chenfeng.cyou Open in urlscan Pro
204.44.85.114 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://chenfeng.cyou/
Effective URL:
https://chenfeng.cyou/login.php
Submission Tags: tweet @ap_zenmashi #phishing #フィッシング #楽天 #rakuten #詐欺 #scam tweet Search All
Submission: On December 31 via api (December 31st 2022, 10:02:10 pm UTC) from FI — Scanned from FI

Summary HTTP 15 Redirects Links 11 Behaviour Indicators

Summary

This website contacted 4 IPs in 3 countries across 3 domains to perform 15 HTTP transactions. The main IP is 204.44.85.114, located in Los Angeles, United States and belongs to PACIFICRACK, US. The main domain is chenfeng.cyou.
TLS certificate: Issued by R3 on December 31st 2022. Valid for: 3 months.

This is the only time chenfeng.cyou was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Rakuten (E-commerce)

Domain & IP information

	IP Address	AS Autonomous System
1 10	204.44.85.114 204.44.85.114	64270 (PACIFICRACK) (PACIFICRACK)
4	72.246.169.187 72.246.169.187	16625 (AKAMAI-AS) (AKAMAI-AS)
1	23.37.56.209 23.37.56.209	16625 (AKAMAI-AS) (AKAMAI-AS)
1	133.237.48.59 133.237.48.59	23820 (RAKUTEN R...) (RAKUTEN Rakuten Group)
15	4

10 204.44.85.114 (Los Angeles, United States) 1 redirects

ASN64270 (PACIFICRACK, US)
PTR: 204.44.85.114.static.quadranet.com

chenfeng.cyou	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 72.246.169.187 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a72-246-169-187.deploy.static.akamaitechnologies.com

image.card.jp.rakuten-static.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
jp.rakuten-static.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 23.37.56.209 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a23-37-56-209.deploy.static.akamaitechnologies.com

static.id.rakuten.co.jp	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 133.237.48.59 (Japan)

ASN23820 (RAKUTEN Rakuten Group, Inc., JP)
PTR: challenger01.api.rakuten.co.jp

challenger.api.rakuten.co.jp	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
10	chenfeng.cyou 1 redirects chenfeng.cyou	228 KB
4	rakuten-static.com image.card.jp.rakuten-static.com — Cisco Umbrella Rank: 527167 jp.rakuten-static.com — Cisco Umbrella Rank: 99403	5 KB
2	rakuten.co.jp static.id.rakuten.co.jp challenger.api.rakuten.co.jp	4 KB
15	3

	Domain	Requested by
10	chenfeng.cyou	1 redirects chenfeng.cyou
3	jp.rakuten-static.com	chenfeng.cyou
1	challenger.api.rakuten.co.jp	chenfeng.cyou
1	static.id.rakuten.co.jp	chenfeng.cyou
1	image.card.jp.rakuten-static.com	chenfeng.cyou
15	5

This site contains links to these domains. Also see Links.

Domain
www.rakuten-card.co.jp
www.rakuten.co.jp
static.id.rakuten.co.jp
www.jpcert.or.jp
member.id.rakuten.co.jp
privacy.rakuten.co.jp
ichiba.faq.rakuten.net

Subject Issuer	Validity	Valid
chenfeng.cyou R3	`2022-12-31` - `2023-03-31`	3 months	crt.sh
intl.rakuten-static.com DigiCert TLS RSA SHA256 2020 CA1	`2022-06-04` - `2023-06-07`	a year	crt.sh
*.id.rakuten.co.jp DigiCert TLS RSA SHA256 2020 CA1	`2022-05-29` - `2023-05-31`	a year	crt.sh
*.api.rakuten.co.jp DigiCert TLS RSA SHA256 2020 CA1	`2022-07-22` - `2023-08-22`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://chenfeng.cyou/login.php
Frame ID: 132A5764890ACD552E7C3DE022615820
Requests: 15 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

【楽天】ログイン

Page URL History Show full URLs

https://chenfeng.cyou/ HTTP 302
https://chenfeng.cyou/login.php Page URL

Detected technologies

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

\.php(?:$|\?)

