Submitted URL: http://jac-eg.com/pop/adobe-home
Effective URL: https://jac-eg.com/pop/adobe-home/login.html?log=dQwlXqMIkBvJMswDmaXn0TKdg56qREozLwmLtczXUEQ7U6iVHYQluplCafTODxIgpr...
Submission Tags: falconsandbox
Submission: On July 27 via api from US — Scanned from DE

Summary

This website contacted 7 IPs in 2 countries across 6 domains to perform 13 HTTP transactions. The main IP is 107.180.27.171, located in Ashburn, United States and belongs to AS-26496-GO-DADDY-COM-LLC, US. The main domain is jac-eg.com.
TLS certificate: Issued by Go Daddy Secure Certificate Authority... on May 16th 2022. Valid for: a year.
This is the only time jac-eg.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Fake Adobe Update

Domain & IP information

IP Address AS Autonomous System
3 7 107.180.27.171 26496 (AS-26496-...)
1 2a00:1450:400... 15169 (GOOGLE)
4 6 23.36.163.228 20940 (AKAMAI-ASN1)
4 2a02:26f0:350... 20940 (AKAMAI-ASN1)
1 152.199.19.160 15133 (EDGECAST)
1 151.101.112.193 54113 (FASTLY)
13 7
Apex Domain
Subdomains
Transfer
7 jac-eg.com
jac-eg.com
www.jac-eg.com
258 KB
6 wsimg.com
img1.wsimg.com — Cisco Umbrella Rank: 8736
img6.wsimg.com — Cisco Umbrella Rank: 10651
23 KB
4 secureserver.net
events.api.secureserver.net — Cisco Umbrella Rank: 11921
1 KB
1 imgur.com
i.imgur.com — Cisco Umbrella Rank: 5853
48 KB
1 aspnetcdn.com
ajax.aspnetcdn.com — Cisco Umbrella Rank: 384
38 KB
1 googleapis.com
ajax.googleapis.com — Cisco Umbrella Rank: 303
30 KB
13 6
Domain Requested by
6 jac-eg.com 3 redirects jac-eg.com
4 events.api.secureserver.net img1.wsimg.com
4 img1.wsimg.com 4 redirects
2 img6.wsimg.com jac-eg.com
1 i.imgur.com jac-eg.com
1 ajax.aspnetcdn.com jac-eg.com
1 www.jac-eg.com jac-eg.com
1 ajax.googleapis.com jac-eg.com
13 8

This site contains no links.

Subject Issuer Validity Valid
jac-eg.com
Go Daddy Secure Certificate Authority - G2
2022-05-16 -
2023-05-16
a year crt.sh
upload.video.google.com
GTS CA 1C3
2022-07-04 -
2022-09-26
3 months crt.sh
*.api.secureserver.net
Starfield Secure Certificate Authority - G2
2021-09-14 -
2022-10-16
a year crt.sh
*.vo.msecnd.net
DigiCert SHA2 Secure Server CA
2022-07-11 -
2023-07-11
a year crt.sh
*.imgur.com
DigiCert TLS RSA SHA256 2020 CA1
2022-03-08 -
2023-03-16
a year crt.sh

This page contains 1 frames:

Primary Page: https://jac-eg.com/pop/adobe-home/login.html?log=dQwlXqMIkBvJMswDmaXn0TKdg56qREozLwmLtczXUEQ7U6iVHYQluplCafTODxIgpr4mVe2r3pQcwDZXQwVtHSlESCv2ufr3M9UV&log2=dQwlXqMIkBvJMswDmaXn0TKdg56qREozLwmLtczXUEQ7U6iVHYQluplCafTODxIgpr4mVe2r3pQcwDZXQwVtHSlESCv2ufr3M9UV
Frame ID: 20859A041BC4FB7F77D9CDF81B84A29D
Requests: 14 HTTP requests in this frame

