urlscan.io logo urlscan.io
SecurityTrails logo

rainbow-e.co.jp Open in urlscan Pro
180.222.188.100  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
URL: https://rainbow-e.co.jp//mt/author/nfx/signin.php
Submission: On August 10 via manual from JP — Scanned from JP
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 2 IPs in 2 countries across 2 domains to perform 11 HTTP transactions. The main IP is 180.222.188.100, located in Japan and belongs to GMOCL GMO GlobalSign Holdings K.K., JP. The main domain is rainbow-e.co.jp.
TLS certificate: Issued by GlobalSign GCC R3 DV TLS CA 2020 on February 24th 2022. Valid for: a year.
This is the only time rainbow-e.co.jp was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Netflix (Online)

Domain & IP information

IP Address AS Autonomous System
10 180.222.188.100 131921 (GMOCL GMO...)
1 2a00:86c0:209... 40027 (NETFLIX-ASN)
11 2
Apex Domain
Subdomains		 Transfer
10 rainbow-e.co.jp
rainbow-e.co.jp
462 KB
1 nflxext.com
assets.nflxext.com — Cisco Umbrella Rank: 4071
85 KB
11 2
Domain Requested by
10 rainbow-e.co.jp rainbow-e.co.jp
1 assets.nflxext.com rainbow-e.co.jp
11 2

This site contains no links.

Subject Issuer Validity Valid
rainbow-e.co.jp
GlobalSign GCC R3 DV TLS CA 2020		 2022-02-24 -
2023-03-28		 a year crt.sh
*.1.nflxso.net
DigiCert TLS RSA SHA256 2020 CA1		 2022-07-16 -
2022-08-17		 a month crt.sh

This page contains 1 frames:

Primary Page: https://rainbow-e.co.jp//mt/author/nfx/signin.php
Frame ID: 056E4E7163C1C80394C270163895E938
Requests: 11 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Netflix

Detected technologies

Overall confidence: 100%
Detected patterns
  • \.php(?:$|\?)
Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
  • bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js
Overall confidence: 100%
Detected patterns
  • <[^>]+data-react
Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]+(?:([\d.]+)/)?(?:css/)?font-awesome(?:\.min)?\.css
  • <link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
  • (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
Overall confidence: 100%
Detected patterns
  • jquery[.-]([\d.]*\d)[^/]*\.js
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

11
Requests

100 %
HTTPS

50 %
IPv6

2
Domains

2
Subdomains

2
IPs

2
Countries

546 kB
Transfer

543 kB
Size

0
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

11 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request signin.php
rainbow-e.co.jp//mt/author/nfx/ 		4 KB
4 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://rainbow-e.co.jp//mt/author/nfx/signin.php
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
180.222.188.100 , Japan, ASN131921 (GMOCL GMO GlobalSign Holdings K.K., JP),
Reverse DNS
Software
nginx /
Resource Hash
acece6c54f1bf73c5c49b5113a115e6de1c4fbb92f2f5ee47028ea370fd806c3
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
accept-language
jp-JP,jp;q=0.9

