urlscan.io logo urlscan.io
SecurityTrails logo

chiefearet.faqserv.com Open in urlscan Pro
34.92.59.0  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://wandering-flower-fede.a1bywmyd.workers.dev/
Effective URL: https://chiefearet.faqserv.com/pc/loginfwdi.php
Submission: On November 25 via api from JP — Scanned from JP
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 5 IPs in 3 countries across 4 domains to perform 14 HTTP transactions. The main IP is 34.92.59.0, located in Central, Hong Kong and belongs to GOOGLE-CLOUD-PLATFORM, US. The main domain is chiefearet.faqserv.com.
TLS certificate: Issued by R3 on November 24th 2022. Valid for: 3 months.
This is the only time chiefearet.faqserv.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Rakuten (E-commerce)

Domain & IP information

IP Address AS Autonomous System
1 2606:4700:303... 13335 (CLOUDFLAR...)
2 5 34.92.59.0 396982 (GOOGLE-CL...)
6 23.2.142.142 16625 (AKAMAI-AS)
1 23.39.217.169 16625 (AKAMAI-AS)
3 23.39.217.163 16625 (AKAMAI-AS)
14 5
1    2606:4700:3033::ac43:8934 (United States)

ASN13335 (CLOUDFLARENET, US)
wandering-flower-fede.a1bywmyd.workers.dev
5    34.92.59.0 (Central, Hong Kong)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 0.59.92.34.bc.googleusercontent.com
chiefearet.faqserv.com
6    23.2.142.142 (Tokyo, Japan)

ASN16625 (AKAMAI-AS, US)
PTR: a23-2-142-142.deploy.static.akamaitechnologies.com
grp01.id.rakuten.co.jp
static.id.rakuten.co.jp
1    23.39.217.169 (Tokyo, Japan)

ASN16625 (AKAMAI-AS, US)
PTR: a23-39-217-169.deploy.static.akamaitechnologies.com
www.rakuten.co.jp
3    23.39.217.163 (Tokyo, Japan)

ASN16625 (AKAMAI-AS, US)
PTR: a23-39-217-163.deploy.static.akamaitechnologies.com
jp.rakuten-static.com
Apex Domain
Subdomains		 Transfer
7 rakuten.co.jp
grp01.id.rakuten.co.jp
www.rakuten.co.jp — Cisco Umbrella Rank: 139252
static.id.rakuten.co.jp
14 KB
5 faqserv.com
chiefearet.faqserv.com
80 KB
3 rakuten-static.com
jp.rakuten-static.com — Cisco Umbrella Rank: 142832
1 KB
1 workers.dev
wandering-flower-fede.a1bywmyd.workers.dev
540 B
14 4
Domain Requested by
5 chiefearet.faqserv.com 2 redirects wandering-flower-fede.a1bywmyd.workers.dev
chiefearet.faqserv.com
4 grp01.id.rakuten.co.jp chiefearet.faqserv.com
grp01.id.rakuten.co.jp
3 jp.rakuten-static.com chiefearet.faqserv.com
grp01.id.rakuten.co.jp
2 static.id.rakuten.co.jp chiefearet.faqserv.com
1 www.rakuten.co.jp chiefearet.faqserv.com
1 wandering-flower-fede.a1bywmyd.workers.dev
14 6

This site contains links to these domains. Also see Links.

Domain
www.rakuten.co.jp
ichiba.faq.rakuten.net
privacy.rakuten.co.jp
Subject Issuer Validity Valid
*.a1bywmyd.workers.dev
GTS CA 1P5		 2022-11-24 -
2023-02-22		 3 months crt.sh
applyght.wikaba.com
R3		 2022-11-24 -
2023-02-22		 3 months crt.sh
*.id.rakuten.co.jp
DigiCert TLS RSA SHA256 2020 CA1		 2022-05-29 -
2023-05-31		 a year crt.sh
www.rakuten.co.jp
DigiCert SHA2 Extended Validation Server CA		 2022-05-12 -
2023-05-16		 a year crt.sh
intl.rakuten-static.com
DigiCert TLS RSA SHA256 2020 CA1		 2022-06-04 -
2023-06-07		 a year crt.sh

This page contains 1 frames:

Primary Page: https://chiefearet.faqserv.com/pc/loginfwdi.php
Frame ID: 9825812B5D4F8269875F6DDA151E75CF
Requests: 14 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

【楽天】ログイン

Page URL History Show full URLs

  1. http://wandering-flower-fede.a1bywmyd.workers.dev/ HTTP 307
    https://wandering-flower-fede.a1bywmyd.workers.dev/ Page URL
  2. http://chiefearet.faqserv.com/ HTTP 301
    https://chiefearet.faqserv.com/ HTTP 302
    https://chiefearet.faqserv.com/pc/loginfwdi.php Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • \.php(?:$|\?)

