Submitted URL: https://www.rorkwear.com/jq/
Effective URL: https://cj-com.com/jw/jcbmiilll/
Submission: On January 17 via manual from JP — Scanned from JP

Summary

This website contacted 6 IPs in 4 countries across 7 domains to perform 17 HTTP transactions. The main IP is 2001:41d0:301::30, located in France and belongs to OVH, FR. The main domain is cj-com.com.
TLS certificate: Issued by R3 on December 18th 2021. Valid for: 3 months.
This is the only time cj-com.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: JCB (Financial)

Domain & IP information

IP Address AS Autonomous System
1 1 2606:4700:303... 13335 (CLOUDFLAR...)
8 2001:41d0:301... 16276 (OVH)
2 2600:140b:400... 20940 (AKAMAI-ASN1)
2 52.194.122.99 16509 (AMAZON-02)
2 23.45.60.174 20940 (AKAMAI-ASN1)
1 18.180.95.159 16509 (AMAZON-02)
2 3.113.78.189 16509 (AMAZON-02)
1 1 18.141.92.5 16509 (AMAZON-02)
17 6
Apex Domain
Subdomains
Transfer
8 cj-com.com
cj-com.com
53 KB
3 demdex.net
dpm.demdex.net — Cisco Umbrella Rank: 205
jcb.demdex.net
5 KB
2 omtrdc.net
jcb.sc.omtrdc.net
532 B
2 tiqcdn.com
tags.tiqcdn.com — Cisco Umbrella Rank: 939
10 KB
2 adobedtm.com
assets.adobedtm.com — Cisco Umbrella Rank: 497
91 KB
1 everesttech.net
cm.everesttech.net — Cisco Umbrella Rank: 992
517 B
1 rorkwear.com
www.rorkwear.com
588 B
17 7
Domain Requested by
8 cj-com.com cj-com.com
2 jcb.sc.omtrdc.net assets.adobedtm.com
cj-com.com
2 tags.tiqcdn.com cj-com.com
tags.tiqcdn.com
2 dpm.demdex.net assets.adobedtm.com
cj-com.com
2 assets.adobedtm.com cj-com.com
assets.adobedtm.com
1 cm.everesttech.net 1 redirects
1 jcb.demdex.net assets.adobedtm.com
1 www.rorkwear.com 1 redirects
17 8

This site contains no links.

Subject Issuer Validity Valid
www.cj-com.com
R3
2021-12-18 -
2022-03-18
3 months crt.sh
assets.adobedtm.com
DigiCert TLS RSA SHA256 2020 CA1
2021-09-10 -
2022-09-10
a year crt.sh
*.demdex.net
DigiCert TLS RSA SHA256 2020 CA1
2021-10-19 -
2022-11-19
a year crt.sh
*.tiqcdn.com
DigiCert SHA2 Secure Server CA
2021-04-19 -
2022-04-27
a year crt.sh
*.sc.omtrdc.net
DigiCert TLS Hybrid ECC SHA384 2020 CA1
2021-10-05 -
2022-03-04
5 months crt.sh

This page contains 2 frames:

Primary Page: https://cj-com.com/jw/jcbmiilll/
Frame ID: DB42EF64D904E38E32BD8D1ABAEBF3F4
Requests: 16 HTTP requests in this frame

Frame: https://jcb.demdex.net/dest5.html?d_nsid=0
Frame ID: E1561E2DB0D2C46509415CCF3487CEF8
Requests: 1 HTTP requests in this frame

Screenshot

Page Title

JCBの会員専用WEBサービス「MyJCB(マイジェーシービー)」

Page URL History Show full URLs

  1. https://www.rorkwear.com/jq/ HTTP 301
    https://cj-com.com/jw/jcbmiilll/ Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • jquery[.-]([\d.]*\d)[^/]*\.js
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