Screenshot

Page Title

Sign In - PDF CLOUD

Page URL History Show full URLs

  1. http://jac-eg.com/pop/adobe-home HTTP 301
    https://jac-eg.com/pop/adobe-home HTTP 301
    https://jac-eg.com/pop/adobe-home/ Page URL
  2. https://jac-eg.com/pop/adobe-home/login.html?log=dQwlXqMIkBvJMswDmaXn0TKdg56qREozLwmLtczXUEQ7U6... Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Overall confidence: 100%
Detected patterns
  • jquery[.-]([\d.]*\d)[^/]*\.js
  • /([\d.]+)/jquery(?:\.min)?\.js
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

13
Requests

77 %
HTTPS

33 %
IPv6

6
Domains

8
Subdomains

7
IPs

2
Countries

399 kB
Transfer

1155 kB
Size

2
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://jac-eg.com/pop/adobe-home HTTP 301
    https://jac-eg.com/pop/adobe-home HTTP 301
    https://jac-eg.com/pop/adobe-home/ Page URL
  2. https://jac-eg.com/pop/adobe-home/login.html?log=dQwlXqMIkBvJMswDmaXn0TKdg56qREozLwmLtczXUEQ7U6iVHYQluplCafTODxIgpr4mVe2r3pQcwDZXQwVtHSlESCv2ufr3M9UV&log2=dQwlXqMIkBvJMswDmaXn0TKdg56qREozLwmLtczXUEQ7U6iVHYQluplCafTODxIgpr4mVe2r3pQcwDZXQwVtHSlESCv2ufr3M9UV Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0
  • http://jac-eg.com/pop/adobe-home HTTP 301
  • https://jac-eg.com/pop/adobe-home HTTP 301
  • https://jac-eg.com/pop/adobe-home/
Request Chain 2
  • https://img1.wsimg.com/tcc/tcc_l.combined.1.0.6.min.js HTTP 302
  • https://img1.wsimg.com/traffic-assets/js/tccl.min.js HTTP 302
  • https://img6.wsimg.com/wrhs/362d20193a8fed115f99b16a157b7fc4/tccl.min.js
Request Chain 5
  • https://img1.wsimg.com/tcc/tcc_l.combined.1.0.6.min.js HTTP 302
  • https://img1.wsimg.com/traffic-assets/js/tccl.min.js HTTP 302
  • https://img6.wsimg.com/wrhs/362d20193a8fed115f99b16a157b7fc4/tccl.min.js
Request Chain 6
  • https://jac-eg.com/pop/adobe-home/Sign-In-PDF-CLOUD_files/font-awesome.css HTTP 301
  • https://www.jac-eg.com/pop/adobe-home/Sign-In-PDF-CLOUD_files/font-awesome.css

13 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
/
jac-eg.com/pop/adobe-home/
Redirect Chain
  • http://jac-eg.com/pop/adobe-home
  • https://jac-eg.com/pop/adobe-home
  • https://jac-eg.com/pop/adobe-home/
4 KB
1 KB
Document
General
Full URL
https://jac-eg.com/pop/adobe-home/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
107.180.27.171 Ashburn, United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC, US),
Reverse DNS
ip-107-180-27-171.ip.secureserver.net
Software
Apache /
Resource Hash
3f682d878f697d1d46ae7d6467ed046d8a3f855193cfd06a191584524b8142b3

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
content-encoding
br
content-length
940
content-type
text/html
date
Wed, 27 Jul 2022 14:27:14 GMT
etag
"b3e0103-c8d-5a63155a46a00-br"
last-modified
Fri, 22 May 2020 00:01:44 GMT
server
Apache
vary
Accept-Encoding