Page Statistics

15
Requests

100 %
HTTPS

0 %
IPv6

3
Domains

5
Subdomains

4
IPs

3
Countries

237 kB
Transfer

257 kB
Size

1
Cookies

11 Outgoing links

These are links going to different origins than the main page.

URL: https://www.rakuten-card.co.jp/e-navi/

Search URL Search Domain Scan URL

URL: https://www.rakuten.co.jp/
Title: 楽天市場へ

Search URL Search Domain Scan URL

URL: https://www.rakuten-card.co.jp/
Title: 楽天カードトップへ

Search URL Search Domain Scan URL

URL: https://www.rakuten-card.co.jp/e-navi/faq/
Title: よくあるご質問

Search URL Search Domain Scan URL

URL: https://static.id.rakuten.co.jp/static/about_security/jpn/
Title: こちら

Search URL Search Domain Scan URL

URL: https://www.jpcert.or.jp/pr/2017/pr170002.html

Search URL Search Domain Scan URL

URL: https://member.id.rakuten.co.jp/rms/nid/upkfwd

Search URL Search Domain Scan URL

URL: https://privacy.rakuten.co.jp/
Title: 個人情報保護方針

Search URL Search Domain Scan URL

URL: https://member.id.rakuten.co.jp/r/upk.html
Title: ユーザID・パスワードを忘れた場合

Search URL Search Domain Scan URL

URL: https://ichiba.faq.rakuten.net/detail/000006766
Title: ヘルプ

Search URL Search Domain Scan URL

URL: https://member.id.rakuten.co.jp/r/membership.html
Title: 楽天会員とは？

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://chenfeng.cyou/ HTTP 302
https://chenfeng.cyou/login.php Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

15 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request login.php Show response
chenfeng.cyou/
Redirect Chain

https://chenfeng.cyou/
https://chenfeng.cyou/login.php

13 KB
4 KB

189ms
188ms

Document
text/html

204.44.85.114
PACIFICRACK

General

Check archive.org

Show headers Download Go to

Full URL: https://chenfeng.cyou/login.php
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 204.44.85.114 Los Angeles, United States, ASN64270 (PACIFICRACK, US),
Reverse DNS: 204.44.85.114.static.quadranet.com
Software: Apache /
Resource Hash: 5ad8cee60acdcaac5c525e567aba29aefc8b82b8b1d9c2e0182d22a1c6c266c3

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: fi-FI,fi;q=0.9

Response headers

cache-control: no-store, no-cache, must-revalidate
content-encoding: gzip
content-length: 4415
content-type: text/html; charset=UTF-8
date: Sat, 31 Dec 2022 22:02:02 GMT
expires: Thu, 19 Nov 1981 08:52:00 GMT
pragma: no-cache
server: Apache
vary: Accept-Encoding

Redirect headers

cache-control: no-store, no-cache, must-revalidate
content-length: 0
content-type: text/html; charset=UTF-8
date: Sat, 31 Dec 2022 22:02:02 GMT
expires: Thu, 19 Nov 1981 08:52:00 GMT
location: login.php
pragma: no-cache
server: Apache

GET
H2 200 common_login.css
chenfeng.cyou/com/css/id/ 11 KB
3 KB 189ms
189ms Stylesheet
text/css 204.44.85.114
PACIFICRACK

General

Check archive.org

Show headers Download Go to

Full URL: https://chenfeng.cyou/com/css/id/common_login.css
Requested by: Host: chenfeng.cyou
URL: https://chenfeng.cyou/login.php
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 204.44.85.114 Los Angeles, United States, ASN64270 (PACIFICRACK, US),
Reverse DNS: 204.44.85.114.static.quadranet.com
Software: Apache /
Resource Hash: 02e2c0dfb92c647f2dd29bd459fa3e73be5e0ae1302b1d7117127a9d27af638a

Request headers

accept-language: fi-FI,fi;q=0.9
Referer: https://chenfeng.cyou/login.php
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sat, 31 Dec 2022 22:02:02 GMT
content-encoding: gzip
last-modified: Sun, 24 Apr 2022 13:12:24 GMT
server: Apache
etag: "2c4e-5dd6635e29e00-gzip"
vary: Accept-Encoding
content-type: text/css
accept-ranges: bytes
content-length: 2976