17
Requests

94 %
HTTPS

38 %
IPv6

7
Domains

8
Subdomains

6
IPs

4
Countries

160 kB
Transfer

571 kB
Size

9
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://www.rorkwear.com/jq/ HTTP 301
    https://cj-com.com/jw/jcbmiilll/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 13
  • https://cm.everesttech.net/cm/dd?d_uuid=37008769198847597382505884184115545342 HTTP 302
  • https://dpm.demdex.net/ibs:dpid=411&dpuuid=YeUC_wAAAIw_7QPw

17 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request /
cj-com.com/jw/jcbmiilll/
Redirect Chain
  • https://www.rorkwear.com/jq/
  • https://cj-com.com/jw/jcbmiilll/
12 KB
4 KB
Document
General
Full URL
https://cj-com.com/jw/jcbmiilll/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2001:41d0:301::30 , France, ASN16276 (OVH, FR),
Reverse DNS
Software
Apache / PHP/7.3
Resource Hash
6b47869cd7508503ba1e74d59bc3029b6042d59f22b1cbe2bd3f7bd2d39310ad

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language
jp-JP,jp;q=0.9

Response headers

date
Mon, 17 Jan 2022 05:47:38 GMT
content-type
text/html; charset=UTF-8
server
Apache
x-powered-by
PHP/7.3
vary
Accept-Encoding
content-encoding
gzip

Redirect headers

date
Mon, 17 Jan 2022 05:47:37 GMT
content-type
text/html
location
https://cj-com.com/jw/jcbmiilll/
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
x-turbo-charged-by
LiteSpeed
cf-cache-status
DYNAMIC
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=nZDStOh843qeO4VXeDxAKLVdoHBwJfyoqp1JbqwhV2fuQs9bcuxfaut1qIRW9eYeh2b7dnNpWJp839vB8%2BdHCuKjljolcQIYpktnsLkm6I5R9I%2F%2BSbZA0ot3tHd4vBh%2BVlMASPyvUA5TANhtKyn2"}],"group":"cf-nel","max_age":604800}
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
cf-ray
6ced4a348b4580bd-NRT
login.css
cj-com.com/jw/jcbmiilll/css/
12 KB
2 KB
Stylesheet
General
Full URL
https://cj-com.com/jw/jcbmiilll/css/login.css
Requested by
Host: cj-com.com
URL: https://cj-com.com/jw/jcbmiilll/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2001:41d0:301::30 , France, ASN16276 (OVH, FR),
Reverse DNS
Software
Apache /
Resource Hash
298f1a2a17fe93ec46c6702dc2edcb43dc8c697f4d15b5e3e80bbaecffe21094

Request headers

Accept-Language
jp-JP,jp;q=0.9
Referer
https://cj-com.com/jw/jcbmiilll/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Mon, 17 Jan 2022 05:47:39 GMT
content-encoding
gzip
last-modified
Sat, 24 Oct 2020 04:08:32 GMT
server
Apache
vary
Accept-Encoding
content-type
text/css
cache-control
max-age=900
accept-ranges
bytes
content-length
2344
expires
Mon, 17 Jan 2022 06:02:39 GMT
frame.css
cj-com.com/jw/jcbmiilll/css/
32 KB
5 KB
Stylesheet
General
Full URL
https://cj-com.com/jw/jcbmiilll/css/frame.css
Requested by
Host: cj-com.com
URL: https://cj-com.com/jw/jcbmiilll/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2001:41d0:301::30 , France, ASN16276 (OVH, FR),
Reverse DNS
Software
Apache /
Resource Hash
c7a74b4cf3d4e6c4752c8b87d4adaf5a8f5ba6c9fac256eb227663259171e2a0

