grp01.id.rakuten.gelikongtiao-shouhou.com Open in urlscan Pro
204.44.70.186 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://grp01.id.rakuten.gelikongtiao-shouhou.com/
Submission Tags: gc
Submission: On June 05 via api (June 5th 2023, 11:10:54 am UTC) from JP — Scanned from JP

Summary HTTP 12 Redirects Behaviour Indicators

Summary

This website contacted 1 IPs in 1 countries across 1 domains to perform 12 HTTP transactions. The main IP is 204.44.70.186, located in Los Angeles, United States and belongs to ASN-QUADRANET-GLOBAL, US. The main domain is grp01.id.rakuten.gelikongtiao-shouhou.com.
TLS certificate: Issued by R3 on May 31st 2023. Valid for: 3 months.

This is the only time grp01.id.rakuten.gelikongtiao-shouhou.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Rakuten (E-commerce)

Domain & IP information

	IP Address		AS Autonomous System
12	204.44.70.186 204.44.70.186		8100 (ASN-QUADR...) (ASN-QUADRANET-GLOBAL)
12	1

12 204.44.70.186 (Los Angeles, United States)

ASN8100 (ASN-QUADRANET-GLOBAL, US)
PTR: 204.44.70.186.static.quadranet.com

grp01.id.rakuten.gelikongtiao-shouhou.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
12	gelikongtiao-shouhou.com grp01.id.rakuten.gelikongtiao-shouhou.com	101 KB
12	1

	Domain	Requested by
12	grp01.id.rakuten.gelikongtiao-shouhou.com	grp01.id.rakuten.gelikongtiao-shouhou.com
12	1

This site contains no links.

Subject Issuer	Validity	Valid
grp01.id.rakuten.gelikongtiao-shouhou.com R3	`2023-05-31` - `2023-08-29`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://grp01.id.rakuten.gelikongtiao-shouhou.com/
Frame ID: E7292ED49F710297196C0DEF3B179171
Requests: 12 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

