rakuten-cqrd.com Open in urlscan Pro
198.55.96.141  Malicious Activity! Public Scan

3 Outgoing links

These are links going to different origins than the main page.

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Redirected requests

There were HTTP redirect chains for the following requests:

11 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request loginfwdi.php Show response rakuten-cqrd.com/ap/	32 KB 10 KB	909ms 571ms	Document text/html	198.55.96.141 ASN-QUADRANET-GLOBAL
General Check archive.org Show headers Download Go to Full URL https://rakuten-cqrd.com/ap/loginfwdi.php Protocol H2 Security TLS 1.3, , AES_256_GCM Server 198.55.96.141 Los Angeles, United States, ASN8100 (ASN-QUADRANET-GLOBAL, US), Reverse DNS 198.55.96.141.static.quadranet.com Software Apache / Resource Hash 0833318d5c4014bfe185ec43b6cb4a1bc49113cebb1c045874f454c413bb66f4 Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers access-control-allow-credentials true access-control-allow-methods POST access-control-allow-origin * cache-control no-store, no-cache, must-revalidate content-encoding gzip content-length 10107 content-type text/html;charset=utf-8 date Wed, 25 May 2022 11:00:45 GMT expires Thu, 19 Nov 1981 08:52:00 GMT pragma no-cache server Apache vary Accept-Encoding
GET H2	200	import.css www.rakuten.co.jp/com/css/id/sf/	104 B 343 B	1172ms 853ms	Stylesheet text/css	104.75.89.222 AKAMAI-AS
General Check archive.org Show headers Download Go to Full URL https://www.rakuten.co.jp/com/css/id/sf/import.css Requested by Host: rakuten-cqrd.com URL: https://rakuten-cqrd.com/ap/loginfwdi.php Protocol H2 Security TLS 1.2, ECDHE_ECDSA, AES_256_GCM Server 104.75.89.222 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US), Reverse DNS a104-75-89-222.deploy.static.akamaitechnologies.com Software Apache / Resource Hash 1c693152fcad1f68f89fca7b0fdc640195bd8d7ada9a10bf661f90884f0e7a64 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 1; mode=block Request headers accept-language de-DE,de;q=0.9 Referer https://rakuten-cqrd.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36 Response headers date Wed, 25 May 2022 11:01:03 GMT content-encoding gzip x-content-type-options nosniff last-modified Wed, 16 Nov 2011 05:03:31 GMT server Apache vary Accept-Encoding, User-Agent content-type text/css accept-ranges bytes content-length 95 x-xss-protection 1; mode=block
GET H2	200	Rakuten_sp_28px@2x.png static.id.rakuten.co.jp/static/com/img/id/	2 KB 3 KB	420ms 14ms	Image image/png	23.205.234.224 AKAMAI-AS
General Check archive.org Show headers Download Go to Show image Full URL https://static.id.rakuten.co.jp/static/com/img/id/Rakuten_sp_28px@2x.png Requested by Host: rakuten-cqrd.com URL: https://rakuten-cqrd.com/ap/loginfwdi.php Protocol H2 Security TLS 1.2, ECDHE_ECDSA, AES_256_GCM Server 23.205.234.224 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US), Reverse DNS a23-205-234-224.deploy.static.akamaitechnologies.com Software capi / Resource Hash e3c6fe7bec882eac29ed8b44fa4ea691c746025037bd31db0421673450f6f25e Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 1; mode=block Request headers accept-language de-DE,de;q=0.9 Referer https://rakuten-cqrd.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36 Response headers pragma no-cache date Wed, 25 May 2022 11:01:03 GMT x-content-type-options nosniff last-modified Tue, 17 May 2022 04:40:44 GMT server capi content-type image/png access-control-allow-origin * cache-control no-cache, no-store, must-revalidate accept-ranges bytes access-control-allow-headers Content-Type content-length 2548 x-xss-protection 1; mode=block expires Wed, 25 May 2022 11:01:03 GMT
GET H/1.1	200 OK	challenger.css challenger.api.rakuten.co.jp/static/	2 KB 1 KB	1478ms 248ms	Stylesheet text/css	133.237.48.59 RAKUTEN Rakuten G...