Redirect headers

content-length
242
content-type
text/html; charset=iso-8859-1
date
Wed, 27 Jul 2022 14:27:14 GMT
location
https://jac-eg.com/pop/adobe-home/
server
Apache
jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/3.3.1/
85 KB
30 KB
Script
General
Full URL
https://ajax.googleapis.com/ajax/libs/jquery/3.3.1/jquery.min.js
Requested by
Host: jac-eg.com
URL: https://jac-eg.com/pop/adobe-home/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:810::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://jac-eg.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date
Wed, 27 Jul 2022 13:28:36 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
3518
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
30399
x-xss-protection
0
last-modified
Tue, 03 Mar 2020 19:15:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="hosted-libraries-pushers"
vary
Accept-Encoding
report-to
{"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges
bytes
timing-allow-origin
*
expires
Thu, 27 Jul 2023 13:28:36 GMT
tccl.min.js
img6.wsimg.com/wrhs/362d20193a8fed115f99b16a157b7fc4/
Redirect Chain
  • https://img1.wsimg.com/tcc/tcc_l.combined.1.0.6.min.js
  • https://img1.wsimg.com/traffic-assets/js/tccl.min.js
  • https://img6.wsimg.com/wrhs/362d20193a8fed115f99b16a157b7fc4/tccl.min.js
44 KB
11 KB
Script
General
Full URL
https://img6.wsimg.com/wrhs/362d20193a8fed115f99b16a157b7fc4/tccl.min.js
Requested by
Host: jac-eg.com
URL: https://jac-eg.com/pop/adobe-home/
Protocol
H2
Server
23.36.163.228 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-36-163-228.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
6cb0efedc1729d965016a35584cb00b03aa46e1a5e170f4b3ce092c7c3e99ec7

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://jac-eg.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

x-edgeconnect-origin-mex-latency
135, 135
x-amz-version-id
Z0H0F1CdjRUI_nRMydHHi17Rv0HOw5tB
content-encoding
br
etag
"362d20193a8fed115f99b16a157b7fc4"
x-amz-request-id
N5JSXGJTVEFZM8E9
x-edgeconnect-midmile-rtt
15, 15
x-amz-server-side-encryption
AES256
date
Wed, 27 Jul 2022 14:27:14 GMT
server-timing
cdn-cache; desc=HIT, edge; dur=1
content-length
11155
x-amz-id-2
73c+ZpWNgBh9xtilh6Nj22iH/BmUfkHwAgj9PgWHmvdTmSCUhi96da6Ell5SKHaif06RANK80zY=
last-modified
Mon, 11 Apr 2022 14:15:53 GMT
x-edgeconnect-cache-status
1
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=31536000
accept-ranges
bytes
timing-allow-origin
*

Redirect headers

location
https://img6.wsimg.com/wrhs/362d20193a8fed115f99b16a157b7fc4/tccl.min.js
date
Wed, 27 Jul 2022 14:27:14 GMT
cache-control
max-age=1800
access-control-allow-origin
*
timing-allow-origin
*
content-length
0
expires
Wed, 27 Jul 2022 14:57:14 GMT
event
events.api.secureserver.net/t/1/tl/
43 B
287 B
XHR
General
Full URL
https://events.api.secureserver.net/t/1/tl/event?cts=1658932034423&dh=jac-eg.com&dr=&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F103.0.5060.134%20Safari%2F537.36&vci=1242778923&cv=2.0.0&z=2058260771&vg=42000844-51ef-5f05-9f2b-424b98576c5a&vtg=42000844-51ef-5f05-9f2b-424b98576c5a&dp=%2Fpop%2Fadobe-home&ap=cpsh&trfd=%7B%22ap%22%3A%22cpsh%22%2C%22server%22%3A%22a2plcpnl0698%22%7D&hit_id=19839025-861b-5f00-a354-f08751c4aad6&ht=pageview
Requested by
Host: img1.wsimg.com
URL: https://img1.wsimg.com/tcc/tcc_l.combined.1.0.6.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2a02:26f0:3500:18::1724:a292 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000 ; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://jac-eg.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

strict-transport-security
max-age=31536000 ; includeSubDomains
x-content-type-options
nosniff
date
Wed, 27 Jul 2022 14:27:14 GMT
x-frame-options
DENY
content-type
image/gif
access-control-allow-origin
https://jac-eg.com
cache-control
private
access-control-allow-credentials
true
x-robots-tag
noindex, nofollow
content-length
43
x-xss-protection
1; mode=block
Primary Request login.html
jac-eg.com/pop/adobe-home/
780 KB
193 KB
Document
General
Full URL
https://jac-eg.com/pop/adobe-home/login.html?log=dQwlXqMIkBvJMswDmaXn0TKdg56qREozLwmLtczXUEQ7U6iVHYQluplCafTODxIgpr4mVe2r3pQcwDZXQwVtHSlESCv2ufr3M9UV&log2=dQwlXqMIkBvJMswDmaXn0TKdg56qREozLwmLtczXUEQ7U6iVHYQluplCafTODxIgpr4mVe2r3pQcwDZXQwVtHSlESCv2ufr3M9UV
Requested by
Host: jac-eg.com
URL: https://jac-eg.com/pop/adobe-home/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
107.180.27.171 Ashburn, United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC, US),
Reverse DNS
ip-107-180-27-171.ip.secureserver.net
Software
Apache /
Resource Hash
b3ed179fe81d2f20a2b7f527226bddc3080fca1ad659abfb5134585c63b29178

