr 2023 09:33:07 GMT
last-modified: Sun, 21 Aug 2022 23:22:00 GMT
server: Apache
accept-ranges: bytes
content-length: 88147
content-type: application/javascript

GET
H2 200 jquery.mask.js Show response
www.myjcb-jp.com/ap/js/ 20 KB
21 KB 426ms
424ms Script
application/javascript 172.81.116.99
IMH-IAD

General

Check archive.org

Show headers Download Go to

Full URL: https://www.myjcb-jp.com/ap/js/jquery.mask.js
Requested by: Host: www.myjcb-jp.com
URL: https://www.myjcb-jp.com/ap/index.php
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.81.116.99 , United States, ASN54641 (IMH-IAD, US),
Reverse DNS: vps91948.inmotionhosting.com
Software: Apache /
Resource Hash: d207d7942aa5bd788378f92aae9fd3aae7ec1245776f16b6680bc1e312db3f51

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://www.myjcb-jp.com/ap/index.php
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Fri, 07 Apr 2023 09:33:07 GMT
last-modified: Sun, 21 Aug 2022 23:22:22 GMT
server: Apache
accept-ranges: bytes
content-length: 20977
content-type: application/javascript

GET
H2 200 jquery.validate.min.js Show response
www.myjcb-jp.com/ap/js/ 34 KB
34 KB 214ms
212ms Script
application/javascript 172.81.116.99
IMH-IAD

General

Check archive.org

Show headers Download Go to

Full URL: https://www.myjcb-jp.com/ap/js/jquery.validate.min.js
Requested by: Host: www.myjcb-jp.com
URL: https://www.myjcb-jp.com/ap/index.php
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.81.116.99 , United States, ASN54641 (IMH-IAD, US),
Reverse DNS: vps91948.inmotionhosting.com
Software: Apache /
Resource Hash: f59dc66c08474ec52a21ab66cd6ba46a4e4ace29b0b82e2306add18741ae9c2a

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://www.myjcb-jp.com/ap/index.php
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Fri, 07 Apr 2023 09:33:07 GMT
last-modified: Sun, 21 Aug 2022 23:22:38 GMT
server: Apache
accept-ranges: bytes
content-length: 34429
content-type: application/javascript

GET
H/1.1 200
OK logo.png
my.jcb.co.jp/apl/renew/common/images/header/ 3 KB
3 KB 11ms
10ms Image
image/png 153.254.132.136
NTT-LTD-2914

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://my.jcb.co.jp/apl/renew/common/images/header/logo.png

Requested by

Host: www.myjcb-jp.com
URL: https://www.myjcb-jp.com/ap/index.php

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

153.254.132.136 , Japan, ASN2914 (NTT-LTD-2914, US),

Reverse DNS

my.jcb.co.jp

Software

nginx /

Resource Hash

dd8e7c6375bd6ccc23582eec91b4f1417b6f582dfc48e40b7ae3a63d7b0ae949

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://www.myjcb-jp.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

Date: Fri, 07 Apr 2023 09:33:07 GMT
Content-Security-Policy: frame-ancestors 'self'
Strict-Transport-Security: max-age=31536000; includeSubDomains
Last-Modified: Mon, 31 Aug 2020 04:50:10 GMT
Server: nginx
ETag: "5f4c8182-c6c"
X-Frame-Options: SAMEORIGIN
Content-Type: image/png
Content-Language: ja
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 3180

GET
H/1.1 200
OK icon_blank.png
my.jcb.co.jp/apl/renew/common/images/ 1 KB
1 KB 4ms
4ms Image
image/png 153.254.132.136
NTT-LTD-2914

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://my.jcb.co.jp/apl/renew/common/images/icon_blank.png

Requested by

Host: www.myjcb-jp.com
URL: https://www.myjcb-jp.com/ap/index.php

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

153.254.132.136 , Japan, ASN2914 (NTT-LTD-2914, US),

Reverse DNS

my.jcb.co.jp

Software

nginx /

Resource Hash

6034aa1a5202485c861be5b8b5664b920a6ba8e02f65bea1ba7419ad736145c1

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://www.myjcb-jp.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