General Check archive.org Show headers Download Go to Full URL https://challenger.api.rakuten.co.jp/static/challenger.css?tracking_id=60f0d737-6f98-4683-912a-b19a9589d841 Requested by Host: rakuten-cqrd.com URL: https://rakuten-cqrd.com/ap/loginfwdi.php Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 133.237.48.59 , Japan, ASN23820 (RAKUTEN Rakuten Group, Inc., JP), Reverse DNS challenger01.api.rakuten.co.jp Software cgenerator / Resource Hash d5bd47efbf5b0cf47fec9e7400993f8f97362000b13f6be453ce8efc4e1ef0d7 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 1 Request headers accept-language de-DE,de;q=0.9 Referer https://rakuten-cqrd.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36 Response headers Pragma no-cache Date Wed, 25 May 2022 11:01:03 GMT Content-Encoding gzip X-Content-Type-Options nosniff Last-Modified Fri, 14 Jan 2022 01:29:10 GMT Server cgenerator Content-Type text/css; charset=utf-8 Access-Control-Allow-Origin * Cache-Control no-cache, no-store, must-revalidate Access-Control-Allow-Headers Content-Type Content-Length 647 X-Xss-Protection 1 X-Request-Id 4394ea5c-b6c3-4cd9-b283-e547cf29fd9a Expires 0
GET H/1.1	200 OK	pop.gif jp.rakuten-static.com/1/im/ic/ui/	75 B 350 B	329ms 9ms	Image image/gif	104.75.89.215 AKAMAI-AS
General Check archive.org Show headers Download Go to Show image Full URL https://jp.rakuten-static.com/1/im/ic/ui/pop.gif Requested by Host: rakuten-cqrd.com URL: https://rakuten-cqrd.com/ap/loginfwdi.php Protocol HTTP/1.1 Security TLS 1.2, ECDHE_ECDSA, AES_256_GCM Server 104.75.89.215 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US), Reverse DNS a104-75-89-215.deploy.static.akamaitechnologies.com Software Apache / Resource Hash 7ab9a4d7f597471f82e8ebc6019525cd45f81decff7853062056a3c3417eba59 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 1; mode=block Request headers accept-language de-DE,de;q=0.9 Referer https://rakuten-cqrd.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36 Response headers Date Wed, 25 May 2022 11:01:02 GMT X-Content-Type-Options nosniff Last-Modified Mon, 08 Dec 2008 04:13:32 GMT Server Apache Content-Type image/gif Connection keep-alive Accept-Ranges bytes Content-Length 75 X-XSS-Protection 1; mode=block
GET H2	200	stop_540x249.png rakuten-cqrd.com/img/	57 KB 57 KB	157ms 157ms	Image image/png	198.55.96.141 ASN-QUADRANET-GLOBAL
General Check archive.org Show headers Download Go to Show image Full URL https://rakuten-cqrd.com/img/stop_540x249.png Requested by Host: rakuten-cqrd.com URL: https://rakuten-cqrd.com/ap/loginfwdi.php Protocol H2 Security TLS 1.3, , AES_256_GCM Server 198.55.96.141 Los Angeles, United States, ASN8100 (ASN-QUADRANET-GLOBAL, US), Reverse DNS 198.55.96.141.static.quadranet.com Software Apache / Resource Hash e1039b942a52729c7bd4fe9427a4f8a86816142ef90dd2be9b6ffcd353145a02 Request headers accept-language de-DE,de;q=0.9 Referer https://rakuten-cqrd.com/ap/loginfwdi.php User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36 Response headers date Wed, 25 May 2022 11:00:45 GMT last-modified Thu, 02 Sep 2021 05:23:58 GMT server Apache accept-ranges bytes etag "e2e0-5cafc63c55780" content-length 58080 content-type image/png
GET H2	200	common.css www.rakuten.co.jp/com/css/id/sf/	2 KB 1 KB	790ms 790ms	Stylesheet text/css	104.75.89.222 AKAMAI-AS
General Check archive.org Show headers Download Go to Full URL https://www.rakuten.co.jp/com/css/id/sf/common.css Requested by Host: www.rakuten.co.jp URL: https://www.rakuten.co.jp/com/css/id/sf/import.css Protocol H2 Security TLS 1.2, ECDHE_ECDSA, AES_256_GCM Server 104.75.89.222 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US), Reverse DNS a104-75-89-222.deploy.static.akamaitechnologies.com Software Apache / Resource Hash 7f5e68e8b1e7fae38a3ee4872c95e183c97f3e18b39cfd02b1074216a9f91e82 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 1; mode=block Request headers accept-language de-DE,de;q=0.9 Referer https://www.rakuten.co.jp/com/css/id/sf/import.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36 Response headers date Wed, 25 May 2022 11:01:04 GMT content-encoding gzip x-content-type-options nosniff last-modified Tue, 27 Jul 2010 00:18:43 GMT server Apache vary Accept-Encoding, User-Agent content-type text/css accept-ranges bytes content-length 929 x-xss-protection 1; mode=block
GET H2	200	id.css www.rakuten.co.jp/com/css/id/sf/	18 KB 4 KB	1022ms 1022ms	Stylesheet text/css	104.75.89.222 AKAMAI-AS