Request headers

Referer
https://jac-eg.com/pop/adobe-home/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
content-encoding
br
content-type
text/html
date
Wed, 27 Jul 2022 14:27:14 GMT
etag
"b3e0105-c2ec6-5a86ef5d81000-br"
last-modified
Fri, 19 Jun 2020 12:23:28 GMT
server
Apache
vary
Accept-Encoding
event
events.api.secureserver.net/t/1/tl/
43 B
287 B
XHR
General
Full URL
https://events.api.secureserver.net/t/1/tl/event?cts=1658932034428&dh=jac-eg.com&dr=&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F103.0.5060.134%20Safari%2F537.36&vci=1242778923&cv=2.0.0&z=1406882719&vg=42000844-51ef-5f05-9f2b-424b98576c5a&vtg=42000844-51ef-5f05-9f2b-424b98576c5a&dp=%2Fpop%2Fadobe-home&ap=cpsh&trfd=%7B%22ap%22%3A%22cpsh%22%2C%22server%22%3A%22a2plcpnl0698%22%7D&hit_id=c495f1e4-8efe-5eb2-817c-40988ad690e6&ht=perf&tce=1658932034112&tcs=1658932034112&tdc=1658932034424&tdclee=1658932034424&tdcles=1658932034423&tdi=1658932034423&tdl=1658932034237&tdle=1658932034112&tdls=1658932034112&tfs=1658932034112&tns=1658932033557&trqs=1658932034112&tre=1658932034236&trps=1658932034235&tles=1658932034424&tlee=0&nt=navigate&nav_type=hard
Requested by
Host: img1.wsimg.com
URL: https://img1.wsimg.com/tcc/tcc_l.combined.1.0.6.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2a02:26f0:3500:18::1724:a292 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000 ; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://jac-eg.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

strict-transport-security
max-age=31536000 ; includeSubDomains
x-content-type-options
nosniff
date
Wed, 27 Jul 2022 14:27:14 GMT
x-frame-options
DENY
content-type
image/gif
access-control-allow-origin
https://jac-eg.com
cache-control
private
access-control-allow-credentials
true
x-robots-tag
noindex, nofollow
content-length
43
x-xss-protection
1; mode=block
tccl.min.js
img6.wsimg.com/wrhs/362d20193a8fed115f99b16a157b7fc4/
Redirect Chain
  • https://img1.wsimg.com/tcc/tcc_l.combined.1.0.6.min.js
  • https://img1.wsimg.com/traffic-assets/js/tccl.min.js
  • https://img6.wsimg.com/wrhs/362d20193a8fed115f99b16a157b7fc4/tccl.min.js
44 KB
11 KB
Script
General
Full URL
https://img6.wsimg.com/wrhs/362d20193a8fed115f99b16a157b7fc4/tccl.min.js
Requested by
Host: jac-eg.com
URL: https://jac-eg.com/pop/adobe-home/login.html?log=dQwlXqMIkBvJMswDmaXn0TKdg56qREozLwmLtczXUEQ7U6iVHYQluplCafTODxIgpr4mVe2r3pQcwDZXQwVtHSlESCv2ufr3M9UV&log2=dQwlXqMIkBvJMswDmaXn0TKdg56qREozLwmLtczXUEQ7U6iVHYQluplCafTODxIgpr4mVe2r3pQcwDZXQwVtHSlESCv2ufr3M9UV
Protocol
H2
Server
23.36.163.228 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-36-163-228.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
6cb0efedc1729d965016a35584cb00b03aa46e1a5e170f4b3ce092c7c3e99ec7