GET
H2 200 loginstyle.css
chenfeng.cyou/com/css/id/ 1000 B
568 B 187ms
187ms Stylesheet
text/css 204.44.85.114
PACIFICRACK

General

Check archive.org

Show headers Download Go to

Full URL: https://chenfeng.cyou/com/css/id/loginstyle.css
Requested by: Host: chenfeng.cyou
URL: https://chenfeng.cyou/login.php
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 204.44.85.114 Los Angeles, United States, ASN64270 (PACIFICRACK, US),
Reverse DNS: 204.44.85.114.static.quadranet.com
Software: Apache /
Resource Hash: 71f56625e8403042548151b1694675c56b6a650508ab1cc7cb8034e5b2497ce8

Request headers

accept-language: fi-FI,fi;q=0.9
Referer: https://chenfeng.cyou/login.php
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sat, 31 Dec 2022 22:02:02 GMT
content-encoding: gzip
last-modified: Sun, 24 Apr 2022 13:12:30 GMT
server: Apache
etag: "3e8-5dd66363e2b80-gzip"
vary: Accept-Encoding
content-type: text/css
accept-ranges: bytes
content-length: 479

GET
H2 200 loading.gif
chenfeng.cyou/ 158 KB
160 KB 357ms
356ms Image
image/gif 204.44.85.114
PACIFICRACK

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://chenfeng.cyou/loading.gif
Requested by: Host: chenfeng.cyou
URL: https://chenfeng.cyou/login.php
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 204.44.85.114 Los Angeles, United States, ASN64270 (PACIFICRACK, US),
Reverse DNS: 204.44.85.114.static.quadranet.com
Software: Apache /
Resource Hash: 243741d0fd578219a8a40b166481845038610031528c5ae851783e228de53867

Request headers

accept-language: fi-FI,fi;q=0.9
Referer: https://chenfeng.cyou/login.php
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sat, 31 Dec 2022 22:02:02 GMT
last-modified: Wed, 27 Apr 2022 02:47:15 GMT
server: Apache
accept-ranges: bytes
etag: "279d6-5dd99d3b2d2c0"
content-length: 162262
content-type: image/gif

GET
H2 200 rc-logo_CardEnavi_1.svg
image.card.jp.rakuten-static.com/r-enavi/WebImages/enavi/common/logo/ 9 KB
3 KB 938ms
57ms Image
image/svg+xml 72.246.169.187
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://image.card.jp.rakuten-static.com/r-enavi/WebImages/enavi/common/logo/rc-logo_CardEnavi_1.svg

Requested by

Host: chenfeng.cyou
URL: https://chenfeng.cyou/login.php

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_256_GCM

Server

72.246.169.187 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a72-246-169-187.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

b91ef2f1d8ee6026c2a977b5696d8bbc3385098924527b9d9300423d4018074c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: fi-FI,fi;q=0.9
Referer: https://chenfeng.cyou/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sat, 31 Dec 2022 22:02:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Mon, 18 Jun 2018 02:16:49 GMT
server: Apache
vary: Accept-Encoding
content-type: image/svg+xml
cache-control: max-age=7776000
accept-ranges: bytes
content-length: 3235
x-xss-protection: 1; mode=block
expires: Mon, 28 Feb 2022 08:33:52 GMT

GET
H/1.1 200
OK t.gif
jp.rakuten-static.com/1/im/ci/header/ 43 B
318 B 543ms
56ms Image
image/gif 72.246.169.187
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://jp.rakuten-static.com/1/im/ci/header/t.gif

Requested by

Host: chenfeng.cyou
URL: https://chenfeng.cyou/login.php

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_256_GCM

Server

72.246.169.187 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a72-246-169-187.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: fi-FI,fi;q=0.9
Referer: https://chenfeng.cyou/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Date: Sat, 31 Dec 2022 22:02:03 GMT
X-Content-Type-Options: nosniff
Last-Modified: Tue, 03 Jul 2012 07:20:22 GMT
Server: Apache
Content-Type: image/gif
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 43
X-XSS-Protection: 1; mode=block