【楽天】ログイン

Detected technologies

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

12
Requests

100 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

101 kB
Transfer

184 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

12 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request / Show response grp01.id.rakuten.gelikongtiao-shouhou.com/	5 KB 2 KB	695ms 175ms	Document text/html	204.44.70.186 ASN-QUADRANET-GLOBAL
General Check archive.org Show headers Download Go to Full URL https://grp01.id.rakuten.gelikongtiao-shouhou.com/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 204.44.70.186 Los Angeles, United States, ASN8100 (ASN-QUADRANET-GLOBAL, US), Reverse DNS 204.44.70.186.static.quadranet.com Software Apache / Resource Hash `6fc0e16664351c9773de4b235ecf97784aa6b26d72bd6177ff0900d5b48a39e1` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36 accept-language ja-JP Response headers content-encoding gzip content-length 2071 content-type text/html; charset=UTF-8 date Mon, 05 Jun 2023 11:10:46 GMT server Apache vary Accept-Encoding
GET H2	200	import.css grp01.id.rakuten.gelikongtiao-shouhou.com/static/css/	85 B 164 B	154ms 152ms	Stylesheet text/css	204.44.70.186 ASN-QUADRANET-GLOBAL
General Check archive.org Show headers Download Go to Full URL https://grp01.id.rakuten.gelikongtiao-shouhou.com/static/css/import.css Requested by Host: grp01.id.rakuten.gelikongtiao-shouhou.com URL: https://grp01.id.rakuten.gelikongtiao-shouhou.com/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 204.44.70.186 Los Angeles, United States, ASN8100 (ASN-QUADRANET-GLOBAL, US), Reverse DNS 204.44.70.186.static.quadranet.com Software Apache / Resource Hash `45ff09eeed361217294d000a3cec1a4d73cd8447b534bb8622381b7813aee78e` Request headers accept-language ja-JP Referer https://grp01.id.rakuten.gelikongtiao-shouhou.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36 Response headers date Mon, 05 Jun 2023 11:10:46 GMT content-encoding gzip last-modified Thu, 05 Dec 2019 04:53:42 GMT server Apache etag "55-598edb69d8180-gzip" vary Accept-Encoding content-type text/css accept-ranges bytes content-length 77
GET H2	200	jquery-1.12.4.min.js Show response grp01.id.rakuten.gelikongtiao-shouhou.com/static/js/	95 KB 33 KB	305ms 304ms	Script application/javascript	204.44.70.186 ASN-QUADRANET-GLOBAL
General Check archive.org Show headers Download Go to Full URL https://grp01.id.rakuten.gelikongtiao-shouhou.com/static/js/jquery-1.12.4.min.js Requested by Host: grp01.id.rakuten.gelikongtiao-shouhou.com URL: https://grp01.id.rakuten.gelikongtiao-shouhou.com/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 204.44.70.186 Los Angeles, United States, ASN8100 (ASN-QUADRANET-GLOBAL, US), Reverse DNS 204.44.70.186.static.quadranet.com Software Apache / Resource Hash `668b046d12db350ccba6728890476b3efee53b2f42dbb84743e5e9f1ae0cc404` Request headers accept-language ja-JP Referer https://grp01.id.rakuten.gelikongtiao-shouhou.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36 Response headers date Mon, 05 Jun 2023 11:10:46 GMT content-encoding gzip last-modified Thu, 05 Dec 2019 04:53:30 GMT server Apache etag "17b8b-598edb5e66680-gzip" vary Accept-Encoding content-type application/javascript accept-ranges bytes content-length 33760
GET H2	200	Rakuten_sp_28px@2x.png grp01.id.rakuten.gelikongtiao-shouhou.com/static/picture/	2 KB 3 KB	152ms 152ms	Image image/png	204.44.70.186 ASN-QUADRANET-GLOBAL
General Check archive.org Show headers Download Go to Show image Full URL https://grp01.id.rakuten.gelikongtiao-shouhou.com/static/picture/Rakuten_sp_28px@2x.png Requested by Host: grp01.id.rakuten.gelikongtiao-shouhou.com URL: https://grp01.id.rakuten.gelikongtiao-shouhou.com/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 204.44.70.186 Los Angeles, United States, ASN8100 (ASN-QUADRANET-GLOBAL, US), Reverse DNS 204.44.70.186.static.quadranet.com Software Apache / Resource Hash `e3c6fe7bec882eac29ed8b44fa4ea691c746025037bd31db0421673450f6f25e` Request headers accept-language ja-JP Referer https://grp01.id.rakuten.gelikongtiao-shouhou.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36 Response headers date Mon, 05 Jun 2023 11:10:47 GMT last-modified Thu, 05 Dec 2019 04:53:30 GMT server Apache accept-ranges bytes etag "9f4-598edb5e66680" content-length 2548 content-type image/png