Page Statistics

14
Requests

100 %
HTTPS

20 %
IPv6

4
Domains

6
Subdomains

5
IPs

3
Countries

96 kB
Transfer

153 kB
Size

1
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://wandering-flower-fede.a1bywmyd.workers.dev/ HTTP 307
    https://wandering-flower-fede.a1bywmyd.workers.dev/ Page URL
  2. http://chiefearet.faqserv.com/ HTTP 301
    https://chiefearet.faqserv.com/ HTTP 302
    https://chiefearet.faqserv.com/pc/loginfwdi.php Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0
  • http://wandering-flower-fede.a1bywmyd.workers.dev/ HTTP 307
  • https://wandering-flower-fede.a1bywmyd.workers.dev/

14 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
/
wandering-flower-fede.a1bywmyd.workers.dev/
Redirect Chain
  • http://wandering-flower-fede.a1bywmyd.workers.dev/
  • https://wandering-flower-fede.a1bywmyd.workers.dev/
70 B
540 B 		Document
General
Check archive.org
Download Go to
Full URL
https://wandering-flower-fede.a1bywmyd.workers.dev/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3033::ac43:8934 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36
accept-language
jp-JP,jp;q=0.9

Response headers

alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-ray
76f8e74ca865ef9e-NRT
content-encoding
br
content-type
text/html;charset=UTF-8
date
Fri, 25 Nov 2022 08:09:40 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6gofiUQOgxiSeuc9%2FiRDQHVc35xdODRBhxb2iCnsdIflTMg8SmKwbw1Q3AMobFCbhvMH5ySOwsUtb20TTIskzwwEArtOHskSMYC%2B25TEyytlPd3gRMQtEq6oSd59LBgcwtP2albWklYaMQIDMRq2aotVdxZsgsE%2FNM6Axu2ibEl5O68wUhgb6Tc%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding

Redirect headers

Cross-Origin-Resource-Policy
Cross-Origin
Location
https://wandering-flower-fede.a1bywmyd.workers.dev/
Non-Authoritative-Reason
HSTS
Primary Request loginfwdi.php
chiefearet.faqserv.com/pc/
Redirect Chain
  • http://chiefearet.faqserv.com/
  • https://chiefearet.faqserv.com/
  • https://chiefearet.faqserv.com/pc/loginfwdi.php
38 KB
11 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://chiefearet.faqserv.com/pc/loginfwdi.php
Requested by
Host: wandering-flower-fede.a1bywmyd.workers.dev
URL: https://wandering-flower-fede.a1bywmyd.workers.dev/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
34.92.59.0 Central, Hong Kong, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
0.59.92.34.bc.googleusercontent.com
Software
Apache /
Resource Hash
968ad8a6087e3d78481b0a6abebb5e20fcb501126a4c091b8c0484c52c07bbfb

Request headers

Referer
https://wandering-flower-fede.a1bywmyd.workers.dev/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36
accept-language
jp-JP,jp;q=0.9

Response headers

access-control-allow-credentials
true
access-control-allow-methods
POST
access-control-allow-origin
*
cache-control
no-store, no-cache, must-revalidate, post-check=0, pre-check=0
content-encoding
gzip
content-length
11484
content-type
text/html;charset=utf-8
date
Fri, 25 Nov 2022 08:09:43 GMT
expires
Thu, 19 Nov 1981 08:52:00 GMT
pragma
no-cache
server
Apache
vary
Accept-Encoding