GET
H2 200 stop_540x249.png
chenfeng.cyou/com/img/id/ 57 KB
57 KB 358ms
357ms Image
image/png 204.44.85.114
PACIFICRACK

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://chenfeng.cyou/com/img/id/stop_540x249.png
Requested by: Host: chenfeng.cyou
URL: https://chenfeng.cyou/login.php
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 204.44.85.114 Los Angeles, United States, ASN64270 (PACIFICRACK, US),
Reverse DNS: 204.44.85.114.static.quadranet.com
Software: Apache /
Resource Hash: e1039b942a52729c7bd4fe9427a4f8a86816142ef90dd2be9b6ffcd353145a02

Request headers

accept-language: fi-FI,fi;q=0.9
Referer: https://chenfeng.cyou/login.php
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sat, 31 Dec 2022 22:02:02 GMT
last-modified: Tue, 26 Apr 2022 01:02:02 GMT
server: Apache
accept-ranges: bytes
etag: "e2e0-5dd843d92b680"
content-length: 58080
content-type: image/png

GET
H2 200 Rakuten_pc_20px@2x.png
static.id.rakuten.co.jp/static/com/img/id/ 2 KB
3 KB 1841ms
57ms Image
image/png 23.37.56.209
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.id.rakuten.co.jp/static/com/img/id/Rakuten_pc_20px@2x.png

Requested by

Host: chenfeng.cyou
URL: https://chenfeng.cyou/login.php

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_256_GCM

Server

23.37.56.209 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-37-56-209.deploy.static.akamaitechnologies.com

Software

capi /

Resource Hash

62775ef2856f63d6399abc1d54077916df8d62b16414816012b9ff0fad4efada

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: fi-FI,fi;q=0.9
Referer: https://chenfeng.cyou/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 31 Dec 2022 22:02:04 GMT
x-content-type-options: nosniff
last-modified: Tue, 19 Jul 2022 04:05:55 GMT
server: capi
content-type: image/png
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
accept-ranges: bytes
access-control-allow-headers: Content-Type
content-length: 2484
x-xss-protection: 1; mode=block
expires: Sat, 31 Dec 2022 22:02:04 GMT

GET
H2 200 pc_login_warning.png
chenfeng.cyou/com/img/icon/ 670 B
741 B 373ms
373ms Image
image/png 204.44.85.114
PACIFICRACK

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://chenfeng.cyou/com/img/icon/pc_login_warning.png
Requested by: Host: chenfeng.cyou
URL: https://chenfeng.cyou/login.php
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 204.44.85.114 Los Angeles, United States, ASN64270 (PACIFICRACK, US),
Reverse DNS: 204.44.85.114.static.quadranet.com
Software: Apache /
Resource Hash: d56343b79893b1bf2adb6b90f159b8bb06b982cf461403a4c04f97608bc3aeb7

Request headers

accept-language: fi-FI,fi;q=0.9
Referer: https://chenfeng.cyou/login.php
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sat, 31 Dec 2022 22:02:02 GMT
last-modified: Sun, 24 Apr 2022 13:13:00 GMT
server: Apache
accept-ranges: bytes
etag: "29e-5dd663807ef00"
content-length: 670
content-type: image/png

GET
H/1.1 200
OK challenger.css
challenger.api.rakuten.co.jp/static/ 2 KB
1 KB 2796ms
277ms Stylesheet
text/css 133.237.48.59
RAKUTEN Rakuten G...

General

Check archive.org

Show headers Download Go to

Full URL

https://challenger.api.rakuten.co.jp/static/challenger.css?tracking_id=e413e6b6-9f21-4a42-a52e-86615f41e662

Requested by

Host: chenfeng.cyou
URL: https://chenfeng.cyou/login.php

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

133.237.48.59 , Japan, ASN23820 (RAKUTEN Rakuten Group, Inc., JP),

Reverse DNS

challenger01.api.rakuten.co.jp

Software

cgenerator /

Resource Hash

d5bd47efbf5b0cf47fec9e7400993f8f97362000b13f6be453ce8efc4e1ef0d7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1

