hotaruika.tcs2.net Open in urlscan Pro
157.112.176.55 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://hotaruika.tcs2.net/
Submission Tags: phishingrod
Submission: On October 23 via api (October 23rd 2023, 5:14:11 am UTC) from DE — Scanned from JP

Summary HTTP 39 Redirects Links 7 Behaviour Indicators

Summary

This website contacted 11 IPs in 2 countries across 8 domains to perform 39 HTTP transactions. The main IP is 157.112.176.55, located in Japan and belongs to XSERVER Xserver Inc., JP. The main domain is hotaruika.tcs2.net.
TLS certificate: Issued by R3 on August 24th 2023. Valid for: 3 months.

This is the only time hotaruika.tcs2.net was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
17	157.112.176.55 157.112.176.55	131965 (XSERVER X...) (XSERVER Xserver Inc.)
3	133.242.86.196 133.242.86.196	7684 (SAKURA-A ...) (SAKURA-A SAKURA Internet Inc.)
3 4	52.119.170.28 52.119.170.28	16509 (AMAZON-02) (AMAZON-02)
3	2600:140b:a00... 2600:140b:a00:a::b81b:b9d0	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	23.193.52.175 23.193.52.175	16625 (AKAMAI-AS) (AKAMAI-AS)
1	2600:9000:21e... 2600:9000:21ee:6e00:1f:2964:4340:93a1	16509 (AMAZON-02) (AMAZON-02)
3	35.72.169.227 35.72.169.227	16509 (AMAZON-02) (AMAZON-02)
1	2600:140b:2::... 2600:140b:2::172c:33d1	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	2600:1901:0:e... 2600:1901:0:e207::	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
3	2600:9000:20c... 2600:9000:20c4:ae00:1f:5b22:6e00:93a1	16509 (AMAZON-02) (AMAZON-02)
39	11

17 157.112.176.55 (Japan)

ASN131965 (XSERVER Xserver Inc., JP)
PTR: sv854.xserver.jp

hotaruika.tcs2.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 133.242.86.196 (Tokyo, Japan)

ASN7684 (SAKURA-A SAKURA Internet Inc., JP)

rranking9.ziyu.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 52.119.170.28 (Boardman, United States) 3 redirects

ASN16509 (AMAZON-02, US)

ws-fe.amazon-adsystem.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2600:140b:a00:a::b81b:b9d0 (Tokyo, Japan)

ASN20940 (AKAMAI-ASN1, NL)

m.media-amazon.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 23.193.52.175 (Tokyo, Japan)

ASN16625 (AKAMAI-AS, US)
PTR: a23-193-52-175.deploy.static.akamaitechnologies.com

js1.nend.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:21ee:6e00:1f:2964:4340:93a1 (United States)

ASN16509 (AMAZON-02, US)

imp-adedge.i-mobile.co.jp	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 35.72.169.227 (Tokyo, Japan)

ASN16509 (AMAZON-02, US)
PTR: ec2-35-72-169-227.ap-northeast-1.compute.amazonaws.com

ssp-bidapi.i-mobile.co.jp	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:140b:2::172c:33d1 (Tokyo, Japan)

ASN20940 (AKAMAI-ASN1, NL)

dmp.im-apps.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:1901:0:e207:: (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)

audiencedata.im-apps.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2600:9000:20c4:ae00:1f:5b22:6e00:93a1 (United States)