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://jac-eg.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

x-edgeconnect-origin-mex-latency
135, 135
x-amz-version-id
Z0H0F1CdjRUI_nRMydHHi17Rv0HOw5tB
content-encoding
br
etag
"362d20193a8fed115f99b16a157b7fc4"
x-amz-request-id
N5JSXGJTVEFZM8E9
x-edgeconnect-midmile-rtt
15, 15
x-amz-server-side-encryption
AES256
date
Wed, 27 Jul 2022 14:27:15 GMT
server-timing
cdn-cache; desc=HIT, edge; dur=1
content-length
11155
x-amz-id-2
73c+ZpWNgBh9xtilh6Nj22iH/BmUfkHwAgj9PgWHmvdTmSCUhi96da6Ell5SKHaif06RANK80zY=
last-modified
Mon, 11 Apr 2022 14:15:53 GMT
x-edgeconnect-cache-status
1
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=31536000
accept-ranges
bytes
timing-allow-origin
*

Redirect headers

location
https://img6.wsimg.com/wrhs/362d20193a8fed115f99b16a157b7fc4/tccl.min.js
date
Wed, 27 Jul 2022 14:27:15 GMT
cache-control
max-age=1800
access-control-allow-origin
*
timing-allow-origin
*
content-length
0
expires
Wed, 27 Jul 2022 14:57:15 GMT
font-awesome.css
www.jac-eg.com/pop/adobe-home/Sign-In-PDF-CLOUD_files/
Redirect Chain
  • https://jac-eg.com/pop/adobe-home/Sign-In-PDF-CLOUD_files/font-awesome.css
  • https://www.jac-eg.com/pop/adobe-home/Sign-In-PDF-CLOUD_files/font-awesome.css
0
0
Stylesheet
General
Full URL
https://www.jac-eg.com/pop/adobe-home/Sign-In-PDF-CLOUD_files/font-awesome.css
Requested by
Host: jac-eg.com
URL: https://jac-eg.com/pop/adobe-home/login.html?log=dQwlXqMIkBvJMswDmaXn0TKdg56qREozLwmLtczXUEQ7U6iVHYQluplCafTODxIgpr4mVe2r3pQcwDZXQwVtHSlESCv2ufr3M9UV&log2=dQwlXqMIkBvJMswDmaXn0TKdg56qREozLwmLtczXUEQ7U6iVHYQluplCafTODxIgpr4mVe2r3pQcwDZXQwVtHSlESCv2ufr3M9UV
Protocol
H2
Server
107.180.27.171 Ashburn, United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC, US),
Reverse DNS
ip-107-180-27-171.ip.secureserver.net
Software
/
Resource Hash

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://jac-eg.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

Redirect headers

date
Wed, 27 Jul 2022 14:27:15 GMT
content-encoding
br
server
Apache
x-powered-by
PHP/7.4.30
vary
Accept-Encoding
content-type
text/html; charset=UTF-8
location
https://www.jac-eg.com/pop/adobe-home/Sign-In-PDF-CLOUD_files/font-awesome.css
cache-control
no-cache, must-revalidate, max-age=0
content-length
1
x-redirect-by
WordPress
expires
Wed, 11 Jan 1984 05:00:00 GMT
jquery-3.3.1.min.js
ajax.aspnetcdn.com/ajax/jQuery/
85 KB
38 KB
Script
General
Full URL
https://ajax.aspnetcdn.com/ajax/jQuery/jquery-3.3.1.min.js
Requested by
Host: jac-eg.com
URL: https://jac-eg.com/pop/adobe-home/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
152.199.19.160 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (frc/8E87) /
Resource Hash
160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://jac-eg.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36
Intervention
<https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

date
Wed, 27 Jul 2022 14:27:15 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
26313187
x-cache
HIT
content-length
38892
x-xss-protection
1; mode=block
last-modified
Mon, 22 Jan 2018 19:27:49 GMT
server
ECAcc (frc/8E87)
etag
"af301a17b793d31:0"
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
cache-control
public,max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
truncated
/
1001 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
634e6e82dbd1604a2cfd9b0303f024ef20c71eca2d655a3a2c2fd5680a5a3ed9