Request headers

accept-language: fi-FI,fi;q=0.9
Referer: https://chenfeng.cyou/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 31 Dec 2022 22:02:05 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Last-Modified: Fri, 14 Jan 2022 01:29:10 GMT
Server: cgenerator
Content-Type: text/css; charset=utf-8
Access-Control-Allow-Origin: *
Cache-Control: no-cache, no-store, must-revalidate
Access-Control-Allow-Headers: Content-Type
Content-Length: 647
X-Xss-Protection: 1
X-Request-Id: 1c87343c-53cd-48f5-a50d-cb5fa5c9a20f
Expires: 0

GET
H/1.1 200
OK pop.gif
jp.rakuten-static.com/1/im/ic/ui/ 75 B
350 B 543ms
57ms Image
image/gif 72.246.169.187
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://jp.rakuten-static.com/1/im/ic/ui/pop.gif

Requested by

Host: chenfeng.cyou
URL: https://chenfeng.cyou/login.php

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_256_GCM

Server

72.246.169.187 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a72-246-169-187.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

7ab9a4d7f597471f82e8ebc6019525cd45f81decff7853062056a3c3417eba59

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: fi-FI,fi;q=0.9
Referer: https://chenfeng.cyou/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Date: Sat, 31 Dec 2022 22:02:03 GMT
X-Content-Type-Options: nosniff
Last-Modified: Mon, 08 Dec 2008 04:13:32 GMT
Server: Apache
Content-Type: image/gif
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 75
X-XSS-Protection: 1; mode=block

GET
H2 200 bg_btn_red_btm.gif
chenfeng.cyou/com/img/login/ 442 B
513 B 188ms
187ms Image
image/gif 204.44.85.114
PACIFICRACK

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://chenfeng.cyou/com/img/login/bg_btn_red_btm.gif
Requested by: Host: chenfeng.cyou
URL: https://chenfeng.cyou/com/css/id/common_login.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 204.44.85.114 Los Angeles, United States, ASN64270 (PACIFICRACK, US),
Reverse DNS: 204.44.85.114.static.quadranet.com
Software: Apache /
Resource Hash: 175cf3a6b7549f715fffaddc3ec5c9f92717e7c5f63b7e36ea9592e091a80a67

Request headers

accept-language: fi-FI,fi;q=0.9
Referer: https://chenfeng.cyou/com/css/id/common_login.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sat, 31 Dec 2022 22:02:05 GMT
last-modified: Sun, 24 Apr 2022 13:14:48 GMT
server: Apache
accept-ranges: bytes
etag: "1ba-5dd663e77e200"
content-length: 442
content-type: image/gif

GET
H2 200 bg_btn_red_top.gif
chenfeng.cyou/com/img/login/ 2 KB
2 KB 187ms
186ms Image
image/gif 204.44.85.114
PACIFICRACK

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://chenfeng.cyou/com/img/login/bg_btn_red_top.gif
Requested by: Host: chenfeng.cyou
URL: https://chenfeng.cyou/com/css/id/common_login.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 204.44.85.114 Los Angeles, United States, ASN64270 (PACIFICRACK, US),
Reverse DNS: 204.44.85.114.static.quadranet.com
Software: Apache /
Resource Hash: 849cd9d1c481a1b45559f5e833f40e13ee666842e6f8ba72c8e1cad9c8c15f6d

Request headers

accept-language: fi-FI,fi;q=0.9
Referer: https://chenfeng.cyou/com/css/id/common_login.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sat, 31 Dec 2022 22:02:05 GMT
last-modified: Sun, 24 Apr 2022 13:14:44 GMT
server: Apache
accept-ranges: bytes
etag: "75d-5dd663e3ad900"
content-length: 1885
content-type: image/gif

GET
H2 404 icon_btn_arrow.gif
chenfeng.cyou/com/img/id// 260 B
260 B 188ms
188ms Image
text/html 204.44.85.114
PACIFICRACK

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://chenfeng.cyou/com/img/id//icon_btn_arrow.gif
Requested by: Host: chenfeng.cyou
URL: https://chenfeng.cyou/com/css/id/common_login.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 204.44.85.114 Los Angeles, United States, ASN64270 (PACIFICRACK, US),
Reverse DNS: 204.44.85.114.static.quadranet.com
Software: Apache /
Resource Hash: 7ac823606e44dc5bc9effb3fd28385d101c9362ad9b2f6456fa59039d9832930