ASN16509 (AMAZON-02, US)

spnativeapi-tls.i-mobile.co.jp	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
17	tcs2.net hotaruika.tcs2.net	221 KB
7	i-mobile.co.jp imp-adedge.i-mobile.co.jp — Cisco Umbrella Rank: 105077 ssp-bidapi.i-mobile.co.jp — Cisco Umbrella Rank: 105421 spnativeapi-tls.i-mobile.co.jp — Cisco Umbrella Rank: 118988	58 KB
4	amazon-adsystem.com 3 redirects ws-fe.amazon-adsystem.com — Cisco Umbrella Rank: 531570 ir-jp.amazon-adsystem.com Failed	729 B
3	media-amazon.com m.media-amazon.com — Cisco Umbrella Rank: 543	13 KB
3	ziyu.net rranking9.ziyu.net	2 KB
2	im-apps.net dmp.im-apps.net — Cisco Umbrella Rank: 23607 audiencedata.im-apps.net — Cisco Umbrella Rank: 25926	3 KB
1	nend.net js1.nend.net — Cisco Umbrella Rank: 280283	10 KB
0	fc2.com Failed counter1.fc2.com Failed
39	8

	Domain	Requested by
17	hotaruika.tcs2.net	hotaruika.tcs2.net
4	ws-fe.amazon-adsystem.com	3 redirects hotaruika.tcs2.net
3	spnativeapi-tls.i-mobile.co.jp	imp-adedge.i-mobile.co.jp hotaruika.tcs2.net
3	ssp-bidapi.i-mobile.co.jp	imp-adedge.i-mobile.co.jp
3	m.media-amazon.com	hotaruika.tcs2.net
3	rranking9.ziyu.net	hotaruika.tcs2.net
1	audiencedata.im-apps.net	dmp.im-apps.net
1	dmp.im-apps.net	imp-adedge.i-mobile.co.jp
1	imp-adedge.i-mobile.co.jp	rranking9.ziyu.net
1	js1.nend.net	hotaruika.tcs2.net
0	counter1.fc2.com Failed	hotaruika.tcs2.net
0	ir-jp.amazon-adsystem.com Failed	hotaruika.tcs2.net
39	12

This site contains links to these domains. Also see Links.

Domain
spnativeapi.i-mobile.co.jp
rranking9.ziyu.net
www.ziyu.net
www.amazon.co.jp

Subject Issuer	Validity	Valid
hotaruika.tcs2.net R3	`2023-08-24` - `2023-11-22`	3 months	crt.sh
*.ziyu.net R3	`2023-09-04` - `2023-12-03`	3 months	crt.sh
ws-fe.assoc-amazon.com Amazon RSA 2048 M01	`2023-03-16` - `2024-02-08`	a year	crt.sh
*.nend.net GeoTrust RSA CA 2018	`2023-08-20` - `2024-08-20`	a year	crt.sh
*.i-mobile.co.jp JPRS Domain Validation Authority - G4	`2023-03-01` - `2024-03-31`	a year	crt.sh
*.im-apps.net DigiCert TLS RSA SHA256 2020 CA1	`2023-04-13` - `2024-04-13`	a year	crt.sh
audiencedata.im-apps.net GTS CA 1D4	`2023-10-05` - `2024-01-03`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://hotaruika.tcs2.net/
Frame ID: 09D59E2551E6B2CC774729EAA45F7D08
Requests: 39 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

ホタルイカ入門

Page Statistics

39
Requests

79 %
HTTPS

50 %
IPv6

8
Domains

12
Subdomains

11
IPs

2
Countries

307 kB
Transfer

521 kB
Size

1
Cookies

7 Outgoing links

These are links going to different origins than the main page.

URL: https://spnativeapi.i-mobile.co.jp/api/ad_link.ashx?pid=35584&mid=138934&asid=1549794&advid=7052731&vh=89d8cad110ace56cbfbaf214b8df3a8d&imuid=h.6ec75b58a99ee392
Title: イマドキな男女とメイドさんとの、パズルで叶える...