Redirect headers

access-control-allow-credentials
true
access-control-allow-methods
*
access-control-allow-origin
*
cache-control
no-store, no-cache, must-revalidate, post-check=0, pre-check=0
content-length
0
content-type
text/html;charset=utf-8
date
Fri, 25 Nov 2022 08:09:41 GMT
expires
Thu, 19 Nov 1981 08:52:00 GMT
location
pc/loginfwdi.php
pragma
no-cache
server
Apache
common_login.css
grp01.id.rakuten.co.jp/com/css/id/ 		11 KB
3 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://grp01.id.rakuten.co.jp/com/css/id/common_login.css
Requested by
Host: chiefearet.faqserv.com
URL: https://chiefearet.faqserv.com/pc/loginfwdi.php
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server
23.2.142.142 Tokyo, Japan, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-2-142-142.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
94cb3494c72248877b17b7645de205b43a281a76b8db9faca9dd24ba8000253c
Security Headers
Name Value
Strict-Transport-Security max-age=16000000; includeSubDomains; preload;
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
https://chiefearet.faqserv.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

strict-transport-security
max-age=16000000; includeSubDomains; preload;
content-encoding
gzip
x-content-type-options
nosniff
date
Fri, 25 Nov 2022 08:09:43 GMT
last-modified
Tue, 09 Aug 2022 05:55:32 GMT
server
Apache
vary
Accept-Encoding
content-type
text/css
p3p
policyref="http://privacy.rakuten.co.jp/w3c/p3p.xml",CP="CAO PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA PRE CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELi OTPi OUR DELi SAMi UNRi PUBi OTRi IND DSP"
accept-ranges
bytes
content-length
2895
x-xss-protection
1; mode=block
loginstyle.css
www.rakuten.co.jp/com/css/id/ 		1000 B
728 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.rakuten.co.jp/com/css/id/loginstyle.css
Requested by
Host: chiefearet.faqserv.com
URL: https://chiefearet.faqserv.com/pc/loginfwdi.php
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server
23.39.217.169 Tokyo, Japan, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-39-217-169.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
71f56625e8403042548151b1694675c56b6a650508ab1cc7cb8034e5b2497ce8
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
https://chiefearet.faqserv.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date
Fri, 25 Nov 2022 08:09:43 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Fri, 27 Jan 2012 07:17:39 GMT
server
Apache
vary
Accept-Encoding, User-Agent
content-type
text/css
accept-ranges
bytes
content-length
479
x-xss-protection
1; mode=block
Rakuten_pc_32px@2x_wm.png
static.id.rakuten.co.jp/static/com/img/id/ 		4 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://static.id.rakuten.co.jp/static/com/img/id/Rakuten_pc_32px@2x_wm.png
Requested by
Host: chiefearet.faqserv.com
URL: https://chiefearet.faqserv.com/pc/loginfwdi.php
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server
23.2.142.142 Tokyo, Japan, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-2-142-142.deploy.static.akamaitechnologies.com
Software
capi /
Resource Hash
6da28d7a134d543417892f859bad07f0ac729296d84618a57d30b31810cea58a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
https://chiefearet.faqserv.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 25 Nov 2022 08:09:43 GMT
x-content-type-options
nosniff
last-modified
Tue, 19 Jul 2022 04:05:55 GMT
server
capi
content-type
image/png
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
accept-ranges
bytes
access-control-allow-headers
Content-Type
content-length
3746
x-xss-protection
1; mode=block
expires
Fri, 25 Nov 2022 08:09:43 GMT
t.gif
jp.rakuten-static.com/1/im/ci/header/ 		43 B
318 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://jp.rakuten-static.com/1/im/ci/header/t.gif
Requested by
Host: chiefearet.faqserv.com
URL: https://chiefearet.faqserv.com/pc/loginfwdi.php
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server
23.39.217.163 Tokyo, Japan, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-39-217-163.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
https://chiefearet.faqserv.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

Date
Fri, 25 Nov 2022 08:09:43 GMT
X-Content-Type-Options
nosniff
Last-Modified
Tue, 03 Jul 2012 07:20:22 GMT
Server
Apache
Content-Type
image/gif
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
43
X-XSS-Protection
1; mode=block
stop_540x249.png
chiefearet.faqserv.com/img/ 		57 KB
57 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://chiefearet.faqserv.com/img/stop_540x249.png
Requested by
Host: chiefearet.faqserv.com
URL: https://chiefearet.faqserv.com/pc/loginfwdi.php
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
34.92.59.0 Central, Hong Kong, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
0.59.92.34.bc.googleusercontent.com
Software
Apache /
Resource Hash
e1039b942a52729c7bd4fe9427a4f8a86816142ef90dd2be9b6ffcd353145a02