General Check archive.org Show headers Download Go to Full URL https://www.rakuten.co.jp/com/css/id/sf/id.css Requested by Host: www.rakuten.co.jp URL: https://www.rakuten.co.jp/com/css/id/sf/import.css Protocol H2 Security TLS 1.2, ECDHE_ECDSA, AES_256_GCM Server 104.75.89.222 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US), Reverse DNS a104-75-89-222.deploy.static.akamaitechnologies.com Software Apache / Resource Hash fd1a8abe402a8953a7184bb9c3bb230b6e75e34efbdaf20a691c2ca9181e7465 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 1; mode=block Request headers accept-language de-DE,de;q=0.9 Referer https://www.rakuten.co.jp/com/css/id/sf/import.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36 Response headers date Wed, 25 May 2022 11:01:04 GMT content-encoding gzip x-content-type-options nosniff last-modified Thu, 07 Feb 2013 04:59:57 GMT server Apache vary Accept-Encoding, User-Agent content-type text/css accept-ranges bytes content-length 3592 x-xss-protection 1; mode=block
GET H2	200	psm_style.css www.rakuten.co.jp/com/css/id/sf/	3 KB 868 B	788ms 788ms	Stylesheet text/css	104.75.89.222 AKAMAI-AS
General Check archive.org Show headers Download Go to Full URL https://www.rakuten.co.jp/com/css/id/sf/psm_style.css Requested by Host: www.rakuten.co.jp URL: https://www.rakuten.co.jp/com/css/id/sf/import.css Protocol H2 Security TLS 1.2, ECDHE_ECDSA, AES_256_GCM Server 104.75.89.222 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US), Reverse DNS a104-75-89-222.deploy.static.akamaitechnologies.com Software Apache / Resource Hash 7ca3b60cecf9d09a7a015794e15a6cb66e8aa55c6dee27e1d3456ab3b7efb23f Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 1; mode=block Request headers accept-language de-DE,de;q=0.9 Referer https://www.rakuten.co.jp/com/css/id/sf/import.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36 Response headers date Wed, 25 May 2022 11:01:04 GMT content-encoding gzip x-content-type-options nosniff last-modified Tue, 17 Jul 2012 03:41:06 GMT server Apache vary Accept-Encoding, User-Agent content-type text/css accept-ranges bytes content-length 620 x-xss-protection 1; mode=block
GET H2	200	icon_circle.gif www.rakuten.co.jp/com/img/id/sf/	342 B 572 B	790ms 790ms	Image image/gif	104.75.89.222 AKAMAI-AS
General Check archive.org Show headers Download Go to Show image Full URL https://www.rakuten.co.jp/com/img/id/sf/icon_circle.gif Requested by Host: www.rakuten.co.jp URL: https://www.rakuten.co.jp/com/css/id/sf/id.css Protocol H2 Security TLS 1.2, ECDHE_ECDSA, AES_256_GCM Server 104.75.89.222 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US), Reverse DNS a104-75-89-222.deploy.static.akamaitechnologies.com Software Apache / Resource Hash f0665d11143ffaff81d3720294bf52e56a0cafa1248c4d99a42680c4d0d77d88 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 1; mode=block Request headers accept-language de-DE,de;q=0.9 Referer https://www.rakuten.co.jp/com/css/id/sf/id.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36 Response headers date Wed, 25 May 2022 11:01:05 GMT x-content-type-options nosniff last-modified Tue, 27 Jul 2010 00:18:03 GMT server Apache vary User-Agent content-type image/gif accept-ranges bytes content-length 342 x-xss-protection 1; mode=block
GET H2	200	chevron.png www.rakuten.co.jp/com/img/id/sf/	259 B 489 B	755ms 755ms	Image image/png	104.75.89.222 AKAMAI-AS
General Check archive.org Show headers Download Go to Show image Full URL https://www.rakuten.co.jp/com/img/id/sf/chevron.png Requested by Host: www.rakuten.co.jp URL: https://www.rakuten.co.jp/com/css/id/sf/id.css Protocol H2 Security TLS 1.2, ECDHE_ECDSA, AES_256_GCM Server 104.75.89.222 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US), Reverse DNS a104-75-89-222.deploy.static.akamaitechnologies.com Software Apache / Resource Hash 88eed35d75907988c5edf2688df02fd8f4a04eac7a5467d847da35ddd32c7270 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 1; mode=block Request headers accept-language de-DE,de;q=0.9 Referer https://www.rakuten.co.jp/com/css/id/sf/id.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36 Response headers date Wed, 25 May 2022 11:01:05 GMT x-content-type-options nosniff last-modified Tue, 27 Jul 2010 00:18:03 GMT server Apache vary User-Agent content-type image/png accept-ranges bytes content-length 259 x-xss-protection 1; mode=block