Request headers

Accept-Language
jp-JP,jp;q=0.9
Referer
https://cj-com.com/jw/jcbmiilll/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Mon, 17 Jan 2022 05:47:39 GMT
content-encoding
gzip
last-modified
Mon, 23 Nov 2020 12:32:22 GMT
server
Apache
vary
Accept-Encoding
content-type
text/css
cache-control
max-age=900
accept-ranges
bytes
content-length
4530
expires
Mon, 17 Jan 2022 06:02:39 GMT
satelliteLib-07dcfb8765c9dfde9e662180182d3d7dda0f6107.js
assets.adobedtm.com/ebd4e205a73fa9517d565ab95d5b2b39697de655/
314 KB
77 KB
Script
General
Full URL
https://assets.adobedtm.com/ebd4e205a73fa9517d565ab95d5b2b39697de655/satelliteLib-07dcfb8765c9dfde9e662180182d3d7dda0f6107.js
Requested by
Host: cj-com.com
URL: https://cj-com.com/jw/jcbmiilll/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2600:140b:400:2a9::1e80 Tokyo, Japan, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
AkamaiNetStorage /
Resource Hash
53637c634568daf9ef0d41a508c0c220a6a43a720ecc49d3972194bb1843f5f0

Request headers

Accept-Language
jp-JP,jp;q=0.9
Referer
https://cj-com.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Mon, 17 Jan 2022 05:47:38 GMT
content-encoding
gzip
last-modified
Thu, 23 Dec 2021 04:32:39 GMT
server
AkamaiNetStorage
etag
"ccb705989867637c865098c2c4476bd6:1640233959.463793"
vary
Accept-Encoding
content-type
application/x-javascript
access-control-allow-origin
https://cj-com.com
cache-control
max-age=3600
accept-ranges
bytes
timing-allow-origin
*
content-length
78867
expires
Mon, 17 Jan 2022 06:47:38 GMT
logo.png
cj-com.com/jw/jcbmiilll/images/
3 KB
3 KB
Image
General
Full URL
https://cj-com.com/jw/jcbmiilll/images/logo.png
Requested by
Host: cj-com.com
URL: https://cj-com.com/jw/jcbmiilll/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2001:41d0:301::30 , France, ASN16276 (OVH, FR),
Reverse DNS
Software
Apache /
Resource Hash
dd8e7c6375bd6ccc23582eec91b4f1417b6f582dfc48e40b7ae3a63d7b0ae949

Request headers

Accept-Language
jp-JP,jp;q=0.9
Referer
https://cj-com.com/jw/jcbmiilll/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Mon, 17 Jan 2022 05:47:39 GMT
last-modified
Sat, 24 Oct 2020 04:08:32 GMT
server
Apache
content-type
image/png
cache-control
max-age=900
accept-ranges
bytes
content-length
3180
expires
Mon, 17 Jan 2022 06:02:39 GMT
icon_blank.png
cj-com.com/jw/jcbmiilll/images/
1 KB
1 KB
Image
General
Full URL
https://cj-com.com/jw/jcbmiilll/images/icon_blank.png
Requested by
Host: cj-com.com
URL: https://cj-com.com/jw/jcbmiilll/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2001:41d0:301::30 , France, ASN16276 (OVH, FR),
Reverse DNS
Software
Apache /
Resource Hash
6034aa1a5202485c861be5b8b5664b920a6ba8e02f65bea1ba7419ad736145c1

Request headers

Accept-Language
jp-JP,jp;q=0.9
Referer
https://cj-com.com/jw/jcbmiilll/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Mon, 17 Jan 2022 05:47:39 GMT
last-modified
Sat, 24 Oct 2020 04:08:32 GMT
server
Apache
content-type
image/png
cache-control
max-age=900
accept-ranges
bytes
content-length
1065
expires
Mon, 17 Jan 2022 06:02:39 GMT
jquery-3.2.1.min.js
cj-com.com/jw/jcbmiilll/js/
85 KB
30 KB
Script
General
Full URL
https://cj-com.com/jw/jcbmiilll/js/jquery-3.2.1.min.js
Requested by
Host: cj-com.com
URL: https://cj-com.com/jw/jcbmiilll/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2001:41d0:301::30 , France, ASN16276 (OVH, FR),
Reverse DNS
Software
Apache /
Resource Hash
39646863a414e0a84920b3a8639c0f3e8c94535e8dc051b42b485a068dc2902f