GET H2	200	challenger-1b7275d2-e5ab-4f37-ac.css grp01.id.rakuten.gelikongtiao-shouhou.com/static/css/	2 KB 668 B	156ms 155ms	Stylesheet text/css	204.44.70.186 ASN-QUADRANET-GLOBAL
General Check archive.org Show headers Download Go to Full URL https://grp01.id.rakuten.gelikongtiao-shouhou.com/static/css/challenger-1b7275d2-e5ab-4f37-ac.css Requested by Host: grp01.id.rakuten.gelikongtiao-shouhou.com URL: https://grp01.id.rakuten.gelikongtiao-shouhou.com/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 204.44.70.186 Los Angeles, United States, ASN8100 (ASN-QUADRANET-GLOBAL, US), Reverse DNS 204.44.70.186.static.quadranet.com Software Apache / Resource Hash `56beece8974f50096fc1c95ca93f1683b4ebaeb0d9cb54ed133c2dbbf9e5f2a1` Request headers accept-language ja-JP Referer https://grp01.id.rakuten.gelikongtiao-shouhou.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36 Response headers date Mon, 05 Jun 2023 11:10:47 GMT content-encoding gzip last-modified Thu, 05 Dec 2019 04:53:42 GMT server Apache etag "724-598edb69d8180-gzip" vary Accept-Encoding content-type text/css accept-ranges bytes content-length 591
GET H2	200	pop.gif grp01.id.rakuten.gelikongtiao-shouhou.com/static/picture/	75 B 130 B	152ms 152ms	Image image/gif	204.44.70.186 ASN-QUADRANET-GLOBAL
General Check archive.org Show headers Download Go to Show image Full URL https://grp01.id.rakuten.gelikongtiao-shouhou.com/static/picture/pop.gif Requested by Host: grp01.id.rakuten.gelikongtiao-shouhou.com URL: https://grp01.id.rakuten.gelikongtiao-shouhou.com/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 204.44.70.186 Los Angeles, United States, ASN8100 (ASN-QUADRANET-GLOBAL, US), Reverse DNS 204.44.70.186.static.quadranet.com Software Apache / Resource Hash `7ab9a4d7f597471f82e8ebc6019525cd45f81decff7853062056a3c3417eba59` Request headers accept-language ja-JP Referer https://grp01.id.rakuten.gelikongtiao-shouhou.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36 Response headers date Mon, 05 Jun 2023 11:10:47 GMT last-modified Thu, 05 Dec 2019 04:53:30 GMT server Apache accept-ranges bytes etag "4b-598edb5e66680" content-length 75 content-type image/gif
GET H2	200	stop_540x249.png grp01.id.rakuten.gelikongtiao-shouhou.com/static/picture/	57 KB 57 KB	152ms 152ms	Image image/png	204.44.70.186 ASN-QUADRANET-GLOBAL
General Check archive.org Show headers Download Go to Show image Full URL https://grp01.id.rakuten.gelikongtiao-shouhou.com/static/picture/stop_540x249.png Requested by Host: grp01.id.rakuten.gelikongtiao-shouhou.com URL: https://grp01.id.rakuten.gelikongtiao-shouhou.com/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 204.44.70.186 Los Angeles, United States, ASN8100 (ASN-QUADRANET-GLOBAL, US), Reverse DNS 204.44.70.186.static.quadranet.com Software Apache / Resource Hash `e1039b942a52729c7bd4fe9427a4f8a86816142ef90dd2be9b6ffcd353145a02` Request headers accept-language ja-JP Referer https://grp01.id.rakuten.gelikongtiao-shouhou.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36 Response headers date Mon, 05 Jun 2023 11:10:47 GMT last-modified Thu, 05 Dec 2019 04:53:34 GMT server Apache accept-ranges bytes etag "e2e0-598edb6236f80" content-length 58080 content-type image/png
GET H2	200	common.css grp01.id.rakuten.gelikongtiao-shouhou.com/static/css/	2 KB 813 B	155ms 155ms	Stylesheet text/css	204.44.70.186 ASN-QUADRANET-GLOBAL
General Check archive.org Show headers Download Go to Full URL https://grp01.id.rakuten.gelikongtiao-shouhou.com/static/css/common.css Requested by Host: grp01.id.rakuten.gelikongtiao-shouhou.com URL: https://grp01.id.rakuten.gelikongtiao-shouhou.com/static/css/import.css Protocol H2 Security TLS 1.3, , AES_256_GCM Server 204.44.70.186 Los Angeles, United States, ASN8100 (ASN-QUADRANET-GLOBAL, US), Reverse DNS 204.44.70.186.static.quadranet.com Software Apache / Resource Hash `27b168aec9b347a25cf18618d576c56a8f7c7d3dadf595f4f5c178fb79d8a614` Request headers accept-language ja-JP Referer https://grp01.id.rakuten.gelikongtiao-shouhou.com/static/css/import.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36 Response headers date Mon, 05 Jun 2023 11:10:47 GMT content-encoding gzip last-modified Thu, 05 Dec 2019 04:53:42 GMT server Apache etag "88e-598edb69d8180-gzip" vary Accept-Encoding content-type text/css accept-ranges bytes content-length 759