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Rakuten (E-commerce)

14 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| oncontextlost object| oncontextrestored function| structuredClone function| getScreenDetails function| setLang function| setLangJa function| setLangEn function| setLangCn object| __challenger_stats object| __challenger_events boolean| doRefresh object| __challenger_conf object| __challenger function| Fingerprint2Shrinked

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			rakuten-cqrd.com/	1969-12-31 23:59:59	Name: PHPSESSID Value: blgib6mbgj9j0c75pijbssatn8

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

challenger.api.rakuten.co.jp
jp.rakuten-static.com
rakuten-cqrd.com
static.id.rakuten.co.jp
www.rakuten.co.jp
104.75.89.215
104.75.89.222
133.237.48.59
198.55.96.141
23.205.234.224
0833318d5c4014bfe185ec43b6cb4a1bc49113cebb1c045874f454c413bb66f4
1c693152fcad1f68f89fca7b0fdc640195bd8d7ada9a10bf661f90884f0e7a64
7ab9a4d7f597471f82e8ebc6019525cd45f81decff7853062056a3c3417eba59
7ca3b60cecf9d09a7a015794e15a6cb66e8aa55c6dee27e1d3456ab3b7efb23f
7f5e68e8b1e7fae38a3ee4872c95e183c97f3e18b39cfd02b1074216a9f91e82
88eed35d75907988c5edf2688df02fd8f4a04eac7a5467d847da35ddd32c7270
d5bd47efbf5b0cf47fec9e7400993f8f97362000b13f6be453ce8efc4e1ef0d7
e1039b942a52729c7bd4fe9427a4f8a86816142ef90dd2be9b6ffcd353145a02
e3c6fe7bec882eac29ed8b44fa4ea691c746025037bd31db0421673450f6f25e
f0665d11143ffaff81d3720294bf52e56a0cafa1248c4d99a42680c4d0d77d88
fd1a8abe402a8953a7184bb9c3bb230b6e75e34efbdaf20a691c2ca9181e7465