rainbow-e.co.jp
Open in
urlscan Pro
180.222.188.100
Malicious Activity!
Public Scan
Submission: On August 10 via manual from JP — Scanned from JP
Summary
TLS certificate: Issued by GlobalSign GCC R3 DV TLS CA 2020 on February 24th 2022. Valid for: a year.
This is the only time rainbow-e.co.jp was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Netflix (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
10 | 180.222.188.100 180.222.188.100 | 131921 (GMOCL GMO...) (GMOCL GMO GlobalSign Holdings K.K.) | |
1 | 2a00:86c0:209... 2a00:86c0:2090::1 | 40027 (NETFLIX-ASN) (NETFLIX-ASN) | |
11 | 2 |
Apex Domain Subdomains |
Transfer | |
---|---|---|
10 |
rainbow-e.co.jp
rainbow-e.co.jp |
462 KB |
1 |
nflxext.com
assets.nflxext.com — Cisco Umbrella Rank: 4071 |
85 KB |
11 | 2 |
Domain | Requested by | |
---|---|---|
10 | rainbow-e.co.jp |
rainbow-e.co.jp
|
1 | assets.nflxext.com |
rainbow-e.co.jp
|
11 | 2 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
rainbow-e.co.jp GlobalSign GCC R3 DV TLS CA 2020 |
2022-02-24 - 2023-03-28 |
a year | crt.sh |
*.1.nflxso.net DigiCert TLS RSA SHA256 2020 CA1 |
2022-07-16 - 2022-08-17 |
a month | crt.sh |
This page contains 1 frames:
Primary Page:
https://rainbow-e.co.jp//mt/author/nfx/signin.php
Frame ID: 056E4E7163C1C80394C270163895E938
Requests: 11 HTTP requests in this frame
Screenshot
Page Title
NetflixDetected technologies
PHP (Programming Languages) ExpandDetected patterns
- \.php(?:$|\?)
Bootstrap (Web Frameworks) Expand
Detected patterns
- <link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
- bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js
React (JavaScript Frameworks) Expand
Detected patterns
- <[^>]+data-react
Font Awesome (Font Scripts) Expand
Detected patterns
- <link[^>]* href=[^>]+(?:([\d.]+)/)?(?:css/)?font-awesome(?:\.min)?\.css
- <link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
- (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
jQuery (JavaScript Libraries) Expand
Detected patterns
- jquery[.-]([\d.]*\d)[^/]*\.js
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Redirected requests
There were HTTP redirect chains for the following requests:
11 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
signin.php
rainbow-e.co.jp//mt/author/nfx/ |
4 KB 4 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
bootstrap.min.css
rainbow-e.co.jp//mt/author/nfx/assets/ |
147 KB 148 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
font-awesome.min.css
rainbow-e.co.jp//mt/author/nfx/assets/ |
30 KB 30 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
master.css
rainbow-e.co.jp//mt/author/nfx/assets/ |
11 KB 11 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery-3.1.1.slim.min.js
rainbow-e.co.jp//mt/author/nfx/assets/ |
95 KB 95 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
tether.min.js
rainbow-e.co.jp//mt/author/nfx/assets/ |
24 KB 25 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
bootstrap.min.js
rainbow-e.co.jp//mt/author/nfx/assets/ |
46 KB 46 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
footerlogin.png
rainbow-e.co.jp//mt/author/nfx/assets/ |
6 KB 6 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
login-the-crown_2-1500x1000.jpg
assets.nflxext.com/ffe/siteui/acquisition/login/ |
84 KB 85 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
fontawesome-webfont.woff2
rainbow-e.co.jp//mt/author/nfx/assets/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
fontawesome-webfont.woff
rainbow-e.co.jp//mt/author/nfx/assets/ |
96 KB 96 KB |
Font
application/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Netflix (Online)12 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| oncontextlost object| oncontextrestored function| structuredClone object| launchQueue object| onbeforematch function| getScreenDetails function| queryLocalFonts object| navigation function| $ function| jQuery function| Tether object| jQuery1122089124594799620230 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
1 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
Strict-Transport-Security | max-age=31536000 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
assets.nflxext.com
rainbow-e.co.jp
180.222.188.100
2a00:86c0:2090::1
28cb3cf3a0253d7f0aecf2f52159dfc6cb9bca679a5011ff19cb30b9c52cbcfa
361be9f4111800b0968c8cfbd8923626670e9a186f593b9b5d3e32bb446d1602
5bb22c19126b5c50d6849192651c07049948fc371c90770167f2f53c0ed2d727
7d3ed5e7e4c4aafe8c1f5d004e7eee33b5887117d2125848352a2cda86dd7ed0
80bd626eb6d57112072a508ee4e5ce3c2fe5673fe0a5d029810033b24aaa5e9f
acece6c54f1bf73c5c49b5113a115e6de1c4fbb92f2f5ee47028ea370fd806c3
aebf611c1438dc7ec748e9a6364c734066b34bf2a1c7e2fc6511ed784635b50e
ba0c59deb5450f5cb41b3f93609ee2d0d995415877ddfa223e8a8a7533474f07
baafd74a4cb4dc594b614eeb45c7267bb1af729d9271752460348ece16532d04
fa421b6ebbd2fb474d3a3866409ce6c1efd120b47ff256fffb8f8f50d556d3d9