Request headers

accept-language: fi-FI,fi;q=0.9
Referer: https://chenfeng.cyou/com/css/id/common_login.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sat, 31 Dec 2022 22:02:05 GMT
server: Apache
content-length: 260
content-type: text/html; charset=iso-8859-1

GET
H/1.1 200
OK info.gif
jp.rakuten-static.com/1/im/ic/ui/ 360 B
636 B 56ms
56ms Image
image/gif 72.246.169.187
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://jp.rakuten-static.com/1/im/ic/ui/info.gif

Requested by

Host: chenfeng.cyou
URL: https://chenfeng.cyou/com/css/id/common_login.css

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_256_GCM

Server

72.246.169.187 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a72-246-169-187.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

33be38e33c8eb9aa13a4ed44c2e2813207bef13a5ba265818e485f0ebbc83f3b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: fi-FI,fi;q=0.9
Referer: https://chenfeng.cyou/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Date: Sat, 31 Dec 2022 22:02:05 GMT
X-Content-Type-Options: nosniff
Last-Modified: Wed, 02 Sep 2009 10:59:02 GMT
Server: Apache
Content-Type: image/gif
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 360
X-XSS-Protection: 1; mode=block

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Rakuten (E-commerce)

7 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			chenfeng.cyou/	1969-12-31 23:59:59	Name: PHPSESSID Value: kvublh1bboci61gles1ktra62o

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://chenfeng.cyou/com/img/id//icon_btn_arrow.gif Message: Failed to load resource: the server responded with a status of 404 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

challenger.api.rakuten.co.jp
chenfeng.cyou
image.card.jp.rakuten-static.com
jp.rakuten-static.com
static.id.rakuten.co.jp
133.237.48.59
204.44.85.114
23.37.56.209
72.246.169.187
02e2c0dfb92c647f2dd29bd459fa3e73be5e0ae1302b1d7117127a9d27af638a
175cf3a6b7549f715fffaddc3ec5c9f92717e7c5f63b7e36ea9592e091a80a67
243741d0fd578219a8a40b166481845038610031528c5ae851783e228de53867
33be38e33c8eb9aa13a4ed44c2e2813207bef13a5ba265818e485f0ebbc83f3b
5ad8cee60acdcaac5c525e567aba29aefc8b82b8b1d9c2e0182d22a1c6c266c3
62775ef2856f63d6399abc1d54077916df8d62b16414816012b9ff0fad4efada
71f56625e8403042548151b1694675c56b6a650508ab1cc7cb8034e5b2497ce8
7ab9a4d7f597471f82e8ebc6019525cd45f81decff7853062056a3c3417eba59
7ac823606e44dc5bc9effb3fd28385d101c9362ad9b2f6456fa59039d9832930
849cd9d1c481a1b45559f5e833f40e13ee666842e6f8ba72c8e1cad9c8c15f6d
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b91ef2f1d8ee6026c2a977b5696d8bbc3385098924527b9d9300423d4018074c
d56343b79893b1bf2adb6b90f159b8bb06b982cf461403a4c04f97608bc3aeb7
d5bd47efbf5b0cf47fec9e7400993f8f97362000b13f6be453ce8efc4e1ef0d7
e1039b942a52729c7bd4fe9427a4f8a86816142ef90dd2be9b6ffcd353145a02

chenfeng.cyou Open in urlscan Pro 204.44.85.114 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

15 Requests

100 %HTTPS

0 %IPv6

3 Domains

5 Subdomains

4 IPs

3 Countries

237 kBTransfer

257 kBSize

1 Cookies

11 Outgoing links

Page URL History

Redirected requests

15 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

7 JavaScript Global Variables

1 Cookies

1 Console Messages

Indicators

chenfeng.cyou Open in urlscan Pro
204.44.85.114 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

15
Requests

100 %
HTTPS

0 %
IPv6

3
Domains

5
Subdomains

4
IPs

3
Countries

237 kB
Transfer

257 kB
Size

1
Cookies

15 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!