Request headers

Accept-Language
jp-JP,jp;q=0.9
Referer
https://cj-com.com/jw/jcbmiilll/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Mon, 17 Jan 2022 05:47:39 GMT
content-encoding
gzip
last-modified
Thu, 19 Nov 2020 23:07:34 GMT
server
Apache
vary
Accept-Encoding
content-type
application/javascript
cache-control
max-age=900
accept-ranges
bytes
content-length
30138
expires
Mon, 17 Jan 2022 06:02:39 GMT
jquery.cookie.js
cj-com.com/jw/jcbmiilll/js/
3 KB
2 KB
Script
General
Full URL
https://cj-com.com/jw/jcbmiilll/js/jquery.cookie.js
Requested by
Host: cj-com.com
URL: https://cj-com.com/jw/jcbmiilll/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2001:41d0:301::30 , France, ASN16276 (OVH, FR),
Reverse DNS
Software
Apache /
Resource Hash
631ea2bc942c1791920270ba02eef37774aa10db3994b4936a2b5f891a970ff7

Request headers

Accept-Language
jp-JP,jp;q=0.9
Referer
https://cj-com.com/jw/jcbmiilll/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Mon, 17 Jan 2022 05:47:39 GMT
content-encoding
gzip
last-modified
Thu, 19 Nov 2020 23:09:40 GMT
server
Apache
vary
Accept-Encoding
content-type
application/javascript
cache-control
max-age=900
accept-ranges
bytes
content-length
1395
expires
Mon, 17 Jan 2022 06:02:39 GMT
frame.js
cj-com.com/jw/jcbmiilll/js/
32 KB
7 KB
Script
General
Full URL
https://cj-com.com/jw/jcbmiilll/js/frame.js
Requested by
Host: cj-com.com
URL: https://cj-com.com/jw/jcbmiilll/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2001:41d0:301::30 , France, ASN16276 (OVH, FR),
Reverse DNS
Software
Apache /
Resource Hash
e961a6d74fbf3f96050dbe9ee5397f999ee88c30bb7eac4004c3a57d36078e29

Request headers

Accept-Language
jp-JP,jp;q=0.9
Referer
https://cj-com.com/jw/jcbmiilll/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Mon, 17 Jan 2022 05:47:39 GMT
content-encoding
gzip
last-modified
Thu, 19 Nov 2020 23:10:08 GMT
server
Apache
vary
Accept-Encoding
content-type
application/javascript
cache-control
max-age=900
accept-ranges
bytes
content-length
6533
expires
Mon, 17 Jan 2022 06:02:39 GMT
id
dpm.demdex.net/
363 B
1 KB
XHR
General
Full URL
https://dpm.demdex.net/id?d_visid_ver=4.4.1&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_orgid=0FC4F0F5558BD5EB7F000101%40AdobeOrg&d_nsid=0&ts=1642398459269
Requested by
Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/ebd4e205a73fa9517d565ab95d5b2b39697de655/satelliteLib-07dcfb8765c9dfde9e662180182d3d7dda0f6107.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.194.122.99 Tokyo, Japan, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-194-122-99.ap-northeast-1.compute.amazonaws.com
Software
/
Resource Hash
e04c019b2640c7df86fb760fb2fe8d365269e5e000fab5437f56c7abf5f24f97
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://cj-com.com/
Accept-Language
jp-JP,jp;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