Response headers

Connection
keep-alive
Content-Length
3885
Content-Type
text/html
Date
Wed, 10 Aug 2022 07:43:57 GMT
Server
nginx
Strict-Transport-Security
max-age=31536000
bootstrap.min.css
rainbow-e.co.jp//mt/author/nfx/assets/ 		147 KB
148 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://rainbow-e.co.jp//mt/author/nfx/assets/bootstrap.min.css
Requested by
Host: rainbow-e.co.jp
URL: https://rainbow-e.co.jp//mt/author/nfx/signin.php
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
180.222.188.100 , Japan, ASN131921 (GMOCL GMO GlobalSign Holdings K.K., JP),
Reverse DNS
Software
nginx /
Resource Hash
aebf611c1438dc7ec748e9a6364c734066b34bf2a1c7e2fc6511ed784635b50e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
https://rainbow-e.co.jp//mt/author/nfx/signin.php
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Date
Wed, 10 Aug 2022 07:43:57 GMT
Last-Modified
Mon, 08 Aug 2022 21:06:26 GMT
Server
nginx
ETag
"92001e-24dd4-3056d880"
Strict-Transport-Security
max-age=31536000
Content-Type
text/css
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
150996
font-awesome.min.css
rainbow-e.co.jp//mt/author/nfx/assets/ 		30 KB
30 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://rainbow-e.co.jp//mt/author/nfx/assets/font-awesome.min.css
Requested by
Host: rainbow-e.co.jp
URL: https://rainbow-e.co.jp//mt/author/nfx/signin.php
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
180.222.188.100 , Japan, ASN131921 (GMOCL GMO GlobalSign Holdings K.K., JP),
Reverse DNS
Software
nginx /
Resource Hash
7d3ed5e7e4c4aafe8c1f5d004e7eee33b5887117d2125848352a2cda86dd7ed0
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
https://rainbow-e.co.jp//mt/author/nfx/signin.php
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Date
Wed, 10 Aug 2022 07:43:57 GMT
Last-Modified
Mon, 08 Aug 2022 21:06:26 GMT
Server
nginx
ETag
"920026-78e2-3056d880"
Strict-Transport-Security
max-age=31536000
Content-Type
text/css
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
30946
master.css
rainbow-e.co.jp//mt/author/nfx/assets/ 		11 KB
11 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://rainbow-e.co.jp//mt/author/nfx/assets/master.css
Requested by
Host: rainbow-e.co.jp
URL: https://rainbow-e.co.jp//mt/author/nfx/signin.php
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
180.222.188.100 , Japan, ASN131921 (GMOCL GMO GlobalSign Holdings K.K., JP),
Reverse DNS
Software
nginx /
Resource Hash
5bb22c19126b5c50d6849192651c07049948fc371c90770167f2f53c0ed2d727
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
https://rainbow-e.co.jp//mt/author/nfx/signin.php
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Date
Wed, 10 Aug 2022 07:43:58 GMT
Last-Modified
Mon, 08 Aug 2022 21:06:26 GMT
Server
nginx
ETag
"92002e-2c5d-3056d880"
Strict-Transport-Security
max-age=31536000
Content-Type
text/css
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
11357
jquery-3.1.1.slim.min.js
rainbow-e.co.jp//mt/author/nfx/assets/ 		95 KB
95 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://rainbow-e.co.jp//mt/author/nfx/assets/jquery-3.1.1.slim.min.js
Requested by
Host: rainbow-e.co.jp
URL: https://rainbow-e.co.jp//mt/author/nfx/signin.php
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
180.222.188.100 , Japan, ASN131921 (GMOCL GMO GlobalSign Holdings K.K., JP),
Reverse DNS
Software
nginx /
Resource Hash
28cb3cf3a0253d7f0aecf2f52159dfc6cb9bca679a5011ff19cb30b9c52cbcfa
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
https://rainbow-e.co.jp//mt/author/nfx/signin.php
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Date
Wed, 10 Aug 2022 07:43:58 GMT
Last-Modified
Mon, 08 Aug 2022 21:06:26 GMT
Server
nginx
ETag
"920028-17b57-3056d880"
Strict-Transport-Security
max-age=31536000
Content-Type
application/x-javascript
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
97111
tether.min.js
rainbow-e.co.jp//mt/author/nfx/assets/ 		24 KB
25 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://rainbow-e.co.jp//mt/author/nfx/assets/tether.min.js
Requested by
Host: rainbow-e.co.jp
URL: https://rainbow-e.co.jp//mt/author/nfx/signin.php
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
180.222.188.100 , Japan, ASN131921 (GMOCL GMO GlobalSign Holdings K.K., JP),
Reverse DNS
Software
nginx /
Resource Hash
80bd626eb6d57112072a508ee4e5ce3c2fe5673fe0a5d029810033b24aaa5e9f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
https://rainbow-e.co.jp//mt/author/nfx/signin.php
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Date
Wed, 10 Aug 2022 07:43:58 GMT
Last-Modified
Mon, 08 Aug 2022 21:06:26 GMT
Server
nginx
ETag
"920022-619d-3056d880"
Strict-Transport-Security
max-age=31536000
Content-Type
application/x-javascript
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
24989
bootstrap.min.js
rainbow-e.co.jp//mt/author/nfx/assets/ 		46 KB
46 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://rainbow-e.co.jp//mt/author/nfx/assets/bootstrap.min.js
Requested by
Host: rainbow-e.co.jp
URL: https://rainbow-e.co.jp//mt/author/nfx/signin.php
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
180.222.188.100 , Japan, ASN131921 (GMOCL GMO GlobalSign Holdings K.K., JP),
Reverse DNS
Software
nginx /
Resource Hash
fa421b6ebbd2fb474d3a3866409ce6c1efd120b47ff256fffb8f8f50d556d3d9
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
https://rainbow-e.co.jp//mt/author/nfx/signin.php
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Date
Wed, 10 Aug 2022 07:43:58 GMT
Last-Modified
Mon, 08 Aug 2022 21:06:26 GMT
Server
nginx
ETag
"92002b-b63d-3056d880"
Strict-Transport-Security
max-age=31536000
Content-Type
application/x-javascript
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
46653
footerlogin.png
rainbow-e.co.jp//mt/author/nfx/assets/ 		6 KB
6 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://rainbow-e.co.jp//mt/author/nfx/assets/footerlogin.png
Requested by
Host: rainbow-e.co.jp
URL: https://rainbow-e.co.jp//mt/author/nfx/signin.php
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
180.222.188.100 , Japan, ASN131921 (GMOCL GMO GlobalSign Holdings K.K., JP),
Reverse DNS
Software
nginx /
Resource Hash
361be9f4111800b0968c8cfbd8923626670e9a186f593b9b5d3e32bb446d1602
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
https://rainbow-e.co.jp//mt/author/nfx/signin.php
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Date
Wed, 10 Aug 2022 07:43:58 GMT
Last-Modified
Mon, 08 Aug 2022 21:06:26 GMT
Server
nginx
ETag
"920021-181c-3056d880"
Strict-Transport-Security
max-age=31536000
Content-Type
image/png
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
6172
login-the-crown_2-1500x1000.jpg
assets.nflxext.com/ffe/siteui/acquisition/login/ 		84 KB
85 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://assets.nflxext.com/ffe/siteui/acquisition/login/login-the-crown_2-1500x1000.jpg
Requested by
Host: rainbow-e.co.jp
URL: https://rainbow-e.co.jp//mt/author/nfx/assets/master.css
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
2a00:86c0:2090::1 , United States, ASN40027 (NETFLIX-ASN, US),
Reverse DNS
Software
nginx /
Resource Hash
baafd74a4cb4dc594b614eeb45c7267bb1af729d9271752460348ece16532d04