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
https://chiefearet.faqserv.com/pc/loginfwdi.php
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date
Fri, 25 Nov 2022 08:09:43 GMT
last-modified
Thu, 02 Sep 2021 05:23:58 GMT
server
Apache
accept-ranges
bytes
etag
"e2e0-5cafc63c55780"
content-length
58080
content-type
image/png
Rakuten_pc_20px@2x.png
static.id.rakuten.co.jp/static/com/img/id/ 		2 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://static.id.rakuten.co.jp/static/com/img/id/Rakuten_pc_20px@2x.png
Requested by
Host: chiefearet.faqserv.com
URL: https://chiefearet.faqserv.com/pc/loginfwdi.php
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server
23.2.142.142 Tokyo, Japan, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-2-142-142.deploy.static.akamaitechnologies.com
Software
capi /
Resource Hash
62775ef2856f63d6399abc1d54077916df8d62b16414816012b9ff0fad4efada
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
https://chiefearet.faqserv.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 25 Nov 2022 08:09:43 GMT
x-content-type-options
nosniff
last-modified
Tue, 19 Jul 2022 04:05:55 GMT
server
capi
content-type
image/png
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
accept-ranges
bytes
access-control-allow-headers
Content-Type
content-length
2484
x-xss-protection
1; mode=block
expires
Fri, 25 Nov 2022 08:09:43 GMT
pop.gif
jp.rakuten-static.com/1/im/ic/ui/ 		75 B
350 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://jp.rakuten-static.com/1/im/ic/ui/pop.gif
Requested by
Host: chiefearet.faqserv.com
URL: https://chiefearet.faqserv.com/pc/loginfwdi.php
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server
23.39.217.163 Tokyo, Japan, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-39-217-163.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
7ab9a4d7f597471f82e8ebc6019525cd45f81decff7853062056a3c3417eba59
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
https://chiefearet.faqserv.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

Date
Fri, 25 Nov 2022 08:09:43 GMT
X-Content-Type-Options
nosniff
Last-Modified
Mon, 08 Dec 2008 04:13:32 GMT
Server
Apache
Content-Type
image/gif
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
75
X-XSS-Protection
1; mode=block
loginfwdi.php
chiefearet.faqserv.com/pc/ 		38 KB
11 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://chiefearet.faqserv.com/pc/loginfwdi.php
Requested by
Host: chiefearet.faqserv.com
URL: https://chiefearet.faqserv.com/pc/loginfwdi.php
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
34.92.59.0 Central, Hong Kong, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
0.59.92.34.bc.googleusercontent.com
Software
Apache /
Resource Hash
968ad8a6087e3d78481b0a6abebb5e20fcb501126a4c091b8c0484c52c07bbfb

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
https://chiefearet.faqserv.com/pc/loginfwdi.php
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 25 Nov 2022 08:09:44 GMT
content-encoding
gzip
server
Apache
vary
Accept-Encoding
access-control-allow-methods
POST
content-type
text/html;charset=utf-8
access-control-allow-origin
*
cache-control
no-store, no-cache, must-revalidate, post-check=0, pre-check=0
access-control-allow-credentials
true
content-length
11484
expires
Thu, 19 Nov 1981 08:52:00 GMT
bg_btn_red_btm.gif
grp01.id.rakuten.co.jp/com/img/login/ 		442 B
804 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://grp01.id.rakuten.co.jp/com/img/login/bg_btn_red_btm.gif
Requested by
Host: grp01.id.rakuten.co.jp
URL: https://grp01.id.rakuten.co.jp/com/css/id/common_login.css
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server
23.2.142.142 Tokyo, Japan, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-2-142-142.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
175cf3a6b7549f715fffaddc3ec5c9f92717e7c5f63b7e36ea9592e091a80a67
Security Headers
Name Value
Strict-Transport-Security max-age=16000000; includeSubDomains; preload;
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
https://grp01.id.rakuten.co.jp/com/css/id/common_login.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