DCS
dcs-prod-tyo3-1-v024-0f4b6a038.edge-tyo3.demdex.com UNKNOWN
Pragma
no-cache
Strict-Transport-Security
max-age=31536000; includeSubDomains
content-encoding
gzip
X-TID
urz62wFFRjI=
Vary
Origin
P3P
policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Access-Control-Allow-Origin
https://cj-com.com
Cache-Control
no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
application/json;charset=utf-8
Content-Length
306
Expires
Thu, 01 Jan 1970 00:00:00 UTC
AppMeasurement.min.js
assets.adobedtm.com/extensions/EP6580734006504e9facd682c439318b88/
36 KB
13 KB
Script
General
Full URL
https://assets.adobedtm.com/extensions/EP6580734006504e9facd682c439318b88/AppMeasurement.min.js
Requested by
Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/ebd4e205a73fa9517d565ab95d5b2b39697de655/satelliteLib-07dcfb8765c9dfde9e662180182d3d7dda0f6107.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2600:140b:400:2a9::1e80 Tokyo, Japan, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
AkamaiNetStorage /
Resource Hash
b688b7d8c9a306ac5fc64ab06561ca04693e1c5d0ea9877a4c853581d04971ea

Request headers

Accept-Language
jp-JP,jp;q=0.9
Referer
https://cj-com.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Mon, 17 Jan 2022 05:47:39 GMT
content-encoding
gzip
last-modified
Mon, 09 Sep 2019 22:19:26 GMT
server
AkamaiNetStorage
etag
"279821f231e2e055aa15fd6e6ae29d46:1568067566.281876"
vary
Accept-Encoding
content-type
application/x-javascript
access-control-allow-origin
https://cj-com.com
cache-control
no-cache
accept-ranges
bytes
timing-allow-origin
*
content-length
13336
expires
Mon, 17 Jan 2022 06:47:39 GMT
utag.js
tags.tiqcdn.com/utag/jcb/main/prod/
34 KB
10 KB
Script
General
Full URL
https://tags.tiqcdn.com/utag/jcb/main/prod/utag.js
Requested by
Host: cj-com.com
URL: https://cj-com.com/jw/jcbmiilll/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.45.60.174 Tokyo, Japan, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-45-60-174.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash
4575f285b92e9416184965e5099afa8a141c841e6631bc6b4883c979cf7fa902

Request headers

Accept-Language
jp-JP,jp;q=0.9
Referer
https://cj-com.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Mon, 17 Jan 2022 05:47:39 GMT
content-encoding
gzip
last-modified
Fri, 14 Jan 2022 07:57:02 GMT
server
AkamaiNetStorage
etag
"efc82440eae78c1acbe10c637f74cd75:1642147022.162011"
vary
Accept-Encoding
content-type
application/x-javascript
cache-control
max-age=300
accept-ranges
bytes
content-length
9596
expires
Mon, 17 Jan 2022 05:52:39 GMT
dest5.html
jcb.demdex.net/ Frame E156
7 KB
3 KB
Document
General
Full URL
https://jcb.demdex.net/dest5.html?d_nsid=0
Requested by
Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/ebd4e205a73fa9517d565ab95d5b2b39697de655/satelliteLib-07dcfb8765c9dfde9e662180182d3d7dda0f6107.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.180.95.159 Tokyo, Japan, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-180-95-159.ap-northeast-1.compute.amazonaws.com
Software
/
Resource Hash
7bea17a80a61ed0f54248b4ffc4c718f7c8ff2619742577a73591d62ce074da8
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language
jp-JP,jp;q=0.9
Referer
https://cj-com.com/

Response headers

Accept-Ranges
bytes
Cache-Control
no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-encoding
gzip
Content-Type
text/html;charset=UTF-8
date
Mon, 17 Jan 2022 05:47:39 GMT
DCS
dcs-prod-tyo3-1-v024-0f7e3c029.edge-tyo3.demdex.com UNKNOWN
Expires
Thu, 01 Jan 1970 00:00:00 UTC
last-modified
Mon, 20 Dec 2021 14:10:48 GMT
P3P
policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma
no-cache
Strict-Transport-Security
max-age=31536000; includeSubDomains
vary
accept-encoding
X-TID
VxFMVsd4TaQ=
Content-Length
2791
Connection
keep-alive
id
jcb.sc.omtrdc.net/
2 B
312 B
XHR
General
Full URL
https://jcb.sc.omtrdc.net/id?d_visid_ver=4.4.1&d_fieldgroup=A&mcorgid=0FC4F0F5558BD5EB7F000101%40AdobeOrg&mid=36981733009427660632506282427766323627&ts=1642398459422
Requested by
Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/ebd4e205a73fa9517d565ab95d5b2b39697de655/satelliteLib-07dcfb8765c9dfde9e662180182d3d7dda0f6107.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
3.113.78.189 Tokyo, Japan, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-113-78-189.ap-northeast-1.compute.amazonaws.com
Software
jag /
Resource Hash
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://cj-com.com/
Accept-Language
jp-JP,jp;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

