urlscan.io logo urlscan.io
SecurityTrails logo

umj-back-office.ecom.umgapps.com Open in urlscan Pro
45.60.33.79  Public Scan

Go To Rescan Add Verdict Report
URL: https://umj-back-office.ecom.umgapps.com/
Submission: On June 15 via api from US — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 2 IPs in 1 countries across 1 domains to perform 4 HTTP transactions. The main IP is 45.60.33.79, located in United States and belongs to INCAPSULA, US. The main domain is umj-back-office.ecom.umgapps.com.
TLS certificate: Issued by DigiCert Global G2 TLS RSA SHA256 202... on May 23rd 2024. Valid for: a year.
This is the only time umj-back-office.ecom.umgapps.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
4 45.60.33.79 19551 (INCAPSULA)
4 2
Apex Domain
Subdomains		 Transfer
4 umgapps.com
umj-back-office.ecom.umgapps.com
2 MB
4 1
Domain Requested by
4 umj-back-office.ecom.umgapps.com umj-back-office.ecom.umgapps.com
4 1

This site contains no links.

Subject Issuer Validity Valid
shopify.ecom.umgapps.com
DigiCert Global G2 TLS RSA SHA256 2020 CA1		 2024-05-23 -
2025-05-22		 a year crt.sh

This page contains 1 frames:

Primary Page: https://umj-back-office.ecom.umgapps.com/
Frame ID: E0C9EB5E3F1C11FCD4F0E50CB6845E65
Requests: 6 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

ログイン - Back Office [Universal Music Store]

Detected technologies

Overall confidence: 100%
Detected patterns
  • /_Incapsula_Resource

Page Statistics

4
Requests

100 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

2
IPs

1
Countries

2129 kB
Transfer

8394 kB
Size

3
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

4 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
umj-back-office.ecom.umgapps.com/ 		950 B
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://umj-back-office.ecom.umgapps.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
45.60.33.79 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
istio-envoy /
Resource Hash
6191f6146b51971d513beffe1af19fbea1db715de70d92d11790cfd9aa68665a
Security Headers
Name Value
Content-Security-Policy script-src 'self' https://jpostal-1006.appspot.com;img-src 'self' https: data:;connect-src 'self' https://chuusen.umj-back-office.com;frame-src https://www.youtube.com;default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
sec-ch-ua-mobile
?0
sec-ch-ua-platform
"Win32"

Response headers

accept-ranges
bytes
cache-control
public, max-age=0
content-encoding
gzip
content-security-policy
script-src 'self' https://jpostal-1006.appspot.com;img-src 'self' https: data:;connect-src 'self' https://chuusen.umj-back-office.com;frame-src https://www.youtube.com;default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
content-type
text/html; charset=UTF-8
cross-origin-opener-policy
same-origin
cross-origin-resource-policy
same-origin
date
Sat, 15 Jun 2024 06:14:35 GMT
etag
W/"331-1900b8b1658"
last-modified
Wed, 12 Jun 2024 08:23:03 GMT
origin-agent-cluster
?1
referrer-policy
no-referrer
server
istio-envoy
strict-transport-security
max-age=15552000; includeSubDomains
vary
Origin
x-cdn
Imperva
x-content-type-options
nosniff
x-dns-prefetch-control
off
x-download-options
noopen
x-envoy-upstream-service-time
2
x-frame-options
SAMEORIGIN
x-iinfo
1000-31084003-31084006 NNYN CT(104 106 0) RT(1718432074901 81) q(0 0 2 0) r(3 4) U12
x-permitted-cross-domain-policies
none
x-xss-protection
0
bundle.js
umj-back-office.ecom.umgapps.com/ 		8 MB
2 MB 		Script
General
Check archive.org
Download Go to
Full URL
https://umj-back-office.ecom.umgapps.com/bundle.js
Requested by
Host: umj-back-office.ecom.umgapps.com
URL: https://umj-back-office.ecom.umgapps.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
45.60.33.79 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
istio-envoy /
Resource Hash
4e371c04cb98103e0aa18dd939ebb6562feaf2d5e9cf9a0ba76eb47e6fc9daef
Security Headers
Name Value
Content-Security-Policy script-src 'self' https://jpostal-1006.appspot.com;img-src 'self' https: data:;connect-src 'self' https://chuusen.umj-back-office.com;frame-src https://www.youtube.com;default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

