rakuten-usera.pages.dev
Open in
urlscan Pro
172.66.45.9
Malicious Activity!
Public Scan
URL:
https://rakuten-usera.pages.dev/vc
Submission Tags: gc
Submission: On June 26 via api from JP — Scanned from JP
Submission Tags: gc
Submission: On June 26 via api from JP — Scanned from JP
Summary
This website contacted 2 IPs
in 2 countries
across 2 domains to perform 19 HTTP transactions.
The main IP is 172.66.45.9, located in
United States and
belongs to CLOUDFLARENET, US.
The main domain is rakuten-usera.pages.dev.
TLS certificate: Issued by GTS CA 1P5 on May 22nd 2023. Valid for: 3 months.
This is the only time rakuten-usera.pages.dev was scanned on urlscan.io!
TLS certificate: Issued by GTS CA 1P5 on May 22nd 2023. Valid for: 3 months.
This is the only time rakuten-usera.pages.dev was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Rakuten (E-commerce)Domain & IP information
| IP Address | AS Autonomous System | ||
|---|---|---|---|
| 18 | 172.66.45.9 172.66.45.9 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
| 1 | 35.189.135.172 35.189.135.172 | 15169 (GOOGLE) (GOOGLE) | |
| 19 | 2 |
1
35.189.135.172
(Tokyo, Japan)
ASN15169 (GOOGLE, US)
PTR: 172.135.189.35.bc.googleusercontent.com
ASN15169 (GOOGLE, US)
PTR: 172.135.189.35.bc.googleusercontent.com
| aulink.linkpc.net |
| Apex Domain Subdomains |
Transfer | |
|---|---|---|
| 18 |
pages.dev
rakuten-usera.pages.dev |
113 KB |
| 1 |
linkpc.net
aulink.linkpc.net |
4 KB |
| 19 | 2 |
| Domain | Requested by | |
|---|---|---|
| 18 | rakuten-usera.pages.dev |
rakuten-usera.pages.dev
|
| 1 | aulink.linkpc.net |
rakuten-usera.pages.dev
|
| 19 | 2 |
This site contains links to these domains. Also see Links.
| Domain |
|---|
| ichiba.faq.rakuten.net |
| member.id.rakuten.co.jp |
| privacy.rakuten.co.jp |
| Subject Issuer | Validity | Valid | |
|---|---|---|---|
| rakuten-usera.pages.dev GTS CA 1P5 |
2023-05-22 - 2023-08-20 |
3 months | crt.sh |
| aulink.publicvm.com R3 |
2023-03-30 - 2023-06-28 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://rakuten-usera.pages.dev/vc
Frame ID: AAB1CE3B2ADF2C32A5F0FBCB4D1BC344
Requests: 19 HTTP requests in this frame
Screenshot
Page Title
【楽天】ログインDetected technologies
Modernizr
(JavaScript Libraries)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- ([\d.]+)?/modernizr(?:\.([\d.]+))?.*\.js
jQuery
(JavaScript Libraries)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
4 Outgoing links
These are links going to different origins than the main page.