date
Mon, 17 Jan 2022 05:47:39 GMT
x-content-type-options
nosniff
server
jag
xserver
anedge-55ffccf6c-dfvxl
vary
Origin
x-c
main-1585.I7afc85.M0-540
p3p
CP="This is not a P3P policy"
access-control-allow-origin
https://cj-com.com
cache-control
no-cache, no-store, max-age=0, no-transform, private
access-control-allow-credentials
true
content-type
application/x-javascript;charset=utf-8
content-length
2
x-xss-protection
1; mode=block
ibs:dpid=411&dpuuid=YeUC_wAAAIw_7QPw
dpm.demdex.net/
Redirect Chain
  • https://cm.everesttech.net/cm/dd?d_uuid=37008769198847597382505884184115545342
  • https://dpm.demdex.net/ibs:dpid=411&dpuuid=YeUC_wAAAIw_7QPw
42 B
945 B
Image
General
Full URL
https://dpm.demdex.net/ibs:dpid=411&dpuuid=YeUC_wAAAIw_7QPw
Requested by
Host: cj-com.com
URL: https://cj-com.com/jw/jcbmiilll/
Protocol
HTTP/1.1
Server
52.194.122.99 Tokyo, Japan, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-194-122-99.ap-northeast-1.compute.amazonaws.com
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

Accept-Language
jp-JP,jp;q=0.9
Referer
https://cj-com.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

DCS
dcs-prod-tyo3-1-v024-05d153055.edge-tyo3.demdex.com UNKNOWN
Pragma
no-cache
Strict-Transport-Security
max-age=31536000; includeSubDomains
content-encoding
gzip
X-Content-Type-Options
nosniff
X-TID
U+glMa25Rcw=
P3P
policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Cache-Control
no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection
keep-alive
Content-Type
image/gif
Content-Length
59
Expires
Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

Location
https://dpm.demdex.net/ibs:dpid=411&dpuuid=YeUC_wAAAIw_7QPw
Date
Mon, 17 Jan 2022 05:47:39 GMT
Cache-Control
no-cache
Server
AMO-cookiemap/1.1
Connection
keep-alive
Content-Length
0
P3P
CP="NOI NID DEVa PSAa PSDa OUR IND PUR COM NAV INT DEM"
utag.v.js
tags.tiqcdn.com/utag/tiqapp/
2 B
202 B
Script
General
Full URL
https://tags.tiqcdn.com/utag/tiqapp/utag.v.js?a=jcb/main/202201140756&cb=1642398459755
Requested by
Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/jcb/main/prod/utag.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.45.60.174 Tokyo, Japan, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-45-60-174.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash
a2c2339691fc48fbd14fb307292dff3e21222712d9240810742d7df0c6d74dfb