content-security-policy
script-src 'self' https://jpostal-1006.appspot.com;img-src 'self' https: data:;connect-src 'self' https://chuusen.umj-back-office.com;frame-src https://www.youtube.com;default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
strict-transport-security
max-age=15552000; includeSubDomains
x-content-type-options
nosniff
date
Sat, 15 Jun 2024 06:14:36 GMT
content-encoding
gzip
x-permitted-cross-domain-policies
none
x-cdn
Imperva
x-dns-prefetch-control
off
x-iinfo
0-31084003-31082977 2NYN RT(1718432074901 463) q(0 0 0 -1) r(4 4) U2
x-envoy-upstream-service-time
3
cross-origin-resource-policy
same-origin
x-xss-protection
0
referrer-policy
no-referrer
last-modified
Wed, 12 Jun 2024 08:23:03 GMT
server
istio-envoy
cross-origin-opener-policy
same-origin
etag
W/"80b11d-1900b8b1658"
x-download-options
noopen
x-frame-options
SAMEORIGIN
vary
Origin
content-type
application/javascript; charset=UTF-8
origin-agent-cluster
?1
cache-control
public, max-age=0
accept-ranges
bytes
_Incapsula_Resource
umj-back-office.ecom.umgapps.com/ 		141 KB
20 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://umj-back-office.ecom.umgapps.com/_Incapsula_Resource?SWJIYLWA=719d34d31c8e3a6e6fffd425f7e032f3&ns=1&cb=262858241
Requested by
Host: umj-back-office.ecom.umgapps.com
URL: https://umj-back-office.ecom.umgapps.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
45.60.33.79 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
/
Resource Hash
b20796d0752557346fdc81ee0661e27e65d639a304de5a437a9067efcab9c169

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

cache-control
no-cache, no-store
content-encoding
gzip
x-robots-tag
noindex
content-length
20279
content-type
application/javascript
truncated
/ 		10 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
0dde493dab53b368e5ec645cd2b9a89c9e0263169db6ff695d4833f33c019920

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/ 		2 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
1de608a9a4068e00f76eb02094e11c101bc1372059925b2677c481ac69ad7742

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Content-Type
image/svg+xml
favicon.ico
umj-back-office.ecom.umgapps.com/ 		4 KB
4 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://umj-back-office.ecom.umgapps.com/favicon.ico
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
45.60.33.79 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
istio-envoy /
Resource Hash
b0f9381f69000ae54140c88f2c19fd99582fc1531d3e6df50a55aab768894515
Security Headers
Name Value
Content-Security-Policy script-src 'self' https://jpostal-1006.appspot.com;img-src 'self' https: data:;connect-src 'self' https://chuusen.umj-back-office.com;frame-src https://www.youtube.com;default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

content-security-policy
script-src 'self' https://jpostal-1006.appspot.com;img-src 'self' https: data:;connect-src 'self' https://chuusen.umj-back-office.com;frame-src https://www.youtube.com;default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
strict-transport-security
max-age=15552000; includeSubDomains
x-content-type-options
nosniff
date
Sat, 15 Jun 2024 06:14:38 GMT
x-permitted-cross-domain-policies
none
x-cdn
Imperva
x-dns-prefetch-control
off
x-iinfo
0-31084003-31084006 PNNN RT(1718432074901 3316) q(0 0 0 -1) r(1 1) U2
x-envoy-upstream-service-time
2
cross-origin-resource-policy
same-origin
content-length
4286
x-xss-protection
0
referrer-policy
no-referrer
last-modified
Wed, 12 Jun 2024 08:23:03 GMT
server
istio-envoy
cross-origin-opener-policy
same-origin
etag
W/"10be-1900b8b1658"
x-download-options
noopen
x-frame-options
SAMEORIGIN
vary
Origin
content-type
image/x-icon
origin-agent-cluster
?1
cache-control
public, max-age=0
accept-ranges
bytes

Verdicts & Comments Add Verdict or Comment

7 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

undefined| event object| fence object| sharedStorage object| webpackChunkumj_back_office function| _ object| regeneratorRuntime object| cachedZip

3 Cookies

Domain/Path Name / Value
.ecom.umgapps.com/ Name: visid_incap_2955750
Value: t5E+D1EvTbOepHZcdIcR5EoxbWYAAAAAQUIPAAAAAACJcQH+TSZqkcN18JJ1zpUQ
.ecom.umgapps.com/ Name: nlbi_2955750
Value: vmWHAD6o1E0lbSt9OLUIDAAAAAABshfza+R+pnOjY3z+f5W/
.ecom.umgapps.com/ Name: incap_ses_730_2955750
Value: OhHqUuNfpFgftbw6QHshCksxbWYAAAAAZzxp+yBjNlFzmUJojg4x8A==

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy script-src 'self' https://jpostal-1006.appspot.com;img-src 'self' https: data:;connect-src 'self' https://chuusen.umj-back-office.com;frame-src https://www.youtube.com;default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0