strict-transport-security
max-age=16000000; includeSubDomains; preload;
date
Fri, 25 Nov 2022 08:09:44 GMT
x-content-type-options
nosniff
last-modified
Tue, 09 Aug 2022 05:55:32 GMT
server
Apache
content-type
image/gif
p3p
policyref="http://privacy.rakuten.co.jp/w3c/p3p.xml",CP="CAO PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA PRE CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELi OTPi OUR DELi SAMi UNRi PUBi OTRi IND DSP"
accept-ranges
bytes
content-length
442
x-xss-protection
1; mode=block
bg_btn_red_top.gif
grp01.id.rakuten.co.jp/com/img/login/ 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://grp01.id.rakuten.co.jp/com/img/login/bg_btn_red_top.gif
Requested by
Host: grp01.id.rakuten.co.jp
URL: https://grp01.id.rakuten.co.jp/com/css/id/common_login.css
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server
23.2.142.142 Tokyo, Japan, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-2-142-142.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
849cd9d1c481a1b45559f5e833f40e13ee666842e6f8ba72c8e1cad9c8c15f6d
Security Headers
Name Value
Strict-Transport-Security max-age=16000000; includeSubDomains; preload;
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
https://grp01.id.rakuten.co.jp/com/css/id/common_login.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

strict-transport-security
max-age=16000000; includeSubDomains; preload;
date
Fri, 25 Nov 2022 08:09:44 GMT
x-content-type-options
nosniff
last-modified
Tue, 09 Aug 2022 05:55:32 GMT
server
Apache
content-type
image/gif
p3p
policyref="http://privacy.rakuten.co.jp/w3c/p3p.xml",CP="CAO PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA PRE CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELi OTPi OUR DELi SAMi UNRi PUBi OTRi IND DSP"
accept-ranges
bytes
content-length
1885
x-xss-protection
1; mode=block
icon_btn_arrow.gif
grp01.id.rakuten.co.jp/com/img/id// 		60 B
421 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://grp01.id.rakuten.co.jp/com/img/id//icon_btn_arrow.gif
Requested by
Host: grp01.id.rakuten.co.jp
URL: https://grp01.id.rakuten.co.jp/com/css/id/common_login.css
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server
23.2.142.142 Tokyo, Japan, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-2-142-142.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
d8aac016132945bbe5a1f88a60206628c5d7c12e69917cb5fcbee4a7c24440c6
Security Headers
Name Value
Strict-Transport-Security max-age=16000000; includeSubDomains; preload;
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
https://grp01.id.rakuten.co.jp/com/css/id/common_login.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

strict-transport-security
max-age=16000000; includeSubDomains; preload;
date
Fri, 25 Nov 2022 08:09:44 GMT
x-content-type-options
nosniff
last-modified
Tue, 09 Aug 2022 05:55:32 GMT
server
Apache
content-type
image/gif
p3p
policyref="http://privacy.rakuten.co.jp/w3c/p3p.xml",CP="CAO PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA PRE CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELi OTPi OUR DELi SAMi UNRi PUBi OTRi IND DSP"
accept-ranges
bytes
content-length
60
x-xss-protection
1; mode=block
info.gif
jp.rakuten-static.com/1/im/ic/ui/ 		360 B
636 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://jp.rakuten-static.com/1/im/ic/ui/info.gif
Requested by
Host: grp01.id.rakuten.co.jp
URL: https://grp01.id.rakuten.co.jp/com/css/id/common_login.css
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server
23.39.217.163 Tokyo, Japan, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-39-217-163.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
33be38e33c8eb9aa13a4ed44c2e2813207bef13a5ba265818e485f0ebbc83f3b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
https://grp01.id.rakuten.co.jp/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

Date
Fri, 25 Nov 2022 08:09:44 GMT
X-Content-Type-Options
nosniff
Last-Modified
Wed, 02 Sep 2009 10:59:02 GMT
Server
Apache
Content-Type
image/gif
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
360
X-XSS-Protection
1; mode=block

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Rakuten (E-commerce)

11 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| setLang function| setLangJa function| setLangEn function| setLangCn object| __challenger_stats object| __challenger_events boolean| doRefresh object| __challenger_conf object| __challenger function| Fingerprint2Shrinked object| focusControl

1 Cookies

Domain/Path Name / Value
chiefearet.faqserv.com/ Name: PHPSESSID
Value: sk5sij4o5nkhd3lqv0u2t93gv3