Request headers

Accept-Language
jp-JP,jp;q=0.9
Referer
https://cj-com.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Mon, 17 Jan 2022 05:47:39 GMT
last-modified
Thu, 14 Apr 2016 16:57:51 GMT
server
AkamaiNetStorage
etag
"7bc0ee636b3b83484fc3b9348863bd22:1460653071"
content-type
application/x-javascript
cache-control
max-age=600
accept-ranges
bytes
content-length
2
expires
Mon, 17 Jan 2022 05:57:39 GMT
s392565221441
jcb.sc.omtrdc.net/b/ss/jcb-corporate-2015-dev/1/JS-2.17.0-LBWB/
43 B
220 B
Image
General
Full URL
https://jcb.sc.omtrdc.net/b/ss/jcb-corporate-2015-dev/1/JS-2.17.0-LBWB/s392565221441?AQB=1&ndh=1&pf=1&t=17%2F0%2F2022%205%3A47%3A39%201%200&mid=36981733009427660632506282427766323627&aamlh=11&ce=UTF-8&cdp=3&pageName=jp%3A%3Ajw%3Ajcbmiilll%3Aindex&g=https%3A%2F%2Fcj-com.com%2Fjw%2Fjcbmiilll%2F&c.&neworrepeat=NEW&.c&cc=JPY&ch=cj-com.com&aamb=6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y&v1=D%3Dc1&v2=D%3Dc1&v3=D%3Dc3&c4=jp%3A%3Ajw&c5=jp%3A%3Ajw%3Ajcbmiilll&v5=D%3Dv4&c6=D%3Dc5&v6=type%2Fbookmark%2Freload&c7=D%3Dc5&v7=D%3Dv6&c8=D%3Dv8&v8=type%2Fbookmark%2Freload&v9=D%3DpageName&v10=D%3Dc51&v25=D%3Dc25&c26=20220117&v26=D%3Dc26&v27=D%3Dc27&c49=D%3Dg&v49=D%3Dg&c52=JCB%E3%81%AE%E4%BC%9A%E5%93%A1%E5%B0%82%E7%94%A8WEB%E3%82%B5%E3%83%BC%E3%83%93%E3%82%B9%E3%80%8CMyJCB%EF%BC%88%E3%83%9E%E3%82%A4%E3%82%B8%E3%82%A7%E3%83%BC%E3%82%B7%E3%83%BC%E3%83%93%E3%83%BC%EF%BC%89%E3%80%8D&v111=NEW&v124=0.8722353399904581_1642398459332&s=1600x1200&c=24&j=1.6&v=N&k=Y&bw=1600&bh=1200&mcorgid=0FC4F0F5558BD5EB7F000101%40AdobeOrg&AQE=1
Requested by
Host: cj-com.com
URL: https://cj-com.com/jw/jcbmiilll/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
3.113.78.189 Tokyo, Japan, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-113-78-189.ap-northeast-1.compute.amazonaws.com
Software
jag /
Resource Hash
a1ecbaed793a1f564c49c671f2dd0ce36f858534ef6d26b55783a06b884cc506
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
jp-JP,jp;q=0.9
Referer
https://cj-com.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Mon, 17 Jan 2022 05:47:39 GMT
x-content-type-options
nosniff
x-c
main-1585.I7afc85.M0-540
p3p
CP="This is not a P3P policy"
content-length
43
x-xss-protection
1; mode=block
pragma
no-cache
last-modified
Tue, 18 Jan 2022 05:47:39 GMT
server
jag
xserver
anedge-55ffccf6c-n7x6n
etag
3527023834522910720-4619936678281769128
vary
*
content-type
image/gif;charset=utf-8
access-control-allow-origin
*
cache-control
no-cache, no-store, max-age=0, no-transform, private
expires
Sun, 16 Jan 2022 05:47:39 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: JCB (Financial)

25 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| _satellite boolean| __satelliteLoaded object| adobe function| Visitor object| s_c_il number| s_c_in function| AppMeasurement_Module_ActivityMap function| AppMeasurement function| s_gi function| s_pgicq number| s_objectID number| s_giq object| s object| _uxa boolean| utag_condload string| utag_lh object| utag function| utag_condloader boolean| __tealium_twc_switch object| bannerConfig function| $ function| jQuery string| _ret object| s_i_jcb-corporate-2015-dev