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

Content-Type
image/png
qLcPmYb.jpg
i.imgur.com/
48 KB
48 KB
Image
General
Full URL
https://i.imgur.com/qLcPmYb.jpg
Requested by
Host: jac-eg.com
URL: https://jac-eg.com/pop/adobe-home/login.html?log=dQwlXqMIkBvJMswDmaXn0TKdg56qREozLwmLtczXUEQ7U6iVHYQluplCafTODxIgpr4mVe2r3pQcwDZXQwVtHSlESCv2ufr3M9UV&log2=dQwlXqMIkBvJMswDmaXn0TKdg56qREozLwmLtczXUEQ7U6iVHYQluplCafTODxIgpr4mVe2r3pQcwDZXQwVtHSlESCv2ufr3M9UV
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.112.193 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software
cat factory 1.0 /
Resource Hash
180f3bc8288f8f33b56133542536937dadecc33ceb27fcba770739061a4f5f80
Security Headers
Name Value
Strict-Transport-Security max-age=300
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://jac-eg.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date
Wed, 27 Jul 2022 14:27:18 GMT
x-content-type-options
nosniff
age
2245053
x-cache
HIT, HIT
content-length
48843
x-served-by
cache-iad-kjyo7100147-IAD, cache-hhn4067-HHN
last-modified
Sat, 29 Dec 2018 09:03:04 GMT
server
cat factory 1.0
x-timer
S1658932039.702349,VS0,VE2
etag
"47eb410e11eb45bef6391d125b3dec31"
strict-transport-security
max-age=300
access-control-allow-methods
GET, OPTIONS
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
x-cache-hits
1, 1
login.html
jac-eg.com/pop/adobe-home/
64 KB
64 KB
Image
General
Full URL
https://jac-eg.com/pop/adobe-home/login.html?log=dQwlXqMIkBvJMswDmaXn0TKdg56qREozLwmLtczXUEQ7U6iVHYQluplCafTODxIgpr4mVe2r3pQcwDZXQwVtHSlESCv2ufr3M9UV&log2=dQwlXqMIkBvJMswDmaXn0TKdg56qREozLwmLtczXUEQ7U6iVHYQluplCafTODxIgpr4mVe2r3pQcwDZXQwVtHSlESCv2ufr3M9UV
Requested by
Host: jac-eg.com
URL: https://jac-eg.com/pop/adobe-home/login.html?log=dQwlXqMIkBvJMswDmaXn0TKdg56qREozLwmLtczXUEQ7U6iVHYQluplCafTODxIgpr4mVe2r3pQcwDZXQwVtHSlESCv2ufr3M9UV&log2=dQwlXqMIkBvJMswDmaXn0TKdg56qREozLwmLtczXUEQ7U6iVHYQluplCafTODxIgpr4mVe2r3pQcwDZXQwVtHSlESCv2ufr3M9UV
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
107.180.27.171 Ashburn, United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC, US),
Reverse DNS
ip-107-180-27-171.ip.secureserver.net
Software
Apache /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://jac-eg.com/pop/adobe-home/login.html?log=dQwlXqMIkBvJMswDmaXn0TKdg56qREozLwmLtczXUEQ7U6iVHYQluplCafTODxIgpr4mVe2r3pQcwDZXQwVtHSlESCv2ufr3M9UV&log2=dQwlXqMIkBvJMswDmaXn0TKdg56qREozLwmLtczXUEQ7U6iVHYQluplCafTODxIgpr4mVe2r3pQcwDZXQwVtHSlESCv2ufr3M9UV
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date
Wed, 27 Jul 2022 14:27:18 GMT
content-encoding
br
last-modified
Fri, 19 Jun 2020 12:23:28 GMT
server
Apache
etag
"b3e0105-c2ec6-5a86ef5d81000-br"
vary
Accept-Encoding
content-type
text/html
accept-ranges
bytes
event
events.api.secureserver.net/t/1/tl/
43 B
287 B
XHR
General
Full URL
https://events.api.secureserver.net/t/1/tl/event?cts=1658932038650&dh=jac-eg.com&dr=https%3A%2F%2Fjac-eg.com%2Fpop%2Fadobe-home%2F&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F103.0.5060.134%20Safari%2F537.36&vci=224421510&cv=2.0.0&z=1733459211&vg=42000844-51ef-5f05-9f2b-424b98576c5a&vtg=42000844-51ef-5f05-9f2b-424b98576c5a&dp=%2Fpop%2Fadobe-home%2Flogin.html&ap=cpsh&trfd=%7B%22ap%22%3A%22cpsh%22%2C%22server%22%3A%22a2plcpnl0698%22%7D&hit_id=dc78f15f-5bf6-502e-bb64-693b99e0c948&ht=pageview
Requested by
Host: img1.wsimg.com
URL: https://img1.wsimg.com/tcc/tcc_l.combined.1.0.6.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2a02:26f0:3500:18::1724:a292 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000 ; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://jac-eg.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