GET H2	200	id.css grp01.id.rakuten.gelikongtiao-shouhou.com/static/css/	17 KB 3 KB	156ms 156ms	Stylesheet text/css	204.44.70.186 ASN-QUADRANET-GLOBAL
General Check archive.org Show headers Download Go to Full URL https://grp01.id.rakuten.gelikongtiao-shouhou.com/static/css/id.css Requested by Host: grp01.id.rakuten.gelikongtiao-shouhou.com URL: https://grp01.id.rakuten.gelikongtiao-shouhou.com/static/css/import.css Protocol H2 Security TLS 1.3, , AES_256_GCM Server 204.44.70.186 Los Angeles, United States, ASN8100 (ASN-QUADRANET-GLOBAL, US), Reverse DNS 204.44.70.186.static.quadranet.com Software Apache / Resource Hash `f600032415094d8192ca2dd5500c4fedee9189f01f9c39752811870af37f27a6` Request headers accept-language ja-JP Referer https://grp01.id.rakuten.gelikongtiao-shouhou.com/static/css/import.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36 Response headers date Mon, 05 Jun 2023 11:10:47 GMT content-encoding gzip last-modified Sat, 05 Nov 2022 23:33:10 GMT server Apache etag "439a-5ecc19d044465-gzip" vary Accept-Encoding content-type text/css accept-ranges bytes content-length 3311
GET H2	200	psm_style.css grp01.id.rakuten.gelikongtiao-shouhou.com/static/css/	3 KB 673 B	155ms 155ms	Stylesheet text/css	204.44.70.186 ASN-QUADRANET-GLOBAL
General Check archive.org Show headers Download Go to Full URL https://grp01.id.rakuten.gelikongtiao-shouhou.com/static/css/psm_style.css Requested by Host: grp01.id.rakuten.gelikongtiao-shouhou.com URL: https://grp01.id.rakuten.gelikongtiao-shouhou.com/static/css/import.css Protocol H2 Security TLS 1.3, , AES_256_GCM Server 204.44.70.186 Los Angeles, United States, ASN8100 (ASN-QUADRANET-GLOBAL, US), Reverse DNS 204.44.70.186.static.quadranet.com Software Apache / Resource Hash `426e8dbc38d927afdb3986c495aee74ba6c883e8fac28d800fd39714d776315b` Request headers accept-language ja-JP Referer https://grp01.id.rakuten.gelikongtiao-shouhou.com/static/css/import.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36 Response headers date Mon, 05 Jun 2023 11:10:47 GMT content-encoding gzip last-modified Thu, 05 Dec 2019 04:53:42 GMT server Apache etag "cf1-598edb69d8180-gzip" vary Accept-Encoding content-type text/css accept-ranges bytes content-length 620
GET H2	200	icon_circle.gif grp01.id.rakuten.gelikongtiao-shouhou.com/static/image/	342 B 390 B	275ms 275ms	Image image/gif	204.44.70.186 ASN-QUADRANET-GLOBAL
General Check archive.org Show headers Download Go to Show image Full URL https://grp01.id.rakuten.gelikongtiao-shouhou.com/static/image/icon_circle.gif Requested by Host: grp01.id.rakuten.gelikongtiao-shouhou.com URL: https://grp01.id.rakuten.gelikongtiao-shouhou.com/static/css/id.css Protocol H2 Security TLS 1.3, , AES_256_GCM Server 204.44.70.186 Los Angeles, United States, ASN8100 (ASN-QUADRANET-GLOBAL, US), Reverse DNS 204.44.70.186.static.quadranet.com Software Apache / Resource Hash `f0665d11143ffaff81d3720294bf52e56a0cafa1248c4d99a42680c4d0d77d88` Request headers accept-language ja-JP Referer https://grp01.id.rakuten.gelikongtiao-shouhou.com/static/css/id.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36 Response headers date Mon, 05 Jun 2023 11:10:47 GMT last-modified Thu, 05 Dec 2019 04:53:34 GMT server Apache accept-ranges bytes etag "156-598edb6236f80" content-length 342 content-type image/gif
GET H2	200	chevron.png grp01.id.rakuten.gelikongtiao-shouhou.com/static/image/	259 B 307 B	274ms 274ms	Image image/png	204.44.70.186 ASN-QUADRANET-GLOBAL
General Check archive.org Show headers Download Go to Show image Full URL https://grp01.id.rakuten.gelikongtiao-shouhou.com/static/image/chevron.png Requested by Host: grp01.id.rakuten.gelikongtiao-shouhou.com URL: https://grp01.id.rakuten.gelikongtiao-shouhou.com/static/css/id.css Protocol H2 Security TLS 1.3, , AES_256_GCM Server 204.44.70.186 Los Angeles, United States, ASN8100 (ASN-QUADRANET-GLOBAL, US), Reverse DNS 204.44.70.186.static.quadranet.com Software Apache / Resource Hash `88eed35d75907988c5edf2688df02fd8f4a04eac7a5467d847da35ddd32c7270` Request headers accept-language ja-JP Referer https://grp01.id.rakuten.gelikongtiao-shouhou.com/static/css/id.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36 Response headers date Mon, 05 Jun 2023 11:10:47 GMT last-modified Thu, 05 Dec 2019 04:53:42 GMT server Apache accept-ranges bytes etag "103-598edb69d8180" content-length 259 content-type image/png

