cjchang.org
Open in
urlscan Pro
204.44.192.24
Malicious Activity!
Public Scan
Submission: On September 29 via manual from CR — Scanned from CA
Summary
TLS certificate: Issued by R3 on August 11th 2022. Valid for: 3 months.
This is the only time cjchang.org was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: American Express (Financial)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 | 204.44.192.24 204.44.192.24 | 8100 (ASN-QUADR...) (ASN-QUADRANET-GLOBAL) | |
4 | 2a04:4e42:200... 2a04:4e42:200::393 | 54113 (FASTLY) (FASTLY) | |
1 | 2607:f8b0:400... 2607:f8b0:4006:817::200a | 15169 (GOOGLE) (GOOGLE) | |
5 | 104.127.64.56 104.127.64.56 | 16625 (AKAMAI-AS) (AKAMAI-AS) | |
11 | 5 |
ASN16625 (AKAMAI-AS, US)
PTR: a104-127-64-56.deploy.static.akamaitechnologies.com
www.aexp-static.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
5 |
aexp-static.com
www.aexp-static.com — Cisco Umbrella Rank: 13317 |
293 KB |
4 |
cloudinary.com
res.cloudinary.com — Cisco Umbrella Rank: 2313 |
129 KB |
1 |
googleapis.com
ajax.googleapis.com — Cisco Umbrella Rank: 284 |
30 KB |
1 |
cjchang.org
cjchang.org |
17 KB |
11 | 4 |
Domain | Requested by | |
---|---|---|
5 | www.aexp-static.com |
res.cloudinary.com
|
4 | res.cloudinary.com |
cjchang.org
res.cloudinary.com |
1 | ajax.googleapis.com |
cjchang.org
|
1 | cjchang.org | |
11 | 4 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
*.cjchang.org R3 |
2022-08-11 - 2022-11-09 |
3 months | crt.sh |
*.cloudinary.com Go Daddy Secure Certificate Authority - G2 |
2022-05-30 - 2023-07-01 |
a year | crt.sh |
upload.video.google.com GTS CA 1C3 |
2022-09-12 - 2022-12-05 |
3 months | crt.sh |
m.americanexpress.com DigiCert SHA2 Extended Validation Server CA |
2022-05-16 - 2023-05-15 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://cjchang.org/Demo/
Frame ID: 8BB3E57039DE89A6407C9CED2F16DF8F
Requests: 24 HTTP requests in this frame
Screenshot
Page Title
Re-Confirmation | American ExpressDetected technologies
Amex Express Checkout (Payment processors) ExpandDetected patterns
- aexp-static\.com
React (JavaScript Frameworks) Expand
Detected patterns
- <[^>]+data-react
jQuery (JavaScript Libraries) Expand
Detected patterns
- /([\d.]+)/jquery(?:\.min)?\.js
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Redirected requests
There were HTTP redirect chains for the following requests:
11 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
/
cjchang.org/Demo/ |
51 KB 17 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
dls_dcv5up.css
res.cloudinary.com/dwpwiydgc/raw/upload/v1605901006/ |
395 KB 41 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
font_cwhs2t.css
res.cloudinary.com/dwpwiydgc/raw/upload/v1605901073/ |
212 KB 19 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
fonts_n74ldn.css
res.cloudinary.com/dwpwiydgc/raw/upload/v1605901085/ |
104 KB 68 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/3.1.1/ |
85 KB 30 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
2 KB 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
2 KB 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
2 KB 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
3be50273-0b2e-4aef-ae68-882eacd611f9-3.woff
www.aexp-static.com/nav/ngn/fonts/ |
36 KB 37 KB |
Font
font/woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Roboto-Regular.woff
www.aexp-static.com/cdaas/one/statics/axp-dls/5.10.1/package/dist/fonts/ |
75 KB 75 KB |
Font
font/woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Roboto-Medium.woff
www.aexp-static.com/cdaas/one/statics/axp-dls/5.10.1/package/dist/fonts/ |
71 KB 72 KB |
Font
font/woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
917 B 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
316 B 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
644 B 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
1 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
1 KB 0 |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
764 B 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
984 B 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
2 KB 0 |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
43 B 0 |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
amex-fuid-sprite.png
res.cloudinary.com/dwpwiydgc/raw/upload/v1605901085/ |
0 431 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
2 KB 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
0fababca-4914-46dd-9b0f-efbd51f67ae8-3.woff
www.aexp-static.com/nav/ngn/fonts/ |
37 KB 38 KB |
Font
font/woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Roboto-Light.woff
www.aexp-static.com/cdaas/one/statics/axp-dls/5.10.1/package/dist/fonts/ |
72 KB 72 KB |
Font
font/woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: American Express (Financial)15 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onbeforeinput object| oncontextlost object| oncontextrestored function| structuredClone object| launchQueue object| onbeforematch function| getScreenDetails function| queryLocalFonts object| navigation function| $ function| jQuery function| b function| a function| c function| f0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
1 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
ajax.googleapis.com
cjchang.org
res.cloudinary.com
www.aexp-static.com
104.127.64.56
204.44.192.24
2607:f8b0:4006:817::200a
2a04:4e42:200::393
028f643755987211bf2f3add6c62ae1870a888cf2f4fe3040a4fac7dce2543ab
08ed7823c2cdb7b89093fa8c4fd9eee8c66da6a72be66d31fac37e690f2531a9
40b0844ef65bb97ad1f9a4e57c1a5cfd95f048dbceff0402b24d4fda0d68e9e8
428a13dcd90b9a52dac690a578092e1b24e6121952668d4bcf001a6287c880dd
48050d8eeb740bb31aaad9eb82bcd4a493b474c9385eeda5fc2ca2ea279cffad
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
568d1bad8ef5d3ee9e14e5bdc304985d4d9a8d791bfe4fdb689fc2bef638466c
56b8e90244c34621e294d3357edfef9a1467e501773ed21b25dc6367ab3d7803
5c5381a437e62da458e251201a5c46af59e750b8f40470b77d00ce9fcf08fc6b
5cb5e693ba5e56c274a113f77c50becb662d18324b2ed681432f60ee4761de3d
677a6a5da6f0e85f66c5232fc39ffd285ed010a9498c40cdd7e56d2ff0b7e7da
7ef974010abfe71fb92dc3f53e3948e1e544cf6821bf9802ea0bf35fa8fe5af6
85556761a8800d14ced8fcd41a6b8b26bf012d44a318866c0d81a62092efd9bf
996e3f0f97560275527906b77b77ea592f06b410225d40ae7880a3caef3466ff
acddc65fd3cdc9eecc019e24154e3199b6cc918d0c4f5baea10a7d170a431859
aceafc4f408e21149b229fc07eb7735b8aea8b3e93a421bbe6eefe54b96f208d
b1ee2c9edcb3f450400bfae23a95a9f819e3802f6becc00698d657e9781a4dee
b73e78d39762572c05c0f4fea00f57d703dba65f6744514ef7a8e029318684ef
bd019a6147dd61d8a25b62afee3861027b5267ddd8d9d25d60bcfc4ddc4ed875
c39e8554624a4b74e596d2bfa96bdd4d30dbc395532ab32e67591c0e929080e9
d5d7822393d3103ec421f72f09c7f7c78948c68da112031c0afd1c0b0da92c08
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e9f9fab2d479b79aca1d3d3bf0a9fc36131752869363180bef040905a008cc1b
fc69234936c0df004440641a5df9ee1e3c3532df5780984f0f636e85e8788519