9 Cookies

Domain/Path Name / Value
.cj-com.com/ Name: _cs_mk_aa
Value: 0.8722353399904581_1642398459332
.demdex.net/ Name: demdex
Value: 37008769198847597382505884184115545342
.cj-com.com/ Name: AMCVS_0FC4F0F5558BD5EB7F000101%40AdobeOrg
Value: 1
.cj-com.com/ Name: utag_main
Value: v_id:017e6693a633000fb8e629b0378103072002006a00b08$_sn:1$_ss:1$_st:1642400259446$ses_id:1642398459446%3Bexp-session$_pn:1%3Bexp-session
.cj-com.com/ Name: s_pers
Value: %20s_cvp%3D%255B%255B%2527type%252Fbookmark%252Freload%2527%252C%25271642398459899%2527%255D%255D%7C1650174459904%3B%20s_pr_time%3D1%252C%7C1673934459908%3B%20s_nr%3D1642398459933-New%7C1705470459933%3B
.everesttech.net/ Name: everest_g_v2
Value: g_surferid~YeUC_wAAAIw_7QPw
.dpm.demdex.net/ Name: dpm
Value: 37008769198847597382505884184115545342
.cj-com.com/ Name: AMCV_0FC4F0F5558BD5EB7F000101%40AdobeOrg
Value: 1075005958%7CMCIDTS%7C19010%7CMCMID%7C36981733009427660632506282427766323627%7CMCAAMLH-1643003259%7C11%7CMCAAMB-1643003259%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCOPTOUT-1642405659s%7CNONE%7CMCAID%7CNONE%7CMCSYNCSOP%7C411-19017%7CvVersion%7C4.4.1
.cj-com.com/ Name: s_sess
Value: %20s_cc%3Dtrue%3B%20s_ips%3D1200%3B%20s_tp%3D1681%3B%20s_ppv%3Djp%25253A%25253Ajw%25253Ajcbmiilll%25253Aindex%252C71%252C71%252C1200%252C1%252C1%3B

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

assets.adobedtm.com
cj-com.com
cm.everesttech.net
dpm.demdex.net
jcb.demdex.net
jcb.sc.omtrdc.net
tags.tiqcdn.com
www.rorkwear.com
18.141.92.5
18.180.95.159
2001:41d0:301::30
23.45.60.174
2600:140b:400:2a9::1e80
2606:4700:3036::ac43:dafa
3.113.78.189
52.194.122.99
298f1a2a17fe93ec46c6702dc2edcb43dc8c697f4d15b5e3e80bbaecffe21094
39646863a414e0a84920b3a8639c0f3e8c94535e8dc051b42b485a068dc2902f
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
4575f285b92e9416184965e5099afa8a141c841e6631bc6b4883c979cf7fa902
53637c634568daf9ef0d41a508c0c220a6a43a720ecc49d3972194bb1843f5f0
6034aa1a5202485c861be5b8b5664b920a6ba8e02f65bea1ba7419ad736145c1
631ea2bc942c1791920270ba02eef37774aa10db3994b4936a2b5f891a970ff7
6b47869cd7508503ba1e74d59bc3029b6042d59f22b1cbe2bd3f7bd2d39310ad
7bea17a80a61ed0f54248b4ffc4c718f7c8ff2619742577a73591d62ce074da8
a1ecbaed793a1f564c49c671f2dd0ce36f858534ef6d26b55783a06b884cc506
a2c2339691fc48fbd14fb307292dff3e21222712d9240810742d7df0c6d74dfb
b688b7d8c9a306ac5fc64ab06561ca04693e1c5d0ea9877a4c853581d04971ea
c7a74b4cf3d4e6c4752c8b87d4adaf5a8f5ba6c9fac256eb227663259171e2a0
dd8e7c6375bd6ccc23582eec91b4f1417b6f582dfc48e40b7ae3a63d7b0ae949
e04c019b2640c7df86fb760fb2fe8d365269e5e000fab5437f56c7abf5f24f97
e961a6d74fbf3f96050dbe9ee5397f999ee88c30bb7eac4004c3a57d36078e29
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629