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Rakuten (E-commerce)

5 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

grp01.id.rakuten.gelikongtiao-shouhou.com
204.44.70.186
27b168aec9b347a25cf18618d576c56a8f7c7d3dadf595f4f5c178fb79d8a614
426e8dbc38d927afdb3986c495aee74ba6c883e8fac28d800fd39714d776315b
45ff09eeed361217294d000a3cec1a4d73cd8447b534bb8622381b7813aee78e
56beece8974f50096fc1c95ca93f1683b4ebaeb0d9cb54ed133c2dbbf9e5f2a1
668b046d12db350ccba6728890476b3efee53b2f42dbb84743e5e9f1ae0cc404
6fc0e16664351c9773de4b235ecf97784aa6b26d72bd6177ff0900d5b48a39e1
7ab9a4d7f597471f82e8ebc6019525cd45f81decff7853062056a3c3417eba59
88eed35d75907988c5edf2688df02fd8f4a04eac7a5467d847da35ddd32c7270
e1039b942a52729c7bd4fe9427a4f8a86816142ef90dd2be9b6ffcd353145a02
e3c6fe7bec882eac29ed8b44fa4ea691c746025037bd31db0421673450f6f25e
f0665d11143ffaff81d3720294bf52e56a0cafa1248c4d99a42680c4d0d77d88
f600032415094d8192ca2dd5500c4fedee9189f01f9c39752811870af37f27a6

grp01.id.rakuten.gelikongtiao-shouhou.com Open in urlscan Pro 204.44.70.186 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

12 Requests

100 %HTTPS

0 %IPv6

1 Domains

1 Subdomains

1 IPs

1 Countries

101 kBTransfer

184 kBSize

0 Cookies

0 Outgoing links

Redirected requests

12 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

5 JavaScript Global Variables

0 Cookies

Indicators

grp01.id.rakuten.gelikongtiao-shouhou.com Open in urlscan Pro
204.44.70.186 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

12
Requests

100 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

101 kB
Transfer

184 kB
Size

0
Cookies

12 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!