jac-eg.com
Open in
urlscan Pro
107.180.27.171
Malicious Activity!
Public Scan
Effective URL: https://jac-eg.com/pop/adobe-home/login.html?log=dQwlXqMIkBvJMswDmaXn0TKdg56qREozLwmLtczXUEQ7U6iVHYQluplCafTODxIgpr...
Submission Tags: falconsandbox
Submission: On July 27 via api from US — Scanned from DE
Summary
TLS certificate: Issued by Go Daddy Secure Certificate Authority... on May 16th 2022. Valid for: a year.
This is the only time jac-eg.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Fake Adobe UpdateDomain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
3 7 | 107.180.27.171 107.180.27.171 | 26496 (AS-26496-...) (AS-26496-GO-DADDY-COM-LLC) | |
1 | 2a00:1450:400... 2a00:1450:4001:810::200a | 15169 (GOOGLE) (GOOGLE) | |
4 6 | 23.36.163.228 23.36.163.228 | 20940 (AKAMAI-ASN1) (AKAMAI-ASN1) | |
4 | 2a02:26f0:350... 2a02:26f0:3500:18::1724:a292 | 20940 (AKAMAI-ASN1) (AKAMAI-ASN1) | |
1 | 152.199.19.160 152.199.19.160 | 15133 (EDGECAST) (EDGECAST) | |
1 | 151.101.112.193 151.101.112.193 | 54113 (FASTLY) (FASTLY) | |
13 | 7 |
ASN26496 (AS-26496-GO-DADDY-COM-LLC, US)
PTR: ip-107-180-27-171.ip.secureserver.net
jac-eg.com | |
www.jac-eg.com |
ASN20940 (AKAMAI-ASN1, NL)
PTR: a23-36-163-228.deploy.static.akamaitechnologies.com
img1.wsimg.com | |
img6.wsimg.com |
ASN20940 (AKAMAI-ASN1, NL)
events.api.secureserver.net |
Apex Domain Subdomains |
Transfer | |
---|---|---|
7 |
jac-eg.com
3 redirects
jac-eg.com www.jac-eg.com |
258 KB |
6 |
wsimg.com
4 redirects
img1.wsimg.com — Cisco Umbrella Rank: 8736 img6.wsimg.com — Cisco Umbrella Rank: 10651 |
23 KB |
4 |
secureserver.net
events.api.secureserver.net — Cisco Umbrella Rank: 11921 |
1 KB |
1 |
imgur.com
i.imgur.com — Cisco Umbrella Rank: 5853 |
48 KB |
1 |
aspnetcdn.com
ajax.aspnetcdn.com — Cisco Umbrella Rank: 384 |
38 KB |
1 |
googleapis.com
ajax.googleapis.com — Cisco Umbrella Rank: 303 |
30 KB |
13 | 6 |
Domain | Requested by | |
---|---|---|
6 | jac-eg.com |
3 redirects
jac-eg.com
|
4 | events.api.secureserver.net |
img1.wsimg.com
|
4 | img1.wsimg.com | 4 redirects |
2 | img6.wsimg.com |
jac-eg.com
|
1 | i.imgur.com |
jac-eg.com
|
1 | ajax.aspnetcdn.com |
jac-eg.com
|
1 | www.jac-eg.com |
jac-eg.com
|
1 | ajax.googleapis.com |
jac-eg.com
|
13 | 8 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
jac-eg.com Go Daddy Secure Certificate Authority - G2 |
2022-05-16 - 2023-05-16 |
a year | crt.sh |
upload.video.google.com GTS CA 1C3 |
2022-07-04 - 2022-09-26 |
3 months | crt.sh |
*.api.secureserver.net Starfield Secure Certificate Authority - G2 |
2021-09-14 - 2022-10-16 |
a year | crt.sh |
*.vo.msecnd.net DigiCert SHA2 Secure Server CA |
2022-07-11 - 2023-07-11 |
a year | crt.sh |
*.imgur.com DigiCert TLS RSA SHA256 2020 CA1 |
2022-03-08 - 2023-03-16 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://jac-eg.com/pop/adobe-home/login.html?log=dQwlXqMIkBvJMswDmaXn0TKdg56qREozLwmLtczXUEQ7U6iVHYQluplCafTODxIgpr4mVe2r3pQcwDZXQwVtHSlESCv2ufr3M9UV&log2=dQwlXqMIkBvJMswDmaXn0TKdg56qREozLwmLtczXUEQ7U6iVHYQluplCafTODxIgpr4mVe2r3pQcwDZXQwVtHSlESCv2ufr3M9UV
Frame ID: 20859A041BC4FB7F77D9CDF81B84A29D
Requests: 14 HTTP requests in this frame
Screenshot
Page Title
Sign In - PDF CLOUDPage URL History Show full URLs
-
http://jac-eg.com/pop/adobe-home
HTTP 301
https://jac-eg.com/pop/adobe-home HTTP 301
https://jac-eg.com/pop/adobe-home/ Page URL
- https://jac-eg.com/pop/adobe-home/login.html?log=dQwlXqMIkBvJMswDmaXn0TKdg56qREozLwmLtczXUEQ7U6... Page URL
Detected technologies
Font Awesome (Font Scripts) ExpandDetected patterns
- (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
jQuery (JavaScript Libraries) Expand
Detected patterns
- jquery[.-]([\d.]*\d)[^/]*\.js
- /([\d.]+)/jquery(?:\.min)?\.js
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
http://jac-eg.com/pop/adobe-home
HTTP 301
https://jac-eg.com/pop/adobe-home HTTP 301
https://jac-eg.com/pop/adobe-home/ Page URL