Search URL Search Domain Scan URL

URL: http://rranking9.ziyu.net/edit.php?id=hotaruika
Title: Edit

Search URL Search Domain Scan URL

URL: http://www.ziyu.net/
Title: ACR WEB

Search URL Search Domain Scan URL

URL: https://www.amazon.co.jp/dp/B00LP00PO0/ref=as_li_ss_il?psc=1&linkCode=li3&tag=moukemasyou-22&linkId=a72622e8b05f7577186f98e7e6a6f94d

Search URL Search Domain Scan URL

URL: https://www.amazon.co.jp/%E4%BC%B8%E5%92%8C-SHINWA-%E3%82%B3%E3%83%9E%E3%82%BB%E3%83%90%E3%82%B1%E3%83%84-%E8%A7%9210-%E3%83%8A%E3%83%81%E3%83%A5%E3%83%A9%E3%83%AB/dp/B001OC61RY/ref=as_li_ss_il?s=sports&ie=UTF8&qid=1522426362&sr=1-12&keywords=%E9%87%A3%E3%82%8A%E3%83%90%E3%82%B1%E3%83%84&linkCode=li3&tag=moukemasyou-22&linkId=5cb588ab9cd4f057949acdbe5cd2ef1f

Search URL Search Domain Scan URL

URL: https://www.amazon.co.jp/XSELL-%E3%82%A8%E3%82%AF%E3%82%BB%E3%83%AB-%E3%83%81%E3%82%A7%E3%82%B9%E3%83%88%E3%83%8F%E3%82%A4%E3%82%A6%E3%82%A7%E3%83%80%E3%83%BC-%E3%83%A9%E3%82%B8%E3%82%A2%E3%83%AB%E3%82%BD%E3%83%BC%E3%83%AB-OH-850/dp/B00GLKEVLC/ref=as_li_ss_il?ie=UTF8&qid=1522764229&sr=8-3-spell&keywords=%E3%82%A6%E3%82%A8%E3%82%A7%E3%83%BC%E3%83%80%E3%83%BC&linkCode=li2&tag=moukemasyou-22&linkId=34c39a6fc33e83d512bb82604ee60a6b

Search URL Search Domain Scan URL

URL: https://www.amazon.co.jp/CrazyFire-LED%E3%83%98%E3%83%83%E3%83%89%E3%83%A9%E3%82%A4%E3%83%88-%E8%B6%85%E5%BC%B7%E5%8A%9B%E3%83%98%E3%83%83%E3%83%89%E3%83%A9%E3%83%B3%E3%83%97-%E9%9B%BB%E6%B1%A0%E3%83%A9%E3%83%B3%E3%83%97%E6%90%AD%E8%BC%89-%E9%98%B2%E6%BB%B4%E4%BB%95%E6%A7%98-%E5%B0%8F%E5%9E%8B%E8%BB%BD%E9%87%8F-%E8%A7%92%E5%BA%A6%E8%AA%BF%E6%95%B4%E5%8F%AF/dp/B073VLC4XY/ref=as_li_ss_il?s=sports&ie=UTF8&qid=1522426128&sr=1-19-spons&keywords=%E6%87%90%E4%B8%AD%E9%9B%BB%E7%81%AF&psc=1&linkCode=li3&tag=moukemasyou-22&linkId=04c6d3a2e00fb5d72230461a7771b491

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 18

https://ws-fe.amazon-adsystem.com/widgets/q?_encoding=UTF8&ASIN=B00LP00PO0&Format=_SL250_&ID=AsinImage&MarketPlace=JP&ServiceVersion=20070822&WS=1&tag=moukemasyou-22 HTTP 302
https://m.media-amazon.com/images/I/41WMAuRzvrL._SL250_.jpg

Request Chain 20

https://ws-fe.amazon-adsystem.com/widgets/q?_encoding=UTF8&ASIN=B001OC61RY&Format=_SL250_&ID=AsinImage&MarketPlace=JP&ServiceVersion=20070822&WS=1&tag=moukemasyou-22 HTTP 302
https://m.media-amazon.com/images/I/31f+v5PcIoL._SL250_.jpg

Request Chain 22

https://ws-fe.amazon-adsystem.com/widgets/q?_encoding=UTF8&ASIN=B00GLKEVLC&Format=_SL160_&ID=AsinImage&MarketPlace=JP&ServiceVersion=20070822&WS=1&tag=moukemasyou-22 HTTP 302
https://m.media-amazon.com/images/I/41AstKZdl2L._SL160_.jpg

39 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request / Show response
hotaruika.tcs2.net/ 14 KB
5 KB 505ms
11ms Document
text/html 157.112.176.55
XSERVER Xserver Inc.