strict-transport-security
max-age=31536000 ; includeSubDomains
x-content-type-options
nosniff
date
Wed, 27 Jul 2022 14:27:19 GMT
x-frame-options
DENY
content-type
image/gif
access-control-allow-origin
https://jac-eg.com
cache-control
private
access-control-allow-credentials
true
x-robots-tag
noindex, nofollow
content-length
43
x-xss-protection
1; mode=block
event
events.api.secureserver.net/t/1/tl/
43 B
287 B
XHR
General
Full URL
https://events.api.secureserver.net/t/1/tl/event?cts=1658932038893&dh=jac-eg.com&dr=https%3A%2F%2Fjac-eg.com%2Fpop%2Fadobe-home%2F&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F103.0.5060.134%20Safari%2F537.36&vci=224421510&cv=2.0.0&z=2005080680&vg=42000844-51ef-5f05-9f2b-424b98576c5a&vtg=42000844-51ef-5f05-9f2b-424b98576c5a&dp=%2Fpop%2Fadobe-home%2Flogin.html&ap=cpsh&trfd=%7B%22ap%22%3A%22cpsh%22%2C%22server%22%3A%22a2plcpnl0698%22%7D&hit_id=97be176e-b859-5395-8a0f-f80248a7c022&ht=perf&tce=1658932034427&tcs=1658932034427&tdc=1658932038890&tdclee=1658932038751&tdcles=1658932038751&tdi=1658932038751&tdl=1658932034924&tdle=1658932034427&tdls=1658932034427&tfs=1658932034427&tns=1658932034426&trqs=1658932034428&tre=1658932034886&trps=1658932034680&tles=1658932038890&tlee=0&nt=navigate&nav_type=hard
Requested by
Host: img1.wsimg.com
URL: https://img1.wsimg.com/tcc/tcc_l.combined.1.0.6.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2a02:26f0:3500:18::1724:a292 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000 ; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://jac-eg.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

strict-transport-security
max-age=31536000 ; includeSubDomains
x-content-type-options
nosniff
date
Wed, 27 Jul 2022 14:27:19 GMT
x-frame-options
DENY
content-type
image/gif
access-control-allow-origin
https://jac-eg.com
cache-control
private
access-control-allow-credentials
true
x-robots-tag
noindex, nofollow
content-length
43
x-xss-protection
1; mode=block

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Fake Adobe Update

22 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| oncontextlost object| oncontextrestored function| structuredClone object| launchQueue object| onbeforematch function| getScreenDetails function| queryLocalFonts object| navigation object| _0x2c2d function| _0x50f6 object| CryptoJS object| Zlib function| templatePage function| $ function| jQuery function| mg object| _trfd boolean| _tcclPageReqFired object| _tcclInternal object| _expDataLayer object| _trfq object| tccl

2 Cookies

Domain/Path Name / Value
.jac-eg.com/ Name: _tccl_visitor
Value: 42000844-51ef-5f05-9f2b-424b98576c5a
.jac-eg.com/ Name: _tccl_visit
Value: 42000844-51ef-5f05-9f2b-424b98576c5a

2 Console Messages

Source Level URL
Text
javascript warning
Message:
A parser-blocking, cross site (i.e. different eTLD+1) script, https://ajax.aspnetcdn.com/ajax/jQuery/jquery-3.3.1.min.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
network error URL: https://www.jac-eg.com/pop/adobe-home/Sign-In-PDF-CLOUD_files/font-awesome.css
Message:
Failed to load resource: the server responded with a status of 404 ()