for-j.com - urlscan.io

Summary

This website contacted 2 IPs in 2 countries across 2 domains to perform 3 HTTP transactions. The main IP is 104.18.38.48, located in Shahr, Iran, Islamic Republic Of and belongs to CLOUDFLARENET, US. The main domain is for-j.com. The Cisco Umbrella rank of the primary domain is 138578.
TLS certificate: Issued by GTS CA 1P5 on October 3rd 2022. Valid for: 3 months.

This is the only time for-j.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
2	104.18.38.48 104.18.38.48	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a02:26f0:f50... 2a02:26f0:f500:5::5c7b:85c9	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
3	2

2 104.18.38.48 (Shahr, Iran, Islamic Republic Of)

ASN13335 (CLOUDFLARENET, US)

for-j.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:f500:5::5c7b:85c9 (Munich, Germany)

ASN20940 (AKAMAI-ASN1, NL)

ak.roudoduor.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
2	for-j.com for-j.com — Cisco Umbrella Rank: 138578	5 KB
1	roudoduor.com ak.roudoduor.com — Cisco Umbrella Rank: 151491
3	2

	Domain	Requested by
2	for-j.com	for-j.com
1	ak.roudoduor.com	for-j.com
3	2

This site contains no links.

Subject Issuer	Validity	Valid
*.for-j.com GTS CA 1P5	`2022-10-03` - `2023-01-01`	3 months	crt.sh
ak.hetaruwg.com R3	`2022-10-30` - `2023-01-28`	3 months	crt.sh

This page contains 1 frames:

Frame: https://ak.roudoduor.com/afu.php?zoneid=5478295&ymid=17d4c32f2dbb0532a8281290d54b1106&var=680691
Frame ID: 0025E068A520A38E1ABA8E58E2E41E0E
Requests: 3 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Processing ...

Page Statistics

3
Requests

100 %
HTTPS

50 %
IPv6

2
Domains

2
Subdomains

2
IPs

2
Countries

5 kB
Transfer

13 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

3 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request tds3.html Show response
for-j.com/ 753 B
599 B 54ms
20ms Document
text/html 104.18.38.48
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://for-j.com/tds3.html?zoneid=5478295&ymid=17d4c32f2dbb0532a8281290d54b1106&sourceid=680691&tt=2
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.38.48 Shahr, Iran, Islamic Republic Of, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b5c05e12e92343bc03108bb9976f410e38d6c6deb08aab8ed52d088e9dcb9577

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 736794
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control: public, max-age=2678400
cf-cache-status: HIT
cf-ray: 7686e4a66d0192a7-FRA
content-encoding: br
content-type: text/html
date: Fri, 11 Nov 2022 12:04:55 GMT
expires: Mon, 12 Dec 2022 12:04:55 GMT
last-modified: Wed, 02 Nov 2022 11:31:57 GMT
server: cloudflare
vary: Accept-Encoding

GET
H2 200 rocket-loader.min.js Show response
for-j.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/ 12 KB
4 KB 17ms
16ms Script
application/javascript 104.18.38.48
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://for-j.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Requested by

Host: for-j.com
URL: https://for-j.com/tds3.html?zoneid=5478295&ymid=17d4c32f2dbb0532a8281290d54b1106&sourceid=680691&tt=2

Protocol

H2

Security

TLS 1.3, , AES_128_GCM

Server

104.18.38.48 Shahr, Iran, Islamic Republic Of, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ccf00d1923b0131a10e0c6d26f95e5dee6ebf8621a27e83c5a2f68a2e0093142

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date: Fri, 11 Nov 2022 12:04:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 09 Nov 2022 12:52:00 GMT
server: cloudflare
etag: W/"636ba270-302c"
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/javascript
cache-control: max-age=172800, public
cf-ray: 7686e4a69d4692a7-FRA
expires: Sun, 13 Nov 2022 12:04:55 GMT

GET
H2 204 afu.php
ak.roudoduor.com/ 0
0 132ms
50ms Document
text/plain 2a02:26f0:f500:5::5c7b:85c9
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://ak.roudoduor.com/afu.php?zoneid=5478295&ymid=17d4c32f2dbb0532a8281290d54b1106&var=680691

Requested by

Host: for-j.com
URL: https://for-j.com/tds3.html?zoneid=5478295&ymid=17d4c32f2dbb0532a8281290d54b1106&sourceid=680691&tt=2

Protocol

H2

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:f500:5::5c7b:85c9 Munich, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

/

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
access-control-max-age: 86400
cache-control: max-age=0, no-cache, no-store
content-type: text/plain; charset=utf-8
date: Fri, 11 Nov 2022 12:04:55 GMT
expires: Fri, 11 Nov 2022 12:04:55 GMT
pragma: no-cache
server-timing: cdn-cache; desc=MISS edge; dur=16 origin; dur=27
strict-transport-security: max-age=1
timing-allow-origin: * *
x-content-type-options: nosniff

Verdicts & Comments Add Verdict or Comment

6 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ak.roudoduor.com
for-j.com
104.18.38.48
2a02:26f0:f500:5::5c7b:85c9
b5c05e12e92343bc03108bb9976f410e38d6c6deb08aab8ed52d088e9dcb9577
ccf00d1923b0131a10e0c6d26f95e5dee6ebf8621a27e83c5a2f68a2e0093142

for-j.com Open in urlscan Pro 104.18.38.48 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page Statistics

3 Requests

100 %HTTPS

50 %IPv6

2 Domains

2 Subdomains

2 IPs

2 Countries

5 kBTransfer

13 kBSize

0 Cookies

0 Outgoing links

Redirected requests

3 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

6 JavaScript Global Variables

0 Cookies

Indicators

for-j.com Open in urlscan Pro
104.18.38.48 Public Scan

Screenshot
Live screenshot

Full Image

3
Requests

100 %
HTTPS

50 %
IPv6

2
Domains

2
Subdomains

2
IPs

2
Countries

5 kB
Transfer

13 kB
Size

0
Cookies

3 HTTP transactions
0 data transactions