URL: https://ichiba.faq.rakuten.net/
Title: ヘルプ
Title: ヘルプ
Search URL Search Domain Scan URL
URL: https://member.id.rakuten.co.jp/rms/nid/upkfwd
Title: こちら
Title: こちら
Search URL Search Domain Scan URL
URL: https://ichiba.faq.rakuten.net/detail/000006826
Title: こちら
Title: こちら
Search URL Search Domain Scan URL
URL: https://privacy.rakuten.co.jp/
Title: 個人情報保護方針
Title: 個人情報保護方針
Search URL Search Domain Scan URL
Redirected requests
There were HTTP redirect chains for the following requests:
19 HTTP transactions
| Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
GET H2 |
Primary Request
vc
rakuten-usera.pages.dev/ |
67 B 608 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
getpage.js
rakuten-usera.pages.dev/assets/js/ |
2 KB 1 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
source.php
aulink.linkpc.net/ |
13 KB 4 KB |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H3 |
common_login.css
rakuten-usera.pages.dev/assets/css/ |
12 KB 3 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H3 |
login_style.css
rakuten-usera.pages.dev/assets/css/ |
829 B 847 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H3 |
common_style.css
rakuten-usera.pages.dev/assets/css/ |
796 B 863 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H3 |
common.js
rakuten-usera.pages.dev/assets/js/ |
44 B 527 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H3 |
Modernizr.js
rakuten-usera.pages.dev/assets/js/ |
0 474 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H3 |
jquery.min.js
rakuten-usera.pages.dev/assets/js/ |
93 KB 34 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H3 |
Rakuten_pc_32px@2x_wm.png
rakuten-usera.pages.dev/assets/img/ |
4 KB 4 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H3 |
t.gif
rakuten-usera.pages.dev/assets/gif/ |
43 B 527 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H3 |
stop_540x249.png
rakuten-usera.pages.dev/assets/img/ |
57 KB 57 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H3 |
Rakuten_pc_20px@2x.png
rakuten-usera.pages.dev/assets/img/ |
2 KB 3 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H3 |
pop.gif
rakuten-usera.pages.dev/assets/gif/ |
75 B 560 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H3 |
email-decode.min.js
rakuten-usera.pages.dev/cdn-cgi/scripts/5c5dd728/cloudflare-static/ |
1 KB 1 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H3 |
bg_btn_red_btm.gif
rakuten-usera.pages.dev/assets/gif/ |
442 B 929 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H3 |
bg_btn_red_top.gif
rakuten-usera.pages.dev/assets/gif/ |
2 KB 2 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H3 |
icon_btn_arrow.gif
rakuten-usera.pages.dev/assets/gif/ |
60 B 540 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H3 |
info.gif
rakuten-usera.pages.dev/assets/gif/ |
360 B 850 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Rakuten (E-commerce)11 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
boolean| credentialless object| onbeforetoggle object| onscrollend function| pageName string| pathname object| req function| rf function| $ function| jQuery object| form object| submitBtn0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
| Header | Value |
|---|---|
| X-Content-Type-Options | nosniff |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
aulink.linkpc.net
rakuten-usera.pages.dev
172.66.45.9
35.189.135.172
0c9e0d41e750f6fd48e598e8a9461e313e7870d2c7e3022827a8e0126e3687cd
175cf3a6b7549f715fffaddc3ec5c9f92717e7c5f63b7e36ea9592e091a80a67
2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8
33be38e33c8eb9aa13a4ed44c2e2813207bef13a5ba265818e485f0ebbc83f3b
3467c8f90ca2de51bbf93e7e13a3294b1a74cdfeff5a28f4d616e186f4191ce3
47b68dce8cb6805ad5b3ea4d27af92a241f4e29a5c12a274c852e4346a0500b4
62775ef2856f63d6399abc1d54077916df8d62b16414816012b9ff0fad4efada
69c99c22d62f18992fc22d6febed94afad5333a96c3bae413513807b891f4133
6da28d7a134d543417892f859bad07f0ac729296d84618a57d30b31810cea58a
7ab9a4d7f597471f82e8ebc6019525cd45f81decff7853062056a3c3417eba59
7dbc7429429d3a7679d829295e27b492fcfd1fa7754bea8da1e7072b7358b71a
849cd9d1c481a1b45559f5e833f40e13ee666842e6f8ba72c8e1cad9c8c15f6d
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
bb37c7c883a72423971977322817215cdc7ff2c3f67ad7572855cd6c71953e66
c6ab9a24dc120eddc1312d3389f949f1741b0e78b9ebd407461ac1fcb91f378e
d8aac016132945bbe5a1f88a60206628c5d7c12e69917cb5fcbee4a7c24440c6
da1c74f19709a743d994188c6872d77a8d05d1500e29e0dd6fbea4be2a438961
e1039b942a52729c7bd4fe9427a4f8a86816142ef90dd2be9b6ffcd353145a02
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855