General

Source	Level	URL Text
security	warning	URL: https://hotaruika.tcs2.net/ Message: Mixed Content: The page at 'https://hotaruika.tcs2.net/' was loaded over HTTPS, but requested an insecure element 'http://ws-fe.amazon-adsystem.com/widgets/q?_encoding=UTF8&ASIN=B00LP00PO0&Format=_SL250_&ID=AsinImage&MarketPlace=JP&ServiceVersion=20070822&WS=1&tag=moukemasyou-22'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
security	warning	URL: https://hotaruika.tcs2.net/ Message: Mixed Content: The page at 'https://hotaruika.tcs2.net/' was loaded over HTTPS, but requested an insecure element 'http://ws-fe.amazon-adsystem.com/widgets/q?_encoding=UTF8&ASIN=B001OC61RY&Format=_SL250_&ID=AsinImage&MarketPlace=JP&ServiceVersion=20070822&WS=1&tag=moukemasyou-22'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
security	warning	URL: https://hotaruika.tcs2.net/ Message: Mixed Content: The page at 'https://hotaruika.tcs2.net/' was loaded over HTTPS, but requested an insecure element 'http://ws-fe.amazon-adsystem.com/widgets/q?_encoding=UTF8&ASIN=B00GLKEVLC&Format=_SL160_&ID=AsinImage&MarketPlace=JP&ServiceVersion=20070822&WS=1&tag=moukemasyou-22'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
security	warning	URL: https://hotaruika.tcs2.net/ Message: Mixed Content: The page at 'https://hotaruika.tcs2.net/' was loaded over HTTPS, but requested an insecure element 'http://ws-fe.amazon-adsystem.com/widgets/q?_encoding=UTF8&ASIN=B073VLC4XY&Format=_SL250_&ID=AsinImage&MarketPlace=JP&ServiceVersion=20070822&WS=1&tag=moukemasyou-22'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
javascript	warning	URL: https://rranking9.ziyu.net/js/hotaruika.js Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://imp-adedge.i-mobile.co.jp/script/imp_spot_define.js?20160817, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript	warning	URL: https://rranking9.ziyu.net/js/hotaruika.js Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://imp-adedge.i-mobile.co.jp/script/imp_spot_define.js?20160817, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript	warning	URL: https://rranking9.ziyu.net/js/hotaruika.js Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://imp-adedge.i-mobile.co.jp/script/imp_spot_define.js?20160817, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript	warning	URL: https://imp-adedge.i-mobile.co.jp/script/imp_spot_define.js?20160817 Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://ssp-bidapi.i-mobile.co.jp/jsonp/imp/imp_spot.ashx?pid=35584&mid=138934&asid=1549787&asn=1&spec=1&dpr=1&url=https%3A%2F%2Fhotaruika.tcs2.net%2F&direct=1&type=native&sf=inline&pos=4&viewability=true&imcallback=spot_deliver_imp_callback_1549787_1&cashid=1698038021606, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript	warning	URL: https://imp-adedge.i-mobile.co.jp/script/imp_spot_define.js?20160817 Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://ssp-bidapi.i-mobile.co.jp/jsonp/imp/imp_spot.ashx?pid=35584&mid=138934&asid=1549787&asn=1&spec=1&dpr=1&url=https%3A%2F%2Fhotaruika.tcs2.net%2F&direct=1&type=native&sf=inline&pos=4&viewability=true&imcallback=spot_deliver_imp_callback_1549787_1&cashid=1698038021606, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript	warning	URL: https://imp-adedge.i-mobile.co.jp/script/imp_spot_define.js?20160817 Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://ssp-bidapi.i-mobile.co.jp/jsonp/imp/imp_spot.ashx?pid=35584&mid=138934&asid=1549794&asn=2&spec=1&dpr=1&url=https%3A%2F%2Fhotaruika.tcs2.net%2F&direct=1&type=native&sf=inline&pos=4&viewability=true&imcallback=spot_deliver_imp_callback_1549794_2&cashid=1698038021715, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript	warning	URL: https://imp-adedge.i-mobile.co.jp/script/imp_spot_define.js?20160817 Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://ssp-bidapi.i-mobile.co.jp/jsonp/imp/imp_spot.ashx?pid=35584&mid=138934&asid=1549794&asn=2&spec=1&dpr=1&url=https%3A%2F%2Fhotaruika.tcs2.net%2F&direct=1&type=native&sf=inline&pos=4&viewability=true&imcallback=spot_deliver_imp_callback_1549794_2&cashid=1698038021715, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
security	warning	URL: https://hotaruika.tcs2.net/(Line 165) Message: Mixed Content: The page at 'https://hotaruika.tcs2.net/' was loaded over HTTPS, but requested an insecure element 'http://ws-fe.amazon-adsystem.com/widgets/q?_encoding=UTF8&ASIN=B00LP00PO0&Format=_SL250_&ID=AsinImage&MarketPlace=JP&ServiceVersion=20070822&WS=1&tag=moukemasyou-22'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
security	warning	URL: https://hotaruika.tcs2.net/(Line 165) Message: Mixed Content: The page at 'https://hotaruika.tcs2.net/' was loaded over HTTPS, but requested an insecure element 'http://ws-fe.amazon-adsystem.com/widgets/q?_encoding=UTF8&ASIN=B001OC61RY&Format=_SL250_&ID=AsinImage&MarketPlace=JP&ServiceVersion=20070822&WS=1&tag=moukemasyou-22'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
security	warning	URL: https://hotaruika.tcs2.net/(Line 165) Message: Mixed Content: The page at 'https://hotaruika.tcs2.net/' was loaded over HTTPS, but requested an insecure element 'http://ws-fe.amazon-adsystem.com/widgets/q?_encoding=UTF8&ASIN=B00GLKEVLC&Format=_SL160_&ID=AsinImage&MarketPlace=JP&ServiceVersion=20070822&WS=1&tag=moukemasyou-22'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
security	warning	URL: https://hotaruika.tcs2.net/(Line 165) Message: Mixed Content: The page at 'https://hotaruika.tcs2.net/' was loaded over HTTPS, but requested an insecure element 'http://ws-fe.amazon-adsystem.com/widgets/q?_encoding=UTF8&ASIN=B073VLC4XY&Format=_SL250_&ID=AsinImage&MarketPlace=JP&ServiceVersion=20070822&WS=1&tag=moukemasyou-22'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
security	error	URL: https://hotaruika.tcs2.net/ Message: Mixed Content: The page at 'https://hotaruika.tcs2.net/' was loaded over HTTPS, but requested an insecure script 'http://counter1.fc2.com/counter.php?id=89427597'. This request has been blocked; the content must be served over HTTPS.

hotaruika.tcs2.net Open in urlscan Pro 157.112.176.55 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page Statistics

39 Requests

79 %HTTPS

50 %IPv6

8 Domains

12 Subdomains

11 IPs

2 Countries

307 kBTransfer

521 kBSize

1 Cookies

7 Outgoing links

Redirected requests

39 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

hotaruika.tcs2.net Open in urlscan Pro
157.112.176.55 Public Scan

Screenshot
Live screenshot

Full Image

39
Requests

79 %
HTTPS

50 %
IPv6

8
Domains

12
Subdomains

11
IPs

2
Countries

307 kB
Transfer

521 kB
Size

1
Cookies

39 HTTP transactions
0 data transactions