Date: Fri, 07 Apr 2023 09:33:07 GMT
Content-Security-Policy: frame-ancestors 'self'
Strict-Transport-Security: max-age=31536000; includeSubDomains
Last-Modified: Mon, 20 Aug 2018 01:16:06 GMT
Server: nginx
ETag: "5b7a1656-429"
X-Frame-Options: SAMEORIGIN
Content-Type: image/png
Content-Language: ja
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 1065

GET
H/1.1 200
OK error-icon.png
my.jcb.co.jp/apl/renew/login/images/ 350 B
745 B 8ms
8ms Image
image/png 153.254.132.136
NTT-LTD-2914

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://my.jcb.co.jp/apl/renew/login/images/error-icon.png

Requested by

Host: www.myjcb-jp.com
URL: https://www.myjcb-jp.com/ap/index.php

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

153.254.132.136 , Japan, ASN2914 (NTT-LTD-2914, US),

Reverse DNS

my.jcb.co.jp

Software

nginx /

Resource Hash

80adebc84b57ccb10f21a41231e22b5b051bbe66a81385536650b42e1fd2b50a

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://www.myjcb-jp.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

Date: Fri, 07 Apr 2023 09:33:07 GMT
Content-Security-Policy: frame-ancestors 'self'
Strict-Transport-Security: max-age=31536000; includeSubDomains
Last-Modified: Mon, 20 Aug 2018 01:16:06 GMT
Server: nginx
ETag: "5b7a1656-15e"
X-Frame-Options: SAMEORIGIN
Content-Type: image/png
Content-Language: ja
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 350

GET
H/1.1 200
OK logo_footer.png
my.jcb.co.jp/apl/renew/common/images/footer/ 2 KB
2 KB 10ms
9ms Image
image/png 153.254.132.136
NTT-LTD-2914

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://my.jcb.co.jp/apl/renew/common/images/footer/logo_footer.png

Requested by

Host: www.myjcb-jp.com
URL: https://www.myjcb-jp.com/ap/index.php

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

153.254.132.136 , Japan, ASN2914 (NTT-LTD-2914, US),

Reverse DNS

my.jcb.co.jp

Software

nginx /

Resource Hash

93b334e1a1d3b1f7ad60a247c93d72e8d3c03db8b81bc4c4184ad3a3d7ce5b62

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://www.myjcb-jp.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

Date: Fri, 07 Apr 2023 09:33:07 GMT
Content-Security-Policy: frame-ancestors 'self'
Strict-Transport-Security: max-age=31536000; includeSubDomains
Last-Modified: Tue, 12 Jun 2018 02:47:10 GMT
Server: nginx
ETag: "5b1f342e-6e5"
X-Frame-Options: SAMEORIGIN
Content-Type: image/png
Content-Language: ja
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 1765

GET
H/1.1 200
OK spacer.gif
my.jcb.co.jp/apl/common/images/ Frame 39A6 0
0 9ms
8ms Document
image/gif 153.254.132.136
NTT-LTD-2914

General

Check archive.org

Show headers Download Go to

Full URL

https://my.jcb.co.jp/apl/common/images/spacer.gif

Requested by

Host: www.myjcb-jp.com
URL: https://www.myjcb-jp.com/ap/index.php

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

153.254.132.136 , Japan, ASN2914 (NTT-LTD-2914, US),

Reverse DNS

my.jcb.co.jp

Software

nginx /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://www.myjcb-jp.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36
accept-language: jp-JP,jp;q=0.9

Response headers

Accept-Ranges: bytes
Connection: keep-alive
Content-Language: ja
Content-Length: 43
Content-Security-Policy: frame-ancestors 'self'
Content-Type: image/gif
Date: Fri, 07 Apr 2023 09:33:07 GMT
ETag: "5b1f3458-2b"
Last-Modified: Tue, 12 Jun 2018 02:47:52 GMT
Server: nginx
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Frame-Options: SAMEORIGIN