- https://jac-eg.com/pop/adobe-home/login.html?log=dQwlXqMIkBvJMswDmaXn0TKdg56qREozLwmLtczXUEQ7U6iVHYQluplCafTODxIgpr4mVe2r3pQcwDZXQwVtHSlESCv2ufr3M9UV&log2=dQwlXqMIkBvJMswDmaXn0TKdg56qREozLwmLtczXUEQ7U6iVHYQluplCafTODxIgpr4mVe2r3pQcwDZXQwVtHSlESCv2ufr3M9UV Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 0- http://jac-eg.com/pop/adobe-home HTTP 301
- https://jac-eg.com/pop/adobe-home HTTP 301
- https://jac-eg.com/pop/adobe-home/
- https://img1.wsimg.com/tcc/tcc_l.combined.1.0.6.min.js HTTP 302
- https://img1.wsimg.com/traffic-assets/js/tccl.min.js HTTP 302
- https://img6.wsimg.com/wrhs/362d20193a8fed115f99b16a157b7fc4/tccl.min.js
- https://img1.wsimg.com/tcc/tcc_l.combined.1.0.6.min.js HTTP 302
- https://img1.wsimg.com/traffic-assets/js/tccl.min.js HTTP 302
- https://img6.wsimg.com/wrhs/362d20193a8fed115f99b16a157b7fc4/tccl.min.js
- https://jac-eg.com/pop/adobe-home/Sign-In-PDF-CLOUD_files/font-awesome.css HTTP 301
- https://www.jac-eg.com/pop/adobe-home/Sign-In-PDF-CLOUD_files/font-awesome.css
13 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
/
jac-eg.com/pop/adobe-home/ Redirect Chain
|
4 KB 1 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/3.3.1/ |
85 KB 30 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
tccl.min.js
img6.wsimg.com/wrhs/362d20193a8fed115f99b16a157b7fc4/ Redirect Chain
|
44 KB 11 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
event
events.api.secureserver.net/t/1/tl/ |
43 B 287 B |
XHR
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Primary Request
login.html
jac-eg.com/pop/adobe-home/ |
780 KB 193 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
event
events.api.secureserver.net/t/1/tl/ |
43 B 287 B |
XHR
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
tccl.min.js
img6.wsimg.com/wrhs/362d20193a8fed115f99b16a157b7fc4/ Redirect Chain
|
44 KB 11 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
font-awesome.css
www.jac-eg.com/pop/adobe-home/Sign-In-PDF-CLOUD_files/ Redirect Chain
|
0 0 |
Stylesheet
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headersRedirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery-3.3.1.min.js
ajax.aspnetcdn.com/ajax/jQuery/ |
85 KB 38 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
1001 B 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
qLcPmYb.jpg
i.imgur.com/ |
48 KB 48 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
login.html
jac-eg.com/pop/adobe-home/ |
64 KB 64 KB |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
event
events.api.secureserver.net/t/1/tl/ |
43 B 287 B |
XHR
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
event
events.api.secureserver.net/t/1/tl/ |
43 B 287 B |
XHR
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Fake Adobe Update22 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| oncontextlost object| oncontextrestored function| structuredClone object| launchQueue object| onbeforematch function| getScreenDetails function| queryLocalFonts object| navigation object| _0x2c2d function| _0x50f6 object| CryptoJS object| Zlib function| templatePage function| $ function| jQuery function| mg object| _trfd boolean| _tcclPageReqFired object| _tcclInternal object| _expDataLayer object| _trfq object| tccl2 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
.jac-eg.com/ | Name: _tccl_visitor Value: 42000844-51ef-5f05-9f2b-424b98576c5a |
|
.jac-eg.com/ | Name: _tccl_visit Value: 42000844-51ef-5f05-9f2b-424b98576c5a |
2 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
ajax.aspnetcdn.com
ajax.googleapis.com
events.api.secureserver.net
i.imgur.com
img1.wsimg.com
img6.wsimg.com
jac-eg.com
www.jac-eg.com
107.180.27.171
151.101.112.193
152.199.19.160
23.36.163.228
2a00:1450:4001:810::200a
2a02:26f0:3500:18::1724:a292
160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef
180f3bc8288f8f33b56133542536937dadecc33ceb27fcba770739061a4f5f80
3f682d878f697d1d46ae7d6467ed046d8a3f855193cfd06a191584524b8142b3
634e6e82dbd1604a2cfd9b0303f024ef20c71eca2d655a3a2c2fd5680a5a3ed9
6cb0efedc1729d965016a35584cb00b03aa46e1a5e170f4b3ce092c7c3e99ec7
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b3ed179fe81d2f20a2b7f527226bddc3080fca1ad659abfb5134585c63b29178
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855