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
https://rainbow-e.co.jp/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Date
Wed, 10 Aug 2022 07:43:58 GMT
Last-Modified
Mon, 24 Oct 2016 20:49:51 GMT
Server
nginx
Content-MD5
5GY/BZWwL7HDlH/B8V64Eg==
Content-Type
image/jpeg
Cache-Control
max-age=604801
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
86226
Expires
Wed, 17 Aug 2022 07:43:59 GMT
fontawesome-webfont.woff2
rainbow-e.co.jp//mt/author/nfx/assets/ 		0
0 		Font
General
Check archive.org
Download Go to
Full URL
https://rainbow-e.co.jp//mt/author/nfx/assets/fontawesome-webfont.woff2?v=4.7.0
Requested by
Host: rainbow-e.co.jp
URL: https://rainbow-e.co.jp//mt/author/nfx/assets/font-awesome.min.css
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
180.222.188.100 , Japan, ASN131921 (GMOCL GMO GlobalSign Holdings K.K., JP),
Reverse DNS
Software
nginx /
Resource Hash

Request headers

Referer
https://rainbow-e.co.jp//mt/author/nfx/assets/font-awesome.min.css
Origin
https://rainbow-e.co.jp
accept-language
jp-JP,jp;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Date
Wed, 10 Aug 2022 07:43:58 GMT
Server
nginx
Connection
keep-alive
Content-Length
324
Content-Type
text/html; charset=iso-8859-1
fontawesome-webfont.woff
rainbow-e.co.jp//mt/author/nfx/assets/ 		96 KB
96 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://rainbow-e.co.jp//mt/author/nfx/assets/fontawesome-webfont.woff?v=4.7.0
Requested by
Host: rainbow-e.co.jp
URL: https://rainbow-e.co.jp//mt/author/nfx/assets/font-awesome.min.css
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
180.222.188.100 , Japan, ASN131921 (GMOCL GMO GlobalSign Holdings K.K., JP),
Reverse DNS
Software
nginx /
Resource Hash
ba0c59deb5450f5cb41b3f93609ee2d0d995415877ddfa223e8a8a7533474f07
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Referer
https://rainbow-e.co.jp//mt/author/nfx/assets/font-awesome.min.css
Origin
https://rainbow-e.co.jp
accept-language
jp-JP,jp;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Date
Wed, 10 Aug 2022 07:43:58 GMT
Last-Modified
Mon, 08 Aug 2022 21:06:26 GMT
Server
nginx
ETag
"92001b-17ee8-3056d880"
Strict-Transport-Security
max-age=31536000
Content-Type
text/plain
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
98024

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Netflix (Online)

12 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| oncontextlost object| oncontextrestored function| structuredClone object| launchQueue object| onbeforematch function| getScreenDetails function| queryLocalFonts object| navigation function| $ function| jQuery function| Tether object| jQuery112208912459479962023

0 Cookies

1 Console Messages

Source Level URL
Text
network error URL: https://rainbow-e.co.jp//mt/author/nfx/assets/fontawesome-webfont.woff2?v=4.7.0
Message:
Failed to load resource: the server responded with a status of 404 (Not Found)

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=31536000