GET
H/1.1 200
OK dest5.html Show response
jcb.demdex.net/ Frame 442C 7 KB
3 KB 22ms
7ms Document
text/html 52.198.118.161
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://jcb.demdex.net/dest5.html?d_nsid=0

Requested by

Host: www.myjcb-jp.com
URL: https://www.myjcb-jp.com/ap/index.php

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.198.118.161 Tokyo, Japan, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-198-118-161.ap-northeast-1.compute.amazonaws.com

Software

Resource Hash

7bea17a80a61ed0f54248b4ffc4c718f7c8ff2619742577a73591d62ce074da8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.myjcb-jp.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36
accept-language: jp-JP,jp;q=0.9

Response headers

Accept-Ranges: bytes
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Length: 2791
Content-Type: text/html;charset=UTF-8
DCS: dcs-prod-tyo3-2-v043-0d6625a25.edge-tyo3.demdex.com 0 ms
Expires: Thu, 01 Jan 1970 00:00:00 UTC
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-TID: zuBPuqYGT5E=
content-encoding: gzip
date: Fri, 7 Apr 2023 09:33:07 GMT
last-modified: Wed, 8 Feb 2023 11:53:41 GMT
vary: accept-encoding

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: JCB (Financial)

5 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			www.myjcb-jp.com/	1969-12-31 23:59:59	Name: PHPSESSID Value: 50c80508b065e9bfd3d255728619139e

2 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
security	error	Message: Refused to frame 'https://my.jcb.co.jp/' because an ancestor violates the following Content Security Policy directive: "frame-ancestors 'self'".
security	error	URL: https://jcb.demdex.net/dest5.html?d_nsid=0(Line 12) Message: Failed to execute 'postMessage' on 'DOMWindow': The target origin provided ('https://my.jcb.co.jp') does not match the recipient window's origin ('https://www.myjcb-jp.com').

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

jcb.demdex.net
my.jcb.co.jp
www.myjcb-jp.com
153.254.132.136
172.81.116.99
52.198.118.161
412b8ff9c5ab32b9019fcd84bcd4a54c0e265a14528474f4ee45b27a20abeaeb
4f950400f3f738a96841075ea1c28f468c34da5b8462ee282bc12329cf190983
6034aa1a5202485c861be5b8b5664b920a6ba8e02f65bea1ba7419ad736145c1
7bea17a80a61ed0f54248b4ffc4c718f7c8ff2619742577a73591d62ce074da8
80adebc84b57ccb10f21a41231e22b5b051bbe66a81385536650b42e1fd2b50a
93b334e1a1d3b1f7ad60a247c93d72e8d3c03db8b81bc4c4184ad3a3d7ce5b62
c83cd93e3355eb5ed9889c41585612ddf25a1eb8d98aaddb177298dfa9d81365
c9201d468dddf3a23a57bb912500032ee22b6bdc69c5d59eb8cee9ff46083c6b
d207d7942aa5bd788378f92aae9fd3aae7ec1245776f16b6680bc1e312db3f51
dd8e7c6375bd6ccc23582eec91b4f1417b6f582dfc48e40b7ae3a63d7b0ae949
f59dc66c08474ec52a21ab66cd6ba46a4e4ace29b0b82e2306add18741ae9c2a

www.myjcb-jp.com Open in urlscan Pro 172.81.116.99 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

12 Requests

100 %HTTPS

0 %IPv6

3 Domains

3 Subdomains

3 IPs

2 Countries

211 kBTransfer

212 kBSize

1 Cookies

7 Outgoing links

Page URL History

Redirected requests

12 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

5 JavaScript Global Variables

1 Cookies

2 Console Messages

Indicators

www.myjcb-jp.com Open in urlscan Pro
172.81.116.99 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

12
Requests

100 %
HTTPS

0 %
IPv6

3
Domains

3
Subdomains

3
IPs

2
Countries

211 kB
Transfer

212 kB
Size

1
Cookies

12 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!